--- PROCESS FUNCTIONS --- Load supplimental files... - Skip function list, total:777 - Skip var list, total:22 Pre-processing... STOP WATCH[0]: 326.360000 ms Found 967 syscalls Process Gating Functions Gating Function Type: capability Load CAP FUNC list, total:3 Inner checking functions: - avc_denied @ 7 - security_capable @ 2 i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i8*) i8* bitcast (i1 (i32)* @capable to i8*) i8* bitcast (i1 (%struct.sk_buff*, %struct.user_namespace*, i32)* @netlink_ns_capable to i8*) i8* bitcast (i1 (%struct.sock*, i32)* @sk_net_capable to i8*) i8* bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i8*) i8* bitcast (i1 (%struct.sock*, i32)* @sk_capable to i8*) i8* bitcast (i1 (%struct.task_struct*, i32)* @has_capability to i8*) i8* bitcast (i1 (%struct.sk_buff*, i32)* @netlink_capable to i8*) i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable_setid to i8*) i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable_noaudit to i8*) i8* bitcast (i1 (%struct.sock*, %struct.user_namespace*, i32)* @sk_ns_capable to i8*) i8* bitcast (i1 (%struct.file*, %struct.user_namespace*, i32)* @file_ns_capable to i8*) i8* bitcast (i1 (%struct.sk_buff*, i32)* @netlink_net_capable to i8*) i8* bitcast (i1 (%struct.netlink_skb_parms*, %struct.user_namespace*, i32)* @__netlink_ns_capable to i8*) STOP WATCH[0]: 5.557000 ms =chk functions and wrappers (total:18)= . __netlink_ns_capable @ 2 . has_ns_capability @ 2 . netlink_net_capable @ 1 . ns_capable @ 1 . has_ns_capability_noaudit @ 2 . capable @ 0 . ns_capable_setid @ 1 . netlink_ns_capable @ 2 . avc_has_perm_noaudit @ 5 . sk_net_capable @ 1 . capable_wrt_inode_uidgid @ 2 . sk_capable @ 1 . has_capability @ 1 . netlink_capable @ 1 . ns_capable_noaudit @ 1 . has_capability_noaudit @ 1 . sk_ns_capable @ 2 . file_ns_capable @ 2 =o= Collect Checkpoints STOP WATCH[0]: 318.019000 ms Identify interesting struct Function: store_rps_dev_flow_table_cnt used by struct.rx_queue_attribute Function: group_store used by struct.device_attribute.754592 Function: net_current_may_mount used by  new discover:struct.kobj_ns_type_operations.754584 Function: sock_ops_func_proto used by  new discover:struct.bpf_verifier_ops.749401 Function: sock_addr_func_proto used by struct.bpf_verifier_ops.749401 Function: lwt_out_func_proto used by struct.bpf_verifier_ops.749401 Function: xdp_func_proto used by struct.bpf_verifier_ops.749401 Function: sk_filter_func_proto used by struct.bpf_verifier_ops.749401 Function: rtnetlink_bind used by  new discover:struct.netlink_kernel_cfg Function: netns_install used by struct.proc_ns_operations Function: pps_cdev_ioctl used by struct.file_operations Function: esre_attr_show used by struct.sysfs_ops Function: efivar_attr_store used by struct.sysfs_ops.701227 Function: efivar_attr_show used by struct.sysfs_ops.701227 Function: store_state_disable used by  new discover:struct.cpuidle_state_attr Function: sock_ioctl used by struct.file_operations Function: rdev_attr_store used by struct.sysfs_ops.687079 Function: md_ioctl used by  new discover:struct.block_device_operations.687198 Function: pps_enable_store used by struct.device_attribute.683314 Function: ptp_ioctl used by  new discover:struct.posix_clock_operations Function: rtc_dev_compat_ioctl used by struct.file_operations Function: rtc_dev_ioctl used by struct.file_operations Function: serport_ldisc_open used by  new discover:struct.tty_ldisc_ops.351001 Function: ipip6_tunnel_siocdevprivate used by  new discover:struct.net_device_ops.841751 Function: open_kcore used by  new discover:struct.proc_ops.77375 Function: dm_ctl_ioctl used by struct.file_operations.690733 Function: proc_cap_handler used by  new discover:struct.ctl_table Function: sg_proc_write_dressz used by  new discover:struct.proc_ops.615250 Function: sr_block_ioctl used by  new discover:struct.block_device_operations.613701 Function: sd_ioctl used by  new discover:struct.block_device_operations.613283 Function: allow_restart_store used by struct.device_attribute.613585 Function: manage_start_stop_store used by struct.device_attribute.613585 Function: protection_type_store used by struct.device_attribute.613585 Function: zeroing_mode_store used by struct.device_attribute.613585 Function: sdev_store_eh_timeout used by struct.device_attribute.610220 Function: lo_ioctl used by  new discover:struct.block_device_operations.604051 Function: mntns_install used by struct.proc_ns_operations Function: i915_perf_remove_config_ioctl used by  new discover:struct.drm_ioctl_desc Function: xps_rxqs_store used by struct.netdev_queue_attribute Function: state_store.75104 used by struct.device_attribute.977026 Function: i915_perf_add_config_ioctl used by struct.drm_ioctl_desc Function: utsns_install used by struct.proc_ns_operations Function: perf_uprobe_event_init used by  new discover:struct.pmu.115047 Function: tty_ioctl used by struct.file_operations Function: sk_skb_func_proto used by struct.bpf_verifier_ops.749401 Function: sk_msg_func_proto used by struct.bpf_verifier_ops.749401 Function: soft_store used by struct.device_attribute.977026 Function: devkmsg_open used by struct.file_operations Function: iommu_group_store_type used by struct.iommu_group_attribute Function: set_permissions used by  new discover:struct.ctl_table_root Function: dm_blk_ioctl used by  new discover:struct.block_device_operations.688713 Function: numa_node_store used by struct.device_attribute.316756 Function: open_port used by struct.file_operations Function: ipcns_install used by struct.proc_ns_operations Function: do_ip6t_set_ctl used by  new discover:struct.nf_sockopt_ops.896269 Function: do_ip6t_get_ctl used by struct.nf_sockopt_ops.896269 Function: devinet_sysctl_forward used by struct.ctl_table Function: nfnetlink_rcv used by struct.netlink_kernel_cfg Function: snapshot_ioctl used by struct.file_operations Function: i915_gem_execbuffer2_ioctl used by struct.drm_ioctl_desc Function: do_ipt_set_ctl used by  new discover:struct.nf_sockopt_ops.853553 Function: audit_multicast_bind used by struct.netlink_kernel_cfg Function: autofs_dev_ioctl used by struct.file_operations Function: ip_setsockopt used by  new discover:struct.proto Function: packet_sendmsg_spkt used by  new discover:struct.proto_ops Function: unix_ioctl used by struct.proto_ops Function: inet_create used by struct.net_proto_family.836227 Function: gro_flush_timeout_store used by struct.device_attribute.754592 Function: threaded_store used by struct.device_attribute.754592 Function: genl_bind used by struct.netlink_kernel_cfg Function: __inet6_bind used by  new discover:struct.ipv6_bpf_stub.869448 Function: pidns_install used by struct.proc_ns_operations Function: napi_defer_hard_irqs_store used by struct.device_attribute.754592 Function: packet_sendmsg used by struct.proto_ops Function: net_ctl_permissions used by struct.ctl_table_root Function: ipip6_tunnel_ctl used by struct.net_device_ops.841751 Function: audit_receive used by struct.netlink_kernel_cfg Function: perf_mmap used by struct.file_operations.114677 Function: do_ipt_get_ctl used by struct.nf_sockopt_ops.853553 Function: pagemap_read used by struct.file_operations Function: perf_kprobe_event_init used by struct.pmu.115047 Function: mtu_store used by struct.device_attribute.754592 Function: carrier_store used by struct.device_attribute.754592 Function: inet6_create used by struct.net_proto_family.869440 Function: timerslack_ns_write used by struct.file_operations.175858 Function: ifalias_store used by struct.device_attribute.754592 Function: flags_store used by struct.device_attribute.754592 Function: packet_create used by struct.net_proto_family Function: mode_store used by struct.kobj_attribute Function: ext4_fileattr_set used by struct.inode_operations.190023 Function: cg_skb_func_proto used by struct.bpf_verifier_ops.749401 Function: __x64_sys_finit_module used by  new discover:struct.error_injection_entry Function: sk_lookup_func_proto used by struct.bpf_verifier_ops.749401 Function: md_attr_store used by struct.sysfs_ops.687079 Function: i915_perf_open_ioctl used by struct.drm_ioctl_desc Function: proc_do_static_key used by struct.ctl_table Function: __x64_sys_nice used by struct.error_injection_entry Function: flow_dissector_func_proto used by struct.bpf_verifier_ops.749401 Function: __ia32_sys_nice used by struct.error_injection_entry Function: max_medium_access_timeouts_store used by struct.device_attribute.613585 Function: __do_sys_vhangup used by struct.error_injection_entry Function: mtrr_open used by  new discover:struct.proc_ops Function: tx_queue_len_store used by struct.device_attribute.754592 Function: cg_skb_is_valid_access used by struct.bpf_verifier_ops.749401 Function: subcaches_store used by struct.device_attribute.26110 Function: ext4_attr_store used by struct.sysfs_ops.190115 Function: cpu_store used by struct.kobj_attribute Function: provisioning_mode_store used by struct.device_attribute.613585 Function: netlink_bind used by struct.proto_ops Function: netlink_connect used by struct.proto_ops Function: netlink_setsockopt used by struct.proto_ops Function: netlink_sendmsg used by struct.proto_ops Function: seccomp_actions_logged_handler used by struct.ctl_table Function: timens_install used by struct.proc_ns_operations Function: type_store used by struct.kobj_attribute Function: force_store used by struct.kobj_attribute Function: msr_open used by struct.file_operations Function: store_rps_map used by struct.rx_queue_attribute Function: proc_bus_pci_mmap used by struct.proc_ops.77375 Function: __ia32_compat_sys_kexec_load used by struct.error_injection_entry Function: pci_read_config used by struct.bin_attribute Function: msi_bus_store used by struct.device_attribute.316756 Function: r_show used by  new discover:struct.seq_operations.49820 Function: proc_bus_pci_read used by struct.proc_ops.77375 Function: sg_proc_write_adio used by struct.proc_ops.615250 Function: xps_cpus_store used by struct.netdev_queue_attribute Function: vt_ioctl used by  new discover:struct.tty_operations Function: vt_compat_ioctl used by struct.tty_operations Function: uart_ioctl used by struct.tty_operations Function: uart_set_info_user used by struct.tty_operations Function: uart_proc_show used by struct.tty_operations Function: random_ioctl used by struct.file_operations Function: nvram_misc_ioctl used by struct.file_operations Function: cgroupns_install used by struct.proc_ns_operations Function: enable_store used by struct.device_attribute.316756 Function: max_write_same_blocks_store used by struct.device_attribute.613585 Function: tx_maxrate_store used by struct.netdev_queue_attribute Function: i915_getparam_ioctl used by struct.drm_ioctl_desc Function: tc_cls_act_func_proto used by struct.bpf_verifier_ops.749401 Function: __ia32_sys_finit_module used by struct.error_injection_entry Function: i915_gem_context_setparam_ioctl used by struct.drm_ioctl_desc Function: i915_gem_context_reset_stats_ioctl used by struct.drm_ioctl_desc Function: proto_down_store used by struct.device_attribute.754592 STOP WATCH[0]: 490.152000 ms Collecting Initialization Closure. Finding Kernel Entry Point and all __initcall_ Found x86_64_start_kernel STOP WATCH[1]: 60.211000 ms Initial Kernel Init Function Count:2 Over Approximate Kernel Init Functions STOP WATCH[1]: 33.188000 ms Refine Result refine pass 0 1844 left refine pass 1 998 left refine pass 2 708 left refine pass 3 602 left refine pass 4 574 left refine pass 5 571 left refine pass 6 569 left Refine result : count=569 STOP WATCH[1]: 22.463000 ms =Kernel Init Functions= arch_get_random_long acpi_ut_create_rw_lock idt_setup_early_traps get_cpu_vendor cpu_parse_early_param paranoid_xstate_size_valid os_xrstor_booting setup_xstate_comp_offsets setup_supervisor_only_offsets fpu__get_fpstate_size early_cpu_init e820__reserve_setup_data static_call_init early_ioremap_setup early_ioremap_init prepare_command_line memblock_set_node efi_memmap_init_early do_add_efi_memmap efi_memblock_x86_reserve_range trim_snb_memory e820__memory_setup parse_efi_setup parse_setup_data setup_initial_init_mm early_panic efi_systab_init efi_reuse_config tpm2_calc_event_log_size efi_tpm_eventlog_init efi_config_init efi_clean_memmap memblock_overlaps_region dmi_smbios3_present dmi_format_ids dmi_decode_table tsc_early_init trim_bios_range e820__end_of_ram_pfn get_mtrr_var_range amd_special_default_mtrr print_fixed print_mtrr_state get_mtrr_state mtrr_cleanup init_mem_debugging_and_hardening init_trampoline_kaslr x86_get_mtrr_mem_range mtrr_trim_uncached_memory init_cache_modes prandom_bytes_state kernel_randomize_memory e820_end_pfn e820__end_of_low_ram_pfn reserve_brk memblock_set_current_limit e820__memblock_setup efi_esrt_init efi_reserve_boot_services e820__memblock_alloc_reserved pti_check_boottime_disable probe_page_size_mask save_mr init_memory_mapping memory_map_bottom_up init_mem_mapping init_ohci1394_initialize init_ohci1394_wait_for_busresets init_ohci1394_reset_and_init_dma copy_from_early_mem relocate_initrd e820__update_table_print arch_reserve_mem_area reserve_real_mode acpi_reserve_initial_tables acpi_boot_table_init detect_vsmp_box vsmp_cap_cpus io_delay_init acpi_table_init_complete early_acpi_process_madt early_acpi_boot_init numa_meminfo_cover_memory numa_register_memblks numa_init_array numa_init x86_numa_init parse_crashkernel parse_crashkernel_high setup_init_fpu_buf __parse_crashkernel swiotlb_size_or_default reserve_crashkernel_low reserve_crashkernel set_dma_reserve memblock_find_dma_reserve early_pci_scan_bus early_quirks acpi_parse_madt_lapic_entries acpi_boot_init map_fw_vendor memblock_phys_alloc_try_nid fpstate_reset free_area_init_memoryless_node e820_type_to_string firmware_map_add_early e820__reserve_resources e820__register_nosave_regions e820_search_gap therm_lvt_init efi_apply_memmap_quirks setup_arch pcpu_embed_first_chunk pcpu_build_alloc_info vm_area_register_early pcpu_dump_alloc_info pcpu_alloc_first_chunk pcpu_chunk_relocate pcpu_page_first_chunk setup_nr_node_ids setup_cpu_local_masks setup_per_cpu_areas parse_crashkernel_low mtrr_bp_init dmi_walk_early set_task_stack_end_magic absent_pages_in_range cpumask_weight.14092 snb_gfx_workaround_needed initmem_init acpi_parse_spcr print_filtered add_range_with_merge numa_clear_kernel_node_hotplug memblock_allow_resize memblock_mark_mirror memblock_clear_hotplug __free_pages_memory alloc_node_data init_gi_nodes check_dev_quirk append_ordered_lsm ordered_lsm_parse lsm_early_task security_init posix_cputimers_init_work init_timers lookup_address pti_setup_vsyscall build_all_zonelists_init x86_configure_nx x86_report_nx ntp_init tk_set_wall_to_mono timekeeping_init parse_crashkernel_suffix arch_task_cache_init init_cpu_to_node lsm_allowed lsm_set_blob_sizes prepare_lsm initialize_lsm early_security_init tick_init proc_self_init check_xtile_data_against_struct clean_sort_range init_sigframe_size print_xstate_offset_size dcache_init files_init files_maxfiles_init kernfs_init sysfs_init init_mount_tree mnt_init bdev_cache_init kobj_map_init early_reserve_initrd acpi_ut_initialize_interfaces x86_early_init_platform_quirks cgroup_rstat_boot build_id_parse_buf fpu__init_system_xstate init_vmlinux_build_id cgroup_add_dfl_cftypes vmalloc_init init_tg_cfs_entry cleanup_highmap pti_clone_user_shared setup_nr_cpu_ids idt_setup_early_handler memmap_init_reserved_pages efi_map_region_fixed kexec_enter_virtual_mode efi_alloc_page_tables __map_region efi_map_region efi_memmap_init_late kernel_unmap_pages_in_pgd efi_unmap_pages add_preferred_console efi_free_boot_services efi_runtime_update_mappings __efi_enter_virtual_mode efi_enter_virtual_mode chrdev_init sysctl_init proc_sys_init split_mem_range rcu_boot_init_percpu_data cgroup_init_cftypes cgroup_add_cftypes add_bootloader_randomness cgroup_init kernel_physical_mapping_init dcache_init_early rcu_early_boot_tests rcupdate_announce_bootup_oddness rcu_bootup_announce_oddness early_alloc_pgt_buf rcu_dump_rcu_node_tree rcutree_online_cpu rcu_init efi_map_regions map_vsyscall init_ohci1394_soft_reset rcu_init_one anon_vma_init acpi_pic_sci_set_trigger cpu_set_bug_bits rcutree_prepare_cpu perf_event_init_all_cpus setup_node_to_cpumask_map fpu_thread_struct_whitelist __register_nosave_region __split_lock_setup load_ucode_bsp setup_per_cpu_pageset arch_early_ioapic_init reserve_initrd rest_init report_meminit proc_thread_self_init efi_dump_pagetable xfeature_is_aligned topology_smt_supported proc_tty_init early_ioremap_pmd prb_init trace_init setup_zone_pageset create_kmalloc_cache reserve_bootmem_region get_last_crashkernel idt_setup_early_pf create_boot_cache hrtimers_init parse_crashkernel_simple add_to_rb perf_event_init_cpu mem_init_print_info rcu_tasks_bootup_oddness inode_init taskstats_init_early memblock_free_all efi_md_typeattr_format register_trigger_stacktrace_cmd memblock_dump_all spectre_v1_select_mitigation ssb_parse_cmdline fpu__init_system no_hash_pointers_enable kfree_rcu_batch_init efi_setup_page_tables parse_crashkernel_mem cpumask_weight.6042 spectre_v2_parse_cmdline e820__memory_setup_extended cmdline_find_option_bool adjust_range_page_size_mask bootstrap create_kmalloc_caches housekeeping_init radix_tree_init uts_ns_init dmi_present init_trampoline mem_encrypt_init rcu_sync_enter_start register_trigger_cmds stop_nmi init_ohci1394_controller efi_memattr_init register_trigger_traceon_traceoff_cmds cpumask_weight.8211 reset_all_zones_managed_pages fork_init acpi_ut_create_caches mm_init load_ucode_amd_bsp init_espfix_bsp cpuset_init_current_mems_allowed idle_thread_set_boot_cpu memory_map_top_down init_timer_cpus init_sched_fair_class cmdline_find_option console_init idt_setup_traps print_xstate_features init_dl_bandwidth print_xstate_feature pgtable_cache_init early_acpi_osi_init inode_init_early acpi_table_upgrade trace_event_init acpi_osi_dmi_darwin n_tty_init initcall_debug_enable early_identify_cpu setup_bios_corruption_check e820__setup_pci_gap kmem_cache_init pci_iommu_alloc x86_amd_ssb_disable event_trace_init_fields uprobes_init init_rt_rq update_regset_xstate_info identify_boot_cpu free_low_memory_core_early mmap_init nsfs_init sched_init pid_idr_init acpi_mps_check split_lock_setup load_ucode_intel_bsp dump_stack_set_arch_desc srbds_select_mitigation arch_get_random_long_early arch_post_acpi_subsys_init memblock_phys_mem_size apply_microcode_early_amd shmem_init new_kmalloc_cache x86_64_start_kernel trap_init cpu_smt_check_topology init_hw_breakpoint lsm_early_cred e820__finish_early_params get_boot_config_from_initrd per_cpu_pages_init hrtimers_prepare_cpu start_kernel pagecache_init x86_64_start_reservations set_vsmp_ctl proc_caches_init sld_state_setup arch_call_rest_init sld_setup early_acpi_parse_madt_lapic_addr_ovr efi_memattr_apply_permissions irq_set_default_host poking_init e820_add_kernel_range mds_print_mitigation log_buf_add_cpu nsproxy_cache_init register_event_command preallocate_vmalloc_pages percpu_setup_debug_store perf_event_init __xstate_dump_leaves unregister_event_command init_espfix_random mem_init event_trace_memsetup kclist_add cpuset_init e820__memblock_alloc_reserved_mpc_new pcpu_setup_first_chunk acpi_blacklisted vfs_caches_init_early numa_cleanup_meminfo setup_kmalloc_cache_index_table acpi_parse_madt_ioapic_entries mminit_verify_zonelist set_proc_pid_nlink trace_printk_start_comm check_loader_disabled_bsp sort_main_extable restart_nmi event_trace_enable __load_ucode_amd io_apic_init_mappings spectre_v2_select_mitigation x86_read_arch_cap_msr efi_thunk_runtime_setup alternative_instructions proc_root_init time_init proc_create_mount_point rand_initialize proc_net_init print_unknown_bootoptions pti_user_pagetable_walk_pte e820_type_to_iores_desc l1tf_select_mitigation seq_file_init __ssb_select_mitigation acpi_osi_dmi_blacklisted efi_native_runtime_setup rcu_scheduler_starting e820__print_table rcu_test_sync_prims ssb_select_mitigation get_xsaves_size_no_independent acpi_process_madt mds_select_mitigation int3_selftest ioapic_setup_resources reserve_bios_regions l1d_flush_select_mitigation workqueue_init_early register_refined_jiffies proc_init_kmemcache setup_xstate_features init_dl_rq __free_memory_core kaslr_get_random_long key_init prb_record_text_space kzalloc tsx_init srcu_init arch_get_random_seed_long_early efi_find_mirror delayacct_init pti_clone_p4d acpi_early_init acpi_initialize_subsystem acpi_ns_root_initialize acpi_os_predefined_override acpi_ut_mutex_initialize arch_probe_nr_irqs acpi_os_create_cache acpi_os_initialize acpi_reallocate_root_table efi_print_memmap efi_set_virtual_address_map page_writeback_init read_persistent_wall_and_boot_offset memblock_dump init_rootfs mtrr_bp_pat_init init_cfs_rq check_xstate_against_struct init_std_data thread_stack_cache_init dmi_memdev_walk init_cfs_bandwidth lcm init_apic_mappings set_num_var_ranges memblock_trim_memory taa_select_mitigation mp_config_acpi_legacy_irqs efi_thunk_set_virtual_address_map __load_ucode_intel percpu_setup_exception_stacks tick_broadcast_init kmem_cache_init_late check_iommu_entries efi_init cpu_mitigations_auto_nosmt numa_policy_init cpu_mitigations_off dmi_setup early_irq_init cred_init __memblock_dump_all get_phy_reg early_platform_quirks set_vsyscall_pgtable_user_bits match_config_table check_bugs mce_register_decode_chain __build_all_zonelists early_reserve_memory init_ohci1394_dma_on_all_controllers pti_init call_function_init setup_cpu_entry_area cea_map_percpu_pages irq_alloc_matrix parse_early_param dmi_scan_machine init_rt_bandwidth setup_command_line cgroup1_ssid_disabled efi_memmap_entry_valid fpstate_init_user unregister_die_notifier jump_label_init vsmp_init copy_init_mm fpu__init_disable_system_xstate softirq_init efi_systab_check_header efi_delete_dummy_variable page_alloc_init sched_clock_init acpi_subsystem_init ordered_lsm_init boot_cpu_hotplug_init efi_merge_regions apic_validate_deadline_timer efi_config_parse_tables cgroup_add_legacy_cftypes prefill_possible_map boot_cpu_init arch_early_irq_init alloc_ioapic_saved_registers init_IRQ unwind_init setup_log_buf copy_bootdata sort_iommu_table init_xstate_size build_all_zonelists build_zonelists smp_setup_processor_id set_phy_reg crng_initialize_primary crng_init_try_arch_early early_trace_init tracer_alloc_buffers test_can_verify_check wait_bit_init free_saved_cmdlines_buffer early_memremap_ro memblock_x86_reserve_range_setup_data set_memory_nonglobal efi_systab_report_header spectre_v2_parse_user_cmdline efi_mem_desc_end numa_reset_distance memblock_add numa_move_tail_memblk init_range_memory_mapping setup_cpu_entry_areas can_free_region cgroup_init_early spectre_v2_user_select_mitigation init_defrootdomain acpi_os_map_generic_address vfs_caches_init mcheck_init fpu__init_system_generic cgroup_init_subsys register_trigger_enable_disable_cmds acpi_ut_init_globals cgroup_idr_alloc signals_init =o= STOP WATCH[0]: 116.543000 ms Identify Kernel Modules Interface STOP WATCH[0]: 62.030000 ms dynamic KMI #dyn kmi resolved:2279 STOP WATCH[0]: 245.316000 ms Populate indirect callsite using kernel module interface I am expecting a pointer type! got:%struct.rq_qos.299433 = type { %struct.rq_qos_ops.299432*, %struct.request_queue.299459*, i32, %struct.rq_qos.299433*, %struct.dentry.299583* } I am expecting a pointer type! got:%struct.rq_qos.299433 = type { %struct.rq_qos_ops.299432*, %struct.request_queue.299459*, i32, %struct.rq_qos.299433*, %struct.dentry.299583* } ------ KMI STATISTICS ------ # of indirect call sites: 19221 # resolved by KMI:17606 91% # - KMI:6213 32% # - DKMI:4346 22% # (total target) of callee:83028 # undefined-found-m : 5811 30% # undefined-udf-m : 1236 6% # fpara(KMI can not handle, try SVF?): 529 2% # global fptr(try SVF?): 113 0% # cast fptr(try SVF?): 0 0% # call use container_of(), high level type info stripped: 911 4% # unknown pattern:62 0% STOP WATCH[0]: 6190.142000 ms Collect all permission-checked variables and functions Critical functions skipped because of skip func list: 288 STOP WATCH[0]: 320205.262000 ms Collected 1694 critical functions Collected 293 critical variables Collected 314 critical type/fields --- Variables Protected By Gating Function--- nsproxy_cachep CAP_SYS_ADMIN @ ns_capable cgroupns_operations CAP_SYS_ADMIN @ ns_capable uart_set_info._rs CAP_SYS_ADMIN @ capable vt_kmsg_redirect.kmsg_con CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable tty_ldisc_autoload CAP_SYS_MODULE @ capable sg_allow_dio CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check trace_taskinfo_save CAP_SYSLOG @ has_capability_noaudit trace_buffered_event_cnt CAP_SYSLOG @ has_capability_noaudit uevent_sock_mutex CAP_SYS_ADMIN @ netlink_ns_capable m_hash_mask CAP_SYS_ADMIN @ ns_capable ex_mountpoints CAP_SYS_ADMIN @ ns_capable store_rps_map.rps_map_mutex CAP_NET_ADMIN @ capable switch.table.sg_io CAP_SYS_RAWIO @ capable event_mutex CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check cgroup_mutex CAP_SYS_ADMIN @ ns_capable init_cgroup_ns CAP_SYS_ADMIN @ ns_capable cgrp_dfl_root CAP_SYS_ADMIN @ ns_capable trace_percpu_buffer CAP_SYSLOG @ has_capability_noaudit reboot_force CAP_SYS_BOOT @ capable reboot_type CAP_SYS_BOOT @ capable offset_lock CAP_SYS_TIME @ file_ns_capable seccomp_actions_logged CAP_SYS_ADMIN @ capable hpet_freq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable hpet_base.3 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pcc_data CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drm_minors_idr CAP_NET_BROADCAST @ file_ns_capable tty_ldiscs CAP_SYS_MODULE @ capable dmar_global_lock CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cn_proc_event_id CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ __netlink_ns_capable inconsistent check switch.table.intel_overlay_put_image_ioctl.58 CAP_NET_BROADCAST @ file_ns_capable mac80211_config_ops CAP_NET_BROADCAST @ file_ns_capable driver_short_names CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable reg_pdev CAP_NET_BROADCAST @ file_ns_capable sel_class_ops CAP_CHOWN @ avc_has_perm_noaudit uevent_seqnum CAP_SYS_ADMIN @ netlink_ns_capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check core_request_world CAP_NET_BROADCAST @ file_ns_capable module_mutex CAP_SYS_MODULE @ capable acpi_current_gpe_count CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_irq_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable user_alpha2.1 CAP_NET_BROADCAST @ file_ns_capable primary_crng CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable reg_regdb_apply_list CAP_NET_BROADCAST @ file_ns_capable crda_timeout CAP_NET_BROADCAST @ file_ns_capable cfg80211_pernet_ops CAP_NET_BROADCAST @ file_ns_capable debug.54598 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable genl_pernet_ops CAP_NET_BROADCAST @ file_ns_capable check_syslog_permissions.__already_done CAP_SYS_ADMIN @ capable CAP_SYSLOG @ capable CAP_SYS_ADMIN @ capable CAP_SYSLOG @ capable inconsistent check genl_ctrl CAP_NET_BROADCAST @ file_ns_capable ioam6_genl_family CAP_NET_BROADCAST @ file_ns_capable cfg80211_regdomain CAP_NET_BROADCAST @ file_ns_capable ieee80211_debugfs_dir CAP_NET_BROADCAST @ file_ns_capable netlbl_cipsov4_gnl_family CAP_NET_BROADCAST @ file_ns_capable nr_node_ids CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check nl80211_netlink_notifier CAP_NET_BROADCAST @ file_ns_capable compat_elf_format CAP_IPC_LOCK @ capable total_swap_pages CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable mac80211_ht_capa_mod_mask CAP_NET_BROADCAST @ file_ns_capable netlbl_calipso_gnl_family CAP_NET_BROADCAST @ file_ns_capable pipe_mnt CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check cfg80211_rdev_list_generation CAP_NET_BROADCAST @ file_ns_capable ieee80211_dataif_ops CAP_NET_BROADCAST @ file_ns_capable sysctl_protected_regular CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sysctl_hugetlb_shm_group CAP_IPC_LOCK @ capable selinux_state CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_CHOWN @ avc_has_perm_noaudit CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit inconsistent check percpu_counter_batch CAP_SYS_RESOURCE @ capable drv_sta_set_4addr.__already_done CAP_NET_BROADCAST @ file_ns_capable system_power_efficient_wq CAP_NET_BROADCAST @ file_ns_capable ipc_kht_params CAP_IPC_OWNER @ ns_capable iommu_group_store_type._rs CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check ipv6_stub_impl CAP_NET_BROADCAST @ file_ns_capable module_wq CAP_SYS_MODULE @ capable system_wq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mode CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check redirect CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable nl_table CAP_NET_BROADCAST @ file_ns_capable event CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check iommu_syscore_ops CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_kobj CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable lookup_ioctl._ioctls CAP_SYS_ADMIN @ capable pidfd_fops CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable warn_mandlock.__already_done CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable audit_enabled CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check io_uring_fops CAP_SYS_ADMIN @ ns_capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_SYS_RESOURCE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable inconsistent check fg_console CAP_KILL @ ns_capable state CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mtime CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check total_forks CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable drv_leave_ibss.__already_done CAP_NET_BROADCAST @ file_ns_capable keymap_count CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check sit_net_id CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check user_alpha2.0 CAP_NET_BROADCAST @ file_ns_capable vt_dont_switch CAP_SYS_TTY_CONFIG @ capable CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check uts_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable oom_adj_mutex CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable dma_map_single_attrs.__already_done.53989 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable fscontext_fops CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable mac80211_vht_capa_mod_mask CAP_NET_BROADCAST @ file_ns_capable init_struct_pid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable trace_buffered_event CAP_SYSLOG @ has_capability_noaudit i8042_kbd_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cfg80211_netdev_notifier CAP_NET_BROADCAST @ file_ns_capable cleanup_list.64883 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable cfg80211_wq CAP_NET_BROADCAST @ file_ns_capable efivar_sysfs_list CAP_SYS_ADMIN @ capable body_len CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check switch.table.intel_overlay_put_image_ioctl.59 CAP_NET_BROADCAST @ file_ns_capable qdisc_mod_lock CAP_NET_ADMIN @ capable osc_sb_native_usb4_control CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable key_quota_root_maxbytes CAP_SYS_ADMIN @ capable freezer_test_done CAP_SYS_ADMIN @ capable mount_hashtable CAP_SYS_ADMIN @ ns_capable acpi_pci_disabled CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cpu_bit_bitmap CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable reg_requests_list CAP_NET_BROADCAST @ file_ns_capable packet_proto CAP_NET_RAW @ ns_capable seg6_genl_family CAP_NET_BROADCAST @ file_ns_capable delayed_uprobe_lock CAP_IPC_LOCK @ capable kioctx_cachep CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable ioam6_net_ops CAP_NET_BROADCAST @ file_ns_capable hugetlb_file_setup.__already_done CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable pagemap_ops CAP_SYS_ADMIN @ file_ns_capable audit_backlog_wait CAP_NET_BROADCAST @ file_ns_capable next_state CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mq_lock CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ext4_ioctl_checkpoint._rs CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable namespace_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check auditd_conn CAP_NET_BROADCAST @ file_ns_capable swap_avail_heads CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable uid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check aio_nr CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable key_quota_maxkeys CAP_SYS_ADMIN @ capable netlbl_unlabel_gnl_family CAP_NET_BROADCAST @ file_ns_capable cppc_mbox_cl CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_sci_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sysctl_protected_hardlinks CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check alarm_bases CAP_WAKE_ALARM @ capable CAP_WAKE_ALARM @ capable azx_max_codecs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable proc_root_kcore CAP_SYS_RAWIO @ capable key_quota_root_maxkeys CAP_SYS_ADMIN @ capable init_completion.__key.4948 CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable inconsistent check pgdir_shift CAP_SYS_ADMIN @ capable ipv6_bpf_stub_impl CAP_NET_BROADCAST @ file_ns_capable image_size CAP_SYS_ADMIN @ capable intel_iommu_ops CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable mntns_operations CAP_SYS_ADMIN @ ns_capable sel_perm_ops CAP_CHOWN @ avc_has_perm_noaudit nr_files CAP_SYS_ADMIN @ capable aio_max_nr CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable acpi_gbl_fadt_gpe_device CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tcp_cong_list CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable shift_down CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check kexec_load_disabled CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable names_cachep CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check netns_wq CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable max_vals CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check sighand_cachep CAP_IPC_LOCK @ capable switch.table.do_rmdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check acpi_gbl_gpe_lock CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sg_big_buff CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check selinux_null CAP_CHOWN @ avc_has_perm_noaudit __supported_pte_mask CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check switch.table.intel_overlay_put_image_ioctl.57 CAP_NET_BROADCAST @ file_ns_capable modules_disabled CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable netlbl_mgmt_gnl_family CAP_NET_BROADCAST @ file_ns_capable cb_lock CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check prepare_uretprobe._rs CAP_IPC_LOCK @ capable wfile_pos CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mnt_group_ida CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check task_struct_cachep CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable inconsistent check next_tick CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ip6_segments_ops CAP_NET_BROADCAST @ file_ns_capable phys_base CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check delayed_uprobe_list CAP_IPC_LOCK @ capable major CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check wfile CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check futex_atomic_op_inuser._rs CAP_IPC_LOCK @ capable ipip6_tunnel_del_prl.__already_done CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check ipip6_tunnel_add_prl.__already_done CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check alloc_empty_file.old_max CAP_SYS_ADMIN @ capable swap_info CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable C_A_D CAP_SYS_BOOT @ ns_capable iommu_group_store_type._rs.45 CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check cfg80211_user_regdom CAP_NET_BROADCAST @ file_ns_capable init_net CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_SYS_RESOURCE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable CAP_NET_ADMIN @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable inconsistent check kcore_need_update CAP_SYS_RAWIO @ capable sysctl_protected_fifos CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check rdev CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_global_mutex CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check process_counts CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable randomize_va_space CAP_IPC_LOCK @ capable acpi_processor_notifier_block CAP_NET_BROADCAST @ file_ns_capable tty_ldiscs_lock CAP_SYS_MODULE @ capable acpi_processor_cpufreq_init CAP_NET_BROADCAST @ file_ns_capable acpi_processor_driver CAP_NET_BROADCAST @ file_ns_capable nfnetlink_pernet_id CAP_NET_ADMIN @ netlink_net_capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check ioctl_fibmap._rs CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check platform_driver_registered CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable switch.table.rtnetlink_event CAP_NET_BROADCAST @ file_ns_capable crng_init CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable switch.table.selinux_task_to_inode CAP_CHOWN @ avc_has_perm_noaudit cmos_platform_driver CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable least_priority CAP_SYS_ADMIN @ capable i8042_ctr CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tcp_ulp_list CAP_NET_ADMIN @ capable i915_oa_max_sample_rate CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %259 = call zeroext i1 @capable(i32 38) #83 cap_no=38 %125 = call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check first_ec CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable table.66529 CAP_NET_ADMIN @ netlink_net_capable i8042_aux_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable system_transition_mutex CAP_SYS_BOOT @ ns_capable CAP_SYS_ADMIN @ capable inconsistent check in_suspend CAP_SYS_ADMIN @ capable vm_committed_as_batch CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check osc_sb_native_usb4_support_confirmed CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable vm_committed_as CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check uprobes_tree CAP_IPC_LOCK @ capable iommu_irqdomain CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable swap_active_head CAP_SYS_ADMIN @ capable boot_ec_is_ecdt CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nr_swapfiles CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable i8042_debug CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable proc_poll_wait CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable elf_format CAP_IPC_LOCK @ capable pipe_max_size CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check uts_ns_cache CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable default_qdisc_ops CAP_NET_ADMIN @ capable pipefifo_fops CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check dma_map_single_attrs.__already_done.53569 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable init_pid_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable fl_ht CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check xfrm_dispatch CAP_NET_ADMIN @ netlink_net_capable sysctl_perf_event_sample_rate CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check xfrm_msg_min CAP_NET_ADMIN @ netlink_net_capable kauditd_wait CAP_NET_BROADCAST @ file_ns_capable madvise_populate.__already_done CAP_IPC_LOCK @ capable key_quota_maxbytes CAP_SYS_ADMIN @ capable kbd_table CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check secretmem_vm_ops CAP_IPC_LOCK @ capable sysctl_perf_event_paranoid CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check packet_ops_spkt CAP_NET_RAW @ ns_capable module_notify_list CAP_SYS_MODULE @ capable mds_clear_cpu_buffers.ds.9251 CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pm_power_off CAP_SYS_BOOT @ ns_capable sel_write_load._rs CAP_CHOWN @ avc_has_perm_noaudit i8042_kbd_irq_registered CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acct_on_mutex CAP_SYS_PACCT @ capable collected CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sysctl_overcommit_memory CAP_IPC_LOCK @ capable sel_make_bools._rs CAP_CHOWN @ avc_has_perm_noaudit free_ipc_list CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable sel_bool_ops CAP_CHOWN @ avc_has_perm_noaudit sel_write_load._rs.34 CAP_CHOWN @ avc_has_perm_noaudit suid_dumpable CAP_IPC_LOCK @ capable perf_fops CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check amd_iommu_detected CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable zero_pfn CAP_IPC_LOCK @ capable numa_node CAP_IPC_LOCK @ capable name_len CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mmap_min_addr CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable inconsistent check reboot_mode CAP_SYS_BOOT @ capable reboot_default CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable last_request CAP_NET_BROADCAST @ file_ns_capable acpi_gbl_all_gpes_initialized CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable qdisc_base CAP_NET_ADMIN @ capable all_mddevs_lock CAP_SYS_ADMIN @ capable reboot_cpu CAP_SYS_BOOT @ capable intel_iommu_init.__already_done CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable md_misc_wq CAP_SYS_ADMIN @ capable i8042_present CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nl80211_fam CAP_NET_BROADCAST @ file_ns_capable i8042_aux_irq_registered CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable init_completion.__key.57850 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i8042_irq_being_tested CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i8042_aux_irq_delivered CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i8042_start_time CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_map_single_attrs.__already_done.54370 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable force_on CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sel_write_checkreqprot.__already_done CAP_CHOWN @ avc_has_perm_noaudit pci_bus_type CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable chan_info CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dmar_drhd_units CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable intel_iommu_enabled CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable m_hash_shift CAP_SYS_ADMIN @ ns_capable acpi_disabled CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable init_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable amd_iommu_list CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable boot_ec CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable gid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ioport_resource CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable osc_sb_apei_support_acked CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable osc_pc_lpi_support_confirmed CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_detected CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_bus_type CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_noirq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_gbl_events_initialized CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable --- Function Protected By Gating Function--- ata_task_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check ata_cmd_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check pci_enable_device CAP_SYS_ADMIN @ capable pci_disable_device CAP_SYS_ADMIN @ capable from_mnt_ns CAP_SYS_ADMIN @ ns_capable pidns_install CAP_SYS_ADMIN @ ns_capable ipcns_install CAP_SYS_ADMIN @ ns_capable cgroupns_install CAP_SYS_ADMIN @ ns_capable utsns_install CAP_SYS_ADMIN @ ns_capable mntns_install CAP_SYS_ADMIN @ ns_capable netns_install CAP_SYS_ADMIN @ ns_capable copy_fs_struct CAP_SYS_ADMIN @ ns_capable timens_on_fork CAP_SYS_ADMIN @ ns_capable put_pid_ns CAP_SYS_ADMIN @ ns_capable copy_time_ns CAP_SYS_ADMIN @ ns_capable proc_alloc_inum CAP_SYS_ADMIN @ ns_capable serial8250_request_port CAP_SYS_ADMIN @ capable serial8250_release_port CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ldsem_up_write CAP_SYS_MODULE @ capable n_tty_open CAP_SYS_MODULE @ capable n_null_open CAP_SYS_MODULE @ capable n_tty_close CAP_SYS_MODULE @ capable n_null_close CAP_SYS_MODULE @ capable serport_ldisc_open CAP_SYS_MODULE @ capable drm_client_modeset_free CAP_SYS_ADMIN @ capable drm_dev_get CAP_SYS_ADMIN @ capable drm_gem_release CAP_SYS_ADMIN @ capable drm_syncobj_release CAP_SYS_ADMIN @ capable drm_prime_destroy_file_private CAP_SYS_ADMIN @ capable drm_gem_open CAP_SYS_ADMIN @ capable shmem_lock CAP_IPC_LOCK @ ns_capable pci_user_read_config_word CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check pci_user_read_config_byte CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check ring_buffer_discard_commit CAP_SYSLOG @ has_capability_noaudit filter_match_preds CAP_SYSLOG @ has_capability_noaudit ring_buffer_event_data CAP_SYSLOG @ has_capability_noaudit ring_buffer_lock_reserve CAP_SYSLOG @ has_capability_noaudit security_sb_pivotroot CAP_SYS_ADMIN @ ns_capable iomem_is_exclusive CAP_SYS_RAWIO @ capable pci_mmap_fits CAP_SYS_RAWIO @ capable static_key_slow_dec CAP_NET_ADMIN @ capable static_key_slow_inc CAP_NET_ADMIN @ capable housekeeping_cpumask CAP_NET_ADMIN @ capable security_sid_to_context_force CAP_CHOWN @ avc_has_perm_noaudit put_sg_io_hdr CAP_SYS_RAWIO @ capable blk_rq_map_user CAP_SYS_RAWIO @ capable sg_new_read CAP_SYS_RAWIO @ capable trace_event_dyn_put_ref CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check put_ucounts CAP_SYS_RESOURCE @ capable inc_rlimit_ucounts CAP_SYS_RESOURCE @ capable get_ucounts CAP_SYS_RESOURCE @ capable cgroup_do_get_tree CAP_SYS_ADMIN @ ns_capable cgroup_lock_and_drain_offline CAP_SYS_ADMIN @ ns_capable do_madvise CAP_SYS_NICE @ capable set_normalized_timespec64 CAP_SYS_TIME @ file_ns_capable proc_ptrace_connector CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check signal_wake_up_state CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check audit_seccomp_actions_logged CAP_SYS_ADMIN @ capable proc_dostring CAP_SYS_ADMIN @ capable ip_local_deliver CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable ip6_input CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable uart_shutdown CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ip_options_rcv_srr CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable __icmp_send CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable blk_queue_flag_clear CAP_SYS_ADMIN @ capable blk_queue_max_discard_sectors CAP_SYS_ADMIN @ capable kthread_bind_mask CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable kthread_create_on_node CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable irq_set_affinity CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable serial8250_register_8250_port CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_fastcom335_setup CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_connect_tech_setup CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __init_rwsem CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ioremap_cache CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ring_buffer_nest_start CAP_SYSLOG @ has_capability_noaudit devm_free_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable devres_add CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable devres_free CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pcie_capability_clear_and_set_word CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_walk_bus CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable device_set_wakeup_capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_ut_remove_reference CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_ns_attach_object CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_ut_create_internal_object_dbg CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_ns_get_attached_object CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_ns_walk_namespace CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i915_driver_open CAP_SYS_ADMIN @ capable acpi_os_release_lock CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_os_acquire_lock CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_ev_init_global_lock_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_setup_sb_notify_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_sleep_proc_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_user_read_config_dword CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check acpi_ec_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_mmcfg_late_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable serial8250_get_mctrl CAP_SYS_ADMIN @ capable bus_register CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable proc_mkdir CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_install_notify_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_early_processor_osc CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_initialize_objects CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_enable_subsystem CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable free_cgroup_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable acpi_dev_clear_dependencies CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_async_device_register CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable netlink_broadcast CAP_SYS_ADMIN @ netlink_ns_capable irq_domain_remove CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dmar_fault CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable disable_dmar_iommu CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable chroot_fs_refs CAP_SYS_ADMIN @ ns_capable iommu_enable_translation CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_device_register CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_device_sysfs_add CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable register_syscore_ops CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_read32_mbox_5906 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_read32 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_read_indirect_mbox CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_disable_protect_mem_regions CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_set_power_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_reset_hw CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_switch_clocks CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_poll_fw CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_enable_ints CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_halt CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_write_indirect_reg32 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_read_indirect_reg32 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ioread8 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_wakeup_device_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iowrite8 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_clean_rx_ring CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_open CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_phy_reset CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_write_phy_reg CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_read_phy_reg CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_set_phy_loopback CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_free_desc_rings CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable kmalloc_array.53568 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dmar_walk_dsm_resource CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_power_up_phy CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_reset CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable msleep_interruptible CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable init_cgroup_root CAP_SYS_ADMIN @ ns_capable dma_sync_single_for_device CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_configure_k1_ich8lan CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_update_phy_info_task CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_free_desc_rings.53992 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cgroup_free_root CAP_SYS_ADMIN @ ns_capable kmalloc_array.53988 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000e_reset_interrupt_capability CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable usleep_range_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_configure_msix CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000e_up CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_clean_rx_ring.54063 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cpu_latency_qos_remove_request CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_request_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000e_set_interrupt_capability CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_enable_msi CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_write_config_word CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_read_config_word CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable unregister_netdev CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sky2_set_multicast CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable netif_device_attach CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dev_close CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable request_threaded_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_disable_msix CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nv_set_multicast CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable enable_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nv_drain_rxtx CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_map_page_attrs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nv_init_ring CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable disable_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable rtl8139_hw_start CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable napi_enable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_free_attrs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_alloc_attrs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable rtl8169_up CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable phy_attached_info CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable phy_connect_direct CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_read_config_byte CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable yenta_probe_cb_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_get_slot CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_write_config_dword CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable inconsistent check pci_read_config_dword CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable inconsistent check pci_irq_vector CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_free_irq_vectors CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable xhci_run CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __i8042_command CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_intx CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable snd_card_disconnect CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __cleanup_nmi CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drm_syncobj_open CAP_SYS_ADMIN @ capable irq_chip_pm_put CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __irq_wake_thread CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dev_change_tx_queue_len CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check single_open CAP_SYS_ADMIN @ capable uart_set_ldisc CAP_SYS_MODULE @ capable tty_vhangup_self CAP_SYS_TTY_CONFIG @ capable nd_jump_link CAP_SYS_ADMIN @ ns_capable %5 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i1 (%struct.user_namespace.176192*, i32)*)(%struct.user_namespace.176192* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.176192*), i32 40) #83 cap_no=40 inconsistent check shmem_unlock_mapping CAP_IPC_LOCK @ ns_capable CAP_IPC_LOCK @ capable inconsistent check _atomic_dec_and_lock CAP_SYS_ADMIN @ capable security_move_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable kernel_read_file_from_fd CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable bdev_resize_partition CAP_SYS_ADMIN @ capable bdev_del_partition CAP_SYS_ADMIN @ capable jbd2_journal_flush CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable acpi_bus_init_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_set_dma_strict CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable jbd2_journal_lock_updates CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_trim_fs CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_double_up_write_data_sem CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable rhashtable_destroy CAP_IPC_LOCK @ capable ext4_fc_stop_ineligible CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __ext4_journal_stop CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __dquot_free_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __ext4_mark_inode_dirty CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_discard_preallocations CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_reset_inode_seed CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable swap_inode_data CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_ext_tree_init CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_double_down_write_data_sem CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_fc_start_ineligible CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable truncate_inode_pages CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable unpin_user_pages_dirty_lock CAP_IPC_LOCK @ capable copy_page_to_iter CAP_IPC_LOCK @ capable copy_page_from_iter CAP_IPC_LOCK @ capable xol_free_insn_slot CAP_IPC_LOCK @ capable arch_uprobe_pre_xol CAP_IPC_LOCK @ capable arch_uprobe_copy_ixol CAP_IPC_LOCK @ capable arch_uretprobe_is_alive CAP_IPC_LOCK @ capable arch_uretprobe_hijack_return_addr CAP_IPC_LOCK @ capable __uprobe_unregister CAP_IPC_LOCK @ capable page_mapped CAP_IPC_LOCK @ capable page_remove_rmap CAP_IPC_LOCK @ capable blk_rq_unmap_user CAP_SYS_RAWIO @ capable __mmu_notifier_change_pte CAP_IPC_LOCK @ capable __mmu_notifier_invalidate_range CAP_IPC_LOCK @ capable put_css_set_locked CAP_SYS_ADMIN @ ns_capable ptep_clear_flush CAP_IPC_LOCK @ capable __mmu_notifier_invalidate_range_start CAP_IPC_LOCK @ capable pagecache_get_page CAP_IPC_LOCK @ capable is_swbp_insn CAP_IPC_LOCK @ capable stack_trace_save_tsk CAP_SYS_ADMIN @ file_ns_capable kstrdup_quotable CAP_IPC_LOCK @ capable nv_request_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable do_trace_write_msr CAP_IPC_LOCK @ capable generic_access_phys CAP_IPC_LOCK @ capable kernfs_vma_access CAP_IPC_LOCK @ capable vm_access_ttm CAP_IPC_LOCK @ capable dec_rlimit_ucounts CAP_SYS_RESOURCE @ capable vm_access CAP_IPC_LOCK @ capable copy_strings CAP_IPC_LOCK @ capable open_exec CAP_IPC_LOCK @ capable jbd2_journal_unlock_updates CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ww_mutex_unlock CAP_IPC_LOCK @ capable acpi_ec_dsdt_probe CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __i915_gem_object_get_pages CAP_IPC_LOCK @ capable rtl_fw_release_firmware CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable task_work_cancel CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable fixup_pi_state_owner CAP_IPC_LOCK @ capable hrtimer_sleeper_start_expires CAP_IPC_LOCK @ capable __futex_queue CAP_IPC_LOCK @ capable rt_mutex_postunlock CAP_IPC_LOCK @ capable __rt_mutex_futex_unlock CAP_IPC_LOCK @ capable pi_state_update_owner CAP_IPC_LOCK @ capable _dev_notice CAP_SYS_ADMIN @ capable futex_cmpxchg_value_locked CAP_IPC_LOCK @ capable rt_mutex_start_proxy_lock CAP_IPC_LOCK @ capable get_pi_state CAP_IPC_LOCK @ capable futex_wait_setup CAP_IPC_LOCK @ capable wake_up_q CAP_IPC_LOCK @ capable futex_wake_mark CAP_IPC_LOCK @ capable fault_in_user_writeable CAP_IPC_LOCK @ capable __get_task_comm CAP_IPC_LOCK @ capable e1000_irq_disable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable futex_get_value_locked CAP_IPC_LOCK @ capable hrtimer_cancel CAP_IPC_LOCK @ capable futex_unqueue CAP_IPC_LOCK @ capable hugetlb_basepage_index CAP_IPC_LOCK @ capable __futex_unqueue CAP_IPC_LOCK @ capable unlock_page CAP_IPC_LOCK @ capable is_file_shm_hugepages CAP_IPC_LOCK @ capable migrate_pages CAP_IPC_LOCK @ capable unpin_user_pages CAP_IPC_LOCK @ capable lru_add_drain_all CAP_IPC_LOCK @ capable isolate_huge_page CAP_IPC_LOCK @ capable PageHuge CAP_IPC_LOCK @ capable compat_put_bitmap CAP_IPC_LOCK @ capable tg3_frob_aux_power CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable mm_release CAP_IPC_LOCK @ capable put_pi_state CAP_IPC_LOCK @ capable probe_acpi_namespace_devices CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable futex_unqueue_pi CAP_IPC_LOCK @ capable acpi_exception CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable setup_arg_pages CAP_IPC_LOCK @ capable setup_new_exec CAP_IPC_LOCK @ capable set_personality_ia32 CAP_IPC_LOCK @ capable perf_event_exit_task CAP_IPC_LOCK @ capable security_bprm_committing_creds CAP_IPC_LOCK @ capable __set_task_comm CAP_IPC_LOCK @ capable strrchr CAP_IPC_LOCK @ capable perf_event_exec CAP_IPC_LOCK @ capable __azx_runtime_resume CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable do_close_on_exec CAP_IPC_LOCK @ capable __cleanup_sighand CAP_IPC_LOCK @ capable exit_itimers CAP_IPC_LOCK @ capable perf_event_enable CAP_SYS_ADMIN @ capable switch_mm CAP_IPC_LOCK @ capable membarrier_exec_mmap CAP_IPC_LOCK @ capable pci_unlock_rescan_remove CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable handle_mm_fault CAP_IPC_LOCK @ capable iov_iter_advance CAP_SYS_NICE @ capable CAP_IPC_LOCK @ capable inconsistent check __get_user_pages CAP_IPC_LOCK @ capable __ext4_journal_start_sb CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable follow_hugetlb_page CAP_IPC_LOCK @ capable copy_string_kernel CAP_IPC_LOCK @ capable check_vma_flags CAP_IPC_LOCK @ capable get_gate_page CAP_IPC_LOCK @ capable in_gate_area CAP_IPC_LOCK @ capable start_thread CAP_IPC_LOCK @ capable create_elf_tables CAP_IPC_LOCK @ capable vm_mmap CAP_IPC_LOCK @ capable arch_randomize_brk CAP_IPC_LOCK @ capable tg3_request_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable create_elf_tables.18509 CAP_IPC_LOCK @ capable set_binfmt CAP_IPC_LOCK @ capable elf_map.18508 CAP_IPC_LOCK @ capable vm_brk_flags CAP_IPC_LOCK @ capable move_vma CAP_IPC_LOCK @ capable vm_stat_account CAP_IPC_LOCK @ capable selinux_netlbl_socket_connect_locked CAP_CHOWN @ avc_has_perm_noaudit selinux_netlbl_socket_connect CAP_CHOWN @ avc_has_perm_noaudit security_sid_mls_copy CAP_CHOWN @ avc_has_perm_noaudit security_bounded_transition CAP_CHOWN @ avc_has_perm_noaudit current_is_single_threaded CAP_CHOWN @ avc_has_perm_noaudit audit_log_end CAP_CHOWN @ avc_has_perm_noaudit __mmu_notifier_invalidate_range_end CAP_IPC_LOCK @ capable audit_log_n_untrustedstring CAP_CHOWN @ avc_has_perm_noaudit audit_log_format CAP_CHOWN @ avc_has_perm_noaudit audit_log_start CAP_CHOWN @ avc_has_perm_noaudit cap_capable CAP_CHOWN @ avc_has_perm_noaudit security_validate_transition CAP_CHOWN @ avc_has_perm_noaudit security_transition_sid CAP_CHOWN @ avc_has_perm_noaudit tty_ldisc_reinit CAP_SYS_MODULE @ capable __wake_up_parent CAP_CHOWN @ avc_has_perm_noaudit flush_signal_handlers CAP_IPC_LOCK @ capable CAP_CHOWN @ avc_has_perm_noaudit inconsistent check clear_itimer CAP_CHOWN @ avc_has_perm_noaudit no_tty CAP_CHOWN @ avc_has_perm_noaudit pc_nvram_initialize CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable tty_kref_put CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_CHOWN @ avc_has_perm_noaudit inconsistent check update_rlimit_cpu CAP_CHOWN @ avc_has_perm_noaudit iterate_fd CAP_CHOWN @ avc_has_perm_noaudit sel_netnode_sid CAP_CHOWN @ avc_has_perm_noaudit security_validate_transition_user CAP_CHOWN @ avc_has_perm_noaudit simple_read_from_buffer CAP_CHOWN @ avc_has_perm_noaudit memdup_user_nul CAP_CHOWN @ avc_has_perm_noaudit security_change_sid CAP_CHOWN @ avc_has_perm_noaudit security_transition_sid_user CAP_CHOWN @ avc_has_perm_noaudit hex_to_bin CAP_CHOWN @ avc_has_perm_noaudit tty_name CAP_SYS_ADMIN @ capable CAP_SYS_MODULE @ capable inconsistent check avc_ss_reset CAP_CHOWN @ avc_has_perm_noaudit security_get_permissions CAP_CHOWN @ avc_has_perm_noaudit cpumask_weight.6851 CAP_SYS_BOOT @ capable security_get_classes CAP_CHOWN @ avc_has_perm_noaudit d_genocide CAP_CHOWN @ avc_has_perm_noaudit selinux_policy_genfs_sid CAP_CHOWN @ avc_has_perm_noaudit d_alloc_name CAP_CHOWN @ avc_has_perm_noaudit security_get_bools CAP_CHOWN @ avc_has_perm_noaudit get_zeroed_page CAP_CHOWN @ avc_has_perm_noaudit flush_thread CAP_IPC_LOCK @ capable sel_make_dir CAP_CHOWN @ avc_has_perm_noaudit destroy_local_trace_uprobe CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check e1000e_open CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __mnt_want_write CAP_SYS_PACCT @ capable mnt_clone_internal CAP_SYS_PACCT @ capable dev_add_pack CAP_NET_RAW @ ns_capable dev_set_alias CAP_NET_ADMIN @ ns_capable security_task_getscheduler CAP_SYS_NICE @ ns_capable lo_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable md_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable sr_block_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable dm_blk_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable md_compat_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable sd_pr_clear CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable dm_pr_preempt CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable sd_pr_release CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable dm_pr_reserve CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable dm_pr_register CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable sd_pr_register CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable copy_page CAP_IPC_LOCK @ capable md_set_read_only CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable isolate_lru_page CAP_IPC_LOCK @ capable drv_ampdu_action CAP_NET_BROADCAST @ file_ns_capable snd_hwdep_ioctl_compat CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check azx_probe_codecs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable skb_copy_expand CAP_SYS_ADMIN @ netlink_ns_capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check cfg80211_rx_mgmt_khz CAP_NET_BROADCAST @ file_ns_capable consume_skb CAP_NET_BROADCAST @ file_ns_capable acpi_early_processor_set_pdc CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_sta_cap_rx_bw CAP_NET_BROADCAST @ file_ns_capable acpi_sysfs_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drv_event_callback CAP_NET_BROADCAST @ file_ns_capable bdev_add_partition CAP_SYS_ADMIN @ capable mqueue_unlink CAP_FOWNER @ capable_wrt_inode_uidgid skb_copy_bits CAP_NET_BROADCAST @ file_ns_capable __pskb_pull_tail CAP_NET_BROADCAST @ file_ns_capable __ieee80211_rx_h_amsdu CAP_NET_BROADCAST @ file_ns_capable ieee80211_sta_get_rates CAP_NET_BROADCAST @ file_ns_capable translate_table.69877 CAP_NET_ADMIN @ ns_capable dec_usb_memory_use_count CAP_SYS_ADMIN @ capable cfg80211_assoc_timeout CAP_NET_BROADCAST @ file_ns_capable ieee80211_send_4addr_nullfunc CAP_NET_BROADCAST @ file_ns_capable propagate_mount_busy CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check ioam6_exit CAP_NET_BROADCAST @ file_ns_capable ieee80211_setup_sdata CAP_NET_BROADCAST @ file_ns_capable finalize_exec CAP_IPC_LOCK @ capable __neigh_event_send CAP_NET_BROADCAST @ file_ns_capable drv_remove_interface CAP_NET_BROADCAST @ file_ns_capable selinux_status_update_setenforce CAP_CHOWN @ avc_has_perm_noaudit CAP_NET_BROADCAST @ file_ns_capable inconsistent check pci_disable_msi CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check is_subdir CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable security_bprm_committed_creds CAP_IPC_LOCK @ capable write_iter_null CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check gen_replace_estimator CAP_NET_ADMIN @ netlink_ns_capable ieee80211_wake_queues_by_reason CAP_NET_BROADCAST @ file_ns_capable blkdev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check pcie_walk_rcec CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nla_strscpy CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable ieee80211_request_sched_scan_stop CAP_NET_BROADCAST @ file_ns_capable ieee80211_sta_tear_down_BA_sessions CAP_NET_BROADCAST @ file_ns_capable netlink_unicast CAP_NET_BROADCAST @ file_ns_capable refcount_warn_saturate CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TIME @ file_ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable %5 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i1 (%struct.user_namespace.176192*, i32)*)(%struct.user_namespace.176192* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.176192*), i32 40) #83 cap_no=40 CAP_SYS_RESOURCE @ capable CAP_NET_ADMIN @ netlink_ns_capable CAP_SYS_NICE @ capable CAP_IPC_LOCK @ capable CAP_NET_RAW @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_NET_ADMIN @ sk_ns_capable CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_TTY_CONFIG @ capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_FOWNER @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check nl80211_send_iface CAP_NET_BROADCAST @ file_ns_capable dst_release CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check invoke_tx_handlers_late CAP_NET_BROADCAST @ file_ns_capable nl80211_parse_mon_options CAP_NET_BROADCAST @ file_ns_capable cfg80211_iftype_allowed CAP_NET_BROADCAST @ file_ns_capable ieee80211_dfs_cac_cancel CAP_NET_BROADCAST @ file_ns_capable __dquot_alloc_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check ieee80211_clear_tx_pending CAP_NET_BROADCAST @ file_ns_capable serport_ldisc_close CAP_SYS_MODULE @ capable freeze_super CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check anon_inode_getfd CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable may_expand_vm CAP_IPC_LOCK @ capable security_sem_associate CAP_IPC_OWNER @ ns_capable mount_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable percpu_ref_exit CAP_SYS_ADMIN @ capable wiphy_unregister CAP_NET_BROADCAST @ file_ns_capable dissolve_on_fput CAP_SYS_ADMIN @ ns_capable vfs_parse_fs_string CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable hpet_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check security_task_fix_setgid CAP_SETGID @ ns_capable_setid CAP_SETGID @ ns_capable_setid wiphy_regulatory_register CAP_NET_BROADCAST @ file_ns_capable force_sig CAP_IPC_LOCK @ capable get_fs_type CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __put_mountpoint CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable cfg80211_find_elem_match CAP_NET_BROADCAST @ file_ns_capable drm_modeset_lock_all CAP_NET_BROADCAST @ file_ns_capable __do_loopback CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __this_cpu_preempt_check CAP_SYS_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_SYSLOG @ has_capability_noaudit CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ __netlink_ns_capable CAP_NET_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check elf_map CAP_IPC_LOCK @ capable dev_ifsioc CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable inconsistent check mutex_is_locked CAP_NET_BROADCAST @ file_ns_capable perf_event_namespaces CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable dev_get_mac_address CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable inconsistent check ieee80211_sta_join_ibss CAP_NET_BROADCAST @ file_ns_capable kern_path CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable dev_change_proto_down CAP_NET_ADMIN @ ns_capable mnt_warn_timestamp_expiry CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable unregister_pernet_subsys CAP_NET_BROADCAST @ file_ns_capable drm_vblank_get CAP_NET_BROADCAST @ file_ns_capable simple_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid kbd_rate CAP_SYS_TTY_CONFIG @ capable CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check cancel_work_sync CAP_NET_BROADCAST @ file_ns_capable get_device CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check fixup_pi_owner CAP_IPC_LOCK @ capable netdev_master_upper_dev_get CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check fpu__clear_user_states CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check security_context_to_sid_force CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit __rseq_handle_notify_resume CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check rt_mutex_cleanup_proxy_lock CAP_IPC_LOCK @ capable scsi_autopm_put_device CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable set_cpus_allowed_ptr CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __sta_info_recalc_tim CAP_NET_BROADCAST @ file_ns_capable wait_for_completion_timeout CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __usecs_to_jiffies CAP_NET_BROADCAST @ file_ns_capable dir_add CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ip6_route_del CAP_NET_ADMIN @ ns_capable maybe_link CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfs_mknod CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfs_mkdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_del_virtual_monitor CAP_NET_BROADCAST @ file_ns_capable pci_bus_read_config_byte CAP_NET_BROADCAST @ file_ns_capable blkdev_compat_ptr_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable set_regdom CAP_NET_BROADCAST @ file_ns_capable proc_dointvec CAP_NET_ADMIN @ ns_capable msdos_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check io_req_complete_post CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_BLOCK_SUSPEND @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_check_fast_rx_iface CAP_NET_BROADCAST @ file_ns_capable get_user_pages_fast CAP_IPC_LOCK @ capable path_openat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfs_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check lock_rename CAP_CHOWN @ avc_has_perm_noaudit CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_mode_plane_set_obj_prop CAP_NET_BROADCAST @ file_ns_capable audit_log_path_denied CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check nv_free_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable security_compute_av_user CAP_CHOWN @ avc_has_perm_noaudit cfg80211_sme_auth_timeout CAP_NET_BROADCAST @ file_ns_capable generic_setlease CAP_LEASE @ capable vm_mmap_pgoff CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable tty_lock CAP_SYS_MODULE @ capable step_into CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check io_allocate_scq_urings CAP_IPC_LOCK @ capable kfree_skb_list CAP_NET_BROADCAST @ file_ns_capable ramfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check path_init CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check find_get_context CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check drv_get_tsf CAP_NET_BROADCAST @ file_ns_capable fat_compat_dir_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check fsync_bdev CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable stream_open CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check msdos_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check isofs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check security_inode_unlink CAP_FOWNER @ capable_wrt_inode_uidgid udp_abort CAP_NET_ADMIN @ ns_capable proc_map_files_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernel_wait CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable inconsistent check lock_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable proc_tgid_net_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check bad_inode_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_sys_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check rtc_cmos_write CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable user_shm_lock CAP_IPC_LOCK @ capable filp_open CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check security_perf_event_open CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check pci_dev_put CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable simple_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_lookupfdinfo CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check netdev_info CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_ADMIN @ netlink_capable inconsistent check inotify_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ieee80211_wake_vif_queues CAP_NET_BROADCAST @ file_ns_capable d_obtain_alias CAP_CHOWN @ avc_has_perm_noaudit nfs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_stop_queues_by_reason CAP_NET_BROADCAST @ file_ns_capable bad_inode_atomic_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check nfs_atomic_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_root_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check current_umask CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check try_to_unlazy CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_attr_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check bsg_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check release_dentry_name_snapshot CAP_FOWNER @ capable_wrt_inode_uidgid proc_ns_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check get_task_io_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ext4_xattr_user_get CAP_SYS_ADMIN @ capable iomem_get_mapping CAP_SYS_RAWIO @ capable d_invalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_master_open CAP_SYS_ADMIN @ capable ring_buffer_unlock_commit CAP_SYSLOG @ has_capability_noaudit ieee80211_if_remove CAP_NET_BROADCAST @ file_ns_capable unregister_inetaddr_notifier CAP_NET_BROADCAST @ file_ns_capable local_bh_enable.69882 CAP_NET_ADMIN @ ns_capable kernfs_dop_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernel_halt CAP_SYS_BOOT @ ns_capable nfs4_lookup_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check synchronize_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drm_lease_held CAP_NET_BROADCAST @ file_ns_capable __vfs_setxattr_noperm CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable inconsistent check strnlen_user CAP_IPC_LOCK @ capable ieee80211_send_delba CAP_NET_BROADCAST @ file_ns_capable vfat_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __tty_hangup CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ida_free CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check autofs_dev_ioctl_compat CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check drv_sta_state CAP_NET_BROADCAST @ file_ns_capable fget CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check ipv6_sysctl_register CAP_NET_BROADCAST @ file_ns_capable ida_alloc_range CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check check_zeroed_user CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check walk_page_range CAP_SYS_ADMIN @ file_ns_capable hugetlbfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_send_event_timestamp_locked CAP_NET_BROADCAST @ file_ns_capable xt_match_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable fat_trim_fs CAP_LINUX_IMMUTABLE @ capable CAP_SYS_ADMIN @ capable inconsistent check init_mkdir CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check lookup_user_key CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ieee80211_freq_khz_to_channel CAP_NET_BROADCAST @ file_ns_capable ext4_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check take_dentry_name_snapshot CAP_FOWNER @ capable_wrt_inode_uidgid find_extend_vma CAP_IPC_LOCK @ capable autofs_root_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check strscpy_pad CAP_NET_BROADCAST @ file_ns_capable rpc_pipe_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check snd_timer_user_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check drv_event_callback.74675 CAP_NET_BROADCAST @ file_ns_capable cfg80211_unregister_wdev CAP_NET_BROADCAST @ file_ns_capable __drm_atomic_state_free CAP_NET_BROADCAST @ file_ns_capable dm_pr_release CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ieee80211_sta_rx_bw_to_chan_width CAP_NET_BROADCAST @ file_ns_capable drv_change_interface CAP_NET_BROADCAST @ file_ns_capable fat_generic_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check drm_crtc_check_viewport CAP_NET_BROADCAST @ file_ns_capable sock_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check autofs_dev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check e1000e_reset CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drm_atomic_helper_update_plane CAP_NET_BROADCAST @ file_ns_capable out_of_line_wait_on_bit CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check import_single_range CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check hrtimer_start_range_ns CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_BLOCK_SUSPEND @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dma_buf_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check sync_file_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check wiphy_sysfs_exit CAP_NET_BROADCAST @ file_ns_capable hidraw_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check complete_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_if_add CAP_NET_BROADCAST @ file_ns_capable security_inode_removexattr CAP_SYS_ADMIN @ capable cache_ioctl_pipefs CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ieee80211_stop_tx_ba_cb CAP_NET_BROADCAST @ file_ns_capable random_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check rtc_dev_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check proc_reg_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check igmp6_late_cleanup CAP_NET_BROADCAST @ file_ns_capable pps_cdev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ieee80211_key_free CAP_NET_BROADCAST @ file_ns_capable mm_trace_rss_stat CAP_IPC_LOCK @ capable nvram_misc_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ieee80211_vif_copy_chanctx_to_vlans CAP_NET_BROADCAST @ file_ns_capable hung_up_tty_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check evdev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check drm_client_dev_restore CAP_NET_BROADCAST @ file_ns_capable __cpuhp_remove_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable vfs_link CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check panic CAP_SYS_MODULE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check inode_owner_or_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dev_mc_del CAP_NET_ADMIN @ netlink_capable scsi_autopm_get_host CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check cfg80211_abandon_assoc CAP_NET_BROADCAST @ file_ns_capable generic_file_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check ieee80211_deliver_skb CAP_NET_BROADCAST @ file_ns_capable security_inode_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check randomize_stack_top CAP_IPC_LOCK @ capable __init_swait_queue_head CAP_SYS_ADMIN @ ns_capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_SYS_PACCT @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_NET_RAW @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check blk_rq_map_kern CAP_SYS_RAWIO @ capable ip_tunnel_bind_dev CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable io_rsrc_node_switch CAP_SYS_ADMIN @ ns_capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_SYS_RESOURCE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable inconsistent check new_inode CAP_CHOWN @ avc_has_perm_noaudit nlmsg_notify CAP_NET_BROADCAST @ file_ns_capable posix_clock_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check wbinvd_on_cpu CAP_SYS_ADMIN @ capable snapshot_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ktime_add_safe CAP_WAKE_ALARM @ capable cgroup_cancel_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ieee80211_mgd_quiesce CAP_NET_BROADCAST @ file_ns_capable sta_info_get CAP_NET_BROADCAST @ file_ns_capable cgroup_post_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable scsi_try_bus_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check wait_for_owner_exiting CAP_IPC_LOCK @ capable ipip6_dellink CAP_NET_ADMIN @ netlink_ns_capable cfg80211_chandef_valid CAP_NET_BROADCAST @ file_ns_capable efivar_entry_iter_begin CAP_SYS_ADMIN @ capable hung_up_tty_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check loop_control_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check d_add CAP_CHOWN @ avc_has_perm_noaudit ieee80211_release_reorder_frame CAP_NET_BROADCAST @ file_ns_capable vfs_create_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable snd_hwdep_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check exportfs_decode_fh CAP_DAC_READ_SEARCH @ capable sched_post_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable exit_thread CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable d_exchange CAP_CHOWN @ avc_has_perm_noaudit CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check _raw_write_unlock_irq CAP_SYS_ADMIN @ ns_capable CAP_SYS_PTRACE @ ns_capable CAP_SYS_RAWIO @ capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_ADMIN @ ns_capable inconsistent check __SCT__tp_func_task_newtask CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable kernfs_vfs_xattr_get CAP_SYS_ADMIN @ capable __ptrace_link CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable drv_mgd_complete_tx CAP_NET_BROADCAST @ file_ns_capable credit_entropy_bits CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable get_seccomp_filter CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable auditd_reset CAP_NET_BROADCAST @ file_ns_capable lock_two_nondirectories CAP_FOWNER @ capable_wrt_inode_uidgid intel_irq_postinstall CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable vfs_rmdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __ipv6_dev_ac_inc CAP_NET_ADMIN @ ns_capable rtc_dev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check proc_reg_unlocked_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check serial8250_config_port CAP_SYS_ADMIN @ capable ttm_bo_vm_access CAP_IPC_LOCK @ capable ieee80211_data_to_8023_exthdr CAP_NET_BROADCAST @ file_ns_capable nv_set_loopback CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable exit_task_namespaces CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable e1000_irq_enable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable strndup_user CAP_SYS_TTY_CONFIG @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check cgroup_can_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable mddev_unlock CAP_SYS_ADMIN @ capable user_disable_single_step CAP_SYS_ADMIN @ ns_capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable inconsistent check drm_connector_free CAP_NET_BROADCAST @ file_ns_capable __SCT__tp_func_drv_return_void CAP_NET_BROADCAST @ file_ns_capable __SCT__tp_func_azx_resume CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable kernfs_iop_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_framebuffer_lookup CAP_NET_BROADCAST @ file_ns_capable kernel_power_off CAP_SYS_BOOT @ ns_capable create_new_namespaces CAP_SYS_ADMIN @ ns_capable vt_reset_unicode CAP_KILL @ ns_capable access_process_vm CAP_IPC_LOCK @ capable ieee80211_set_mon_options CAP_NET_BROADCAST @ file_ns_capable cfg80211_rdev_free_coalesce CAP_NET_BROADCAST @ file_ns_capable do_truncate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check device_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check alloc_pid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable rtnl_create_link CAP_NET_ADMIN @ netlink_ns_capable get_net_ns_by_id CAP_NET_ADMIN @ netlink_ns_capable ring_buffer_write CAP_SYSLOG @ has_capability_noaudit reset_palette CAP_KILL @ ns_capable cfg80211_rx_unexpected_4addr_frame CAP_NET_BROADCAST @ file_ns_capable amd_set_subcaches CAP_SYS_ADMIN @ capable copy_thread CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable vfs_clean_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable unpin_user_page CAP_IPC_LOCK @ capable kill_ioctx CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable scsi_try_host_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check put_io_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable filename_parentat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_event_cancel_free CAP_NET_BROADCAST @ file_ns_capable dev_uc_del CAP_NET_ADMIN @ netlink_capable dm_ctl_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check serial_do_unlink CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable uts_proc_notify CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable mount_too_revealing CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __netif_set_xps_queue CAP_NET_ADMIN @ ns_capable set_blocksize CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable init_chmod CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check task_join_group_stop CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable anon_inode_getfile_secure CAP_SYS_ADMIN @ ns_capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_SYS_RESOURCE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable inconsistent check __SCT__might_resched CAP_SYS_RAWIO @ capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_PTRACE @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_CHOWN @ avc_has_perm_noaudit CAP_SYS_RESOURCE @ capable inconsistent check terminate_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ns_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check crng_reseed CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable seccomp_notify_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check i915_perf_fini CAP_NET_BROADCAST @ file_ns_capable __nla_parse CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check e100_up CAP_NET_RAW @ file_ns_capable vfat_revalidate_ci CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_crtc_vblank_put CAP_NET_BROADCAST @ file_ns_capable io_rsrc_node_switch_start CAP_SYS_ADMIN @ ns_capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_SYS_RESOURCE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable inconsistent check exit_swap_address_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable pci_config_pm_runtime_get CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check selinux_netlbl_cache_invalidate CAP_NET_BROADCAST @ file_ns_capable __starget_for_each_device CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check proc_fork_connector CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable d_alloc_parallel CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check tcf_proto_destroy CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable proc_sys_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check nl80211_notify_iface CAP_NET_BROADCAST @ file_ns_capable flush_workqueue CAP_NET_BROADCAST @ file_ns_capable change_mnt_propagation CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check memcmp_pages CAP_IPC_LOCK @ capable __tcf_chain_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable netdev_state_change CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check dm_issue_global_event CAP_SYS_ADMIN @ capable drm_mode_object_get CAP_NET_BROADCAST @ file_ns_capable nla_strcmp CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable perf_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check efivar_entry_set CAP_SYS_ADMIN @ capable vfs_get_tree CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __ip_tunnel_create CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable copy_net_ns CAP_SYS_ADMIN @ ns_capable security_context_str_to_sid CAP_CHOWN @ avc_has_perm_noaudit ieee80211_do_open CAP_NET_BROADCAST @ file_ns_capable __ew32 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable bad_inode_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check simple_rename CAP_FOWNER @ capable_wrt_inode_uidgid perf_event_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable blkdev_get_by_dev CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable drm_gem_object_free CAP_NET_BROADCAST @ file_ns_capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable inconsistent check efivar_entry_iter_end CAP_SYS_ADMIN @ capable set_cred_ucounts CAP_IPC_LOCK @ capable CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid inconsistent check nv_update_linkspeed CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable do_trace_read_msr CAP_IPC_LOCK @ capable switch_task_namespaces CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable drm_is_current_master CAP_NET_BROADCAST @ file_ns_capable munlock_vma_page CAP_IPC_LOCK @ capable mq_find CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable rdev_del_virtual_intf CAP_NET_BROADCAST @ file_ns_capable vfs_truncate CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check tcp_abort CAP_NET_ADMIN @ ns_capable security_get_user_sids CAP_CHOWN @ avc_has_perm_noaudit local_bh_enable.73606 CAP_NET_BROADCAST @ file_ns_capable i915_gem_driver_unregister CAP_NET_BROADCAST @ file_ns_capable may_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check reenable_swap_slots_cache_unlock CAP_SYS_ADMIN @ capable sysfs_streq CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check drv_channel_switch CAP_NET_BROADCAST @ file_ns_capable pps_cdev_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check __tcf_qdisc_find CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable unregister_netdevice_queue CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check exit_io_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ext4_xattr_hurd_get CAP_SYS_ADMIN @ capable nl80211_notify_wiphy CAP_NET_BROADCAST @ file_ns_capable shmem_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check cfg80211_auth_timeout CAP_NET_BROADCAST @ file_ns_capable ieee80211_set_sdata_offload_flags CAP_NET_BROADCAST @ file_ns_capable lookup_fast CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check tid_fd_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_ns_file CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check qdisc_notify CAP_NET_ADMIN @ netlink_ns_capable do_blank_screen CAP_KILL @ ns_capable netlbl_unlabel_genl_init CAP_NET_BROADCAST @ file_ns_capable tcp_set_congestion_control CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable efivar_validate CAP_SYS_ADMIN @ capable pci_config_pm_runtime_put CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check selinux_netlbl_err CAP_CHOWN @ avc_has_perm_noaudit scsi_autopm_put_host CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check init_chown CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check hpet_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check destroy_workqueue CAP_NET_BROADCAST @ file_ns_capable avc_set_cache_threshold CAP_CHOWN @ avc_has_perm_noaudit bitmap_zalloc CAP_NET_ADMIN @ ns_capable xt_compat_add_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable raw_abort CAP_NET_ADMIN @ ns_capable drm_atomic_state_alloc CAP_NET_BROADCAST @ file_ns_capable security_read_policy CAP_CHOWN @ avc_has_perm_noaudit cgroup_leave_frozen CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable inconsistent check io_ring_ctx_wait_and_kill CAP_IPC_LOCK @ capable pipe_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check sta_info_free CAP_NET_BROADCAST @ file_ns_capable filemap_write_and_wait_range CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable rfkill_fop_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check dev_set_group CAP_NET_ADMIN @ ns_capable mdio_ctrl_hw CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable wake_up_state CAP_IPC_LOCK @ capable alloc_file_pseudo CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check do_unblank_screen CAP_KILL @ ns_capable sg_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check fc_drop_locked CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable compat_sock_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check do_move_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable compat_table_info CAP_NET_ADMIN @ ns_capable io_req_find_next CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_BLOCK_SUSPEND @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check init_mknod CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check compat_arch_setup_additional_pages CAP_IPC_LOCK @ capable xt_compat_match_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable commit_creds CAP_SETGID @ ns_capable_setid CAP_SETGID @ ns_capable_setid CAP_IPC_LOCK @ capable CAP_CHOWN @ avc_has_perm_noaudit CAP_SETPCAP @ ns_capable CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid CAP_SETGID @ ns_capable_setid inconsistent check drm_atomic_helper_disable_plane CAP_NET_BROADCAST @ file_ns_capable put_old_itimerspec32 CAP_WAKE_ALARM @ capable drm_gem_handle_create CAP_NET_BROADCAST @ file_ns_capable ext4_claim_free_clusters CAP_SYS_RESOURCE @ capable dev_change_flags CAP_NET_ADMIN @ ns_capable invalidate_bdev CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable llist_add_batch CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable drm_modeset_backoff CAP_NET_BROADCAST @ file_ns_capable _raw_write_unlock CAP_NET_ADMIN @ capable percpu_ref_resurrect CAP_SYS_ADMIN @ capable slow_avc_audit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit rdev_add_virtual_intf CAP_NET_BROADCAST @ file_ns_capable _dev_err CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable inconsistent check __setup_rt_frame CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check blk_queue_flag_set CAP_SYS_ADMIN @ capable unregister_netdevice_many CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check security_inode_setxattr CAP_SYS_ADMIN @ capable ieee80211_vif_change_bandwidth CAP_NET_BROADCAST @ file_ns_capable __SCT__tp_func_io_uring_create CAP_SYS_ADMIN @ ns_capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_SYS_RESOURCE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable inconsistent check proc_tid_base_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sock_create_kern CAP_SYS_ADMIN @ ns_capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_SYS_RESOURCE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable inconsistent check dm_pr_clear CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __sta_info_flush CAP_NET_BROADCAST @ file_ns_capable cfg80211_init_wdev CAP_NET_BROADCAST @ file_ns_capable do_kexec_load CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable blk_rq_init CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check _ieee80211_start_next_roc CAP_NET_BROADCAST @ file_ns_capable ieee80211_free_txskb CAP_NET_BROADCAST @ file_ns_capable cfg80211_put_bss CAP_NET_BROADCAST @ file_ns_capable fl_release CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check free_netdev CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check filename_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check fsnotify CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable inconsistent check tg3_restart_hw CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_mgd_probe_ap_send CAP_NET_BROADCAST @ file_ns_capable vfs_tmpfile CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check efivar_create_sysfs_entry CAP_SYS_ADMIN @ capable proc_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __ieee80211_recalc_txpower CAP_NET_BROADCAST @ file_ns_capable rt6_lookup CAP_NET_ADMIN @ ns_capable rtnl_register CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check ieee80211_send_null_response CAP_NET_BROADCAST @ file_ns_capable drv_suspend CAP_NET_BROADCAST @ file_ns_capable kernel_sigaction CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable inconsistent check bcmp CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_NET_RAW @ file_ns_capable inconsistent check io_uring_alloc_task_context CAP_SYS_ADMIN @ ns_capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable inconsistent check ring_buffer_nest_end CAP_SYSLOG @ has_capability_noaudit i915_ioc32_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check device_is_bound CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check cfg80211_tx_mlme_mgmt CAP_NET_BROADCAST @ file_ns_capable mod_node_page_state CAP_IPC_LOCK @ capable iowrite32 CAP_NET_BROADCAST @ file_ns_capable ext4_xattr_security_get CAP_SYS_ADMIN @ capable blk_execute_rq CAP_SYS_RAWIO @ capable __d_lookup_done CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pgprot_writecombine CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable drm_dev_exit CAP_SYS_ADMIN @ capable acpi_sleep_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable security_member_sid CAP_CHOWN @ avc_has_perm_noaudit xt_find_revision CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable io_worker_ref_put CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check path_lookupat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check call_blocking_lsm_notifier CAP_CHOWN @ avc_has_perm_noaudit CAP_NET_BROADCAST @ file_ns_capable inconsistent check kvfree_call_rcu CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_NET_ADMIN @ netlink_ns_capable CAP_IPC_LOCK @ capable CAP_NET_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_NET_RAW @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_NET_ADMIN @ netlink_ns_capable CAP_IPC_LOCK @ capable inconsistent check tg3_ptp_enable CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable ieee80211_hw_config CAP_NET_BROADCAST @ file_ns_capable security_shm_associate CAP_IPC_OWNER @ ns_capable autofs_root_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check regulatory_propagate_dfs_state CAP_NET_BROADCAST @ file_ns_capable kernfs_fop_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check ieee80211_destroy_frag_cache CAP_NET_BROADCAST @ file_ns_capable acpi_bus_trim CAP_NET_BROADCAST @ file_ns_capable drop_super_exclusive CAP_SYS_ADMIN @ capable cfg80211_shutdown_all_interfaces CAP_NET_BROADCAST @ file_ns_capable register_netdevice CAP_NET_ADMIN @ netlink_ns_capable drm_mode_object_put CAP_NET_BROADCAST @ file_ns_capable mq_leaf CAP_NET_ADMIN @ netlink_ns_capable drm_modeset_lock CAP_NET_BROADCAST @ file_ns_capable phy_set_max_speed CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_recalc_smps CAP_NET_BROADCAST @ file_ns_capable wiphy_all_share_dfs_chan_state CAP_NET_BROADCAST @ file_ns_capable qdisc_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable free_pid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __SCT__cond_resched CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_BLOCK_SUSPEND @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ file_ns_capable CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable CAP_DAC_OVERRIDE @ avc_has_perm_noaudit CAP_FOWNER @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable inconsistent check netdev_printk CAP_NET_RAW @ file_ns_capable ip6_route_add CAP_NET_ADMIN @ ns_capable find_task_by_vpid CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check __mark_inode_dirty CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check arch_uprobe_ignore CAP_IPC_LOCK @ capable ieee80211_recalc_min_chandef CAP_NET_BROADCAST @ file_ns_capable ww_mutex_lock_interruptible CAP_IPC_LOCK @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check alloc_file_clone CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check ieee80211_process_measurement_req CAP_NET_BROADCAST @ file_ns_capable tty_unlock CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable inconsistent check __lookup_slow CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_lookupfd CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __hw_addr_init CAP_NET_BROADCAST @ file_ns_capable file_update_time CAP_FSETID @ capable thaw_super CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check drm_mode_convert_to_umode CAP_NET_BROADCAST @ file_ns_capable __request_region CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000e_phc_enable CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable mii_ethtool_sset CAP_NET_RAW @ file_ns_capable e100_loopback_test CAP_NET_RAW @ file_ns_capable dev_ethtool CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable inconsistent check snd_ctl_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check hung_up_tty_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check x86_pmu_aux_output_match CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check vfat_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid cgroup_enter_frozen CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable inconsistent check io_uring_add_tctx_node CAP_SYS_ADMIN @ ns_capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_SYS_RESOURCE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable inconsistent check sysfs_remove_link CAP_NET_BROADCAST @ file_ns_capable insert_pfn CAP_SYS_ADMIN @ capable fd_install CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_NICE @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable inconsistent check serial8250_pm CAP_SYS_ADMIN @ capable nfs_unlink CAP_FOWNER @ capable_wrt_inode_uidgid nfs4_have_delegation CAP_LEASE @ capable atomic_dec_and_mutex_lock CAP_NET_BROADCAST @ file_ns_capable cfg80211_ref_bss CAP_NET_BROADCAST @ file_ns_capable acpi_install_table_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable io_queue_async_work CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_BLOCK_SUSPEND @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check init_utimes CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check netlbl_skbuff_err CAP_CHOWN @ avc_has_perm_noaudit unregister_netdevice_notifier CAP_NET_BROADCAST @ file_ns_capable nv_stop_rxtx CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cfg80211_sme_deauth CAP_NET_BROADCAST @ file_ns_capable truncate_setsize CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable cpumask_weight.18138 CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable __mmap_lock_do_trace_start_locking CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ file_ns_capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable inconsistent check down_write_killable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable tcf_proto_lookup_ops CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable fs_context_for_reconfigure CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check blk_rq_map_user_iov CAP_SYS_RAWIO @ capable check_cgroupfs_options CAP_SYS_ADMIN @ ns_capable scsi_run_host_queues CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check pipe_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check local_bh_enable.69575 CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check security_sb_umount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check ieee80211_reconfig CAP_NET_BROADCAST @ file_ns_capable cfg80211_sta_opmode_change_notify CAP_NET_BROADCAST @ file_ns_capable drm_property_change_valid_get CAP_NET_BROADCAST @ file_ns_capable ieee80211_roc_purge CAP_NET_BROADCAST @ file_ns_capable bitmap_free CAP_NET_ADMIN @ ns_capable ieee80211_led_exit CAP_NET_BROADCAST @ file_ns_capable rfkill_set_block CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable acpi_get_handle CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable rt_cache_flush CAP_NET_ADMIN @ ns_capable nfs_umount_begin CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check dm_compat_ctl_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check compat_ptr_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check acpi_evaluate_integer CAP_NET_BROADCAST @ file_ns_capable register_pernet_subsys CAP_NET_BROADCAST @ file_ns_capable attach_recursive_mnt CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __io_free_req CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_BLOCK_SUSPEND @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check init_link CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check lru_cache_add_inactive_or_unevictable CAP_IPC_LOCK @ capable qdisc_put_unlocked CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable parse_monolithic_mount_data CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check _dev_warn CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check remove_proc_entry CAP_NET_BROADCAST @ file_ns_capable cpus_read_lock CAP_NET_ADMIN @ ns_capable nfs_lookup_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_managed_release CAP_NET_BROADCAST @ file_ns_capable ihold CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable inconsistent check i915_ttm_adjust_lru CAP_IPC_LOCK @ capable nfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check round_jiffies CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check drm_primary_helper_update CAP_NET_BROADCAST @ file_ns_capable proc_sys_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check namespace_unlock CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check pci_xr17v35x_setup CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable _find_first_bit CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check put_mnt_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check iommu_set_root_entry CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __folio_lock CAP_IPC_LOCK @ capable set_fs_pwd CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check neigh_del CAP_NET_BROADCAST @ file_ns_capable set_fs_root CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check debug_smp_processor_id %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ capable CAP_NET_ADMIN @ __netlink_ns_capable inconsistent check link_path_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check perf_event_set_output CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check lo_compat_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable dquot_add_space CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable bad_area CAP_IPC_LOCK @ capable fs_context_for_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable io_sq_offload_create CAP_IPC_LOCK @ capable ieee80211_offchannel_return CAP_NET_BROADCAST @ file_ns_capable dev_set_mtu CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable sr_reset CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable nfs4_xattr_get_nfs4_acl CAP_SYS_ADMIN @ capable ieee80211_stop_device CAP_NET_BROADCAST @ file_ns_capable cpus_read_unlock CAP_NET_ADMIN @ ns_capable debugfs_remove CAP_NET_BROADCAST @ file_ns_capable ieee80211_queue_work CAP_NET_BROADCAST @ file_ns_capable idr_replace CAP_NET_BROADCAST @ file_ns_capable snd_seq_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check sockfs_xattr_get CAP_SYS_ADMIN @ capable ieee80211_sta_cur_vht_bw CAP_NET_BROADCAST @ file_ns_capable sd_config_write_same CAP_SYS_ADMIN @ capable tty_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check arp_hash CAP_NET_BROADCAST @ file_ns_capable shmem_xattr_handler_get CAP_SYS_ADMIN @ capable ieee80211_ibss_add_sta CAP_NET_BROADCAST @ file_ns_capable drm_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check disable_swap_slots_cache_lock CAP_SYS_ADMIN @ capable _find_next_bit CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check scsi_init_command CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check ext4_xattr_trusted_get CAP_SYS_ADMIN @ capable rtnl_fdb_notify CAP_NET_ADMIN @ netlink_capable security_inode_getxattr CAP_SYS_ADMIN @ capable security_inode_getsecurity CAP_SYS_ADMIN @ capable futex_q_lock CAP_IPC_LOCK @ capable __SCT__tp_func_drm_vblank_event_delivered CAP_NET_BROADCAST @ file_ns_capable ata_acpi_dev_notify_dock CAP_NET_BROADCAST @ file_ns_capable __break_lease CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable inconsistent check mon_bin_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check umount_tree CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check __vfs_removexattr CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable inconsistent check posix_clock_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check proc_task_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __tcf_block_find CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable __SCT__tp_func_drv_channel_switch_beacon CAP_NET_BROADCAST @ file_ns_capable __tcf_get_next_proto CAP_NET_ADMIN @ netlink_ns_capable tcf_chain_flush CAP_NET_ADMIN @ netlink_ns_capable idr_remove CAP_NET_BROADCAST @ file_ns_capable ieee80211_recalc_ps CAP_NET_BROADCAST @ file_ns_capable tcf_fill_node CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable nfs_file_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check ieee80211_flush_queues CAP_NET_BROADCAST @ file_ns_capable map_files_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check task_set_jobctl_pending CAP_SYS_ADMIN @ ns_capable CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_ADMIN @ ns_capable inconsistent check tcf_proto_signal_destroying CAP_NET_ADMIN @ netlink_ns_capable ieee80211_recalc_ps_vif CAP_NET_BROADCAST @ file_ns_capable cfg80211_register_wdev CAP_NET_BROADCAST @ file_ns_capable security_sb_kern_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable drm_atomic_set_property CAP_NET_BROADCAST @ file_ns_capable ext4_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check snapshot_image_loaded CAP_SYS_ADMIN @ capable ieee80211_vht_handle_opmode CAP_NET_BROADCAST @ file_ns_capable audit_log_multicast CAP_AUDIT_READ @ capable efivar_entry_find CAP_SYS_ADMIN @ capable i915_gem_ww_ctx_fini CAP_NET_BROADCAST @ file_ns_capable perf_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check selnl_notify_setenforce CAP_CHOWN @ avc_has_perm_noaudit __tcf_block_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable rate_control_rate_update CAP_NET_BROADCAST @ file_ns_capable i915_perf_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check drm_lease_filter_crtcs CAP_NET_BROADCAST @ file_ns_capable dma_sync_single_for_cpu CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_RAW @ file_ns_capable inconsistent check driver_unregister CAP_NET_BROADCAST @ file_ns_capable mqueue_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check rtnl_configure_link CAP_NET_ADMIN @ netlink_ns_capable exit_shm CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable rtc_set_time CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TIME @ capable inconsistent check set_user CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid rdev_set_wakeup CAP_NET_BROADCAST @ file_ns_capable vm_get_page_prot CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable ieee80211_free_keys_iface CAP_NET_BROADCAST @ file_ns_capable simple_unlink CAP_FOWNER @ capable_wrt_inode_uidgid replace_fd CAP_CHOWN @ avc_has_perm_noaudit __SCT__tp_func_ext4_shutdown CAP_SYS_ADMIN @ capable compat_blkdev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check security_task_fix_setuid CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid uprobe_copy_process CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable security_locked_down CAP_SYS_BOOT @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_BOOT @ capable inconsistent check futex_lock_pi_atomic CAP_IPC_LOCK @ capable tcp_send_window_probe CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable tg3_free_rings CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable update_ref_ctr CAP_IPC_LOCK @ capable scsi_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable i915_gem_object_pin_to_display_plane CAP_NET_BROADCAST @ file_ns_capable unlock_rename CAP_CHOWN @ avc_has_perm_noaudit untrack_pfn CAP_SYS_ADMIN @ capable usbdev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check i8042_flush CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __i915_active_wait CAP_NET_BROADCAST @ file_ns_capable track_pfn_insert CAP_SYS_ADMIN @ capable __SCT__tp_func_drv_sta_set_4addr CAP_NET_BROADCAST @ file_ns_capable drm_debugfs_cleanup CAP_NET_BROADCAST @ file_ns_capable ieee80211_free_keys CAP_NET_BROADCAST @ file_ns_capable vm_munmap CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable drm_file_free CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check xt_alloc_table_info CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable dev_ingress_queue_create CAP_NET_ADMIN @ netlink_ns_capable setup_swap_info CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable hiddev_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check posix_acl_xattr_get CAP_SYS_ADMIN @ capable vfat_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check tty_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check futex_top_waiter CAP_IPC_LOCK @ capable ipip6_newlink CAP_NET_ADMIN @ netlink_ns_capable tty_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check drm_prime_init_file_private CAP_SYS_ADMIN @ capable evdev_ioctl_compat CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check snapshot_compat_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check xt_table_unlock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable vfat_unlink CAP_FOWNER @ capable_wrt_inode_uidgid mon_bin_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check ieee80211_roc_setup CAP_NET_BROADCAST @ file_ns_capable snd_seq_ioctl_compat CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check sta_info_hash_del CAP_NET_BROADCAST @ file_ns_capable tty_ldisc_failto CAP_SYS_MODULE @ capable snd_ctl_ioctl_compat CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check vfat_rename CAP_FOWNER @ capable_wrt_inode_uidgid rdev_stop_nan CAP_NET_BROADCAST @ file_ns_capable reconfigure_super CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check snd_timer_user_ioctl_compat CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check drm_atomic_helper_dirtyfb CAP_NET_BROADCAST @ file_ns_capable __tcf_chain_get CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable __ieee80211_tx_skb_tid_band CAP_NET_BROADCAST @ file_ns_capable netif_receive_skb_list CAP_NET_BROADCAST @ file_ns_capable napi_gro_receive CAP_NET_BROADCAST @ file_ns_capable xa_find_after CAP_NET_BROADCAST @ file_ns_capable ksys_sync_helper CAP_SYS_ADMIN @ capable ieee80211_alloc_led_names CAP_NET_BROADCAST @ file_ns_capable send_sig_info CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check bprm_execve CAP_IPC_LOCK @ capable xfrm_user_policy CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check cfg80211_sme_assoc_timeout CAP_NET_BROADCAST @ file_ns_capable ieee80211_txq_teardown_flows CAP_NET_BROADCAST @ file_ns_capable __ftrace_trace_stack CAP_SYSLOG @ has_capability_noaudit device_rename CAP_NET_BROADCAST @ file_ns_capable wiphy_regulatory_deregister CAP_NET_BROADCAST @ file_ns_capable device_del CAP_NET_BROADCAST @ file_ns_capable acpi_cppc_processor_exit CAP_NET_BROADCAST @ file_ns_capable register_inetaddr_notifier CAP_NET_BROADCAST @ file_ns_capable register_inet6addr_notifier CAP_NET_BROADCAST @ file_ns_capable msr_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check down_read_killable CAP_SYS_ADMIN @ file_ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check ieee80211_remove_interfaces CAP_NET_BROADCAST @ file_ns_capable rfkill_register CAP_NET_BROADCAST @ file_ns_capable io_acct_cancel_pending_work CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check rfkill_destroy CAP_NET_BROADCAST @ file_ns_capable cfg80211_chandef_dfs_required CAP_NET_BROADCAST @ file_ns_capable ieee80211_mgd_stop CAP_NET_BROADCAST @ file_ns_capable may_delete CAP_FOWNER @ capable_wrt_inode_uidgid cfg80211_radar_event CAP_NET_BROADCAST @ file_ns_capable futex_q_unlock CAP_IPC_LOCK @ capable ieee80211_color_change_finalize CAP_NET_BROADCAST @ file_ns_capable ieee80211_sta_wmm_params CAP_NET_BROADCAST @ file_ns_capable timens_install CAP_SYS_ADMIN @ ns_capable ieee80211_xmit_fast_finish CAP_NET_BROADCAST @ file_ns_capable call_netevent_notifiers CAP_NET_BROADCAST @ file_ns_capable cfg80211_report_obss_beacon_khz CAP_NET_BROADCAST @ file_ns_capable ieee80211_determine_chantype CAP_NET_BROADCAST @ file_ns_capable ieee80211_chandef_downgrade CAP_NET_BROADCAST @ file_ns_capable swsusp_free CAP_SYS_ADMIN @ capable ieee80211_set_disassoc CAP_NET_BROADCAST @ file_ns_capable __sta_info_destroy_part2 CAP_NET_BROADCAST @ file_ns_capable __put_cred CAP_SYS_ADMIN @ ns_capable xt_compat_match_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable vfs_path_lookup CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check cleanup_single_sta CAP_NET_BROADCAST @ file_ns_capable netif_carrier_off CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check ata_acpi_ap_uevent CAP_NET_BROADCAST @ file_ns_capable __mmap_lock_do_trace_acquire_returned CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ file_ns_capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable inconsistent check ieee80211_reset_erp_info CAP_NET_BROADCAST @ file_ns_capable ieee80211_led_assoc CAP_NET_BROADCAST @ file_ns_capable ieee80211_set_wmm_default CAP_NET_BROADCAST @ file_ns_capable cfg80211_cac_event CAP_NET_BROADCAST @ file_ns_capable drv_stop_ap CAP_NET_BROADCAST @ file_ns_capable inet6_addr_add CAP_NET_ADMIN @ ns_capable ieee80211_purge_tx_queue CAP_NET_BROADCAST @ file_ns_capable putback_movable_pages CAP_IPC_LOCK @ capable __hw_addr_unsync CAP_NET_BROADCAST @ file_ns_capable ieee80211_txq_remove_vlan CAP_NET_BROADCAST @ file_ns_capable unapply_uprobe CAP_IPC_LOCK @ capable ieee80211_recalc_idle CAP_NET_BROADCAST @ file_ns_capable security_context_to_sid CAP_CHOWN @ avc_has_perm_noaudit acpi_update_all_gpes CAP_NET_BROADCAST @ file_ns_capable inet_addr_type_table CAP_NET_ADMIN @ ns_capable ieee80211_add_virtual_monitor CAP_NET_BROADCAST @ file_ns_capable security_msg_queue_associate CAP_IPC_OWNER @ ns_capable ieee80211_configure_filter CAP_NET_BROADCAST @ file_ns_capable __SCT__tp_func_drv_leave_ibss CAP_NET_BROADCAST @ file_ns_capable ieee80211_rx_bss_put CAP_NET_BROADCAST @ file_ns_capable ieee80211_check_fast_xmit CAP_NET_BROADCAST @ file_ns_capable futex_wait_queue CAP_IPC_LOCK @ capable __mnt_drop_write CAP_SYS_PACCT @ capable blkdev_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check shmem_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid tasklet_setup CAP_NET_BROADCAST @ file_ns_capable acpi_run_osc CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable bus_set_iommu CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable populate_vma_page_range CAP_IPC_LOCK @ capable ieee80211_tx_h_select_key CAP_NET_BROADCAST @ file_ns_capable ieee80211_xmit CAP_NET_BROADCAST @ file_ns_capable ieee80211_tx_frags CAP_NET_BROADCAST @ file_ns_capable ext4_file_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check __pm_runtime_idle CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i915_request_add CAP_NET_BROADCAST @ file_ns_capable netif_carrier_on CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check sd_pr_reserve CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable drm_mode_create CAP_NET_BROADCAST @ file_ns_capable ata_acpi_ap_notify_dock CAP_NET_BROADCAST @ file_ns_capable pci_xr17c154_setup CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drv_start_nan CAP_NET_BROADCAST @ file_ns_capable ieee80211_sdata_stop CAP_NET_BROADCAST @ file_ns_capable __anon_vma_prepare CAP_IPC_LOCK @ capable ieee80211_send_nullfunc CAP_NET_BROADCAST @ file_ns_capable uart_startup CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable nfs_rename CAP_FOWNER @ capable_wrt_inode_uidgid ieee80211_reenable_keys CAP_NET_BROADCAST @ file_ns_capable vfs_fchown CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __ieee80211_request_sched_scan_start CAP_NET_BROADCAST @ file_ns_capable ieee80211_ibss_stop CAP_NET_BROADCAST @ file_ns_capable rtc_cmos_read CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable user_shm_unlock CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable ieee80211_auth.74744 CAP_NET_BROADCAST @ file_ns_capable sta_info_destroy_addr CAP_NET_BROADCAST @ file_ns_capable netif_tx_wake_queue CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable print_rd_rules CAP_NET_BROADCAST @ file_ns_capable ieee80211_queue_delayed_work CAP_NET_BROADCAST @ file_ns_capable __sta_info_destroy CAP_NET_BROADCAST @ file_ns_capable arch_setup_additional_pages CAP_IPC_LOCK @ capable handle_dots CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check xt_compat_target_from_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ieee80211_recalc_sw_work CAP_NET_BROADCAST @ file_ns_capable acpi_notifier_call_chain CAP_NET_BROADCAST @ file_ns_capable ___ieee80211_stop_rx_ba_session CAP_NET_BROADCAST @ file_ns_capable __efivar_entry_delete CAP_SYS_ADMIN @ capable ___ieee80211_stop_tx_ba_session CAP_NET_BROADCAST @ file_ns_capable cfg80211_rx_mlme_mgmt CAP_NET_BROADCAST @ file_ns_capable drm_dev_dbg CAP_NET_BROADCAST @ file_ns_capable sta_info_move_state CAP_NET_BROADCAST @ file_ns_capable page_add_new_anon_rmap CAP_IPC_LOCK @ capable arch_mmap_rnd CAP_IPC_LOCK @ capable sta_set_sinfo CAP_NET_BROADCAST @ file_ns_capable cgroup_setup_root CAP_SYS_ADMIN @ ns_capable cfg80211_del_sta_sinfo CAP_NET_BROADCAST @ file_ns_capable shmem_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid inode_doinit_with_dentry CAP_CHOWN @ avc_has_perm_noaudit CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check drv_sync_rx_queues CAP_NET_BROADCAST @ file_ns_capable backlight_force_update CAP_NET_BROADCAST @ file_ns_capable rw_verify_area CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check kcalloc.73331 CAP_NET_BROADCAST @ file_ns_capable drv_tdls_cancel_channel_switch CAP_NET_BROADCAST @ file_ns_capable nfs_swap_activate CAP_SYS_ADMIN @ capable drv_sta_pre_rcu_remove CAP_NET_BROADCAST @ file_ns_capable ndisc_hash CAP_NET_BROADCAST @ file_ns_capable ieee80211_teardown_tdls_peers CAP_NET_BROADCAST @ file_ns_capable local_bh_enable.73464 CAP_NET_BROADCAST @ file_ns_capable ieee80211_init_rate_ctrl_alg CAP_NET_BROADCAST @ file_ns_capable _dev_printk CAP_NET_BROADCAST @ file_ns_capable vm_brk CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable wiphy_register CAP_NET_BROADCAST @ file_ns_capable ieee80211_txq_purge CAP_NET_BROADCAST @ file_ns_capable intel_overlay_switch_off CAP_NET_BROADCAST @ file_ns_capable codel_dequeue_func CAP_NET_BROADCAST @ file_ns_capable xt_compat_target_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable invoke_tx_handlers_early CAP_NET_BROADCAST @ file_ns_capable ieee80211_queue_skb CAP_NET_BROADCAST @ file_ns_capable wiphy_free CAP_NET_BROADCAST @ file_ns_capable bprm_change_interp CAP_IPC_LOCK @ capable sock_wfree CAP_NET_BROADCAST @ file_ns_capable ieee80211_tx_monitor CAP_NET_BROADCAST @ file_ns_capable pci_write_config_byte CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable netlink_rcv_skb CAP_NET_ADMIN @ netlink_net_capable __ieee80211_unschedule_txq CAP_NET_BROADCAST @ file_ns_capable __cfg80211_disconnected CAP_NET_BROADCAST @ file_ns_capable cfg80211_sme_disassoc CAP_NET_BROADCAST @ file_ns_capable acpi_ut_release_mutex CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_unlock_hp_context CAP_NET_BROADCAST @ file_ns_capable intel_legacy_cursor_update CAP_NET_BROADCAST @ file_ns_capable __cfg80211_connect_result CAP_NET_BROADCAST @ file_ns_capable __ext4_msg CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable inconsistent check pci_mmap_page_range CAP_SYS_RAWIO @ capable cfg80211_sme_rx_auth CAP_NET_BROADCAST @ file_ns_capable pndisc_destructor CAP_NET_BROADCAST @ file_ns_capable rate_control_rate_init CAP_NET_BROADCAST @ file_ns_capable __setplane_internal CAP_NET_BROADCAST @ file_ns_capable kmem_cache_alloc_trace CAP_SYS_NICE @ capable CAP_IPC_LOCK @ capable CAP_SYS_NICE @ capable CAP_NET_ADMIN @ netlink_ns_capable CAP_SYS_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ netlink_net_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ file_ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_CHOWN @ avc_has_perm_noaudit CAP_NET_ADMIN @ capable CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_PACCT @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SETFCAP @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check __audit_inode_child CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sta_info_insert CAP_NET_BROADCAST @ file_ns_capable cn_netlink_send CAP_NET_ADMIN @ __netlink_ns_capable tracefs_syscall_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid cfg80211_mlme_purge_registrations CAP_NET_BROADCAST @ file_ns_capable cfg80211_stop_p2p_device CAP_NET_BROADCAST @ file_ns_capable ieee80211_vif_release_channel CAP_NET_BROADCAST @ file_ns_capable cfg80211_process_wdev_events CAP_NET_BROADCAST @ file_ns_capable fat_dir_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check perf_uprobe_init CAP_SYS_ADMIN @ capable %7 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check kernfs_fop_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check security_kernel_post_load_data CAP_SYS_MODULE @ capable netlbl_calipso_genl_init CAP_NET_BROADCAST @ file_ns_capable do_timens_ktime_to_host CAP_WAKE_ALARM @ capable netlink_register_notifier CAP_NET_BROADCAST @ file_ns_capable genl_unregister_family CAP_NET_BROADCAST @ file_ns_capable rate_control_deinitialize CAP_NET_BROADCAST @ file_ns_capable debugfs_create_dir CAP_NET_BROADCAST @ file_ns_capable free_fs_struct CAP_SYS_ADMIN @ ns_capable autofs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check regulatory_init CAP_NET_BROADCAST @ file_ns_capable alloc_workqueue CAP_NET_BROADCAST @ file_ns_capable ieee80211_bss_info_change_notify CAP_NET_BROADCAST @ file_ns_capable __mmap_lock_do_trace_released CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ file_ns_capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable inconsistent check autofs_dir_unlink CAP_FOWNER @ capable_wrt_inode_uidgid regulatory_exit CAP_NET_BROADCAST @ file_ns_capable nl80211_exit CAP_NET_BROADCAST @ file_ns_capable io_req_task_work_add CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_BLOCK_SUSPEND @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check igmp6_late_init CAP_NET_BROADCAST @ file_ns_capable seg6_exit CAP_NET_BROADCAST @ file_ns_capable put_ipc_ns CAP_SYS_RESOURCE @ capable synchronize_srcu_expedited CAP_NET_BROADCAST @ file_ns_capable cfg80211_rx_unprot_mlme_mgmt CAP_NET_BROADCAST @ file_ns_capable ioam6_init CAP_NET_BROADCAST @ file_ns_capable genl_ctrl_event CAP_NET_BROADCAST @ file_ns_capable reg_process_self_managed_hints CAP_NET_BROADCAST @ file_ns_capable usblp_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check cfg80211_rdev_by_wiphy_idx CAP_NET_BROADCAST @ file_ns_capable cancel_delayed_work CAP_NET_BROADCAST @ file_ns_capable seq_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check drm_gem_handle_delete CAP_NET_BROADCAST @ file_ns_capable regulatory_hint_user CAP_NET_BROADCAST @ file_ns_capable uart_change_speed CAP_SYS_ADMIN @ capable ieee80211_key_free_common CAP_NET_BROADCAST @ file_ns_capable mod_delayed_work_on CAP_NET_BROADCAST @ file_ns_capable audit_log CAP_CHOWN @ avc_has_perm_noaudit CAP_NET_BROADCAST @ file_ns_capable inconsistent check selinux_policy_cancel CAP_CHOWN @ avc_has_perm_noaudit selinux_status_update_policyload CAP_NET_BROADCAST @ file_ns_capable bmap CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check intel_modeset_driver_remove CAP_NET_BROADCAST @ file_ns_capable __import_iovec CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check shmem_file_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check vfat_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check add_to_avail_list CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable try_to_free_swap CAP_IPC_LOCK @ capable __dev_change_net_namespace CAP_NET_ADMIN @ netlink_ns_capable snd_disconnect_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check i915_sw_fence_complete CAP_NET_BROADCAST @ file_ns_capable intel_display_prepare_reset CAP_NET_BROADCAST @ file_ns_capable snapshot_get_image_size CAP_SYS_ADMIN @ capable pin_insert CAP_SYS_PACCT @ capable __lookup_hash CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_csa_finalize CAP_NET_BROADCAST @ file_ns_capable drm_master_put CAP_NET_BROADCAST @ file_ns_capable avc_has_perm CAP_CHOWN @ avc_has_perm_noaudit CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check cfg80211_free_nan_func CAP_NET_BROADCAST @ file_ns_capable drm_primary_helper_disable CAP_NET_BROADCAST @ file_ns_capable __create_xol_area CAP_IPC_LOCK @ capable __setplane_check CAP_NET_BROADCAST @ file_ns_capable __fsnotify_parent CAP_DAC_READ_SEARCH @ capable CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable inconsistent check drm_crtc_vblank_count CAP_NET_BROADCAST @ file_ns_capable free_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable jbd2_journal_abort CAP_SYS_ADMIN @ capable drm_modeset_acquire_init CAP_NET_BROADCAST @ file_ns_capable tty_buffer_restart_work CAP_SYS_MODULE @ capable dev_change_carrier CAP_NET_ADMIN @ ns_capable freeze_bdev CAP_SYS_ADMIN @ capable replace_mm_exe_file CAP_SYS_RESOURCE @ capable drm_framebuffer_check_src_coords CAP_NET_BROADCAST @ file_ns_capable _dev_alert CAP_SYS_ADMIN @ capable xt_request_find_match CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable intel_irq_uninstall CAP_NET_BROADCAST @ file_ns_capable drm_event_reserve_init CAP_NET_BROADCAST @ file_ns_capable drm_atomic_helper_page_flip CAP_NET_BROADCAST @ file_ns_capable drm_modeset_drop_locks CAP_NET_BROADCAST @ file_ns_capable drm_modeset_acquire_fini CAP_NET_BROADCAST @ file_ns_capable drm_connector_list_iter_end CAP_NET_BROADCAST @ file_ns_capable compat_start_thread CAP_IPC_LOCK @ capable drm_property_replace_blob CAP_NET_BROADCAST @ file_ns_capable xt_compat_check_entry_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable kernel_kexec CAP_SYS_BOOT @ ns_capable drm_modeset_lock_all_ctx CAP_NET_BROADCAST @ file_ns_capable drm_connector_set_obj_prop CAP_NET_BROADCAST @ file_ns_capable __put_net CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_SYS_ADMIN @ ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check drm_atomic_connector_commit_dpms CAP_NET_BROADCAST @ file_ns_capable drm_atomic_state_clear CAP_NET_BROADCAST @ file_ns_capable drm_framebuffer_free CAP_NET_BROADCAST @ file_ns_capable serial8250_verify_port CAP_SYS_ADMIN @ capable __is_local_mountpoint CAP_FOWNER @ capable_wrt_inode_uidgid vt_do_kbkeycode_ioctl CAP_SYS_TTY_CONFIG @ capable CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check kernfs_iop_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid drm_property_free_blob CAP_NET_BROADCAST @ file_ns_capable xt_compat_flush_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable kthread_stop CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable clear_posix_cputimers_work CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable drm_atomic_commit CAP_NET_BROADCAST @ file_ns_capable drm_mode_object_get_properties CAP_NET_BROADCAST @ file_ns_capable fifo_init CAP_NET_ADMIN @ netlink_ns_capable strscpy CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check rt_mutex_wait_proxy_lock CAP_IPC_LOCK @ capable i915_request_create CAP_NET_BROADCAST @ file_ns_capable drm_mode_object_find CAP_NET_BROADCAST @ file_ns_capable xhci_dbg_trace CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable intel_user_framebuffer_create_handle CAP_NET_BROADCAST @ file_ns_capable write_pool CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable mq_select_queue CAP_NET_ADMIN @ netlink_ns_capable drm_gem_fb_create_handle CAP_NET_BROADCAST @ file_ns_capable ieee80211_run_deferred_scan CAP_NET_BROADCAST @ file_ns_capable intel_user_framebuffer_dirty CAP_NET_BROADCAST @ file_ns_capable drm_atomic_get_plane_state CAP_NET_BROADCAST @ file_ns_capable e1000e_release_hw_control CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable netlbl_cipsov4_genl_init CAP_NET_BROADCAST @ file_ns_capable dev_driver_string CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check i915_gem_ww_ctx_init CAP_NET_BROADCAST @ file_ns_capable pipe_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check futex_hash CAP_IPC_LOCK @ capable nl80211_common_reg_change_event CAP_NET_BROADCAST @ file_ns_capable ww_mutex_lock CAP_NET_BROADCAST @ file_ns_capable set_personality_64bit CAP_IPC_LOCK @ capable i915_gem_ww_ctx_backoff CAP_NET_BROADCAST @ file_ns_capable __i915_gem_object_flush_frontbuffer CAP_NET_BROADCAST @ file_ns_capable i915_active_ref CAP_NET_BROADCAST @ file_ns_capable security_task_setscheduler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ ns_capable inconsistent check drm_property_change_valid_put CAP_NET_BROADCAST @ file_ns_capable intel_ring_begin CAP_NET_BROADCAST @ file_ns_capable free_ret_instance CAP_IPC_LOCK @ capable memcpy_toio CAP_NET_BROADCAST @ file_ns_capable pid_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_file_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check vfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid free_nsproxy CAP_SYS_ADMIN @ ns_capable proc_tgid_base_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check intel_overlay_flip_prepare CAP_NET_BROADCAST @ file_ns_capable drm_modeset_unlock_all CAP_NET_BROADCAST @ file_ns_capable netif_set_xps_queue CAP_NET_ADMIN @ capable drm_mode_object_lease_required CAP_NET_BROADCAST @ file_ns_capable drm_event_reserve_init_locked CAP_NET_BROADCAST @ file_ns_capable drm_mode_crtc_set_obj_prop CAP_NET_BROADCAST @ file_ns_capable drm_vblank_put CAP_NET_BROADCAST @ file_ns_capable rtl8169_do_counters CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dev_get_iflink CAP_NET_BROADCAST @ file_ns_capable ns_to_timespec64 CAP_SYS_TIME @ file_ns_capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check cancel_delayed_work_sync CAP_NET_BROADCAST @ file_ns_capable drm_modeset_unlock CAP_NET_BROADCAST @ file_ns_capable dev_set_threaded CAP_NET_ADMIN @ ns_capable drm_mode_obj_find_prop_id CAP_NET_BROADCAST @ file_ns_capable __SCT__tp_func_sched_process_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable inconsistent check drm_property_create_blob CAP_NET_BROADCAST @ file_ns_capable mntput_no_expire CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check proc_sys_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check drm_atomic_get_crtc_state CAP_NET_BROADCAST @ file_ns_capable put_fs_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ext4_unlink CAP_FOWNER @ capable_wrt_inode_uidgid exit_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable drm_property_blob_put CAP_NET_BROADCAST @ file_ns_capable i915_gem_flush_free_objects CAP_NET_BROADCAST @ file_ns_capable drm_mode_convert_umode CAP_NET_BROADCAST @ file_ns_capable pci_bus_write_config_byte CAP_NET_BROADCAST @ file_ns_capable netlink_ack CAP_NET_ADMIN @ netlink_net_capable drm_get_mode_status_name CAP_NET_BROADCAST @ file_ns_capable empty_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_mode_debug_printmodeline CAP_NET_BROADCAST @ file_ns_capable acpi_debugfs_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable get_futex_key CAP_IPC_LOCK @ capable drm_plane_check_pixel_format CAP_NET_BROADCAST @ file_ns_capable drm_mode_get_hv_timing CAP_NET_BROADCAST @ file_ns_capable sd_pr_preempt CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable power_supply_changed CAP_NET_BROADCAST @ file_ns_capable drm_atomic_helper_set_config CAP_NET_BROADCAST @ file_ns_capable __drm_dbg CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %259 = call zeroext i1 @capable(i32 38) #83 cap_no=38 %125 = call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %22 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable %14 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check __drm_mode_set_config_internal CAP_NET_BROADCAST @ file_ns_capable drm_mode_destroy CAP_NET_BROADCAST @ file_ns_capable drm_dev_put CAP_NET_BROADCAST @ file_ns_capable xt_free_table_info CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable drm_modeset_unregister_all CAP_NET_BROADCAST @ file_ns_capable unmap_mapping_range CAP_NET_BROADCAST @ file_ns_capable unregister_pernet_device CAP_NET_BROADCAST @ file_ns_capable i915_gem_suspend CAP_NET_BROADCAST @ file_ns_capable i915_gem_driver_remove CAP_NET_BROADCAST @ file_ns_capable enable_swap_slots_cache CAP_SYS_ADMIN @ capable __ieee80211_tx CAP_NET_BROADCAST @ file_ns_capable intel_modeset_driver_remove_noirq CAP_NET_BROADCAST @ file_ns_capable i915_reset_error_state CAP_NET_BROADCAST @ file_ns_capable intel_modeset_driver_remove_nogem CAP_NET_BROADCAST @ file_ns_capable flush_itimer_signals CAP_IPC_LOCK @ capable i915_driver_release CAP_NET_BROADCAST @ file_ns_capable flush_sigqueue CAP_CHOWN @ avc_has_perm_noaudit i915_driver_lastclose CAP_NET_BROADCAST @ file_ns_capable drm_minor_release CAP_NET_BROADCAST @ file_ns_capable acpi_lock_hp_context CAP_NET_BROADCAST @ file_ns_capable alloc_netdev_mqs CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable intel_overlay_release_old_vid CAP_NET_BROADCAST @ file_ns_capable acpi_handle_printk CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check security_kernel_load_data CAP_SYS_BOOT @ capable CAP_SYS_MODULE @ capable CAP_SYS_BOOT @ capable inconsistent check acpi_evaluate_lck CAP_NET_BROADCAST @ file_ns_capable acpi_evaluate_ej0 CAP_NET_BROADCAST @ file_ns_capable acpi_scan_lock_release CAP_NET_BROADCAST @ file_ns_capable ata_acpi_dev_uevent CAP_NET_BROADCAST @ file_ns_capable sysfs_notify CAP_NET_BROADCAST @ file_ns_capable drop_super CAP_SYS_ADMIN @ capable sparse_keymap_report_event CAP_NET_BROADCAST @ file_ns_capable sync_mm_rss CAP_IPC_LOCK @ capable thermal_zone_device_critical CAP_NET_BROADCAST @ file_ns_capable ieee80211_check_queues CAP_NET_BROADCAST @ file_ns_capable thermal_cooling_device_unregister CAP_NET_BROADCAST @ file_ns_capable swap_type_of CAP_SYS_ADMIN @ capable drm_crtc_vblank_get CAP_NET_BROADCAST @ file_ns_capable __cpuhp_setup_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check cpufreq_register_notifier CAP_NET_BROADCAST @ file_ns_capable msdos_rename CAP_FOWNER @ capable_wrt_inode_uidgid acpi_processor_ignore_ppc_init CAP_NET_BROADCAST @ file_ns_capable acpi_processor_throttling_init CAP_NET_BROADCAST @ file_ns_capable round_jiffies_relative CAP_NET_BROADCAST @ file_ns_capable cpu_hotplug_enable CAP_NET_BROADCAST @ file_ns_capable vfs_symlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check acpi_processor_power_exit CAP_NET_BROADCAST @ file_ns_capable neigh_destroy CAP_NET_BROADCAST @ file_ns_capable refcount_dec_and_lock CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable mq_clear_sbinfo CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable hung_up_tty_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check sock_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check read_iter_null CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check dev_pm_attach_wake_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable qdisc_lookup CAP_NET_ADMIN @ netlink_ns_capable proc_reg_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check __netdev_alloc_skb CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check hugetlbfs_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check generic_file_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check page_vma_mapped_walk CAP_IPC_LOCK @ capable read_iter_zero CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check acpi_scan_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_smps_mode_to_smps_mode CAP_NET_BROADCAST @ file_ns_capable eventfd_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check sock_release CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_SYS_RESOURCE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check ip_tunnel_update CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable fib_table_insert CAP_NET_ADMIN @ ns_capable __rt_mutex_start_proxy_lock CAP_IPC_LOCK @ capable vma_is_shmem CAP_IPC_LOCK @ capable aio_complete_rw CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check blkdev_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check devkmsg_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check nfs_file_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check redirected_tty_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check sock_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check down_read_interruptible CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check xt_compat_lock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable xt_compat_init_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable arch_uprobe_skip_sstep CAP_IPC_LOCK @ capable xt_request_find_target CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable walk_component CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check perf_install_in_context CAP_SYS_ADMIN @ capable %14 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check xt_compat_target_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable xt_compat_match_from_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable selinux_policy_commit CAP_CHOWN @ avc_has_perm_noaudit xt_copy_counters CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable proc_misc_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check xt_find_table_lock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable intel_display_finish_reset CAP_NET_BROADCAST @ file_ns_capable kernfs_iop_rename CAP_FOWNER @ capable_wrt_inode_uidgid xt_request_find_table_lock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable compat_table_info.69872 CAP_NET_ADMIN @ ns_capable timens_commit CAP_SYS_ADMIN @ ns_capable destroy_local_trace_kprobe CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check kobject_uevent_env CAP_NET_BROADCAST @ file_ns_capable netlbl_unlabel_defconf CAP_NET_BROADCAST @ file_ns_capable xt_target_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable bitmap_parse CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check rtnetlink_send CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inet_netconf_notify_devconf CAP_NET_ADMIN @ ns_capable hibernate CAP_SYS_BOOT @ ns_capable dev_disable_lro CAP_NET_ADMIN @ ns_capable is_vmalloc_addr CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_ADMIN @ netlink_net_capable inconsistent check lock_device_hotplug CAP_SYS_ADMIN @ capable hibernation_snapshot CAP_SYS_ADMIN @ capable modify_user_hw_breakpoint_check CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check snapshot_write_finalize CAP_SYS_ADMIN @ capable flush_delayed_work CAP_NET_BROADCAST @ file_ns_capable hibernation_restore CAP_SYS_ADMIN @ capable __audit_inode CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check intel_gt_reset CAP_NET_BROADCAST @ file_ns_capable free_all_swap_pages CAP_SYS_ADMIN @ capable calipso_exit CAP_NET_BROADCAST @ file_ns_capable suspend_devices_and_enter CAP_SYS_ADMIN @ capable sd_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable hibernation_platform_enter CAP_SYS_ADMIN @ capable swsusp_swap_in_use CAP_SYS_ADMIN @ capable attach_pid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable unlock_device_hotplug CAP_SYS_ADMIN @ capable security_inode_rename CAP_FOWNER @ capable_wrt_inode_uidgid ext4_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid logfc CAP_SYS_ADMIN @ ns_capable bad_inode_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid shrink_dcache_parent CAP_CHOWN @ avc_has_perm_noaudit CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check security_vm_enough_memory_mm CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check __detach_mounts CAP_FOWNER @ capable_wrt_inode_uidgid dev_valid_name CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable d_move CAP_FOWNER @ capable_wrt_inode_uidgid dma_unmap_page_attrs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable unlock_two_nondirectories CAP_FOWNER @ capable_wrt_inode_uidgid ext4_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check fsnotify_move CAP_FOWNER @ capable_wrt_inode_uidgid security_inode_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid msdos_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid ext4_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check iommu_change_dev_def_domain CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check vfs_rename CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check nfs_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid bad_inode_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid cfg80211_sched_scan_stopped_locked CAP_NET_BROADCAST @ file_ns_capable autofs_dir_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid d_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check shmem_unlink CAP_FOWNER @ capable_wrt_inode_uidgid msdos_unlink CAP_FOWNER @ capable_wrt_inode_uidgid ldsem_down_write CAP_SYS_MODULE @ capable security_set_bools CAP_CHOWN @ avc_has_perm_noaudit filename_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check bad_inode_unlink CAP_FOWNER @ capable_wrt_inode_uidgid init_symlink CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check translate_table CAP_NET_ADMIN @ ns_capable set_page_dirty_lock CAP_IPC_LOCK @ capable ipv6_chk_prefix CAP_NET_ADMIN @ ns_capable io_arm_poll_handler CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_BLOCK_SUSPEND @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check local_bh_enable.68604 CAP_NET_ADMIN @ ns_capable alarmtimer_do_nsleep CAP_WAKE_ALARM @ capable rt_mutex_futex_trylock CAP_IPC_LOCK @ capable synchronize_net CAP_NET_BROADCAST @ file_ns_capable fib_table_delete CAP_NET_ADMIN @ ns_capable ext4_iomap_swap_activate CAP_SYS_ADMIN @ capable vfs_fchmod CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check fib_new_table CAP_NET_ADMIN @ ns_capable tty_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_LINUX_IMMUTABLE @ capable inconsistent check generic_swapfile_activate CAP_SYS_ADMIN @ capable try_to_unuse CAP_SYS_ADMIN @ capable percpu_ref_kill_and_confirm CAP_SYS_ADMIN @ capable inet6_addr_del CAP_NET_ADMIN @ ns_capable nfs_swap_deactivate CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable audit_inode_permission CAP_CHOWN @ avc_has_perm_noaudit ipv6_chk_addr_and_flags CAP_NET_ADMIN @ ns_capable mq_walk CAP_NET_ADMIN @ netlink_ns_capable tg3_phy_start CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable fifo_hd_init CAP_NET_ADMIN @ netlink_ns_capable qdisc_get_stab CAP_NET_ADMIN @ netlink_ns_capable drm_internal_framebuffer_create CAP_NET_BROADCAST @ file_ns_capable qdisc_create CAP_NET_ADMIN @ netlink_ns_capable clockevents_config_and_register CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dev_get_flags CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable inconsistent check qdisc_graft CAP_NET_ADMIN @ netlink_ns_capable percpu_ref_init CAP_SYS_ADMIN @ capable tcf_chain_tp_delete_empty CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable max_swapfile_size CAP_SYS_ADMIN @ capable blkdev_issue_discard CAP_SYS_ADMIN @ capable __netlink_dump_start CAP_NET_ADMIN @ netlink_net_capable do_trace_netlink_extack CAP_SYS_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check ieee80211_calculate_rx_timestamp CAP_NET_BROADCAST @ file_ns_capable ext4_force_commit CAP_SYS_ADMIN @ capable pin_kill CAP_SYS_PACCT @ capable vfs_unlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check perf_event_alloc CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check security_load_policy CAP_CHOWN @ avc_has_perm_noaudit rtc_set_offset CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TIME @ capable inconsistent check xt_compat_unlock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable __perf_remove_from_context CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check proc_net_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ipip6_tunnel_create CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable irq_domain_free_irqs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ipip6_tunnel_update CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable security_sid_to_context CAP_CHOWN @ avc_has_perm_noaudit CAP_DAC_OVERRIDE @ avc_has_perm_noaudit inconsistent check recalc_sigpending CAP_CHOWN @ avc_has_perm_noaudit perf_kprobe_init CAP_SYS_ADMIN @ capable %7 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check reboot_pid_ns CAP_SYS_BOOT @ ns_capable kernel_restart CAP_SYS_BOOT @ ns_capable --- Interesting Type fields and checks --- struct.net_device_ops.754267:0, CAP_NET_ADMIN @ capable struct.net_device.754351:0, CAP_NET_ADMIN @ capable struct.cgroup_namespace:0, CAP_SYS_ADMIN @ ns_capable struct.uart_ops:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.uart_port:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.task_struct.355747:0, CAP_SYS_TTY_CONFIG @ capable CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check struct.signal_struct.353800:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.task_struct.353855:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.tty_operations.350995:0, CAP_SYS_MODULE @ capable struct.tty_ldisc_ops.351001:0, CAP_SYS_MODULE @ capable struct.request.289881:0,1, CAP_SYS_RAWIO @ capable struct.sg_fd:0, CAP_SYS_RAWIO @ capable struct.trace_event_call.109180:0, CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check struct.cgroup_fs_context:0, CAP_SYS_ADMIN @ ns_capable struct.cgroup_root:0, CAP_SYS_ADMIN @ ns_capable struct.cgroup_subsys:0, CAP_SYS_ADMIN @ ns_capable struct.simple_xattr:0, CAP_SYS_ADMIN @ capable struct.uart_state:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.amd_northbridge:0, CAP_SYS_ADMIN @ capable struct.time_namespace:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.anon.117:1, CAP_SYS_ADMIN @ capable struct.gendisk.613289:0, CAP_SYS_ADMIN @ capable struct.net.875063:0, CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.mbox_chan:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.acpi_gpe_walk_info:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.acpi_gpe_block_info:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.acpi_osc_context:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.amd_iommu:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.phy_driver:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.phy_device:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.pci_dev.632230:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.net_device.632207:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.pci_dev.638451:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.e1000_ring.634120:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.e1000_adapter.634150:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.net_device.641525:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.net_device.629892:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.yenta_socket:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.drm_plane_state.373259:0, CAP_NET_BROADCAST @ file_ns_capable struct.dw_dma:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.ieee80211_hw:31,10,25,14,27,0,26,3, CAP_NET_BROADCAST @ file_ns_capable struct.intel_gt.436116:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_atomic_state.373270:0, CAP_NET_BROADCAST @ file_ns_capable struct.usb_hcd.649134:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.intel_wedge_me:0, CAP_NET_BROADCAST @ file_ns_capable struct.genl_family.768250:0, CAP_NET_BROADCAST @ file_ns_capable struct.cfg80211_sched_scan_request:0, CAP_NET_BROADCAST @ file_ns_capable struct.vm_area_struct.129974:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.ieee80211_key:0, CAP_NET_BROADCAST @ file_ns_capable struct.platform_device:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.ieee80211_tx_data:0, CAP_NET_BROADCAST @ file_ns_capable struct.cfg80211_wowlan:0, CAP_NET_BROADCAST @ file_ns_capable struct.tty_struct.353794:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.wiphy:-1,0, CAP_NET_BROADCAST @ file_ns_capable struct.sta_info:0, CAP_NET_BROADCAST @ file_ns_capable struct.azx.730385:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.Qdisc_ops.764928:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.ieee80211_local:0, CAP_NET_BROADCAST @ file_ns_capable struct.super_operations.146617:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.ipc_ops:0, CAP_IPC_OWNER @ ns_capable struct.tcf_proto.764939:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.sg_io_hdr:0, CAP_SYS_RAWIO @ capable struct.ieee80211_rx_data:0, CAP_NET_BROADCAST @ file_ns_capable struct.uprobe_task:0, CAP_IPC_LOCK @ capable struct.io_cb_cancel_data:0, CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.ieee802_11_elems:0, CAP_NET_BROADCAST @ file_ns_capable struct.net_device.744736:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.in_ifaddr.749039:0, CAP_NET_ADMIN @ ns_capable struct.wireless_dev:0, CAP_NET_BROADCAST @ file_ns_capable struct.ieee80211_supported_band:0, CAP_NET_BROADCAST @ file_ns_capable struct.hlist_nulls_node:0, CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.kiocb:0, CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.qstr:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.iommu_group:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.io_timeout_data:0, CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_BLOCK_SUSPEND @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.nameidata:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.io_wq_work:-3, CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_BLOCK_SUSPEND @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.cfg80211_registered_device:0, CAP_NET_BROADCAST @ file_ns_capable struct.path.145905:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.pps_device:0, CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable struct.task_struct.145834:0, CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.fs_context:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.kioctx_table:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.common_audit_data:0, CAP_CHOWN @ avc_has_perm_noaudit CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.io_worker:0, CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.mnt_namespace:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.xt_entry_match.853572:0, CAP_NET_ADMIN @ ns_capable struct.perf_event.115065:0, CAP_SYS_ADMIN @ capable %7 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 %14 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %7 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check struct.rx:0, CAP_NET_RAW @ file_ns_capable struct.fib6_config.873781:0, CAP_NET_ADMIN @ ns_capable struct.ieee80211_event:0, CAP_NET_BROADCAST @ file_ns_capable struct.task_struct.264755:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.xt_entry_match.896288:0, CAP_NET_ADMIN @ ns_capable struct.uts_namespace:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.renamedata:0, CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.tcf_filter_chain_list_item:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.fq_flow:0, CAP_NET_BROADCAST @ file_ns_capable struct.tcf_chain.764937:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.tcf_block.764936:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.kioctx:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.cfg80211_internal_bss:0, CAP_NET_BROADCAST @ file_ns_capable struct.callback_head:0,-5,-7,-6,-4, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.mm_struct:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.drm_property.373206:0, CAP_NET_BROADCAST @ file_ns_capable struct.header_ops:0, CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable struct.drm_plane.373262:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_i915_private.407247:0, CAP_NET_BROADCAST @ file_ns_capable struct.in_device.749041:0, CAP_NET_ADMIN @ ns_capable struct.ieee80211_sub_if_data:0, CAP_NET_BROADCAST @ file_ns_capable struct.net:0, CAP_SYS_ADMIN @ netlink_ns_capable CAP_NET_RAW @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check struct.ip6_flowlabel:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.futex_q:0, CAP_IPC_LOCK @ capable struct.net_device.841805:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.ptp_clock_info.683310:0, CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable struct.cppc_pcc_data:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.task_struct:0, CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_ADMIN @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_CHROOT @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_NICE @ capable CAP_IPC_LOCK @ capable CAP_CHOWN @ avc_has_perm_noaudit CAP_NET_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_MODULE @ capable CAP_KILL @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_NICE @ capable CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_PTRACE @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ capable CAP_WAKE_ALARM @ capable inconsistent check struct.rtc_device.677879:0, CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TIME @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TIME @ capable inconsistent check struct.drm_minor:0, CAP_NET_BROADCAST @ file_ns_capable struct.netdev_rx_queue.754302:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable struct.drm_mode_object.373208:10,23,29,2,9,0,-3,-2,1, CAP_NET_BROADCAST @ file_ns_capable struct.i915_gem_engines.436067:0, CAP_NET_BROADCAST @ file_ns_capable struct.trace_print_flags:0, CAP_CHOWN @ avc_has_perm_noaudit struct.proto:0, CAP_NET_ADMIN @ ns_capable struct.net_device.749113:0, CAP_NET_ADMIN @ ns_capable struct.cred:0, CAP_SETGID @ ns_capable_setid CAP_SYS_ADMIN @ ns_capable CAP_CHOWN @ avc_has_perm_noaudit CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.ext4_sb_info.194435:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.rtl8169_private:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.selinux_fs_info:0, CAP_CHOWN @ avc_has_perm_noaudit struct.vm_area_struct.131724:0, CAP_IPC_LOCK @ capable struct.proc_ns_operations:0, CAP_SYS_ADMIN @ ns_capable struct.iocb:0, CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.sock:1,0, CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.key.264430:0, CAP_SYS_ADMIN @ capable struct.snd_card:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.acpi_gpe_xrupt_info:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.sit_net:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.rt_mutex_waiter:0, CAP_IPC_LOCK @ capable struct.net.744609:0, CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable inconsistent check struct.xt_table.896285:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.net_device_ops:0, CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check struct.fib_config:0, CAP_NET_ADMIN @ ns_capable struct.io_wqe:0, CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.intel_crtc.545194:0, CAP_NET_BROADCAST @ file_ns_capable struct.ieee80211_roc_work:0, CAP_NET_BROADCAST @ file_ns_capable struct.task_struct.166010:0, CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.perf_event.21742:0, CAP_SYS_ADMIN @ capable struct.vm_area_struct:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.io_ring_ctx:0, CAP_SYS_ADMIN @ ns_capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_SYS_RESOURCE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable inconsistent check struct.genl_info:0, CAP_NET_BROADCAST @ file_ns_capable struct.exar8250_board:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.rtnl_link_ops:0, CAP_NET_ADMIN @ netlink_ns_capable struct.io_kiocb:0, CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_BLOCK_SUSPEND @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.pid_namespace:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_PACCT @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.net_device:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_NICE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_NET_ADMIN @ netlink_capable CAP_NET_BROADCAST @ file_ns_capable CAP_NET_RAW @ file_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check struct.acpi_object_list:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_i915_private.436298:0, CAP_SYS_ADMIN @ capable struct.acpi_device:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.Qdisc_class_ops.764927:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.ext4_sb_info.197872:0, CAP_SYS_RESOURCE @ capable struct.path:0, CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.netlink_ext_ack:0, CAP_NET_ADMIN @ sk_ns_capable struct.rtc_class_ops:0, CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TIME @ capable inconsistent check struct.nsproxy:0, CAP_WAKE_ALARM @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.net_device.813395:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.nic:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_RAW @ file_ns_capable inconsistent check struct.cdrom_device_ops.613708:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.drm_crtc_funcs.373253:0, CAP_NET_BROADCAST @ file_ns_capable struct.ipv6_txoptions:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable struct.cred.114987:0, CAP_KILL @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %72 = call zeroext i1 @capable(i32 38) #83 cap_no=38 %321 = call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %48 = call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %32 = call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check struct.tg3:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.coredump_params.169047:0, CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.socket:0, CAP_SYS_ADMIN @ ns_capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_NET_RAW @ ns_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_SYS_RESOURCE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check struct.kernel_clone_args:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable inconsistent check struct.rb_node:2, CAP_IPC_LOCK @ capable struct.pid:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.iov_iter:0, CAP_SYS_NICE @ capable struct.signal_struct:0, CAP_SYS_ADMIN @ ns_capable CAP_KILL @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.tty_struct.351000:0, CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.task_struct.130092:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.multiprocess_signals:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.percpu_ref_data:0, CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable inconsistent check struct.super_operations:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.dock_dependent_device:0, CAP_NET_BROADCAST @ file_ns_capable struct.Qdisc.744705:0, CAP_NET_ADMIN @ netlink_ns_capable struct.tcf_proto_ops.764938:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.request.607506:0,1, CAP_SYS_RAWIO @ capable struct.xattr_handler:0, CAP_SYS_ADMIN @ capable struct.wiphy_iftype_ext_capab:0, CAP_NET_BROADCAST @ file_ns_capable struct.group_device:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.journal_s.194407:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.io_rsrc_data:0, CAP_IPC_LOCK @ capable struct.work_struct:-45,2, CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable inconsistent check struct.ieee80211_ops:0, CAP_NET_BROADCAST @ file_ns_capable struct.vc_data.355841:0, CAP_KILL @ ns_capable struct.task_struct.15086:0, CAP_SYS_RAWIO @ capable struct.Scsi_Host.608564:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.net.841722:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.ipv6_pinfo.870161:0, CAP_NET_ADMIN @ ns_capable struct.dock_station:0, CAP_NET_BROADCAST @ file_ns_capable struct.vfsmount:7,5,4,1,2,-1,6,0,3, CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.selinux_state:0, CAP_CHOWN @ avc_has_perm_noaudit struct.netdev_queue.744693:0, CAP_NET_ADMIN @ netlink_ns_capable struct.fs_struct:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.cfg80211_bss:0,-2, CAP_NET_BROADCAST @ file_ns_capable struct.drm_client_buffer:0, CAP_NET_BROADCAST @ file_ns_capable struct.ip_tunnel_net:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.ns_common:0,1, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.ip_tunnel:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.drm_device.373290:0, CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.nfnl_info:0, CAP_NET_ADMIN @ netlink_net_capable struct.drm_plane_funcs.373260:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_file:0, CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.net.749003:0, CAP_NET_ADMIN @ ns_capable struct.drm_object_properties.373207:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_driver:0, CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.nfnetlink_subsystem:0, CAP_NET_ADMIN @ netlink_net_capable struct.drm_client_dev:0, CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.drm_mode_rmfb_work:0, CAP_NET_BROADCAST @ file_ns_capable struct.pci_dev.313800:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.net.754433:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check struct.drm_framebuffer_funcs.373211:0, CAP_NET_BROADCAST @ file_ns_capable struct.net_device.638419:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.Qdisc_class_ops.744698:0, CAP_NET_ADMIN @ netlink_ns_capable struct.drm_property_blob.373225:0, CAP_NET_BROADCAST @ file_ns_capable struct.block_device.297091:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.device:0, CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.drm_framebuffer.373212:0, CAP_NET_BROADCAST @ file_ns_capable struct.intel_crtc.407078:0, CAP_NET_BROADCAST @ file_ns_capable struct.dst_entry.813038:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable struct.vfsmount.145904:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.intel_overlay:0, CAP_NET_BROADCAST @ file_ns_capable struct.io_sq_data:0, CAP_SYS_ADMIN @ ns_capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #83 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_NICE @ capable CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable inconsistent check struct.linux_binprm:0, CAP_IPC_LOCK @ capable struct.futex_hash_bucket:0, CAP_IPC_LOCK @ capable struct.i915_gem_ww_ctx.545140:0, CAP_NET_BROADCAST @ file_ns_capable struct.i915_request.545103:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_i915_private:0, CAP_NET_BROADCAST @ file_ns_capable struct.intel_plane_state.545370:0, CAP_NET_BROADCAST @ file_ns_capable struct.qspinlock:-24,11,7,22,26, CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.drm_mode_set.373251:0, CAP_NET_BROADCAST @ file_ns_capable struct.hrtimer_sleeper:0, CAP_IPC_LOCK @ capable struct.acpi_hotplug_context:0, CAP_NET_BROADCAST @ file_ns_capable struct.neigh_table:0, CAP_NET_BROADCAST @ file_ns_capable struct.sock.853552:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.k_itimer:0, CAP_WAKE_ALARM @ capable struct.pneigh_entry:0, CAP_NET_BROADCAST @ file_ns_capable struct.neighbour:0, CAP_NET_BROADCAST @ file_ns_capable struct.sock.896268:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.scsi_device.608549:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.block_device:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.xt_match.896276:0, CAP_NET_ADMIN @ ns_capable struct.task_struct.115211:0, CAP_KILL @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %72 = call zeroext i1 @capable(i32 38) #83 cap_no=38 %321 = call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %48 = call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %32 = call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check struct.ip6t_replace:0, CAP_NET_ADMIN @ ns_capable struct.net.813150:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.nfnl_err:0, CAP_NET_ADMIN @ netlink_net_capable struct.uevent_sock:0, CAP_SYS_ADMIN @ netlink_ns_capable struct.drm_i915_private.545366:0, CAP_NET_BROADCAST @ file_ns_capable struct.xt_target.853563:0, CAP_NET_ADMIN @ ns_capable struct.pmu.115047:0, CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check struct.ctl_table:0, CAP_SYS_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.xt_match.853560:0, CAP_NET_ADMIN @ ns_capable struct.ipt_replace:0, CAP_NET_ADMIN @ ns_capable struct.xt_table.853569:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.sock.813299:1,0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.nsset:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.alarm:0, CAP_WAKE_ALARM @ capable struct.uprobe:0, CAP_IPC_LOCK @ capable struct.futex_pi_state:0, CAP_IPC_LOCK @ capable struct.rtentry:0, CAP_NET_ADMIN @ ns_capable struct.cfg80211_ops:0, CAP_NET_BROADCAST @ file_ns_capable struct.attribute:1, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.load_info:0, CAP_SYS_MODULE @ capable struct.ieee80211_if_ap:0,-6, CAP_NET_BROADCAST @ file_ns_capable struct.dev_pm_info.754055:3, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check struct.device.754070:-2, CAP_NET_ADMIN @ ns_capable struct.Qdisc_ops.744699:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check struct.check_loop_arg:0, CAP_NET_ADMIN @ netlink_ns_capable struct.perf_event_context.115041:0, CAP_SYS_ADMIN @ capable %14 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #83 cap_no=38 inconsistent check struct.qdisc_size_table:0, CAP_NET_ADMIN @ netlink_ns_capable struct.drm_mode_config_funcs.373271:0, CAP_NET_BROADCAST @ file_ns_capable struct.io_rsrc_node:0, CAP_IPC_LOCK @ capable struct.xt_target.896279:0, CAP_NET_ADMIN @ ns_capable struct.task_struct.176180:0, CAP_SYS_RESOURCE @ has_capability_noaudit CAP_SYS_RESOURCE @ has_capability_noaudit CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check struct.kern_ipc_perm:1, CAP_IPC_LOCK @ ns_capable CAP_IPC_LOCK @ capable inconsistent check struct.block_device_operations:0, CAP_SYS_ADMIN @ capable struct.netlink_dump_control:0, CAP_NET_ADMIN @ netlink_net_capable struct.ieee80211_tx_status:0, CAP_NET_BROADCAST @ file_ns_capable struct.ip_tunnel.901780:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.gendisk.296830:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.block_device_operations.296785:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.sg_request:0, CAP_SYS_RAWIO @ capable struct.pr_ops:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.packet_fanout:0, CAP_NET_RAW @ ns_capable struct.gendisk:0, CAP_SYS_ADMIN @ capable struct.io_mapped_ubuf:0, CAP_IPC_LOCK @ capable struct.Qdisc.764934:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.ipc_namespace:0, CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable inconsistent check struct.irq_desc.74969:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.rt_wake_q_head:0, CAP_IPC_LOCK @ capable struct.drm_i915_gem_object.490257:0, CAP_IPC_LOCK @ capable struct.drm_i915_gem_object_ops.490243:0, CAP_IPC_LOCK @ capable struct.audit_context:0, CAP_IPC_LOCK @ capable struct.vm_operations_struct:0, CAP_IPC_LOCK @ capable struct.mmu_notifier_range:0, CAP_IPC_LOCK @ capable struct.uprobe_consumer.116784:0, CAP_IPC_LOCK @ capable struct.task_struct.2039:0, CAP_SYS_NICE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.xol_area:0, CAP_IPC_LOCK @ capable struct.block_device.194261:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.irqaction:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.irq_chip.74982:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.swap_info_struct:0, CAP_SYS_ADMIN @ capable struct.usb_hcd:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.scsi_host_template.608557:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.xhci_hcd:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable Run Analysis, Threads:1 Critical functions Check Use of Function:ata_cmd_ioctl Check Use of Function:ata_task_ioctl Check Use of Function:pci_disable_device Check Use of Function:pci_enable_device Check Use of Function:from_mnt_ns Check Use of Function:pidns_install Check Use of Function:cgroupns_install Check Use of Function:utsns_install Check Use of Function:mntns_install Check Use of Function:netns_install Check Use of Function:ipcns_install Check Use of Function:copy_fs_struct Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __ia32_sys_unshare ------------- Path:  Function:__ia32_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call i32 @ksys_unshare(i64 %4) #83 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %152 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 74 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %152 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 105 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 16 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %152, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #83 br i1 %45, label %46, label %152 %47 = and i64 %8, 134479872 %48 = icmp eq i64 %47, 0 %49 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %50 = inttoptr i64 %49 to %struct.task_struct* %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 100 %52 = load %struct.fs_struct*, %struct.fs_struct** %51, align 8 %53 = and i64 %17, 512 %54 = icmp ne i64 %53, 0 %55 = icmp ne %struct.fs_struct* %52, null %56 = and i1 %54, %55 br i1 %56, label %57, label %65 %58 = getelementptr inbounds %struct.fs_struct, %struct.fs_struct* %52, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = icmp eq i32 %59, 1 br i1 %60, label %65, label %61 %62 = tail call %struct.fs_struct* @copy_fs_struct(%struct.fs_struct* nonnull %52) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __x64_sys_unshare ------------- Path:  Function:__x64_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call i32 @ksys_unshare(i64 %3) #83 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %152 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 74 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %152 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 105 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 16 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %152, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #83 br i1 %45, label %46, label %152 %47 = and i64 %8, 134479872 %48 = icmp eq i64 %47, 0 %49 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %50 = inttoptr i64 %49 to %struct.task_struct* %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 100 %52 = load %struct.fs_struct*, %struct.fs_struct** %51, align 8 %53 = and i64 %17, 512 %54 = icmp ne i64 %53, 0 %55 = icmp ne %struct.fs_struct* %52, null %56 = and i1 %54, %55 br i1 %56, label %57, label %65 %58 = getelementptr inbounds %struct.fs_struct, %struct.fs_struct* %52, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = icmp eq i32 %59, 1 br i1 %60, label %65, label %61 %62 = tail call %struct.fs_struct* @copy_fs_struct(%struct.fs_struct* nonnull %52) #83 ------------- Good: 2 Bad: 2 Ignored: 1 Check Use of Function:timens_on_fork Check Use of Function:copy_time_ns Check Use of Function:put_pid_ns Check Use of Function:proc_alloc_inum Check Use of Function:serial8250_request_port Check Use of Function:serial8250_release_port Check Use of Function:ldsem_up_write Check Use of Function:n_null_close Check Use of Function:n_tty_close Check Use of Function:n_null_open Check Use of Function:n_tty_open Check Use of Function:drm_dev_get Check Use of Function:serport_ldisc_open Check Use of Function:drm_client_modeset_free Check Use of Function:drm_gem_open Check Use of Function:drm_prime_destroy_file_private Check Use of Function:drm_syncobj_release Check Use of Function:drm_gem_release Check Use of Function:shmem_lock Check Use of Function:pci_user_read_config_byte Check Use of Function:pci_user_read_config_word Check Use of Function:ring_buffer_lock_reserve Use: =BAD PATH= Call Stack: 0 tracing_mark_write ------------- Path:  Function:tracing_mark_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %165 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 14 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 br i1 %14, label %165, label %15 %16 = icmp ult i64 %2, 1024 %17 = select i1 %16, i64 %2, i64 1024 %18 = trunc i64 %17 to i32 %19 = add nuw nsw i64 %17, 18 %20 = icmp ult i64 %17, 9 %21 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %22 = load %struct.trace_buffer*, %struct.trace_buffer** %21, align 8 %23 = select i1 %20, i64 27, i64 %19 %24 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %25 = load i64, i64* %5, align 8 %26 = lshr i64 %25, 9 %27 = trunc i64 %26 to i32 %28 = and i32 %27, 1 %29 = xor i32 %28, 1 %30 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %31 = and i32 %30, 2147483647 %32 = zext i32 %31 to i64 %33 = and i64 %32, 15728640 %34 = icmp eq i64 %33, 0 %35 = or i32 %29, 64 %36 = select i1 %34, i32 %29, i32 %35 %37 = and i64 %32, 983040 %38 = icmp eq i64 %37, 0 %39 = or i32 %36, 8 %40 = select i1 %38, i32 %36, i32 %39 %41 = lshr i32 %30, 4 %42 = and i32 %41, 16 %43 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %44 = inttoptr i64 %43 to %struct.task_struct* %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %44, i64 0, i32 0, i32 0 %46 = load volatile i64, i64* %45, align 8 %47 = lshr i64 %46, 1 %48 = trunc i64 %47 to i32 %49 = and i32 %48, 4 %50 = or i32 %49, %42 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %52 = and i32 %40, 65535 %53 = or i32 %50, %52 %54 = and i32 %30, 255 %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %44, i64 0, i32 32 %56 = load i16, i16* %55, align 16 %57 = zext i16 %56 to i32 %58 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.trace_buffer* %22, i64 %23) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_mark_raw_write ------------- Path:  Function:tracing_mark_raw_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %112 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 14 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 %15 = add i64 %2, -4 %16 = icmp ugt i64 %15, 3068 %17 = or i1 %16, %14 br i1 %17, label %112, label %18 %19 = icmp ult i64 %2, 1024 %20 = select i1 %19, i64 %2, i64 1024 %21 = add nuw nsw i64 %20, 12 %22 = icmp ult i64 %20, 13 %23 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %24 = load %struct.trace_buffer*, %struct.trace_buffer** %23, align 8 %25 = select i1 %22, i64 25, i64 %21 %26 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %27 = load i64, i64* %5, align 8 %28 = lshr i64 %27, 9 %29 = trunc i64 %28 to i32 %30 = and i32 %29, 1 %31 = xor i32 %30, 1 %32 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %33 = and i32 %32, 2147483647 %34 = zext i32 %33 to i64 %35 = and i64 %34, 15728640 %36 = icmp eq i64 %35, 0 %37 = or i32 %31, 64 %38 = select i1 %36, i32 %31, i32 %37 %39 = and i64 %34, 983040 %40 = icmp eq i64 %39, 0 %41 = or i32 %38, 8 %42 = select i1 %40, i32 %38, i32 %41 %43 = lshr i32 %32, 4 %44 = and i32 %43, 16 %45 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct* %47 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %46, i64 0, i32 0, i32 0 %48 = load volatile i64, i64* %47, align 8 %49 = lshr i64 %48, 1 %50 = trunc i64 %49 to i32 %51 = and i32 %50, 4 %52 = or i32 %51, %44 %53 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %54 = and i32 %42, 65535 %55 = or i32 %52, %54 %56 = and i32 %32, 255 %57 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %46, i64 0, i32 32 %58 = load i16, i16* %57, align 16 %59 = zext i16 %58 to i32 %60 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.trace_buffer* %24, i64 %25) #83 ------------- Good: 9 Bad: 2 Ignored: 1799 Check Use of Function:ring_buffer_event_data Check Use of Function:ring_buffer_discard_commit Check Use of Function:filter_match_preds Check Use of Function:security_sb_pivotroot Check Use of Function:iomem_is_exclusive Check Use of Function:pci_mmap_fits Check Use of Function:housekeeping_cpumask Check Use of Function:static_key_slow_inc Check Use of Function:static_key_slow_dec Check Use of Function:security_sid_to_context_force Check Use of Function:put_sg_io_hdr Check Use of Function:blk_rq_map_user Check Use of Function:sg_new_read Check Use of Function:trace_event_dyn_put_ref Check Use of Function:get_ucounts Check Use of Function:inc_rlimit_ucounts Check Use of Function:put_ucounts Check Use of Function:cgroup_lock_and_drain_offline Check Use of Function:cgroup_do_get_tree Check Use of Function:do_madvise Use: =BAD PATH= Call Stack: 0 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 ------------- Good: 16 Bad: 2 Ignored: 1 Check Use of Function:set_normalized_timespec64 Use: =BAD PATH= Call Stack: 0 do_sys_poll 1 __se_sys_poll 2 __ia32_sys_poll ------------- Path:  Function:__ia32_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_poll(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.anon.159* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.cpu_itimer* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %4) #83 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #83 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.cpu_itimer* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.anon.159* %5, i32 %6, %struct.cpu_itimer* %28) #83 Function:do_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = alloca [32 x i64], align 16 %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = bitcast [32 x i64]* %8 to i8* %11 = bitcast [32 x i64]* %8 to %struct.poll_list* %12 = getelementptr inbounds [32 x i64], [32 x i64]* %8, i64 0, i64 1 %13 = bitcast i64* %12 to i32* %14 = bitcast [32 x i64]* %8 to %struct.poll_list** %15 = zext i32 %1 to i64 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 104 %19 = load %struct.signal_struct*, %struct.signal_struct** %18, align 8 %20 = getelementptr %struct.signal_struct, %struct.signal_struct* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %15 br i1 %22, label %339, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.anon.159, %struct.anon.159* %0, i64 %15 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %15, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %11, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %14, %23 ] %32 = phi i32* [ %63, %54 ], [ %13, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.anon.159, %struct.anon.159* %25, i64 %42 %44 = bitcast %struct.anon.159* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.anon.159* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #83 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %328 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %76 = bitcast i64* %6 to i8* %77 = load i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.cpu_itimer* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.cpu_itimer* %5 to i8* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 14 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #83 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.cpu_itimer* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %104, i64 %105) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sys_poll 1 __se_sys_poll 2 __x64_sys_poll ------------- Path:  Function:__x64_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_poll(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.anon.159* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.cpu_itimer* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %4) #83 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #83 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.cpu_itimer* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.anon.159* %5, i32 %6, %struct.cpu_itimer* %28) #83 Function:do_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = alloca [32 x i64], align 16 %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = bitcast [32 x i64]* %8 to i8* %11 = bitcast [32 x i64]* %8 to %struct.poll_list* %12 = getelementptr inbounds [32 x i64], [32 x i64]* %8, i64 0, i64 1 %13 = bitcast i64* %12 to i32* %14 = bitcast [32 x i64]* %8 to %struct.poll_list** %15 = zext i32 %1 to i64 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 104 %19 = load %struct.signal_struct*, %struct.signal_struct** %18, align 8 %20 = getelementptr %struct.signal_struct, %struct.signal_struct* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %15 br i1 %22, label %339, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.anon.159, %struct.anon.159* %0, i64 %15 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %15, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %11, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %14, %23 ] %32 = phi i32* [ %63, %54 ], [ %13, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.anon.159, %struct.anon.159* %25, i64 %42 %44 = bitcast %struct.anon.159* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.anon.159* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #83 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %328 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %76 = bitcast i64* %6 to i8* %77 = load i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.cpu_itimer* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.cpu_itimer* %5 to i8* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 14 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #83 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.cpu_itimer* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %104, i64 %105) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_select 1 compat_core_sys_select 2 do_compat_select 3 __ia32_compat_sys_old_select ------------- Path:  Function:__ia32_compat_sys_old_select %2 = alloca %struct.gnet_stats_queue, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.gnet_stats_queue* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 20) #83 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %31 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 1 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = inttoptr i64 %15 to i32* %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = inttoptr i64 %19 to i32* %21 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 3 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = inttoptr i64 %23 to i32* %25 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = inttoptr i64 %27 to %struct.static_call_site* %29 = call fastcc i32 @do_compat_select(i32 %12, i32* %16, i32* %20, i32* %24, %struct.static_call_site* %28) #83 Function:do_compat_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.static_call_site, align 4 %8 = bitcast %struct.cpu_itimer* %6 to i8* %9 = bitcast %struct.static_call_site* %7 to i8* %10 = icmp eq %struct.static_call_site* %4, null %11 = bitcast %struct.static_call_site* %4 to i8* br i1 %10, label %41, label %12 %42 = phi %struct.cpu_itimer* [ %6, %32 ], [ %6, %33 ], [ null, %5 ] %43 = call fastcc i32 @compat_core_sys_select(i32 %0, i32* %1, i32* %2, i32* %3, %struct.cpu_itimer* %42) #84 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void @__rcu_read_lock() #83 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 101 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 16 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void @__rcu_read_unlock() #83 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !5, !misexpect !6 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #84 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #83 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #85 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void @__rcu_read_lock() #83 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 101 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 16 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %100, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %100, label %63 tail call void @__rcu_read_unlock() #83 %101 = icmp slt i32 %51, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %122 = bitcast %struct.cpu_itimer* %5 to i8* %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 14 %124 = load i32, i32* %123, align 4 %125 = icmp sgt i32 %124, 99 br i1 %125, label %126, label %166 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #83 %127 = load i64, i64* %113, align 8 %128 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %129 = load i64, i64* %128, align 8 %130 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %131 = load i64, i64* %130, align 8 %132 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %133 = load i64, i64* %132, align 8 %134 = bitcast %struct.cpu_itimer* %4 to i8* %135 = sub i64 %127, %131 %136 = sub i64 %129, %133 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %135, i64 %136) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_select 1 compat_core_sys_select 2 do_compat_select 3 __ia32_compat_sys_select ------------- Path:  Function:__ia32_compat_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = inttoptr i64 %6 to i32* %18 = inttoptr i64 %9 to i32* %19 = inttoptr i64 %12 to i32* %20 = inttoptr i64 %15 to %struct.static_call_site* %21 = tail call fastcc i32 @do_compat_select(i32 %16, i32* %17, i32* %18, i32* %19, %struct.static_call_site* %20) #83 Function:do_compat_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.static_call_site, align 4 %8 = bitcast %struct.cpu_itimer* %6 to i8* %9 = bitcast %struct.static_call_site* %7 to i8* %10 = icmp eq %struct.static_call_site* %4, null %11 = bitcast %struct.static_call_site* %4 to i8* br i1 %10, label %41, label %12 %42 = phi %struct.cpu_itimer* [ %6, %32 ], [ %6, %33 ], [ null, %5 ] %43 = call fastcc i32 @compat_core_sys_select(i32 %0, i32* %1, i32* %2, i32* %3, %struct.cpu_itimer* %42) #84 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void @__rcu_read_lock() #83 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 101 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 16 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void @__rcu_read_unlock() #83 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !5, !misexpect !6 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #84 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #83 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #85 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void @__rcu_read_lock() #83 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 101 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 16 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %100, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %100, label %63 tail call void @__rcu_read_unlock() #83 %101 = icmp slt i32 %51, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %122 = bitcast %struct.cpu_itimer* %5 to i8* %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 14 %124 = load i32, i32* %123, align 4 %125 = icmp sgt i32 %124, 99 br i1 %125, label %126, label %166 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #83 %127 = load i64, i64* %113, align 8 %128 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %129 = load i64, i64* %128, align 8 %130 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %131 = load i64, i64* %130, align 8 %132 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %133 = load i64, i64* %132, align 8 %134 = bitcast %struct.cpu_itimer* %4 to i8* %135 = sub i64 %127, %131 %136 = sub i64 %129, %133 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %135, i64 %136) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_select 1 core_sys_select 2 __se_sys_select 3 __ia32_sys_select ------------- Path:  Function:__ia32_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_select(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #83 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #83 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #83 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void @__rcu_read_lock() #83 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 101 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 16 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void @__rcu_read_unlock() #83 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call noalias i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #84 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #83 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !5, !misexpect !6 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #83 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !5, !misexpect !6 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #83 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #85 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void @__rcu_read_lock() #83 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 101 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 16 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %100, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %100, label %63 tail call void @__rcu_read_unlock() #83 %101 = icmp slt i32 %51, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %122 = bitcast %struct.cpu_itimer* %5 to i8* %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 14 %124 = load i32, i32* %123, align 4 %125 = icmp sgt i32 %124, 99 br i1 %125, label %126, label %166 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #83 %127 = load i64, i64* %113, align 8 %128 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %129 = load i64, i64* %128, align 8 %130 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %131 = load i64, i64* %130, align 8 %132 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %133 = load i64, i64* %132, align 8 %134 = bitcast %struct.cpu_itimer* %4 to i8* %135 = sub i64 %127, %131 %136 = sub i64 %129, %133 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %135, i64 %136) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_select 1 core_sys_select 2 __se_sys_select 3 __x64_sys_select ------------- Path:  Function:__x64_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_select(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #83 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #83 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #83 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void @__rcu_read_lock() #83 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 101 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 16 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void @__rcu_read_unlock() #83 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call noalias i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #84 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #83 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !5, !misexpect !6 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #83 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !5, !misexpect !6 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #83 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #85 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void @__rcu_read_lock() #83 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 101 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 16 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %100, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %100, label %63 tail call void @__rcu_read_unlock() #83 %101 = icmp slt i32 %51, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %122 = bitcast %struct.cpu_itimer* %5 to i8* %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 14 %124 = load i32, i32* %123, align 4 %125 = icmp sgt i32 %124, 99 br i1 %125, label %126, label %166 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #83 %127 = load i64, i64* %113, align 8 %128 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %129 = load i64, i64* %128, align 8 %130 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %131 = load i64, i64* %130, align 8 %132 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %133 = load i64, i64* %132, align 8 %134 = bitcast %struct.cpu_itimer* %4 to i8* %135 = sub i64 %127, %131 %136 = sub i64 %129, %133 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %135, i64 %136) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __ia32_compat_sys_sysinfo ------------- Path:  Function:__ia32_compat_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = alloca %struct.compat_sysinfo, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.sysinfo* %2 to i8* %7 = bitcast %struct.compat_sysinfo* %3 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #83 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #83 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #83 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 6 %13 = load %struct.time_namespace*, %struct.time_namespace** %12, align 8 %14 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 0 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 1 %17 = load i64, i64* %16, align 8 %18 = bitcast %struct.cpu_itimer* %2 to i8* %19 = add i64 %15, %6 %20 = add i64 %17, %7 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %19, i64 %20) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __ia32_sys_sysinfo ------------- Path:  Function:__ia32_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.sysinfo* %2 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #83 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #83 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #83 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 6 %13 = load %struct.time_namespace*, %struct.time_namespace** %12, align 8 %14 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 0 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 1 %17 = load i64, i64* %16, align 8 %18 = bitcast %struct.cpu_itimer* %2 to i8* %19 = add i64 %15, %6 %20 = add i64 %17, %7 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %19, i64 %20) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __x64_sys_sysinfo ------------- Path:  Function:__x64_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.sysinfo* %2 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #83 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #83 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #83 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 6 %13 = load %struct.time_namespace*, %struct.time_namespace** %12, align 8 %14 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 0 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 1 %17 = load i64, i64* %16, align 8 %18 = bitcast %struct.cpu_itimer* %2 to i8* %19 = add i64 %15, %6 %20 = add i64 %17, %7 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %19, i64 %20) #83 ------------- Good: 40 Bad: 9 Ignored: 11 Check Use of Function:signal_wake_up_state Check Use of Function:proc_ptrace_connector Check Use of Function:proc_dostring Use: =BAD PATH= Call Stack: 0 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca %struct.ctl_table, align 8 %7 = alloca [64 x i8], align 16 %8 = alloca [16 x i8], align 16 %9 = bitcast %struct.ctl_table* %6 to i8* %10 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %11 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = load i8*, i8** %12, align 8 %14 = icmp eq i8* %13, null br i1 %14, label %15, label %16 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #83 %17 = getelementptr i8, i8* %13, i64 8 %18 = load i8, i8* %17, align 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %21 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #83 br label %22 %23 = phi i8* [ %13, %21 ], [ %11, %15 ] %24 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %10, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.52.36428, i64 0, i64 0), i8* %23) #84 %25 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %10, i8** %25, align 8 %26 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 64, i32* %26, align 8 %27 = call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dostring to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca %struct.ctl_table, align 8 %7 = alloca [64 x i8], align 16 %8 = alloca [16 x i8], align 16 %9 = bitcast %struct.ctl_table* %6 to i8* %10 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %11 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = load i8*, i8** %12, align 8 %14 = icmp eq i8* %13, null br i1 %14, label %15, label %16 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #83 %17 = getelementptr i8, i8* %13, i64 8 %18 = load i8, i8* %17, align 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %21 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #83 br label %22 %23 = phi i8* [ %13, %21 ], [ %11, %15 ] %24 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %10, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.52.36428, i64 0, i64 0), i8* %23) #84 %25 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %10, i8** %25, align 8 %26 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 64, i32* %26, align 8 %27 = call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dostring to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_tcp_congestion_control ------------- Path:  Function:proc_tcp_congestion_control %6 = alloca [16 x i8], align 16 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = load i8*, i8** %8, align 8 %10 = getelementptr i8, i8* %9, i64 -1112 %11 = bitcast i8* %10 to %struct.net* %12 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %13 = bitcast %struct.ctl_table* %7 to i8* %14 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 store i8* %12, i8** %14, align 8 %15 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 2 store i32 16, i32* %15, align 8 call void @tcp_get_default_congestion_control(%struct.net* %11, i8* nonnull %12) #83 %16 = call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dostring to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_actions_logged_handler ------------- Path:  Function:seccomp_actions_logged_handler %6 = alloca %struct.ctl_table, align 8 %7 = alloca [63 x i8], align 16 %8 = alloca i8*, align 8 %9 = alloca [63 x i8], align 16 %10 = alloca %struct.ctl_table, align 8 %11 = icmp eq i32 %1, 0 br i1 %11, label %169, label %12 %170 = getelementptr inbounds [63 x i8], [63 x i8]* %9, i64 0, i64 0 %171 = bitcast %struct.ctl_table* %6 to i8* %172 = load i32, i32* @seccomp_actions_logged, align 4 br label %173 %174 = phi i8** [ getelementptr inbounds ([9 x %struct.anon.117], [9 x %struct.anon.117]* @seccomp_log_names, i64 0, i64 0, i32 1), %169 ], [ %207, %202 ] %175 = phi i8 [ 0, %169 ], [ %205, %202 ] %176 = phi %struct.anon.117* [ getelementptr inbounds ([9 x %struct.anon.117], [9 x %struct.anon.117]* @seccomp_log_names, i64 0, i64 0), %169 ], [ %206, %202 ] %177 = phi i8* [ %170, %169 ], [ %204, %202 ] %178 = phi i64 [ 63, %169 ], [ %203, %202 ] %179 = getelementptr inbounds %struct.anon.117, %struct.anon.117* %176, i64 0, i32 0 %180 = load i32, i32* %179, align 8 %181 = and i32 %180, %172 %182 = icmp eq i32 %181, 0 br i1 %182, label %202, label %183 %184 = and i8 %175, 1 %185 = icmp eq i8 %184, 0 br i1 %185, label %192, label %186 %187 = call i64 @strscpy(i8* %177, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.15.11341, i64 0, i64 0), i64 %178) #83 %188 = icmp slt i64 %187, 0 br i1 %188, label %217, label %189 %190 = getelementptr i8, i8* %177, i64 %187 %191 = sub i64 %178, %187 br label %192 %193 = phi i64 [ %191, %189 ], [ %178, %183 ] %194 = phi i8* [ %190, %189 ], [ %177, %183 ] %195 = phi i8 [ %175, %189 ], [ 1, %183 ] %196 = load i8*, i8** %174, align 8 %197 = call i64 @strscpy(i8* %194, i8* %196, i64 %193) #83 %198 = icmp slt i64 %197, 0 br i1 %198, label %217, label %199 %200 = getelementptr i8, i8* %194, i64 %197 %201 = sub i64 %193, %197 br label %202 %203 = phi i64 [ %201, %199 ], [ %178, %173 ] %204 = phi i8* [ %200, %199 ], [ %177, %173 ] %205 = phi i8 [ %195, %199 ], [ %175, %173 ] %206 = getelementptr %struct.anon.117, %struct.anon.117* %176, i64 1 %207 = getelementptr %struct.anon.117, %struct.anon.117* %176, i64 1, i32 1 %208 = load i8*, i8** %207, align 8 %209 = icmp ne i8* %208, null %210 = icmp ne i64 %203, 0 %211 = and i1 %210, %209 br i1 %211, label %173, label %212 %213 = bitcast %struct.ctl_table* %0 to i8* %214 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %170, i8** %214, align 8 %215 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 63, i32* %215, align 8 %216 = call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dostring to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 0, i8* %2, i64* %3, i64* %4) #83 ------------- Good: 11 Bad: 4 Ignored: 4 Check Use of Function:audit_seccomp_actions_logged Check Use of Function:ip6_input Check Use of Function:ip_local_deliver Check Use of Function:uart_shutdown Check Use of Function:ip_options_rcv_srr Check Use of Function:__icmp_send Use: =BAD PATH= Call Stack: 0 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %26) #83 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %63) #83 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void @__rcu_read_lock() #83 %78 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.813395*, %struct.net_device.813395** %78, align 8 %80 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %79, i64 0, i32 110, i32 0 %81 = load %struct.net.813150*, %struct.net.813150** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.813150* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.813309* %0, i32* null) #83 call void @__rcu_read_unlock() #83 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %85 call void @__icmp_send(%struct.sk_buff.813309* %0, i32 3, i32 1, i32 0, %struct.ip_options* nonnull %2) #83 ------------- Good: 51 Bad: 1 Ignored: 153 Check Use of Function:blk_queue_max_discard_sectors Check Use of Function:blk_queue_flag_clear Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = getelementptr %struct.device.613560, %struct.device.613560* %0, i64 -1, i32 36 %9 = bitcast %struct.dev_iommu** %8 to %struct.scsi_disk* %10 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 1 %11 = bitcast %struct.dev_iommu** %10 to %struct.scsi_device.613577** %12 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %14 = bitcast %struct.scsi_mode_data* %6 to i8* %15 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.scsi_device.613577, %struct.scsi_device.613577* %12, i64 0, i32 23 %17 = load i8, i8* %16, align 8 switch i8 %17, label %118 [ i8 0, label %18 i8 20, label %18 ] %19 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #83 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %27 %28 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 25 %29 = bitcast i24* %28 to i32* %30 = load i32, i32* %29, align 2 %31 = and i32 %30, -3 store i32 %31, i32* %29, align 2 br label %32 %33 = phi i8* [ %22, %21 ], [ %2, %27 ] %34 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %33) #84 %35 = icmp slt i32 %34, 0 br i1 %35, label %118, label %36 %37 = and i32 %34, 1 %38 = and i32 %34, 2 %39 = icmp eq i32 %38, 0 br i1 %39, label %45, label %40 %46 = phi i32 [ 0, %36 ], [ %44, %40 ] %47 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 25 %48 = bitcast i24* %47 to i32* %49 = load i32, i32* %48, align 2 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %65, label %52 %53 = and i32 %49, -13 %54 = or i32 %53, %46 %55 = shl nuw nsw i32 %37, 3 %56 = or i32 %54, %55 store i32 %56, i32* %48, align 2 %57 = icmp ne i32 %46, 0 %58 = and i32 %54, 20 %59 = icmp eq i32 %58, 20 %60 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 93 %61 = bitcast %struct.dev_iommu** %60 to %struct.gendisk.613289** %62 = load %struct.gendisk.613289*, %struct.gendisk.613289** %61, align 8 %63 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %62, i64 0, i32 9 %64 = load %struct.request_queue.613296*, %struct.request_queue.613296** %63, align 8 tail call void bitcast (void (%struct.request_queue.292200*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.613296*, i1, i1)*)(%struct.request_queue.613296* %64, i1 zeroext %57, i1 zeroext %59) #84 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void bitcast (void (i32, %struct.request_queue.290802*)* @blk_queue_flag_clear to void (i32, %struct.request_queue.292200*)*)(i32 17, %struct.request_queue.292200* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = getelementptr %struct.device.613560, %struct.device.613560* %0, i64 -1, i32 36 %9 = bitcast %struct.dev_iommu** %8 to %struct.scsi_disk* %10 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 1 %11 = bitcast %struct.dev_iommu** %10 to %struct.scsi_device.613577** %12 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %14 = bitcast %struct.scsi_mode_data* %6 to i8* %15 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.scsi_device.613577, %struct.scsi_device.613577* %12, i64 0, i32 23 %17 = load i8, i8* %16, align 8 switch i8 %17, label %118 [ i8 0, label %18 i8 20, label %18 ] %19 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #83 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %27 %28 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 25 %29 = bitcast i24* %28 to i32* %30 = load i32, i32* %29, align 2 %31 = and i32 %30, -3 store i32 %31, i32* %29, align 2 br label %32 %33 = phi i8* [ %22, %21 ], [ %2, %27 ] %34 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %33) #84 %35 = icmp slt i32 %34, 0 br i1 %35, label %118, label %36 %37 = and i32 %34, 1 %38 = and i32 %34, 2 %39 = icmp eq i32 %38, 0 br i1 %39, label %45, label %40 %46 = phi i32 [ 0, %36 ], [ %44, %40 ] %47 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 25 %48 = bitcast i24* %47 to i32* %49 = load i32, i32* %48, align 2 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %65, label %52 %53 = and i32 %49, -13 %54 = or i32 %53, %46 %55 = shl nuw nsw i32 %37, 3 %56 = or i32 %54, %55 store i32 %56, i32* %48, align 2 %57 = icmp ne i32 %46, 0 %58 = and i32 %54, 20 %59 = icmp eq i32 %58, 20 %60 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 93 %61 = bitcast %struct.dev_iommu** %60 to %struct.gendisk.613289** %62 = load %struct.gendisk.613289*, %struct.gendisk.613289** %61, align 8 %63 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %62, i64 0, i32 9 %64 = load %struct.request_queue.613296*, %struct.request_queue.613296** %63, align 8 tail call void bitcast (void (%struct.request_queue.292200*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.613296*, i1, i1)*)(%struct.request_queue.613296* %64, i1 zeroext %57, i1 zeroext %59) #84 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void bitcast (void (i32, %struct.request_queue.290802*)* @blk_queue_flag_clear to void (i32, %struct.request_queue.292200*)*)(i32 17, %struct.request_queue.292200* %0) #83 br label %6 br i1 %2, label %7, label %8 tail call void bitcast (void (i32, %struct.request_queue.290802*)* @blk_queue_flag_clear to void (i32, %struct.request_queue.292200*)*)(i32 18, %struct.request_queue.292200* %0) #83 ------------- Good: 39 Bad: 2 Ignored: 35 Check Use of Function:kthread_bind_mask Check Use of Function:kthread_create_on_node Check Use of Function:irq_set_affinity Check Use of Function:pci_connect_tech_setup Check Use of Function:serial8250_register_8250_port Check Use of Function:pci_fastcom335_setup Check Use of Function:ioremap_cache Check Use of Function:__init_rwsem Check Use of Function:ring_buffer_nest_start Check Use of Function:devm_free_irq Check Use of Function:devres_free Check Use of Function:devres_add Check Use of Function:device_set_wakeup_capable Check Use of Function:pci_walk_bus Use: =BAD PATH= Call Stack: 0 pci_bridge_d3_update 1 pci_d3cold_disable 2 d3cold_allowed_store ------------- Path:  Function:d3cold_allowed_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %7 = bitcast %struct.irq_domain** %6 to %struct.pci_dev.313800* %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #83 %10 = icmp slt i32 %9, 0 br i1 %10, label %24, label %11 %12 = load i64, i64* %5, align 8 %13 = icmp eq i64 %12, 0 %14 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %7, i64 0, i32 33 %15 = bitcast i24* %14 to i32* %16 = load i32, i32* %15, align 2 %17 = select i1 %13, i32 0, i32 2048 %18 = and i32 %16, -2049 %19 = or i32 %18, %17 store i32 %19, i32* %15, align 2 br i1 %13, label %21, label %20 call void @pci_d3cold_disable(%struct.pci_dev.313800* %7) #83 Function:pci_d3cold_disable %2 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 33 %3 = bitcast i24* %2 to i32* %4 = load i32, i32* %3, align 2 %5 = and i32 %4, 512 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %9 %8 = or i32 %4, 512 store i32 %8, i32* %3, align 2 tail call void @pci_bridge_d3_update(%struct.pci_dev.313800* %0) #83 Function:pci_bridge_d3_update %2 = alloca i8, align 1 %3 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 46, i32 0, i32 7 %4 = load i8, i8* %3, align 4 %5 = and i8 %4, 2 %6 = icmp eq i8 %5, 0 store i8 1, i8* %2, align 1 %7 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 1 %8 = load %struct.pci_bus.313802*, %struct.pci_bus.313802** %7, align 8 %9 = getelementptr inbounds %struct.pci_bus.313802, %struct.pci_bus.313802* %8, i64 0, i32 1 %10 = load %struct.pci_bus.313802*, %struct.pci_bus.313802** %9, align 8 %11 = icmp eq %struct.pci_bus.313802* %10, null br i1 %11, label %78, label %12 %13 = getelementptr inbounds %struct.pci_bus.313802, %struct.pci_bus.313802* %8, i64 0, i32 4 %14 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %13, align 8 %15 = icmp eq %struct.pci_dev.313800* %14, null br i1 %15, label %78, label %16 %17 = tail call zeroext i1 @pci_bridge_d3_possible(%struct.pci_dev.313800* nonnull %14) #83 br i1 %17, label %18, label %78 br i1 %6, label %19, label %25 %26 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 33 %27 = bitcast i24* %26 to i32* %28 = load i32, i32* %27, align 2 %29 = and i32 %28, 2560 %30 = icmp eq i32 %29, 2048 br i1 %30, label %31, label %54 %32 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 46, i32 11, i32 1 %33 = load i16, i16* %32, align 4 %34 = and i16 %33, 1 %35 = icmp eq i16 %34, 0 br i1 %35, label %47, label %36 %37 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 46, i32 11, i32 6 %38 = load %struct.wakeup_source*, %struct.wakeup_source** %37, align 8 %39 = icmp eq %struct.wakeup_source* %38, null br i1 %39, label %47, label %40 %41 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 32 %42 = load i8, i8* %41, align 1 %43 = icmp ne i8 %42, 0 %44 = and i32 %28, 16 %45 = icmp ne i32 %44, 0 %46 = and i1 %45, %43 br i1 %46, label %47, label %54 %48 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 2 %49 = load %struct.pci_bus.313802*, %struct.pci_bus.313802** %48, align 8 %50 = icmp eq %struct.pci_bus.313802* %49, null %51 = and i32 %28, 1024 %52 = icmp ne i32 %51, 0 %53 = or i1 %52, %50 br i1 %53, label %55, label %54 %56 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %14, i64 0, i32 33 %57 = bitcast i24* %56 to i32* %58 = load i32, i32* %57, align 2 %59 = and i32 %58, 1024 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %66 %62 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %14, i64 0, i32 2 %63 = load %struct.pci_bus.313802*, %struct.pci_bus.313802** %62, align 8 call void bitcast (void (%struct.pci_bus.314160*, i32 (%struct.pci_dev.314158*, i8*)*, i8*)* @pci_walk_bus to void (%struct.pci_bus.313802*, i32 (%struct.pci_dev.313800*, i8*)*, i8*)*)(%struct.pci_bus.313802* %63, i32 (%struct.pci_dev.313800*, i8*)* nonnull @pci_dev_check_d3cold, i8* nonnull %2) #84 ------------- Good: 22 Bad: 1 Ignored: 17 Check Use of Function:pcie_capability_clear_and_set_word Check Use of Function:acpi_ns_get_attached_object Check Use of Function:acpi_ut_remove_reference Check Use of Function:acpi_ut_create_internal_object_dbg Check Use of Function:acpi_ns_attach_object Check Use of Function:acpi_os_acquire_lock Check Use of Function:i915_driver_open Check Use of Function:acpi_os_release_lock Check Use of Function:acpi_ns_walk_namespace Check Use of Function:acpi_ev_init_global_lock_handler Check Use of Function:pci_mmcfg_late_init Check Use of Function:pci_user_read_config_dword Check Use of Function:acpi_ec_init Check Use of Function:acpi_sleep_proc_init Check Use of Function:acpi_setup_sb_notify_handler Check Use of Function:acpi_install_notify_handler Check Use of Function:proc_mkdir Check Use of Function:acpi_initialize_objects Check Use of Function:acpi_early_processor_osc Check Use of Function:acpi_enable_subsystem Check Use of Function:serial8250_get_mctrl Check Use of Function:bus_register Check Use of Function:free_cgroup_ns Use: =BAD PATH= Call Stack: 0 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = bitcast %struct.ns_common* %0 to %struct.cgroup_namespace* %3 = icmp eq %struct.ns_common* %0, null br i1 %3, label %15, label %4 %5 = getelementptr inbounds %struct.ns_common, %struct.ns_common* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @free_cgroup_ns(%struct.cgroup_namespace* nonnull %2) #83 ------------- Good: 9 Bad: 1 Ignored: 3 Check Use of Function:acpi_dev_clear_dependencies Check Use of Function:dma_async_device_register Check Use of Function:netlink_broadcast Check Use of Function:irq_domain_remove Check Use of Function:dmar_fault Check Use of Function:disable_dmar_iommu Check Use of Function:register_syscore_ops Check Use of Function:chroot_fs_refs Check Use of Function:iommu_enable_translation Check Use of Function:iommu_device_sysfs_add Check Use of Function:iommu_device_register Check Use of Function:tg3_read_indirect_mbox Check Use of Function:tg3_read32 Check Use of Function:tg3_read32_mbox_5906 Check Use of Function:iommu_disable_protect_mem_regions Check Use of Function:pci_set_power_state Check Use of Function:tg3_poll_fw Check Use of Function:tg3_switch_clocks Check Use of Function:tg3_reset_hw Check Use of Function:tg3_halt Check Use of Function:tg3_enable_ints Check Use of Function:tg3_read_indirect_reg32 Check Use of Function:tg3_write_indirect_reg32 Check Use of Function:acpi_wakeup_device_init Check Use of Function:iowrite8 Check Use of Function:ioread8 Check Use of Function:e1000_clean_rx_ring Check Use of Function:e1000_free_desc_rings Check Use of Function:e1000_set_phy_loopback Check Use of Function:dmar_walk_dsm_resource Check Use of Function:e1000_power_up_phy Check Use of Function:kmalloc_array.53568 Check Use of Function:e1000_phy_reset Check Use of Function:e1000_reset Check Use of Function:e1000_write_phy_reg Check Use of Function:e1000_open Check Use of Function:e1000_read_phy_reg Check Use of Function:cgroup_free_root Check Use of Function:kmalloc_array.53988 Check Use of Function:e1000e_reset_interrupt_capability Check Use of Function:usleep_range_state Check Use of Function:msleep_interruptible Use: =BAD PATH= Call Stack: 0 uart_wait_until_sent ------------- Path:  Function:uart_wait_until_sent %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = getelementptr inbounds %struct.uart_state, %struct.uart_state* %5, i64 0, i32 3, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %96, label %9, !prof !4, !misexpect !5 %10 = phi i32 [ %17, %16 ], [ %7, %2 ] %11 = add i32 %10, 1 %12 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %11, i32* %6, i32 %10) #6, !srcloc !6 %13 = extractvalue { i8, i32 } %12, 0 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %16, label %19, !prof !4, !misexpect !5 %20 = getelementptr inbounds %struct.uart_state, %struct.uart_state* %5, i64 0, i32 5 %21 = load %struct.uart_port*, %struct.uart_port** %20, align 8 %22 = icmp eq %struct.uart_port* %21, null br i1 %22, label %96, label %23 %24 = getelementptr inbounds %struct.uart_port, %struct.uart_port* %21, i64 0, i32 38 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %31, label %27 %28 = getelementptr inbounds %struct.uart_port, %struct.uart_port* %21, i64 0, i32 23 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %41 %42 = getelementptr inbounds %struct.uart_port, %struct.uart_port* %21, i64 0, i32 37 %43 = load i32, i32* %42, align 8 %44 = add i32 %43, -20 %45 = udiv i32 %44, %29 %46 = udiv i32 %45, 5 %47 = icmp ult i32 %45, 5 %48 = select i1 %47, i32 1, i32 %46 %49 = zext i32 %48 to i64 %50 = icmp eq i32 %1, 0 %51 = sext i32 %1 to i64 %52 = icmp ult i64 %51, %49 %53 = select i1 %52, i64 %51, i64 %49 %54 = select i1 %50, i64 %49, i64 %53 %55 = shl i32 %43, 1 %56 = add i32 %1, -1 %57 = icmp ult i32 %56, %55 %58 = select i1 %57, i32 %1, i32 %55 %59 = load volatile i64, i64* @jiffies, align 64 %60 = sext i32 %58 to i64 %61 = add i64 %59, %60 %62 = getelementptr inbounds %struct.uart_port, %struct.uart_port* %21, i64 0, i32 39 br label %63 %64 = load %struct.uart_ops*, %struct.uart_ops** %62, align 8 %65 = getelementptr inbounds %struct.uart_ops, %struct.uart_ops* %64, i64 0, i32 0 %66 = load i32 (%struct.uart_port*)*, i32 (%struct.uart_port*)** %65, align 8 %67 = tail call i32 %66(%struct.uart_port* nonnull %21) #83 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %86 %70 = tail call i32 @jiffies_to_msecs(i64 %54) #83 %71 = tail call i64 @msleep_interruptible(i32 %70) #83 ------------- Good: 13 Bad: 1 Ignored: 2 Check Use of Function:e1000_free_desc_rings.53992 Check Use of Function:e1000_update_phy_info_task Check Use of Function:init_cgroup_root Check Use of Function:dma_sync_single_for_device Check Use of Function:e1000_configure_k1_ich8lan Check Use of Function:e1000_configure_msix Check Use of Function:e1000e_up Check Use of Function:e1000e_set_interrupt_capability Check Use of Function:pci_enable_msi Check Use of Function:e1000_request_irq Check Use of Function:cpu_latency_qos_remove_request Use: =BAD PATH= Call Stack: 0 cpu_latency_qos_release ------------- Path:  Function:cpu_latency_qos_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = load i8*, i8** %3, align 8 %5 = bitcast i8* %4 to %struct.pm_qos_request* store i8* null, i8** %3, align 8 tail call void @cpu_latency_qos_remove_request(%struct.pm_qos_request* %5) #83 ------------- Good: 12 Bad: 1 Ignored: 1 Check Use of Function:e1000_clean_rx_ring.54063 Check Use of Function:pci_read_config_word Check Use of Function:pci_write_config_word Check Use of Function:unregister_netdev Check Use of Function:dev_close Check Use of Function:netif_device_attach Check Use of Function:sky2_set_multicast Check Use of Function:request_threaded_irq Check Use of Function:pci_disable_msix Check Use of Function:nv_set_multicast Check Use of Function:disable_irq Check Use of Function:nv_init_ring Check Use of Function:dma_map_page_attrs Check Use of Function:nv_drain_rxtx Check Use of Function:enable_irq Check Use of Function:dma_alloc_attrs Check Use of Function:dma_free_attrs Check Use of Function:napi_enable Check Use of Function:rtl8139_hw_start Check Use of Function:phy_connect_direct Check Use of Function:phy_attached_info Check Use of Function:rtl8169_up Check Use of Function:pci_read_config_byte Use: =BAD PATH= Call Stack: 0 subordinate_bus_number_show ------------- Path:  Function:subordinate_bus_number_show %4 = alloca i8, align 1 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %6 = bitcast %struct.irq_domain** %5 to %struct.pci_dev.313800* %7 = call i32 @pci_read_config_byte(%struct.pci_dev.313800* %6, i32 26, i8* nonnull %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 secondary_bus_number_show ------------- Path:  Function:secondary_bus_number_show %4 = alloca i8, align 1 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %6 = bitcast %struct.irq_domain** %5 to %struct.pci_dev.313800* %7 = call i32 @pci_read_config_byte(%struct.pci_dev.313800* %6, i32 25, i8* nonnull %4) #83 ------------- Good: 198 Bad: 2 Ignored: 255 Check Use of Function:pci_get_slot Use: =BAD PATH= Call Stack: 0 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 4 %15 = bitcast %struct.qspinlock* %14 to %struct.pci_bus.318189** %16 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %15, align 8 %17 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 14, i32 0, i32 0, i32 0 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 248 %20 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %16, i32 %19) #83 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_read 2 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_write 2 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_write %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 ------------- Use: =BAD PATH= Call Stack: 0 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 4 %15 = bitcast %struct.qspinlock* %14 to %struct.pci_bus.318189** %16 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %15, align 8 %17 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 14, i32 0, i32 0, i32 0 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 248 %20 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %16, i32 %19) #83 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_read 2 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_write 2 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_write %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 ------------- Good: 23 Bad: 6 Ignored: 27 Check Use of Function:yenta_probe_cb_irq Check Use of Function:pci_read_config_dword Use: =BAD PATH= Call Stack: 0 pci_map_rom 1 pci_read_rom ------------- Path:  Function:pci_read_rom %7 = alloca i64, align 8 %8 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %9 = bitcast %struct.qspinlock* %8 to %struct.pci_dev.313800* %10 = bitcast i64* %7 to i8* %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 432, i32 0, i32 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 0 br i1 %13, label %30, label %14 %15 = call i8* bitcast (i8* (%struct.pci_dev.317139*, i64*)* @pci_map_rom to i8* (%struct.pci_dev.313800*, i64*)*)(%struct.pci_dev.313800* %9, i64* nonnull %7) #83 Function:pci_map_rom %3 = alloca i32, align 4 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca i32, align 4 %6 = getelementptr %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 49, i64 6, i32 5 %7 = load %struct.resource*, %struct.resource** %6, align 8 %8 = icmp eq %struct.resource* %7, null br i1 %8, label %9, label %12 %10 = tail call i32 bitcast (i32 (%struct.pci_dev.313800*, i32)* @pci_assign_resource to i32 (%struct.pci_dev.317139*, i32)*)(%struct.pci_dev.317139* %0, i32 6) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %129 %13 = getelementptr %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 49, i64 6, i32 0 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 49, i64 6, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 %18 = sub i64 1, %14 %19 = add i64 %18, %16 %20 = select i1 %17, i64 0, i64 %19 store i64 %20, i64* %1, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %129, label %22 %23 = getelementptr %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 49, i64 6 %24 = bitcast %struct.cpu_itimer* %4 to i8* %25 = bitcast i32* %5 to i8* %26 = getelementptr %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 49, i64 6, i32 3 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %50, label %29 %30 = and i64 %27, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %51 %33 = getelementptr inbounds %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 1 %34 = load %struct.pci_bus.317128*, %struct.pci_bus.317128** %33, align 8 call void bitcast (void (%struct.pci_bus.313802*, %struct.cpu_itimer*, %struct.resource*)* @pcibios_resource_to_bus to void (%struct.pci_bus.317128*, %struct.cpu_itimer*, %struct.resource*)*)(%struct.pci_bus.317128* %34, %struct.cpu_itimer* nonnull %4, %struct.resource* %23) #83 %35 = getelementptr inbounds %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 22 %36 = load i8, i8* %35, align 8 %37 = zext i8 %36 to i32 %38 = call i32 bitcast (i32 (%struct.pci_dev.313800*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev.317139*, i32, i32*)*)(%struct.pci_dev.317139* %0, i32 %37, i32* nonnull %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 amd_get_subcaches 1 subcaches_show ------------- Path:  Function:subcaches_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 32 %7 = bitcast i8* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %13, label %10 %14 = phi i32 [ %12, %10 ], [ 64, %3 ] %15 = tail call i32 @amd_get_subcaches(i32 %14) #83 Function:amd_get_subcaches %2 = alloca i32, align 4 %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.cpuinfo_x86* @cpu_info to i64) %7 = inttoptr i64 %6 to %struct.cpuinfo_x86* %8 = getelementptr inbounds %struct.cpuinfo_x86, %struct.cpuinfo_x86* %7, i64 0, i32 30 %9 = load i16, i16* %8, align 8 %10 = load i16, i16* @amd_northbridges.0, align 8 %11 = icmp ugt i16 %10, %9 %12 = load %struct.amd_northbridge*, %struct.amd_northbridge** @amd_northbridges.2, align 8 %13 = zext i16 %9 to i64 %14 = getelementptr %struct.amd_northbridge, %struct.amd_northbridge* %12, i64 %13 %15 = select i1 %11, %struct.amd_northbridge* %14, %struct.amd_northbridge* null %16 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %15, i64 0, i32 2 %17 = load %struct.pci_dev*, %struct.pci_dev** %16, align 8 %18 = bitcast i32* %2 to i8* %19 = load i64, i64* @amd_northbridges.1, align 8 %20 = and i64 %19, 4 %21 = icmp eq i64 %20, 0 br i1 %21, label %34, label %22 %23 = call i32 bitcast (i32 (%struct.pci_dev.313800*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %17, i32 468, i32* nonnull %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 cache_disable_0_show ------------- Path:  Function:cache_disable_0_show %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.cacheinfo** %7 = load %struct.cacheinfo*, %struct.cacheinfo** %6, align 8 %8 = getelementptr inbounds %struct.cacheinfo, %struct.cacheinfo* %7, i64 0, i32 12 %9 = bitcast i8** %8 to %struct.amd_northbridge** %10 = load %struct.amd_northbridge*, %struct.amd_northbridge** %9, align 8 %11 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %12 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %10, i64 0, i32 1 %13 = load %struct.pci_dev*, %struct.pci_dev** %12, align 8 %14 = call i32 bitcast (i32 (%struct.pci_dev.313800*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %13, i32 444, i32* nonnull %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 cache_disable_1_show ------------- Path:  Function:cache_disable_1_show %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.cacheinfo** %7 = load %struct.cacheinfo*, %struct.cacheinfo** %6, align 8 %8 = getelementptr inbounds %struct.cacheinfo, %struct.cacheinfo* %7, i64 0, i32 12 %9 = bitcast i8** %8 to %struct.amd_northbridge** %10 = load %struct.amd_northbridge*, %struct.amd_northbridge** %9, align 8 %11 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %12 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %10, i64 0, i32 1 %13 = load %struct.pci_dev*, %struct.pci_dev** %12, align 8 %14 = call i32 bitcast (i32 (%struct.pci_dev.313800*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %13, i32 448, i32* nonnull %4) #83 ------------- Good: 1420 Bad: 4 Ignored: 2039 Check Use of Function:pci_write_config_dword Use: =BAD PATH= Call Stack: 0 pci_map_rom 1 pci_read_rom ------------- Path:  Function:pci_read_rom %7 = alloca i64, align 8 %8 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %9 = bitcast %struct.qspinlock* %8 to %struct.pci_dev.313800* %10 = bitcast i64* %7 to i8* %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 432, i32 0, i32 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 0 br i1 %13, label %30, label %14 %15 = call i8* bitcast (i8* (%struct.pci_dev.317139*, i64*)* @pci_map_rom to i8* (%struct.pci_dev.313800*, i64*)*)(%struct.pci_dev.313800* %9, i64* nonnull %7) #83 Function:pci_map_rom %3 = alloca i32, align 4 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca i32, align 4 %6 = getelementptr %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 49, i64 6, i32 5 %7 = load %struct.resource*, %struct.resource** %6, align 8 %8 = icmp eq %struct.resource* %7, null br i1 %8, label %9, label %12 %10 = tail call i32 bitcast (i32 (%struct.pci_dev.313800*, i32)* @pci_assign_resource to i32 (%struct.pci_dev.317139*, i32)*)(%struct.pci_dev.317139* %0, i32 6) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %129 %13 = getelementptr %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 49, i64 6, i32 0 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 49, i64 6, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 %18 = sub i64 1, %14 %19 = add i64 %18, %16 %20 = select i1 %17, i64 0, i64 %19 store i64 %20, i64* %1, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %129, label %22 %23 = getelementptr %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 49, i64 6 %24 = bitcast %struct.cpu_itimer* %4 to i8* %25 = bitcast i32* %5 to i8* %26 = getelementptr %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 49, i64 6, i32 3 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %50, label %29 %30 = and i64 %27, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %51 %33 = getelementptr inbounds %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 1 %34 = load %struct.pci_bus.317128*, %struct.pci_bus.317128** %33, align 8 call void bitcast (void (%struct.pci_bus.313802*, %struct.cpu_itimer*, %struct.resource*)* @pcibios_resource_to_bus to void (%struct.pci_bus.317128*, %struct.cpu_itimer*, %struct.resource*)*)(%struct.pci_bus.317128* %34, %struct.cpu_itimer* nonnull %4, %struct.resource* %23) #83 %35 = getelementptr inbounds %struct.pci_dev.317139, %struct.pci_dev.317139* %0, i64 0, i32 22 %36 = load i8, i8* %35, align 8 %37 = zext i8 %36 to i32 %38 = call i32 bitcast (i32 (%struct.pci_dev.313800*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev.317139*, i32, i32*)*)(%struct.pci_dev.317139* %0, i32 %37, i32* nonnull %5) #83 %39 = load i32, i32* %5, align 4 %40 = and i32 %39, 2046 %41 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %42 = load i64, i64* %41, align 8 %43 = trunc i64 %42 to i32 %44 = or i32 %40, %43 %45 = or i32 %44, 1 store i32 %45, i32* %5, align 4 %46 = load i8, i8* %35, align 8 %47 = zext i8 %46 to i32 %48 = call i32 bitcast (i32 (%struct.pci_dev.313800*, i32, i32)* @pci_write_config_dword to i32 (%struct.pci_dev.317139*, i32, i32)*)(%struct.pci_dev.317139* %0, i32 %47, i32 %45) #83 ------------- Good: 775 Bad: 1 Ignored: 777 Check Use of Function:pci_irq_vector Check Use of Function:pci_free_irq_vectors Check Use of Function:xhci_run Check Use of Function:__i8042_command Check Use of Function:snd_card_disconnect Check Use of Function:pci_intx Check Use of Function:__cleanup_nmi Check Use of Function:drm_syncobj_open Check Use of Function:irq_chip_pm_put Check Use of Function:__irq_wake_thread Check Use of Function:dev_change_tx_queue_len Check Use of Function:single_open Use: =BAD PATH= Call Stack: 0 rpc_proc_open ------------- Path:  Function:rpc_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #83 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_proc_show, i8* %3) #83 ------------- Use: =BAD PATH= Call Stack: 0 rpc_dummy_info_open ------------- Path:  Function:rpc_dummy_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_dummy_info_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 rpc_info_open ------------- Path:  Function:rpc_info_open %3 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_show_info, i8* null) #83 ------------- Use: =BAD PATH= Call Stack: 0 pmc_dev_state_open ------------- Path:  Function:pmc_dev_state_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_dev_state_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 pmc_pss_state_open ------------- Path:  Function:pmc_pss_state_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_pss_state_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 pmc_sleep_tmr_open ------------- Path:  Function:pmc_sleep_tmr_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_sleep_tmr_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 hid_debug_rdesc_open ------------- Path:  Function:hid_debug_rdesc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @hid_debug_rdesc_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 xhci_port_open ------------- Path:  Function:xhci_port_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_portsc_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 xhci_context_open ------------- Path:  Function:xhci_context_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry* [ %16, %9 ], [ %4, %2 ] %19 = getelementptr inbounds %struct.dentry, %struct.dentry* %18, i64 0, i32 6, i64 0 %20 = tail call i32 @strcmp(i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.116.57100, i64 0, i64 0), i8* %19) #84 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %23 = tail call i32 @strcmp(i8* dereferenceable(13) getelementptr inbounds ([13 x i8], [13 x i8]* @.str.117.57101, i64 0, i64 0), i8* %19) #84 %24 = icmp eq i32 %23, 0 %25 = select i1 %24, i64 1, i64 2 br label %26 %27 = phi i64 [ 0, %17 ], [ %25, %22 ] %28 = getelementptr [3 x %struct.xhci_file_map], [3 x %struct.xhci_file_map]* @context_files, i64 0, i64 %27, i32 1 %29 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %28, align 8 %30 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %31 = load i8*, i8** %30, align 8 %32 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %29, i8* %31) #83 ------------- Use: =BAD PATH= Call Stack: 0 xhci_stream_id_open ------------- Path:  Function:xhci_stream_id_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_stream_id_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 xhci_stream_context_array_open ------------- Path:  Function:xhci_stream_context_array_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_stream_context_array_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 xhci_ring_open ------------- Path:  Function:xhci_ring_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry* [ %16, %9 ], [ %4, %2 ] %19 = getelementptr inbounds %struct.dentry, %struct.dentry* %18, i64 0, i32 6, i64 0 %20 = tail call i32 @strcmp(i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.56988, i64 0, i64 0), i8* %19) #84 %21 = icmp eq i32 %20, 0 br i1 %21, label %25, label %22 %23 = tail call i32 @strcmp(i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.56989, i64 0, i64 0), i8* %19) #84 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %32 %33 = tail call i32 @strcmp(i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.18.56990, i64 0, i64 0), i8* %19) #84 %34 = icmp eq i32 %33, 0 %35 = select i1 %34, i64 2, i64 3 br label %25 %26 = phi i64 [ 0, %17 ], [ 1, %22 ], [ %35, %32 ] %27 = getelementptr [4 x %struct.xhci_file_map], [4 x %struct.xhci_file_map]* @ring_files, i64 0, i64 %26, i32 1 %28 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %30 = load i8*, i8** %29, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %28, i8* %30) #83 ------------- Use: =BAD PATH= Call Stack: 0 sg_proc_single_open_dressz ------------- Path:  Function:sg_proc_single_open_dressz %3 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.289897*, i32 (%struct.seq_file.289626*, i8*)*, i8*)*)(%struct.file.289897* %1, i32 (%struct.seq_file.289626*, i8*)* nonnull @sg_proc_seq_show_int, i8* bitcast (i32* @sg_big_buff to i8*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 sg_proc_single_open_adio ------------- Path:  Function:sg_proc_single_open_adio %3 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.289897*, i32 (%struct.seq_file.289626*, i8*)*, i8*)*)(%struct.file.289897* %1, i32 (%struct.seq_file.289626*, i8*)* nonnull @sg_proc_seq_show_int, i8* bitcast (i32* @sg_allow_dio to i8*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_buf_debug_open ------------- Path:  Function:dma_buf_debug_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @dma_buf_debug_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 regmap_access_open ------------- Path:  Function:regmap_access_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @regmap_access_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 rbtree_open ------------- Path:  Function:rbtree_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rbtree_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 deferred_devs_open ------------- Path:  Function:deferred_devs_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @deferred_devs_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 component_devices_open ------------- Path:  Function:component_devices_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @component_devices_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 huc_info_open ------------- Path:  Function:huc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @huc_info_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 guc_log_dump_open ------------- Path:  Function:guc_log_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_log_dump_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 guc_load_err_log_dump_open ------------- Path:  Function:guc_load_err_log_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_load_err_log_dump_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 guc_info_open ------------- Path:  Function:guc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_info_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 guc_registered_contexts_open ------------- Path:  Function:guc_registered_contexts_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_registered_contexts_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 guc_slpc_info_open ------------- Path:  Function:guc_slpc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_slpc_info_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 uc_usage_open ------------- Path:  Function:uc_usage_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @uc_usage_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 sseu_status_open ------------- Path:  Function:sseu_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @sseu_status_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 rcs_topology_open ------------- Path:  Function:rcs_topology_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rcs_topology_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 drpc_open ------------- Path:  Function:drpc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @drpc_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 frequency_open ------------- Path:  Function:frequency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @frequency_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 fw_domains_open ------------- Path:  Function:fw_domains_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @fw_domains_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 llc_open ------------- Path:  Function:llc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @llc_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 rps_boost_open ------------- Path:  Function:rps_boost_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rps_boost_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 engines_open ------------- Path:  Function:engines_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @engines_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_panel_open ------------- Path:  Function:i915_panel_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_panel_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_psr_sink_status_open ------------- Path:  Function:i915_psr_sink_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_psr_sink_status_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_psr_status_open ------------- Path:  Function:i915_psr_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_psr_status_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_hdcp_sink_capability_open ------------- Path:  Function:i915_hdcp_sink_capability_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hdcp_sink_capability_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_dsc_fec_support_open ------------- Path:  Function:i915_dsc_fec_support_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_dsc_fec_support_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_dsc_bpp_open ------------- Path:  Function:i915_dsc_bpp_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_dsc_bpp_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_lpsp_capability_open ------------- Path:  Function:i915_lpsp_capability_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_lpsp_capability_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 pri_wm_latency_open ------------- Path:  Function:pri_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1731 %6 = load i8, i8* %5, align 1 %7 = icmp ult i8 %6, 5 br i1 %7, label %8, label %14 %9 = getelementptr i8, i8* %4, i64 1828 %10 = bitcast i8* %9 to i32* %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 98304 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pri_wm_latency_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 spr_wm_latency_open ------------- Path:  Function:spr_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 512 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @spr_wm_latency_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 cur_wm_latency_open ------------- Path:  Function:cur_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 512 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @cur_wm_latency_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_displayport_test_data_open ------------- Path:  Function:i915_displayport_test_data_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_data_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_displayport_test_type_open ------------- Path:  Function:i915_displayport_test_type_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_type_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_displayport_test_active_open ------------- Path:  Function:i915_displayport_test_active_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_active_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_open ------------- Path:  Function:i915_hpd_storm_ctl_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hpd_storm_ctl_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_short_storm_ctl_open ------------- Path:  Function:i915_hpd_short_storm_ctl_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hpd_short_storm_ctl_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_ipc_status_open ------------- Path:  Function:i915_ipc_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 8192 %9 = icmp eq i24 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_ipc_status_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_param_charp_open ------------- Path:  Function:i915_param_charp_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_charp_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_param_int_open ------------- Path:  Function:i915_param_int_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_int_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_param_int_open ------------- Path:  Function:i915_param_int_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_int_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_param_uint_open ------------- Path:  Function:i915_param_uint_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_uint_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 ttm_pool_debugfs_globals_open ------------- Path:  Function:ttm_pool_debugfs_globals_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_pool_debugfs_globals_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 ttm_pool_debugfs_shrink_open ------------- Path:  Function:ttm_pool_debugfs_shrink_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_pool_debugfs_shrink_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 ttm_tt_debugfs_shrink_open ------------- Path:  Function:ttm_tt_debugfs_shrink_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_tt_debugfs_shrink_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 crc_control_open ------------- Path:  Function:crc_control_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @crc_control_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_debugfs_open ------------- Path:  Function:drm_debugfs_open %3 = getelementptr inbounds %struct.inode.399535, %struct.inode.399535* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 8 %6 = bitcast i8* %5 to %struct.drm_info_list.399592** %7 = load %struct.drm_info_list.399592*, %struct.drm_info_list.399592** %6, align 8 %8 = getelementptr inbounds %struct.drm_info_list.399592, %struct.drm_info_list.399592* %7, i64 0, i32 1 %9 = load i32 (%struct.seq_file.399483*, i8*)*, i32 (%struct.seq_file.399483*, i8*)** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.399482*, i32 (%struct.seq_file.399483*, i8*)*, i8*)*)(%struct.file.399482* %1, i32 (%struct.seq_file.399483*, i8*)* %9, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 vrr_range_open ------------- Path:  Function:vrr_range_open %3 = getelementptr inbounds %struct.inode.399535, %struct.inode.399535* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.399482*, i32 (%struct.seq_file.399483*, i8*)*, i8*)*)(%struct.file.399482* %1, i32 (%struct.seq_file.399483*, i8*)* nonnull @vrr_range_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 edid_open ------------- Path:  Function:edid_open %3 = getelementptr inbounds %struct.inode.399535, %struct.inode.399535* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.399482*, i32 (%struct.seq_file.399483*, i8*)*, i8*)*)(%struct.file.399482* %1, i32 (%struct.seq_file.399483*, i8*)* nonnull @edid_show.39693, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 connector_open ------------- Path:  Function:connector_open %3 = getelementptr inbounds %struct.inode.399535, %struct.inode.399535* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.399482*, i32 (%struct.seq_file.399483*, i8*)*, i8*)*)(%struct.file.399482* %1, i32 (%struct.seq_file.399483*, i8*)* nonnull @connector_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 dmaengine_summary_open ------------- Path:  Function:dmaengine_summary_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @dmaengine_summary_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 clk_summary_open ------------- Path:  Function:clk_summary_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_summary_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 clk_dump_open ------------- Path:  Function:clk_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_dump_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 clk_min_rate_open ------------- Path:  Function:clk_min_rate_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_min_rate_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 clk_max_rate_open ------------- Path:  Function:clk_max_rate_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_max_rate_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 clk_flags_open ------------- Path:  Function:clk_flags_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_flags_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 clk_duty_cycle_open ------------- Path:  Function:clk_duty_cycle_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_duty_cycle_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 current_parent_open ------------- Path:  Function:current_parent_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @current_parent_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 possible_parents_open ------------- Path:  Function:possible_parents_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @possible_parents_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_debugfs_open ------------- Path:  Function:blk_mq_debugfs_open %3 = getelementptr inbounds %struct.inode.302593, %struct.inode.302593* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.blk_mq_debugfs_attr.302604** %5 = load %struct.blk_mq_debugfs_attr.302604*, %struct.blk_mq_debugfs_attr.302604** %4, align 8 %6 = getelementptr inbounds %struct.file.302602, %struct.file.302602* %1, i64 0, i32 1, i32 1 %7 = load %struct.dentry.302597*, %struct.dentry.302597** %6, align 8 %8 = getelementptr inbounds %struct.dentry.302597, %struct.dentry.302597* %7, i64 0, i32 3 %9 = load %struct.dentry.302597*, %struct.dentry.302597** %8, align 8 %10 = getelementptr inbounds %struct.dentry.302597, %struct.dentry.302597* %9, i64 0, i32 5 %11 = load %struct.inode.302593*, %struct.inode.302593** %10, align 8 %12 = getelementptr inbounds %struct.inode.302593, %struct.inode.302593* %11, i64 0, i32 47 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.blk_mq_debugfs_attr.302604, %struct.blk_mq_debugfs_attr.302604* %5, i64 0, i32 4 %16 = load %struct.seq_operations.302207*, %struct.seq_operations.302207** %15, align 8 %17 = icmp eq %struct.seq_operations.302207* %16, null %18 = bitcast %struct.blk_mq_debugfs_attr.302604* %5 to i8* br i1 %17, label %28, label %19 %29 = getelementptr inbounds %struct.blk_mq_debugfs_attr.302604, %struct.blk_mq_debugfs_attr.302604* %5, i64 0, i32 2 %30 = load i32 (i8*, %struct.seq_file.302603*)*, i32 (i8*, %struct.seq_file.302603*)** %29, align 8 %31 = icmp eq i32 (i8*, %struct.seq_file.302603*)* %30, null br i1 %31, label %32, label %33, !prof !4, !misexpect !5 %34 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.302602*, i32 (%struct.seq_file.302603*, i8*)*, i8*)*)(%struct.file.302602* %1, i32 (%struct.seq_file.302603*, i8*)* nonnull @blk_mq_debugfs_show, i8* %18) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_devm_entry_open ------------- Path:  Function:debugfs_devm_entry_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.debugfs_devm_entry** %5 = load %struct.debugfs_devm_entry*, %struct.debugfs_devm_entry** %4, align 8 %6 = getelementptr inbounds %struct.debugfs_devm_entry, %struct.debugfs_devm_entry* %5, i64 0, i32 0 %7 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %6, align 8 %8 = getelementptr inbounds %struct.debugfs_devm_entry, %struct.debugfs_devm_entry* %5, i64 0, i32 1 %9 = bitcast %struct.device** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %7, i8* %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_open_regset32 ------------- Path:  Function:debugfs_open_regset32 %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @debugfs_show_regset32, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open_net ------------- Path:  Function:single_open_net %3 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.proc_dir_entry** %6 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %5, align 8 %7 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 17 %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.net** %11 = load %struct.net*, %struct.net** %10, align 8 %12 = getelementptr inbounds %struct.net, %struct.net* %11, i64 0, i32 14, i32 3 %13 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %12, i64 0, i32 0, i32 0 %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %26, label %16 %17 = phi i32 [ %24, %23 ], [ %14, %2 ] %18 = add i32 %17, 1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %13, i32 %18, i32* %13, i32 %17) #6, !srcloc !4 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %26, !prof !5, !misexpect !6 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %16 %27 = phi i32 [ 0, %2 ], [ 0, %23 ], [ %17, %16 ] %28 = add i32 %27, 1 %29 = or i32 %28, %27 %30 = icmp sgt i32 %29, -1 br i1 %30, label %32, label %31, !prof !7, !misexpect !6 %33 = icmp eq i32 %27, 0 %34 = icmp eq %struct.net* %11, null %35 = or i1 %34, %33 br i1 %35, label %52, label %36 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 8 %38 = bitcast %union.anon.80.175425* %37 to i32 (%struct.seq_file*, i8*)** %39 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %38, align 8 %40 = bitcast %struct.net* %11 to i8* %41 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %39, i8* nonnull %40) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_single_open.19053 ------------- Path:  Function:proc_single_open.19053 %3 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.proc_dir_entry** %6 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %5, align 8 %7 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 8 %8 = bitcast %union.anon.80.175425* %7 to i32 (%struct.seq_file*, i8*)** %9 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %8, align 8 %10 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 10 %11 = load i8*, i8** %10, align 8 %12 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %9, i8* %11) #83 ------------- Use: =BAD PATH= Call Stack: 0 timerslack_ns_open ------------- Path:  Function:timerslack_ns_open %3 = bitcast %struct.inode.176051* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.175888*, i32 (%struct.seq_file.175857*, i8*)*, i8*)*)(%struct.file.175888* %1, i32 (%struct.seq_file.175857*, i8*)* nonnull @timerslack_ns_show, i8* %3) #83 ------------- Use: =BAD PATH= Call Stack: 0 comm_open ------------- Path:  Function:comm_open %3 = bitcast %struct.inode.176051* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.175888*, i32 (%struct.seq_file.175857*, i8*)*, i8*)*)(%struct.file.175888* %1, i32 (%struct.seq_file.175857*, i8*)* nonnull @comm_show, i8* %3) #83 ------------- Use: =BAD PATH= Call Stack: 0 timens_offsets_open ------------- Path:  Function:timens_offsets_open %3 = bitcast %struct.inode.176051* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.175888*, i32 (%struct.seq_file.175857*, i8*)*, i8*)*)(%struct.file.175888* %1, i32 (%struct.seq_file.175857*, i8*)* nonnull @timens_offsets_show, i8* %3) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_single_open ------------- Path:  Function:proc_single_open %3 = bitcast %struct.inode.176051* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.175888*, i32 (%struct.seq_file.175857*, i8*)*, i8*)*)(%struct.file.175888* %1, i32 (%struct.seq_file.175857*, i8*)* nonnull @proc_single_show, i8* %3) #83 ------------- Use: =BAD PATH= Call Stack: 0 suspend_stats_open ------------- Path:  Function:suspend_stats_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @suspend_stats_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_affinity_list_proc_open ------------- Path:  Function:irq_affinity_list_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #83 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @irq_affinity_list_proc_show, i8* %3) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_affinity_proc_open ------------- Path:  Function:irq_affinity_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #83 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @irq_affinity_proc_show, i8* %3) #83 ------------- Use: =BAD PATH= Call Stack: 0 default_affinity_open ------------- Path:  Function:default_affinity_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #83 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @default_affinity_show, i8* %3) #83 ------------- Use: =BAD PATH= Call Stack: 0 tk_debug_sleep_time_open ------------- Path:  Function:tk_debug_sleep_time_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tk_debug_sleep_time_show, i8* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_time_stamp_mode_open ------------- Path:  Function:tracing_time_stamp_mode_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #83 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #83 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_time_stamp_mode_show, i8* %30) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_clock_open ------------- Path:  Function:tracing_clock_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #83 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #83 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_clock_show, i8* %30) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_trace_options_open ------------- Path:  Function:tracing_trace_options_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #83 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #83 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_trace_options_show, i8* %30) #83 ------------- Use: =BAD PATH= Call Stack: 0 bdi_debug_stats_open ------------- Path:  Function:bdi_debug_stats_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @bdi_debug_stats_show, i8* %4) #83 ------------- Good: 5 Bad: 89 Ignored: 127 Check Use of Function:uart_set_ldisc Check Use of Function:tty_vhangup_self Check Use of Function:nd_jump_link Check Use of Function:shmem_unlock_mapping Check Use of Function:_atomic_dec_and_lock Use: =BAD PATH= Call Stack: 0 md_attr_show ------------- Path:  Function:md_attr_show %4 = getelementptr %struct.kobject.687449, %struct.kobject.687449* %0, i64 -2, i32 5 %5 = bitcast %struct.kernfs_node.687448** %4 to %struct.mddev* %6 = getelementptr inbounds %struct.attribute, %struct.attribute* %1, i64 1 %7 = bitcast %struct.attribute* %6 to i64 (%struct.mddev*, i8*)** %8 = load i64 (%struct.mddev*, i8*)*, i64 (%struct.mddev*, i8*)** %7, align 8 %9 = icmp eq i64 (%struct.mddev*, i8*)* %8, null br i1 %9, label %67, label %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #83 %11 = getelementptr inbounds %struct.kernfs_node.687448*, %struct.kernfs_node.687448** %4, i64 121 %12 = bitcast %struct.kernfs_node.687448** %11 to %struct.list_head* %13 = bitcast %struct.kernfs_node.687448** %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %16, label %17 %18 = getelementptr inbounds %struct.kernfs_node.687448*, %struct.kernfs_node.687448** %4, i64 65 %19 = bitcast %struct.kernfs_node.687448** %18 to i32* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32* %19) #6, !srcloc !4 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #83 %20 = load i64 (%struct.mddev*, i8*)*, i64 (%struct.mddev*, i8*)** %7, align 8 %21 = tail call i64 %20(%struct.mddev* %5, i8* %2) #83 %22 = bitcast %struct.kernfs_node.687448** %18 to %struct.kuid_t* %23 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %22, %struct.spinlock* nonnull @all_mddevs_lock) #83 ------------- Use: =BAD PATH= Call Stack: 0 md_open ------------- Path:  Function:md_open %3 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, -1048576 %6 = icmp eq i32 %5, 9437184 %7 = and i32 %4, -64 %8 = select i1 %6, i32 %4, i32 %7 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #83 %9 = load i8*, i8** bitcast (%struct.list_head* @all_mddevs to i8**), align 8 %10 = icmp eq i8* %9, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %10, label %24, label %11 %12 = phi i8* [ %19, %17 ], [ %9, %2 ] %13 = getelementptr i8, i8* %12, i64 -952 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, %8 br i1 %16, label %21, label %17 %22 = getelementptr i8, i8* %12, i64 -968 %23 = icmp eq i8* %22, null br i1 %23, label %24, label %25 %26 = getelementptr i8, i8* %12, i64 -448 %27 = bitcast i8* %26 to i32* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !4 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #83 %28 = getelementptr i8, i8* %12, i64 -896 %29 = bitcast i8* %28 to %struct.gendisk.687208** %30 = load %struct.gendisk.687208*, %struct.gendisk.687208** %29, align 8 %31 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 17 %32 = load %struct.gendisk.687208*, %struct.gendisk.687208** %31, align 8 %33 = icmp eq %struct.gendisk.687208* %30, %32 br i1 %33, label %90, label %34 %35 = bitcast i8* %26 to %struct.kuid_t* %36 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %35, %struct.spinlock* nonnull @all_mddevs_lock) #83 ------------- Use: =BAD PATH= Call Stack: 0 md_release ------------- Path:  Function:md_release %3 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %0, i64 0, i32 10 %4 = bitcast i8** %3 to %struct.mddev** %5 = load %struct.mddev*, %struct.mddev** %4, align 8 %6 = icmp eq %struct.mddev* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.mddev, %struct.mddev* %5, i64 0, i32 62, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32* %9) #6, !srcloc !8 %10 = getelementptr inbounds %struct.mddev, %struct.mddev* %5, i64 0, i32 61 %11 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %10, %struct.spinlock* nonnull @all_mddevs_lock) #83 ------------- Use: =BAD PATH= Call Stack: 0 __nfs4_close 1 nfs4_close_sync 2 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %0, i64 0, i32 5 %4 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %3, align 8 %5 = icmp eq %struct.nfs4_state.233157* %4, null br i1 %5, label %16, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3 %11 = lshr i32 %9, 5 %12 = and i32 %11, 1 %13 = or i32 %12, %10 br i1 %7, label %15, label %14 tail call void bitcast (void (%struct.nfs4_state.234728*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.233157*, i32)*)(%struct.nfs4_state.233157* nonnull %4, i32 %13) #83 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.234728* %0, i32 %1, i32 3264, i32 1) #83 Function:__nfs4_close %5 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %6, i64 0, i32 6 %8 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %7, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %6, i64 0, i32 5, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = and i32 %1, 3 switch i32 %10, label %23 [ i32 1, label %11 i32 2, label %15 i32 3, label %19 ] %20 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 12 %21 = load i32, i32* %20, align 4 %22 = add i32 %21, -1 store i32 %22, i32* %20, align 4 br label %23 %24 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 12 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %62 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 10 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %40 %32 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 5 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = load volatile i64, i64* %32, align 8 %36 = and i64 %35, 32 %37 = or i64 %36, %34 %38 = icmp ne i64 %37, 0 %39 = zext i1 %38 to i32 br label %40 %41 = phi i32 [ %39, %31 ], [ 0, %27 ] %42 = phi i32 [ 2, %31 ], [ 3, %27 ] %43 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 11 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %62 %63 = phi i32 [ %58, %60 ], [ %58, %46 ], [ 0, %23 ], [ %41, %40 ] %64 = phi i32 [ 0, %60 ], [ 1, %46 ], [ 3, %23 ], [ %42, %40 ] %65 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 13 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, %64 br i1 %67, label %94, label %68 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %95 = icmp eq i32 %63, 0 br i1 %95, label %96, label %115 tail call void @nfs4_put_open_state(%struct.nfs4_state.234728* %0) #84 %97 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %6, i64 0, i32 0 %98 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %97, align 8 %99 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %98, i64 0, i32 0 %100 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %99, align 8 %101 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %100, i64 0, i32 23 %102 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %7, %struct.spinlock* %101) #83 ------------- Good: 24 Bad: 4 Ignored: 31 Check Use of Function:security_move_mount Check Use of Function:kernel_read_file_from_fd Check Use of Function:bdev_del_partition Check Use of Function:bdev_resize_partition Check Use of Function:__dquot_free_space Check Use of Function:__ext4_mark_inode_dirty Check Use of Function:ext4_reset_inode_seed Check Use of Function:swap_inode_data Check Use of Function:ext4_ext_tree_init Check Use of Function:ext4_double_down_write_data_sem Check Use of Function:rhashtable_destroy Check Use of Function:ext4_fc_stop_ineligible Check Use of Function:ext4_fc_start_ineligible Check Use of Function:ext4_discard_preallocations Check Use of Function:truncate_inode_pages Check Use of Function:__ext4_journal_stop Check Use of Function:ext4_double_up_write_data_sem Check Use of Function:ext4_trim_fs Check Use of Function:acpi_bus_init_irq Check Use of Function:iommu_set_dma_strict Check Use of Function:jbd2_journal_lock_updates Check Use of Function:jbd2_journal_flush Check Use of Function:copy_page_from_iter Check Use of Function:copy_page_to_iter Check Use of Function:unpin_user_pages_dirty_lock Check Use of Function:arch_uprobe_copy_ixol Check Use of Function:arch_uretprobe_hijack_return_addr Check Use of Function:arch_uretprobe_is_alive Check Use of Function:arch_uprobe_pre_xol Check Use of Function:xol_free_insn_slot Check Use of Function:__uprobe_unregister Check Use of Function:blk_rq_unmap_user Check Use of Function:__mmu_notifier_change_pte Check Use of Function:page_mapped Use: =BAD PATH= Call Stack: 0 stable_page_flags 1 kpageflags_read ------------- Path:  Function:kpageflags_read %5 = bitcast i8* %1 to i64* %6 = load i64, i64* %3, align 8 %7 = lshr i64 %6, 3 %8 = or i64 %6, %2 %9 = and i64 %8, 7 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %102 %12 = load i64, i64* @max_pfn, align 8 %13 = shl i64 %12, 3 %14 = add i64 %13, -8 %15 = or i64 %14, 262136 %16 = add i64 %15, 8 %17 = icmp ugt i64 %16, %6 br i1 %17, label %18, label %102 %19 = sub i64 %16, %6 %20 = icmp ugt i64 %19, %2 %21 = select i1 %20, i64 %2, i64 %19 %22 = icmp eq i64 %21, 0 br i1 %22, label %95, label %23 %24 = phi i64 [ %84, %81 ], [ %21, %18 ] %25 = phi i64* [ %83, %81 ], [ %5, %18 ] %26 = phi i64 [ %82, %81 ], [ %7, %18 ] %27 = icmp ult i64 %26, 4503599627370496 br i1 %27, label %28, label %69 %29 = lshr i64 %26, 15 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@kpageflags_read, %32), i8* blockaddress(@kpageflags_read, %31)) #6 to label %30 [label %32, label %31], !srcloc !4 br label %32 %33 = phi i64 [ 524288, %31 ], [ 33554432, %28 ], [ 33554432, %30 ] %34 = icmp ult i64 %29, %33 br i1 %34, label %35, label %69 %36 = load %struct.mem_section**, %struct.mem_section*** @mem_section, align 8 %37 = icmp eq %struct.mem_section** %36, null br i1 %37, label %69, label %38 %39 = lshr i64 %26, 23 %40 = getelementptr %struct.mem_section*, %struct.mem_section** %36, i64 %39 %41 = load %struct.mem_section*, %struct.mem_section** %40, align 8 %42 = icmp eq %struct.mem_section* %41, null br i1 %42, label %69, label %43 %44 = and i64 %29, 255 %45 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44 %46 = icmp eq %struct.mem_section* %45, null br i1 %46, label %69, label %47 %48 = getelementptr inbounds %struct.mem_section, %struct.mem_section* %45, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = and i64 %49, 2 %51 = icmp eq i64 %50, 0 br i1 %51, label %69, label %52 %53 = and i64 %49, 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %58, label %55 %59 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44, i32 1 %60 = load %struct.mem_section_usage*, %struct.mem_section_usage** %59, align 8 %61 = getelementptr inbounds %struct.mem_section_usage, %struct.mem_section_usage* %60, i64 0, i32 0, i64 0 %62 = lshr i64 %26, 9 %63 = and i64 %62, 63 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %61, i64 %63) #6, !srcloc !5 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 %67 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %68 = getelementptr %struct.page, %struct.page* %67, i64 %26 br i1 %66, label %69, label %70 %71 = phi %struct.page* [ null, %69 ], [ %68, %58 ], [ %57, %55 ] %72 = bitcast i64* %25 to i8* %73 = tail call i64 @stable_page_flags(%struct.page* %71) #83 Function:stable_page_flags %2 = icmp eq %struct.page* %0, null br i1 %2, label %187, label %3 %4 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 16 %6 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %7 = bitcast %union.anon.20* %6 to i64* %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 %11 = add i64 %8, -1 %12 = ptrtoint %struct.page* %0 to i64 %13 = select i1 %10, i64 %12, i64 %11, !prof !4 %14 = inttoptr i64 %13 to %struct.page* %15 = getelementptr inbounds %struct.page, %struct.page* %14, i64 0, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 512 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %22 %20 = tail call zeroext i1 @page_mapped(%struct.page* nonnull %0) #83 ------------- Good: 103 Bad: 1 Ignored: 85 Check Use of Function:pagecache_get_page Use: =BAD PATH= Call Stack: 0 hugetlbfs_read_iter ------------- Path:  Function:hugetlbfs_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.hugetlbfs_sb_info** %11 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %10, align 16 %12 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %11, i64 0, i32 3 %13 = load %struct.hstate*, %struct.hstate** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %17 = load i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 3 %19 = load i32, i32* %18, align 8 %20 = add i32 %19, 12 %21 = zext i32 %20 to i64 %22 = ashr i64 %17, %21 %23 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 5 %24 = load i64, i64* %23, align 8 %25 = xor i64 %24, -1 %26 = and i64 %17, %25 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %133, label %30 %31 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = getelementptr inbounds %struct.inode, %struct.inode* %32, i64 0, i32 14 br label %34 %35 = phi i64 [ %24, %30 ], [ %129, %122 ] %36 = phi i32 [ %19, %30 ], [ %124, %122 ] %37 = phi i64 [ %22, %30 ], [ %128, %122 ] %38 = phi i64 [ 0, %30 ], [ %113, %122 ] %39 = phi i64 [ %26, %30 ], [ %131, %122 ] %40 = zext i32 %36 to i64 %41 = shl i64 4096, %40 %42 = load i64, i64* %33, align 8 %43 = icmp eq i64 %42, 0 br i1 %43, label %133, label %44 %45 = add i64 %42, -1 %46 = add i32 %36, 12 %47 = zext i32 %46 to i64 %48 = ashr i64 %45, %47 %49 = icmp ugt i64 %37, %48 br i1 %49, label %133, label %50 %51 = icmp eq i64 %37, %48 br i1 %51, label %52, label %57 %53 = xor i64 %35, -1 %54 = and i64 %45, %53 %55 = add nuw i64 %54, 1 %56 = icmp ult i64 %54, %39 br i1 %56, label %133, label %57 %58 = phi i64 [ %55, %52 ], [ %41, %50 ] %59 = sub i64 %58, %39 %60 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %15, i64 %37, i32 2, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %40 %10 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %8, i64 0, i32 0, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 shmem_getpage_gfp 1 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %40 %41 = getelementptr inbounds %struct.address_space, %struct.address_space* %8, i64 0, i32 3 %42 = load i32, i32* %41, align 8 %43 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %1, i64 0, %struct.page** nonnull %4, i32 0, i32 %42, %struct.vm_area_struct* null, i32* null) #83 Function:shmem_getpage_gfp %8 = alloca %struct.vm_area_struct, align 8 %9 = alloca %struct.page*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %11 = load %struct.address_space*, %struct.address_space** %10, align 8 %12 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 6, i32 4, i32 1 %13 = bitcast %struct.page** %9 to i8* %14 = icmp ugt i64 %1, 2251799813685247 br i1 %14, label %461, label %15 %16 = icmp ult i32 %3, 3 %17 = shl nuw nsw i64 %1, 12 %18 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 14 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = icmp eq i32 %3, 3 %21 = icmp eq i32 %3, 0 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 1 %23 = bitcast %struct.list_head** %22 to i64* %24 = bitcast %struct.vm_area_struct* %8 to i8* %25 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 12 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10, i32 1 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 23 %30 = bitcast %struct.list_head** %29 to i64* %31 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 13 %32 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 9 %33 = bitcast %struct.list_head** %32 to %struct.shared_policy* %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 17 %35 = and i32 %4, 782048 %36 = bitcast %struct.list_head** %12 to %struct.raw_spinlock* %37 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 2 %38 = bitcast %struct.list_head** %37 to i64* %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 22 %40 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 3 %41 = bitcast %struct.list_head** %40 to i64* %42 = icmp eq i32 %3, 4 br label %43 %44 = phi i1 [ true, %15 ], [ false, %454 ] %45 = phi i32 [ 0, %15 ], [ %421, %454 ] br label %46 %47 = phi i32 [ %45, %43 ], [ %457, %455 ] br label %48 br i1 %16, label %49, label %52 %50 = load i64, i64* %18, align 8 %51 = icmp slt i64 %17, %50 br i1 %51, label %52, label %461 %53 = call %struct.page* @pagecache_get_page(%struct.address_space* %11, i64 %1, i32 386, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 shmem_getpage_gfp 1 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %136, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 br label %26 %27 = phi i64 [ %21, %23 ], [ %129, %126 ] %28 = phi i64 [ %20, %23 ], [ %128, %126 ] %29 = phi i64 [ %16, %23 ], [ %104, %126 ] %30 = phi i64 [ %17, %23 ], [ %105, %126 ] %31 = phi i64 [ 0, %23 ], [ %101, %126 ] %32 = icmp ne i64 %29, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %131 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %29, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #83 Function:shmem_getpage_gfp %8 = alloca %struct.vm_area_struct, align 8 %9 = alloca %struct.page*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %11 = load %struct.address_space*, %struct.address_space** %10, align 8 %12 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 6, i32 4, i32 1 %13 = bitcast %struct.page** %9 to i8* %14 = icmp ugt i64 %1, 2251799813685247 br i1 %14, label %461, label %15 %16 = icmp ult i32 %3, 3 %17 = shl nuw nsw i64 %1, 12 %18 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 14 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = icmp eq i32 %3, 3 %21 = icmp eq i32 %3, 0 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 1 %23 = bitcast %struct.list_head** %22 to i64* %24 = bitcast %struct.vm_area_struct* %8 to i8* %25 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 12 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10, i32 1 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 23 %30 = bitcast %struct.list_head** %29 to i64* %31 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 13 %32 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 9 %33 = bitcast %struct.list_head** %32 to %struct.shared_policy* %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 17 %35 = and i32 %4, 782048 %36 = bitcast %struct.list_head** %12 to %struct.raw_spinlock* %37 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 2 %38 = bitcast %struct.list_head** %37 to i64* %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 22 %40 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 3 %41 = bitcast %struct.list_head** %40 to i64* %42 = icmp eq i32 %3, 4 br label %43 %44 = phi i1 [ true, %15 ], [ false, %454 ] %45 = phi i32 [ 0, %15 ], [ %421, %454 ] br label %46 %47 = phi i32 [ %45, %43 ], [ %457, %455 ] br label %48 br i1 %16, label %49, label %52 %50 = load i64, i64* %18, align 8 %51 = icmp slt i64 %17, %50 br i1 %51, label %52, label %461 %53 = call %struct.page* @pagecache_get_page(%struct.address_space* %11, i64 %1, i32 386, i32 0) #83 ------------- Good: 240 Bad: 4 Ignored: 392 Check Use of Function:__mmu_notifier_invalidate_range_start Check Use of Function:is_swbp_insn Check Use of Function:put_css_set_locked Check Use of Function:ptep_clear_flush Check Use of Function:__mmu_notifier_invalidate_range Check Use of Function:page_remove_rmap Check Use of Function:stack_trace_save_tsk Check Use of Function:kstrdup_quotable Check Use of Function:nv_request_irq Check Use of Function:do_trace_write_msr Check Use of Function:dec_rlimit_ucounts Check Use of Function:vm_access Check Use of Function:vm_access_ttm Check Use of Function:kernfs_vma_access Check Use of Function:generic_access_phys Check Use of Function:copy_strings Check Use of Function:open_exec Check Use of Function:acpi_ec_dsdt_probe Check Use of Function:__i915_gem_object_get_pages Check Use of Function:jbd2_journal_unlock_updates Check Use of Function:ww_mutex_unlock Check Use of Function:rtl_fw_release_firmware Check Use of Function:task_work_cancel Check Use of Function:fixup_pi_state_owner Check Use of Function:__futex_queue Check Use of Function:hrtimer_sleeper_start_expires Check Use of Function:_dev_notice Check Use of Function:futex_cmpxchg_value_locked Check Use of Function:pi_state_update_owner Check Use of Function:__rt_mutex_futex_unlock Check Use of Function:rt_mutex_postunlock Check Use of Function:get_pi_state Check Use of Function:rt_mutex_start_proxy_lock Check Use of Function:futex_wait_setup Check Use of Function:__get_task_comm Use: =BAD PATH= Call Stack: 0 cap_validate_magic 1 __se_sys_capget 2 __ia32_sys_capget ------------- Path:  Function:__ia32_sys_capget %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_capget(i64 %4, i64 %7) #83 Function:__se_sys_capget %3 = alloca i32, align 4 %4 = alloca %struct.kernel_cap_struct, align 4 %5 = alloca %struct.kernel_cap_struct, align 4 %6 = alloca %struct.kernel_cap_struct, align 4 %7 = alloca [2 x %struct.kernel_symbol], align 16 %8 = inttoptr i64 %0 to %struct.static_call_site* %9 = bitcast i32* %3 to i8* %10 = bitcast %struct.kernel_cap_struct* %4 to i8* %11 = bitcast %struct.kernel_cap_struct* %5 to i8* %12 = bitcast %struct.kernel_cap_struct* %6 to i8* %13 = call fastcc i32 @cap_validate_magic(%struct.static_call_site* %8, i32* nonnull %3) #83 Function:cap_validate_magic %3 = alloca [16 x i8], align 16 %5 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %0, i64 0, i32 0 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 2 %9 = ptrtoint i32* %7 to i64 %10 = and i64 %9, 4294967295 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %44, !prof !5, !misexpect !6 %13 = extractvalue { i32*, i32, i64 } %6, 1 switch i32 %13, label %32 [ i32 429392688, label %14 i32 537333798, label %23 i32 537396514, label %42 ] %15 = getelementptr inbounds [16 x i8], [16 x i8]* %3, i64 0, i64 0 %16 = load i1, i1* @warn_legacy_capability_use.__already_done, align 1 br i1 %16, label %22, label %17, !prof !5, !misexpect !6 store i1 true, i1* @warn_legacy_capability_use.__already_done, align 1 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %19 = inttoptr i64 %18 to %struct.task_struct* %20 = call i8* @__get_task_comm(i8* nonnull %15, i64 16, %struct.task_struct* %19) #83 ------------- Use: =BAD PATH= Call Stack: 0 cap_validate_magic 1 __se_sys_capget 2 __x64_sys_capget ------------- Path:  Function:__x64_sys_capget %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_capget(i64 %3, i64 %5) #83 Function:__se_sys_capget %3 = alloca i32, align 4 %4 = alloca %struct.kernel_cap_struct, align 4 %5 = alloca %struct.kernel_cap_struct, align 4 %6 = alloca %struct.kernel_cap_struct, align 4 %7 = alloca [2 x %struct.kernel_symbol], align 16 %8 = inttoptr i64 %0 to %struct.static_call_site* %9 = bitcast i32* %3 to i8* %10 = bitcast %struct.kernel_cap_struct* %4 to i8* %11 = bitcast %struct.kernel_cap_struct* %5 to i8* %12 = bitcast %struct.kernel_cap_struct* %6 to i8* %13 = call fastcc i32 @cap_validate_magic(%struct.static_call_site* %8, i32* nonnull %3) #83 Function:cap_validate_magic %3 = alloca [16 x i8], align 16 %5 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %0, i64 0, i32 0 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 2 %9 = ptrtoint i32* %7 to i64 %10 = and i64 %9, 4294967295 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %44, !prof !5, !misexpect !6 %13 = extractvalue { i32*, i32, i64 } %6, 1 switch i32 %13, label %32 [ i32 429392688, label %14 i32 537333798, label %23 i32 537396514, label %42 ] %15 = getelementptr inbounds [16 x i8], [16 x i8]* %3, i64 0, i64 0 %16 = load i1, i1* @warn_legacy_capability_use.__already_done, align 1 br i1 %16, label %22, label %17, !prof !5, !misexpect !6 store i1 true, i1* @warn_legacy_capability_use.__already_done, align 1 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %19 = inttoptr i64 %18 to %struct.task_struct* %20 = call i8* @__get_task_comm(i8* nonnull %15, i64 16, %struct.task_struct* %19) #83 ------------- Use: =BAD PATH= Call Stack: 0 cap_validate_magic 1 __se_sys_capset 2 __ia32_sys_capset ------------- Path:  Function:__ia32_sys_capset %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_capset(i64 %4, i64 %7) #83 Function:__se_sys_capset %3 = alloca [2 x %struct.kernel_symbol], align 16 %4 = alloca i32, align 4 %5 = alloca %struct.kernel_cap_struct, align 4 %6 = alloca %struct.kernel_cap_struct, align 4 %7 = alloca %struct.kernel_cap_struct, align 4 %8 = inttoptr i64 %0 to %struct.static_call_site* %9 = bitcast [2 x %struct.kernel_symbol]* %3 to i8* %10 = bitcast i32* %4 to i8* %11 = bitcast %struct.kernel_cap_struct* %5 to i8* %12 = bitcast %struct.kernel_cap_struct* %6 to i8* %13 = bitcast %struct.kernel_cap_struct* %7 to i8* %14 = call fastcc i32 @cap_validate_magic(%struct.static_call_site* %8, i32* nonnull %4) #83 Function:cap_validate_magic %3 = alloca [16 x i8], align 16 %5 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %0, i64 0, i32 0 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 2 %9 = ptrtoint i32* %7 to i64 %10 = and i64 %9, 4294967295 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %44, !prof !5, !misexpect !6 %13 = extractvalue { i32*, i32, i64 } %6, 1 switch i32 %13, label %32 [ i32 429392688, label %14 i32 537333798, label %23 i32 537396514, label %42 ] %15 = getelementptr inbounds [16 x i8], [16 x i8]* %3, i64 0, i64 0 %16 = load i1, i1* @warn_legacy_capability_use.__already_done, align 1 br i1 %16, label %22, label %17, !prof !5, !misexpect !6 store i1 true, i1* @warn_legacy_capability_use.__already_done, align 1 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %19 = inttoptr i64 %18 to %struct.task_struct* %20 = call i8* @__get_task_comm(i8* nonnull %15, i64 16, %struct.task_struct* %19) #83 ------------- Use: =BAD PATH= Call Stack: 0 cap_validate_magic 1 __se_sys_capset 2 __x64_sys_capset ------------- Path:  Function:__x64_sys_capset %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_capset(i64 %3, i64 %5) #83 Function:__se_sys_capset %3 = alloca [2 x %struct.kernel_symbol], align 16 %4 = alloca i32, align 4 %5 = alloca %struct.kernel_cap_struct, align 4 %6 = alloca %struct.kernel_cap_struct, align 4 %7 = alloca %struct.kernel_cap_struct, align 4 %8 = inttoptr i64 %0 to %struct.static_call_site* %9 = bitcast [2 x %struct.kernel_symbol]* %3 to i8* %10 = bitcast i32* %4 to i8* %11 = bitcast %struct.kernel_cap_struct* %5 to i8* %12 = bitcast %struct.kernel_cap_struct* %6 to i8* %13 = bitcast %struct.kernel_cap_struct* %7 to i8* %14 = call fastcc i32 @cap_validate_magic(%struct.static_call_site* %8, i32* nonnull %4) #83 Function:cap_validate_magic %3 = alloca [16 x i8], align 16 %5 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %0, i64 0, i32 0 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 2 %9 = ptrtoint i32* %7 to i64 %10 = and i64 %9, 4294967295 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %44, !prof !5, !misexpect !6 %13 = extractvalue { i32*, i32, i64 } %6, 1 switch i32 %13, label %32 [ i32 429392688, label %14 i32 537333798, label %23 i32 537396514, label %42 ] %15 = getelementptr inbounds [16 x i8], [16 x i8]* %3, i64 0, i64 0 %16 = load i1, i1* @warn_legacy_capability_use.__already_done, align 1 br i1 %16, label %22, label %17, !prof !5, !misexpect !6 store i1 true, i1* @warn_legacy_capability_use.__already_done, align 1 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %19 = inttoptr i64 %18 to %struct.task_struct* %20 = call i8* @__get_task_comm(i8* nonnull %15, i64 16, %struct.task_struct* %19) #83 ------------- Use: =BAD PATH= Call Stack: 0 cap_validate_magic 1 __se_sys_capget 2 __ia32_sys_capget ------------- Path:  Function:__ia32_sys_capget %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_capget(i64 %4, i64 %7) #83 Function:__se_sys_capget %3 = alloca i32, align 4 %4 = alloca %struct.kernel_cap_struct, align 4 %5 = alloca %struct.kernel_cap_struct, align 4 %6 = alloca %struct.kernel_cap_struct, align 4 %7 = alloca [2 x %struct.kernel_symbol], align 16 %8 = inttoptr i64 %0 to %struct.static_call_site* %9 = bitcast i32* %3 to i8* %10 = bitcast %struct.kernel_cap_struct* %4 to i8* %11 = bitcast %struct.kernel_cap_struct* %5 to i8* %12 = bitcast %struct.kernel_cap_struct* %6 to i8* %13 = call fastcc i32 @cap_validate_magic(%struct.static_call_site* %8, i32* nonnull %3) #83 Function:cap_validate_magic %3 = alloca [16 x i8], align 16 %5 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %0, i64 0, i32 0 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 2 %9 = ptrtoint i32* %7 to i64 %10 = and i64 %9, 4294967295 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %44, !prof !5, !misexpect !6 %13 = extractvalue { i32*, i32, i64 } %6, 1 switch i32 %13, label %32 [ i32 429392688, label %14 i32 537333798, label %23 i32 537396514, label %42 ] %24 = getelementptr inbounds [16 x i8], [16 x i8]* %3, i64 0, i64 0 %25 = load i1, i1* @warn_deprecated_v2.__already_done, align 1 br i1 %25, label %31, label %26, !prof !5, !misexpect !6 store i1 true, i1* @warn_deprecated_v2.__already_done, align 1 %27 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %28 = inttoptr i64 %27 to %struct.task_struct* %29 = call i8* @__get_task_comm(i8* nonnull %24, i64 16, %struct.task_struct* %28) #83 ------------- Use: =BAD PATH= Call Stack: 0 cap_validate_magic 1 __se_sys_capget 2 __x64_sys_capget ------------- Path:  Function:__x64_sys_capget %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_capget(i64 %3, i64 %5) #83 Function:__se_sys_capget %3 = alloca i32, align 4 %4 = alloca %struct.kernel_cap_struct, align 4 %5 = alloca %struct.kernel_cap_struct, align 4 %6 = alloca %struct.kernel_cap_struct, align 4 %7 = alloca [2 x %struct.kernel_symbol], align 16 %8 = inttoptr i64 %0 to %struct.static_call_site* %9 = bitcast i32* %3 to i8* %10 = bitcast %struct.kernel_cap_struct* %4 to i8* %11 = bitcast %struct.kernel_cap_struct* %5 to i8* %12 = bitcast %struct.kernel_cap_struct* %6 to i8* %13 = call fastcc i32 @cap_validate_magic(%struct.static_call_site* %8, i32* nonnull %3) #83 Function:cap_validate_magic %3 = alloca [16 x i8], align 16 %5 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %0, i64 0, i32 0 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 2 %9 = ptrtoint i32* %7 to i64 %10 = and i64 %9, 4294967295 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %44, !prof !5, !misexpect !6 %13 = extractvalue { i32*, i32, i64 } %6, 1 switch i32 %13, label %32 [ i32 429392688, label %14 i32 537333798, label %23 i32 537396514, label %42 ] %24 = getelementptr inbounds [16 x i8], [16 x i8]* %3, i64 0, i64 0 %25 = load i1, i1* @warn_deprecated_v2.__already_done, align 1 br i1 %25, label %31, label %26, !prof !5, !misexpect !6 store i1 true, i1* @warn_deprecated_v2.__already_done, align 1 %27 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %28 = inttoptr i64 %27 to %struct.task_struct* %29 = call i8* @__get_task_comm(i8* nonnull %24, i64 16, %struct.task_struct* %28) #83 ------------- Use: =BAD PATH= Call Stack: 0 cap_validate_magic 1 __se_sys_capset 2 __ia32_sys_capset ------------- Path:  Function:__ia32_sys_capset %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_capset(i64 %4, i64 %7) #83 Function:__se_sys_capset %3 = alloca [2 x %struct.kernel_symbol], align 16 %4 = alloca i32, align 4 %5 = alloca %struct.kernel_cap_struct, align 4 %6 = alloca %struct.kernel_cap_struct, align 4 %7 = alloca %struct.kernel_cap_struct, align 4 %8 = inttoptr i64 %0 to %struct.static_call_site* %9 = bitcast [2 x %struct.kernel_symbol]* %3 to i8* %10 = bitcast i32* %4 to i8* %11 = bitcast %struct.kernel_cap_struct* %5 to i8* %12 = bitcast %struct.kernel_cap_struct* %6 to i8* %13 = bitcast %struct.kernel_cap_struct* %7 to i8* %14 = call fastcc i32 @cap_validate_magic(%struct.static_call_site* %8, i32* nonnull %4) #83 Function:cap_validate_magic %3 = alloca [16 x i8], align 16 %5 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %0, i64 0, i32 0 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 2 %9 = ptrtoint i32* %7 to i64 %10 = and i64 %9, 4294967295 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %44, !prof !5, !misexpect !6 %13 = extractvalue { i32*, i32, i64 } %6, 1 switch i32 %13, label %32 [ i32 429392688, label %14 i32 537333798, label %23 i32 537396514, label %42 ] %24 = getelementptr inbounds [16 x i8], [16 x i8]* %3, i64 0, i64 0 %25 = load i1, i1* @warn_deprecated_v2.__already_done, align 1 br i1 %25, label %31, label %26, !prof !5, !misexpect !6 store i1 true, i1* @warn_deprecated_v2.__already_done, align 1 %27 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %28 = inttoptr i64 %27 to %struct.task_struct* %29 = call i8* @__get_task_comm(i8* nonnull %24, i64 16, %struct.task_struct* %28) #83 ------------- Use: =BAD PATH= Call Stack: 0 cap_validate_magic 1 __se_sys_capset 2 __x64_sys_capset ------------- Path:  Function:__x64_sys_capset %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_capset(i64 %3, i64 %5) #83 Function:__se_sys_capset %3 = alloca [2 x %struct.kernel_symbol], align 16 %4 = alloca i32, align 4 %5 = alloca %struct.kernel_cap_struct, align 4 %6 = alloca %struct.kernel_cap_struct, align 4 %7 = alloca %struct.kernel_cap_struct, align 4 %8 = inttoptr i64 %0 to %struct.static_call_site* %9 = bitcast [2 x %struct.kernel_symbol]* %3 to i8* %10 = bitcast i32* %4 to i8* %11 = bitcast %struct.kernel_cap_struct* %5 to i8* %12 = bitcast %struct.kernel_cap_struct* %6 to i8* %13 = bitcast %struct.kernel_cap_struct* %7 to i8* %14 = call fastcc i32 @cap_validate_magic(%struct.static_call_site* %8, i32* nonnull %4) #83 Function:cap_validate_magic %3 = alloca [16 x i8], align 16 %5 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %0, i64 0, i32 0 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 2 %9 = ptrtoint i32* %7 to i64 %10 = and i64 %9, 4294967295 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %44, !prof !5, !misexpect !6 %13 = extractvalue { i32*, i32, i64 } %6, 1 switch i32 %13, label %32 [ i32 429392688, label %14 i32 537333798, label %23 i32 537396514, label %42 ] %24 = getelementptr inbounds [16 x i8], [16 x i8]* %3, i64 0, i64 0 %25 = load i1, i1* @warn_deprecated_v2.__already_done, align 1 br i1 %25, label %31, label %26, !prof !5, !misexpect !6 store i1 true, i1* @warn_deprecated_v2.__already_done, align 1 %27 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %28 = inttoptr i64 %27 to %struct.task_struct* %29 = call i8* @__get_task_comm(i8* nonnull %24, i64 16, %struct.task_struct* %28) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %54 = call i8* @__get_task_comm(i8* nonnull %9, i64 16, %struct.task_struct* %8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %54 = call i8* @__get_task_comm(i8* nonnull %9, i64 16, %struct.task_struct* %8) #83 ------------- Good: 14 Bad: 10 Ignored: 10 Check Use of Function:fault_in_user_writeable Check Use of Function:futex_wake_mark Check Use of Function:wake_up_q Check Use of Function:e1000_irq_disable Check Use of Function:futex_get_value_locked Check Use of Function:futex_unqueue Check Use of Function:hrtimer_cancel Use: =BAD PATH= Call Stack: 0 timerfd_release ------------- Path:  Function:timerfd_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.timerfd_ctx** %5 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 10, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #83 %7 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 11 %8 = load i8, i8* %7, align 4, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %17, label %10 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %6) #83 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 5 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, -2 %21 = icmp eq i32 %20, 8 br i1 %21, label %22, label %25 %26 = bitcast %struct.timerfd_ctx* %5 to %struct.hrtimer* %27 = tail call i32 @hrtimer_cancel(%struct.hrtimer* %26) #83 ------------- Good: 56 Bad: 1 Ignored: 68 Check Use of Function:__futex_unqueue Check Use of Function:unlock_page Check Use of Function:hugetlb_basepage_index Check Use of Function:is_file_shm_hugepages Check Use of Function:PageHuge Use: =BAD PATH= Call Stack: 0 stable_page_flags 1 kpageflags_read ------------- Path:  Function:kpageflags_read %5 = bitcast i8* %1 to i64* %6 = load i64, i64* %3, align 8 %7 = lshr i64 %6, 3 %8 = or i64 %6, %2 %9 = and i64 %8, 7 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %102 %12 = load i64, i64* @max_pfn, align 8 %13 = shl i64 %12, 3 %14 = add i64 %13, -8 %15 = or i64 %14, 262136 %16 = add i64 %15, 8 %17 = icmp ugt i64 %16, %6 br i1 %17, label %18, label %102 %19 = sub i64 %16, %6 %20 = icmp ugt i64 %19, %2 %21 = select i1 %20, i64 %2, i64 %19 %22 = icmp eq i64 %21, 0 br i1 %22, label %95, label %23 %24 = phi i64 [ %84, %81 ], [ %21, %18 ] %25 = phi i64* [ %83, %81 ], [ %5, %18 ] %26 = phi i64 [ %82, %81 ], [ %7, %18 ] %27 = icmp ult i64 %26, 4503599627370496 br i1 %27, label %28, label %69 %29 = lshr i64 %26, 15 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@kpageflags_read, %32), i8* blockaddress(@kpageflags_read, %31)) #6 to label %30 [label %32, label %31], !srcloc !4 br label %32 %33 = phi i64 [ 524288, %31 ], [ 33554432, %28 ], [ 33554432, %30 ] %34 = icmp ult i64 %29, %33 br i1 %34, label %35, label %69 %36 = load %struct.mem_section**, %struct.mem_section*** @mem_section, align 8 %37 = icmp eq %struct.mem_section** %36, null br i1 %37, label %69, label %38 %39 = lshr i64 %26, 23 %40 = getelementptr %struct.mem_section*, %struct.mem_section** %36, i64 %39 %41 = load %struct.mem_section*, %struct.mem_section** %40, align 8 %42 = icmp eq %struct.mem_section* %41, null br i1 %42, label %69, label %43 %44 = and i64 %29, 255 %45 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44 %46 = icmp eq %struct.mem_section* %45, null br i1 %46, label %69, label %47 %48 = getelementptr inbounds %struct.mem_section, %struct.mem_section* %45, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = and i64 %49, 2 %51 = icmp eq i64 %50, 0 br i1 %51, label %69, label %52 %53 = and i64 %49, 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %58, label %55 %59 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44, i32 1 %60 = load %struct.mem_section_usage*, %struct.mem_section_usage** %59, align 8 %61 = getelementptr inbounds %struct.mem_section_usage, %struct.mem_section_usage* %60, i64 0, i32 0, i64 0 %62 = lshr i64 %26, 9 %63 = and i64 %62, 63 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %61, i64 %63) #6, !srcloc !5 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 %67 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %68 = getelementptr %struct.page, %struct.page* %67, i64 %26 br i1 %66, label %69, label %70 %71 = phi %struct.page* [ null, %69 ], [ %68, %58 ], [ %57, %55 ] %72 = bitcast i64* %25 to i8* %73 = tail call i64 @stable_page_flags(%struct.page* %71) #83 Function:stable_page_flags %2 = icmp eq %struct.page* %0, null br i1 %2, label %187, label %3 %4 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 16 %6 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %7 = bitcast %union.anon.20* %6 to i64* %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 %11 = add i64 %8, -1 %12 = ptrtoint %struct.page* %0 to i64 %13 = select i1 %10, i64 %12, i64 %11, !prof !4 %14 = inttoptr i64 %13 to %struct.page* %15 = getelementptr inbounds %struct.page, %struct.page* %14, i64 0, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 512 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %22 %20 = tail call zeroext i1 @page_mapped(%struct.page* nonnull %0) #83 %21 = select i1 %20, i64 2048, i64 0 br label %22 %23 = phi i64 [ 0, %3 ], [ %21, %19 ] %24 = load volatile i64, i64* %7, align 8 %25 = and i64 %24, 1 %26 = icmp eq i64 %25, 0 %27 = add i64 %24, -1 %28 = select i1 %26, i64 %12, i64 %27, !prof !4 %29 = inttoptr i64 %28 to %struct.folio* %30 = getelementptr inbounds %struct.folio, %struct.folio* %29, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %31 = bitcast %struct.address_space** %30 to i64* %32 = load i64, i64* %31, align 8 %33 = shl i64 %32, 12 %34 = and i64 %33, 4096 %35 = or i64 %34, %23 %36 = load volatile i64, i64* %4, align 8 %37 = lshr i64 %36, 1 %38 = and i64 %37, 32768 %39 = or i64 %35, %38 %40 = load volatile i64, i64* %7, align 8 %41 = shl i64 %40, 16 %42 = and i64 %41, 65536 %43 = or i64 %39, %42 %44 = tail call i32 bitcast (i32 (%struct.page.138197*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 iov_iter_zero 1 read_iter_zero ------------- Path:  Function:read_iter_zero %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %52, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 br label %8 %9 = phi i64 [ %4, %6 ], [ %50, %49 ] %10 = phi i64 [ 0, %6 ], [ %22, %49 ] %11 = icmp ult i64 %9, 4096 %12 = select i1 %11, i64 %9, i64 4096 %13 = tail call i64 @iov_iter_zero(i64 %12, %struct.iov_iter* %1) #83 Function:iov_iter_zero %3 = alloca i32, align 4 %4 = alloca i64, align 8 %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 3 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %76 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %77, %0 %79 = select i1 %78, i64 %77, i64 %0, !prof !4 %80 = icmp eq i64 %79, 0 br i1 %80, label %352, label %81, !prof !4, !misexpect !8 switch i8 %7, label %348 [ i8 0, label %82 i8 2, label %126 i8 1, label %184 i8 4, label %227 ], !prof !9 %228 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 6, i32 0 %229 = load i64, i64* %228, align 8 %230 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = lshr i64 %232, 12 %234 = bitcast %struct.xa_state* %5 to i8* %235 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 5 %236 = bitcast %union.anon.104* %235 to i64* %237 = load i64, i64* %236, align 8 %238 = bitcast %struct.xa_state* %5 to i64* store i64 %237, i64* %238, align 8 %239 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 store i64 %233, i64* %239, align 8 %240 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %241 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %242 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %243 = bitcast i8* %240 to i32* store i32 0, i32* %243, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %242, align 8 %244 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %245 = bitcast %struct.xa_node** %244 to i8* tail call void @__rcu_read_lock() #83 %246 = call i8* @xas_find(%struct.xa_state* nonnull %5, i64 -1) #83 %247 = icmp eq i8* %246, null br i1 %247, label %344, label %248 %249 = trunc i64 %232 to i32 %250 = and i32 %249, 4095 br label %251 %252 = phi i8* [ %342, %341 ], [ %246, %248 ] %253 = phi i64 [ %302, %341 ], [ %79, %248 ] %254 = phi i32 [ %303, %341 ], [ %250, %248 ] %255 = phi i64 [ %304, %341 ], [ 0, %248 ] %256 = bitcast i8* %252 to %struct.page* %257 = ptrtoint i8* %252 to i64 switch i64 %257, label %259 [ i64 1030, label %301 i64 1026, label %258 ] %260 = and i64 %257, 1 %261 = icmp eq i64 %260, 0 br i1 %261, label %263, label %262, !prof !10, !misexpect !5 %264 = call i32 bitcast (i32 (%struct.page.138197*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %256) #83 ------------- Use: =BAD PATH= Call Stack: 0 iov_iter_zero 1 read_iter_zero ------------- Path:  Function:read_iter_zero %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %52, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 br label %8 %9 = phi i64 [ %4, %6 ], [ %50, %49 ] %10 = phi i64 [ 0, %6 ], [ %22, %49 ] %11 = icmp ult i64 %9, 4096 %12 = select i1 %11, i64 %9, i64 4096 %13 = tail call i64 @iov_iter_zero(i64 %12, %struct.iov_iter* %1) #83 Function:iov_iter_zero %3 = alloca i32, align 4 %4 = alloca i64, align 8 %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 3 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %76 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %77, %0 %79 = select i1 %78, i64 %77, i64 %0, !prof !4 %80 = icmp eq i64 %79, 0 br i1 %80, label %352, label %81, !prof !4, !misexpect !8 switch i8 %7, label %348 [ i8 0, label %82 i8 2, label %126 i8 1, label %184 i8 4, label %227 ], !prof !9 %228 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 6, i32 0 %229 = load i64, i64* %228, align 8 %230 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = lshr i64 %232, 12 %234 = bitcast %struct.xa_state* %5 to i8* %235 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 5 %236 = bitcast %union.anon.104* %235 to i64* %237 = load i64, i64* %236, align 8 %238 = bitcast %struct.xa_state* %5 to i64* store i64 %237, i64* %238, align 8 %239 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 store i64 %233, i64* %239, align 8 %240 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %241 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %242 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %243 = bitcast i8* %240 to i32* store i32 0, i32* %243, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %242, align 8 %244 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %245 = bitcast %struct.xa_node** %244 to i8* tail call void @__rcu_read_lock() #83 %246 = call i8* @xas_find(%struct.xa_state* nonnull %5, i64 -1) #83 %247 = icmp eq i8* %246, null br i1 %247, label %344, label %248 %249 = trunc i64 %232 to i32 %250 = and i32 %249, 4095 br label %251 %252 = phi i8* [ %342, %341 ], [ %246, %248 ] %253 = phi i64 [ %302, %341 ], [ %79, %248 ] %254 = phi i32 [ %303, %341 ], [ %250, %248 ] %255 = phi i64 [ %304, %341 ], [ 0, %248 ] %256 = bitcast i8* %252 to %struct.page* %257 = ptrtoint i8* %252 to i64 switch i64 %257, label %259 [ i64 1030, label %301 i64 1026, label %258 ] %260 = and i64 %257, 1 %261 = icmp eq i64 %260, 0 br i1 %261, label %263, label %262, !prof !10, !misexpect !5 %264 = call i32 bitcast (i32 (%struct.page.138197*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %256) #83 ------------- Use: =BAD PATH= Call Stack: 0 _copy_from_iter 1 packet_sendmsg ------------- Path:  Function:packet_sendmsg %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = alloca i32, align 4 %7 = alloca %struct.flow_keys_basic, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.sockcm_cookie, align 8 %10 = alloca %struct.anon.153.405390, align 2 %11 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %12 = load %struct.sock*, %struct.sock** %11, align 8 %13 = bitcast %struct.sock* %12 to %struct.packet_sock* %14 = getelementptr inbounds %struct.sock, %struct.sock* %12, i64 1, i32 6 %15 = bitcast %struct.anon.181* %14 to %union.anon.32** %16 = load %union.anon.32*, %union.anon.32** %15, align 16 %17 = icmp eq %union.anon.32* %16, null br i1 %17, label %774, label %18 %775 = bitcast %struct.msghdr* %1 to %struct.sockaddr_ll** %776 = load %struct.sockaddr_ll*, %struct.sockaddr_ll** %775, align 8 %777 = bitcast i32* %8 to i8* %778 = bitcast %struct.sockcm_cookie* %9 to i8* %779 = getelementptr inbounds %struct.anon.153.405390, %struct.anon.153.405390* %10, i64 0, i32 0 %780 = icmp eq %struct.sockaddr_ll* %776, null br i1 %780, label %781, label %793, !prof !6, !misexpect !7 store i32 -22, i32* %8, align 4 %794 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %795 = load i32, i32* %794, align 8 %796 = icmp ult i32 %795, 20 br i1 %796, label %1213, label %797 %798 = sext i32 %795 to i64 %799 = getelementptr inbounds %struct.sockaddr_ll, %struct.sockaddr_ll* %776, i64 0, i32 5 %800 = load i8, i8* %799, align 1 %801 = zext i8 %800 to i64 %802 = add nuw nsw i64 %801, 12 %803 = icmp ugt i64 %802, %798 br i1 %803, label %1213, label %804 %805 = getelementptr inbounds %struct.sockaddr_ll, %struct.sockaddr_ll* %776, i64 0, i32 1 %806 = load i16, i16* %805, align 2 %807 = getelementptr inbounds %struct.sock, %struct.sock* %12, i64 0, i32 0, i32 9, i32 0 %808 = load %struct.net*, %struct.net** %807, align 8 %809 = getelementptr inbounds %struct.sockaddr_ll, %struct.sockaddr_ll* %776, i64 0, i32 2 %810 = load i32, i32* %809, align 4 %811 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index to %struct.net_device* (%struct.net*, i32)*)(%struct.net* %808, i32 %810) #83 %812 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %813 = load i16, i16* %812, align 4 %814 = icmp eq i16 %813, 2 br i1 %814, label %815, label %827 %816 = icmp eq %struct.net_device* %811, null br i1 %816, label %825, label %817 %818 = load i32, i32* %794, align 8 %819 = sext i32 %818 to i64 %820 = getelementptr inbounds %struct.net_device, %struct.net_device* %811, i64 0, i32 51 %821 = load i8, i8* %820, align 1 %822 = zext i8 %821 to i64 %823 = add nuw nsw i64 %822, 12 %824 = icmp ugt i64 %823, %819 br i1 %824, label %1208, label %825 %826 = getelementptr inbounds %struct.sockaddr_ll, %struct.sockaddr_ll* %776, i64 0, i32 6, i64 0 br label %827 %828 = phi i8* [ null, %789 ], [ %826, %825 ], [ null, %804 ] %829 = phi i16 [ %792, %789 ], [ %806, %825 ], [ %806, %804 ] %830 = phi %struct.net_device* [ %784, %789 ], [ %811, %825 ], [ %811, %804 ] store i32 -6, i32* %8, align 4 %831 = icmp eq %struct.net_device* %830, null br i1 %831, label %1213, label %832, !prof !4, !misexpect !5 store i32 -100, i32* %8, align 4 %833 = getelementptr inbounds %struct.net_device, %struct.net_device* %830, i64 0, i32 14 %834 = load i32, i32* %833, align 64 %835 = and i32 %834, 1 %836 = icmp eq i32 %835, 0 br i1 %836, label %1208, label %837, !prof !4, !misexpect !5 %838 = getelementptr inbounds %struct.sock, %struct.sock* %12, i64 0, i32 64 %839 = load i16, i16* %838, align 8 %840 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %9, i64 0, i32 0 store i64 0, i64* %840, align 8 %841 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %9, i64 0, i32 1 %842 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %9, i64 0, i32 2 store i16 %839, i16* %842, align 4 %843 = getelementptr inbounds %struct.sock, %struct.sock* %12, i64 0, i32 33 %844 = load i32, i32* %843, align 4 store i32 %844, i32* %841, align 8 %845 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %846 = load i64, i64* %845, align 8 %847 = icmp eq i64 %846, 0 br i1 %847, label %851, label %848 %849 = call i32 @sock_cmsg_send(%struct.sock* %12, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %9) #83 store i32 %849, i32* %8, align 4 %850 = icmp eq i32 %849, 0 br i1 %850, label %851, label %1208, !prof !6, !misexpect !5 %852 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %853 = load i16, i16* %852, align 4 %854 = icmp eq i16 %853, 3 br i1 %854, label %855, label %859 %856 = getelementptr inbounds %struct.net_device, %struct.net_device* %830, i64 0, i32 19 %857 = load i16, i16* %856, align 2 %858 = zext i16 %857 to i32 br label %859 %860 = phi i32 [ %858, %855 ], [ 0, %851 ] %861 = getelementptr inbounds %struct.packet_sock, %struct.packet_sock* %13, i64 0, i32 9 %862 = load i8, i8* %861, align 4 %863 = and i8 %862, 4 %864 = icmp eq i8 %863, 0 br i1 %864, label %903, label %865 %866 = icmp ult i64 %2, 10 br i1 %866, label %900, label %867 %868 = add i64 %2, -10 %869 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %870 = call i64 @_copy_from_iter(i8* nonnull %779, i64 10, %struct.iov_iter* %869) #83 Function:_copy_from_iter %4 = alloca %struct.xa_state, align 8 %5 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %6 = load i8, i8* %5, align 8 %7 = icmp eq i8 %6, 3 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp ult i64 %11, %1 %13 = select i1 %12, i64 %11, i64 %1, !prof !4 %14 = icmp eq i64 %13, 0 br i1 %14, label %306, label %15, !prof !4, !misexpect !8 switch i8 %6, label %302 [ i8 0, label %16 i8 2, label %77 i8 1, label %136 i8 4, label %180 ], !prof !9 %181 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 6, i32 0 %182 = load i64, i64* %181, align 8 %183 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %184 = load i64, i64* %183, align 8 %185 = add i64 %184, %182 %186 = lshr i64 %185, 12 %187 = bitcast %struct.xa_state* %4 to i8* %188 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5 %189 = bitcast %union.anon.104* %188 to i64* %190 = load i64, i64* %189, align 8 %191 = bitcast %struct.xa_state* %4 to i64* store i64 %190, i64* %191, align 8 %192 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 1 store i64 %186, i64* %192, align 8 %193 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 2 %194 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 4 %195 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 6 %196 = bitcast i8* %193 to i32* store i32 0, i32* %196, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %195, align 8 %197 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 7 %198 = bitcast %struct.xa_node** %197 to i8* tail call void @__rcu_read_lock() #83 %199 = call i8* @xas_find(%struct.xa_state* nonnull %4, i64 -1) #83 %200 = icmp eq i8* %199, null br i1 %200, label %298, label %201 %202 = trunc i64 %185 to i32 %203 = and i32 %202, 4095 br label %204 %205 = phi i8* [ %296, %295 ], [ %199, %201 ] %206 = phi i64 [ %256, %295 ], [ %13, %201 ] %207 = phi i32 [ %257, %295 ], [ %203, %201 ] %208 = phi i64 [ %258, %295 ], [ 0, %201 ] %209 = bitcast i8* %205 to %struct.page* %210 = ptrtoint i8* %205 to i64 switch i64 %210, label %212 [ i64 1030, label %255 i64 1026, label %211 ] %213 = and i64 %210, 1 %214 = icmp eq i64 %213, 0 br i1 %214, label %216, label %215, !prof !12, !misexpect !5 %217 = call i32 bitcast (i32 (%struct.page.138197*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %209) #83 ------------- Use: =BAD PATH= Call Stack: 0 _copy_from_iter 1 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 Function:_copy_from_iter %4 = alloca %struct.xa_state, align 8 %5 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %6 = load i8, i8* %5, align 8 %7 = icmp eq i8 %6, 3 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp ult i64 %11, %1 %13 = select i1 %12, i64 %11, i64 %1, !prof !4 %14 = icmp eq i64 %13, 0 br i1 %14, label %306, label %15, !prof !4, !misexpect !8 switch i8 %6, label %302 [ i8 0, label %16 i8 2, label %77 i8 1, label %136 i8 4, label %180 ], !prof !9 %181 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 6, i32 0 %182 = load i64, i64* %181, align 8 %183 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %184 = load i64, i64* %183, align 8 %185 = add i64 %184, %182 %186 = lshr i64 %185, 12 %187 = bitcast %struct.xa_state* %4 to i8* %188 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5 %189 = bitcast %union.anon.104* %188 to i64* %190 = load i64, i64* %189, align 8 %191 = bitcast %struct.xa_state* %4 to i64* store i64 %190, i64* %191, align 8 %192 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 1 store i64 %186, i64* %192, align 8 %193 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 2 %194 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 4 %195 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 6 %196 = bitcast i8* %193 to i32* store i32 0, i32* %196, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %195, align 8 %197 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 7 %198 = bitcast %struct.xa_node** %197 to i8* tail call void @__rcu_read_lock() #83 %199 = call i8* @xas_find(%struct.xa_state* nonnull %4, i64 -1) #83 %200 = icmp eq i8* %199, null br i1 %200, label %298, label %201 %202 = trunc i64 %185 to i32 %203 = and i32 %202, 4095 br label %204 %205 = phi i8* [ %296, %295 ], [ %199, %201 ] %206 = phi i64 [ %256, %295 ], [ %13, %201 ] %207 = phi i32 [ %257, %295 ], [ %203, %201 ] %208 = phi i64 [ %258, %295 ], [ 0, %201 ] %209 = bitcast i8* %205 to %struct.page* %210 = ptrtoint i8* %205 to i64 switch i64 %210, label %212 [ i64 1030, label %255 i64 1026, label %211 ] %213 = and i64 %210, 1 %214 = icmp eq i64 %213, 0 br i1 %214, label %216, label %215, !prof !12, !misexpect !5 %217 = call i32 bitcast (i32 (%struct.page.138197*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %209) #83 ------------- Use: =BAD PATH= Call Stack: 0 _copy_from_iter 1 kernfs_fop_write_iter ------------- Path:  Function:kernfs_fop_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.kernfs_open_file** %10 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %9, align 8 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %10, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = icmp eq i64 %14, 0 br i1 %15, label %18, label %16 %17 = icmp ugt i64 %12, %14 br i1 %17, label %77, label %21 %22 = phi i64 [ %12, %16 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %10, i64 0, i32 8 %24 = load i8*, i8** %23, align 8 %25 = icmp eq i8* %24, null br i1 %25, label %28, label %26 %29 = add i64 %22, 1 %30 = tail call noalias align 8 i8* @__kmalloc(i64 %29, i32 3264) #84 %31 = icmp eq i8* %30, null br i1 %31, label %77, label %32 %33 = phi i8* [ %30, %28 ], [ %24, %26 ] %34 = icmp ugt i64 %22, 2147483647 br i1 %34, label %35, label %36, !prof !4, !misexpect !5 %37 = tail call i64 @_copy_from_iter(i8* %33, i64 %22, %struct.iov_iter* %1) #83 Function:_copy_from_iter %4 = alloca %struct.xa_state, align 8 %5 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %6 = load i8, i8* %5, align 8 %7 = icmp eq i8 %6, 3 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp ult i64 %11, %1 %13 = select i1 %12, i64 %11, i64 %1, !prof !4 %14 = icmp eq i64 %13, 0 br i1 %14, label %306, label %15, !prof !4, !misexpect !8 switch i8 %6, label %302 [ i8 0, label %16 i8 2, label %77 i8 1, label %136 i8 4, label %180 ], !prof !9 %181 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 6, i32 0 %182 = load i64, i64* %181, align 8 %183 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %184 = load i64, i64* %183, align 8 %185 = add i64 %184, %182 %186 = lshr i64 %185, 12 %187 = bitcast %struct.xa_state* %4 to i8* %188 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5 %189 = bitcast %union.anon.104* %188 to i64* %190 = load i64, i64* %189, align 8 %191 = bitcast %struct.xa_state* %4 to i64* store i64 %190, i64* %191, align 8 %192 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 1 store i64 %186, i64* %192, align 8 %193 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 2 %194 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 4 %195 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 6 %196 = bitcast i8* %193 to i32* store i32 0, i32* %196, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %195, align 8 %197 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 7 %198 = bitcast %struct.xa_node** %197 to i8* tail call void @__rcu_read_lock() #83 %199 = call i8* @xas_find(%struct.xa_state* nonnull %4, i64 -1) #83 %200 = icmp eq i8* %199, null br i1 %200, label %298, label %201 %202 = trunc i64 %185 to i32 %203 = and i32 %202, 4095 br label %204 %205 = phi i8* [ %296, %295 ], [ %199, %201 ] %206 = phi i64 [ %256, %295 ], [ %13, %201 ] %207 = phi i32 [ %257, %295 ], [ %203, %201 ] %208 = phi i64 [ %258, %295 ], [ 0, %201 ] %209 = bitcast i8* %205 to %struct.page* %210 = ptrtoint i8* %205 to i64 switch i64 %210, label %212 [ i64 1030, label %255 i64 1026, label %211 ] %213 = and i64 %210, 1 %214 = icmp eq i64 %213, 0 br i1 %214, label %216, label %215, !prof !12, !misexpect !5 %217 = call i32 bitcast (i32 (%struct.page.138197*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %209) #83 ------------- Good: 305 Bad: 6 Ignored: 433 Check Use of Function:isolate_huge_page Check Use of Function:lru_add_drain_all Use: =BAD PATH= Call Stack: 0 compact_store ------------- Path:  Function:compact_store %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 29 %6 = load i32, i32* %5, align 8 %7 = icmp sgt i32 %6, -1 %8 = load i32, i32* @nr_node_ids, align 4 %9 = icmp ult i32 %6, %8 %10 = and i1 %7, %9 br i1 %10, label %11, label %17 %12 = zext i32 %6 to i64 %13 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 1, i32 0, i64 0), i64 %12) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %17, label %16 tail call void @lru_add_drain_all() #83 ------------- Good: 5 Bad: 1 Ignored: 3 Check Use of Function:migrate_pages Check Use of Function:unpin_user_pages Use: =BAD PATH= Call Stack: 0 lockless_pages_from_mm 1 internal_get_user_pages_fast 2 get_user_pages_fast 3 get_futex_key 4 futex_wake 5 do_futex 6 __se_sys_futex 7 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 Function:get_user_pages_fast %5 = and i32 %2, 262144 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 65536 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11, !prof !4, !misexpect !5 %13 = or i32 %2, 4 %14 = sext i32 %1 to i64 %15 = tail call fastcc i32 @internal_get_user_pages_fast(i64 %0, i64 %14, i32 %13, %struct.page** %3) #83 Function:internal_get_user_pages_fast %5 = and i32 %2, -852118 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 262144 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 47 %15 = load %struct.mm_struct*, %struct.mm_struct** %14, align 8 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %15, i64 0, i32 0, i32 45 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 268435456 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %23 %21 = bitcast i64* %16 to i8* %22 = getelementptr i8, i8* %21, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %22, i32 16, i8* %22) #6, !srcloc !9 br label %23 %24 = and i32 %2, 524288 %25 = and i64 %0, -4096 %26 = shl i64 %1, 12 %28 = extractvalue { i64, i1 } %27, 1 %29 = extractvalue { i64, i1 } %27, 0 br i1 %28, label %57, label %30 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !10 %32 = extractvalue { i64, i1 } %27, 1 %33 = icmp ugt i64 %29, %31 %34 = or i1 %32, %33 br i1 %34, label %57, label %35, !prof !11, !misexpect !5 %36 = tail call fastcc i64 @lockless_pages_from_mm(i64 %25, i64 %29, i32 %2, %struct.page** %3) #83 Function:lockless_pages_from_mm %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %11), i8* blockaddress(@lockless_pages_from_mm, %10)) #6 to label %9 [label %11, label %10], !srcloc !4 %12 = phi i64 [ 47, %10 ], [ 56, %4 ], [ 56, %9 ] %13 = lshr i64 %1, %12 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %90 %16 = and i32 %2, 262144 %17 = icmp eq i32 %16, 0 br i1 %17, label %27, label %18 %28 = phi i32 [ %24, %18 ], [ undef, %15 ] %29 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %30 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %31 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 %34 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 %35 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 10 %36 = load %struct.anon.1*, %struct.anon.1** %35, align 8 %37 = load i32, i32* @pgdir_shift, align 4 %38 = zext i32 %37 to i64 %39 = lshr i64 %0, %38 %40 = and i64 %39, 511 %41 = getelementptr %struct.anon.1, %struct.anon.1* %36, i64 %40 %42 = add i64 %1, -1 %43 = bitcast i64* %5 to i8* br label %44 %45 = phi i32 [ %37, %27 ], [ %72, %70 ] %46 = phi %struct.anon.1* [ %41, %27 ], [ %71, %70 ] %47 = phi i64 [ %0, %27 ], [ %57, %70 ] %48 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %46, i64 0, i32 0 %49 = load volatile i64, i64* %48, align 8 store volatile i64 %49, i64* %5, align 8 %50 = zext i32 %45 to i64 %51 = shl nuw i64 1, %50 %52 = add i64 %51, %47 %53 = sub i64 0, %51 %54 = and i64 %52, %53 %55 = add i64 %54, -1 %56 = icmp ult i64 %55, %42 %57 = select i1 %56, i64 %54, i64 %1 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %59), i8* blockaddress(@lockless_pages_from_mm, %62)) #6 to label %58 [label %59, label %62], !srcloc !4 br label %59 %60 = icmp eq i64 %49, 0 %61 = zext i1 %60 to i32 br label %62 %63 = phi i32 [ %61, %59 ], [ 0, %44 ] %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %73 %66 = call fastcc i32 @gup_p4d_range(i64 %49, i64 %47, i64 %57, i32 %2, %struct.page** %3, i32* nonnull %7) #83 %67 = icmp eq i32 %66, 0 %68 = icmp eq i64 %57, %1 %69 = or i1 %68, %67 br i1 %69, label %74, label %70 %75 = and i64 %30, 512 %76 = icmp eq i64 %75, 0 br i1 %76, label %78, label %77 br i1 %17, label %87, label %79 %80 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %81 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %80, i64 0, i32 0, i32 28, i32 0 %82 = load volatile i32, i32* %81, align 4 %83 = icmp eq i32 %82, %28 br i1 %83, label %87, label %84 %85 = load i32, i32* %7, align 4 %86 = sext i32 %85 to i64 call void @unpin_user_pages(%struct.page** %3, i64 %86) #84 ------------- Use: =BAD PATH= Call Stack: 0 lockless_pages_from_mm 1 internal_get_user_pages_fast 2 get_user_pages_fast 3 get_futex_key 4 futex_wake 5 do_futex 6 __se_sys_futex 7 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 Function:get_user_pages_fast %5 = and i32 %2, 262144 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 65536 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11, !prof !4, !misexpect !5 %13 = or i32 %2, 4 %14 = sext i32 %1 to i64 %15 = tail call fastcc i32 @internal_get_user_pages_fast(i64 %0, i64 %14, i32 %13, %struct.page** %3) #83 Function:internal_get_user_pages_fast %5 = and i32 %2, -852118 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 262144 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 47 %15 = load %struct.mm_struct*, %struct.mm_struct** %14, align 8 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %15, i64 0, i32 0, i32 45 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 268435456 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %23 %21 = bitcast i64* %16 to i8* %22 = getelementptr i8, i8* %21, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %22, i32 16, i8* %22) #6, !srcloc !9 br label %23 %24 = and i32 %2, 524288 %25 = and i64 %0, -4096 %26 = shl i64 %1, 12 %28 = extractvalue { i64, i1 } %27, 1 %29 = extractvalue { i64, i1 } %27, 0 br i1 %28, label %57, label %30 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !10 %32 = extractvalue { i64, i1 } %27, 1 %33 = icmp ugt i64 %29, %31 %34 = or i1 %32, %33 br i1 %34, label %57, label %35, !prof !11, !misexpect !5 %36 = tail call fastcc i64 @lockless_pages_from_mm(i64 %25, i64 %29, i32 %2, %struct.page** %3) #83 Function:lockless_pages_from_mm %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %11), i8* blockaddress(@lockless_pages_from_mm, %10)) #6 to label %9 [label %11, label %10], !srcloc !4 %12 = phi i64 [ 47, %10 ], [ 56, %4 ], [ 56, %9 ] %13 = lshr i64 %1, %12 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %90 %16 = and i32 %2, 262144 %17 = icmp eq i32 %16, 0 br i1 %17, label %27, label %18 %28 = phi i32 [ %24, %18 ], [ undef, %15 ] %29 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %30 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %31 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 %34 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 %35 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 10 %36 = load %struct.anon.1*, %struct.anon.1** %35, align 8 %37 = load i32, i32* @pgdir_shift, align 4 %38 = zext i32 %37 to i64 %39 = lshr i64 %0, %38 %40 = and i64 %39, 511 %41 = getelementptr %struct.anon.1, %struct.anon.1* %36, i64 %40 %42 = add i64 %1, -1 %43 = bitcast i64* %5 to i8* br label %44 %45 = phi i32 [ %37, %27 ], [ %72, %70 ] %46 = phi %struct.anon.1* [ %41, %27 ], [ %71, %70 ] %47 = phi i64 [ %0, %27 ], [ %57, %70 ] %48 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %46, i64 0, i32 0 %49 = load volatile i64, i64* %48, align 8 store volatile i64 %49, i64* %5, align 8 %50 = zext i32 %45 to i64 %51 = shl nuw i64 1, %50 %52 = add i64 %51, %47 %53 = sub i64 0, %51 %54 = and i64 %52, %53 %55 = add i64 %54, -1 %56 = icmp ult i64 %55, %42 %57 = select i1 %56, i64 %54, i64 %1 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %59), i8* blockaddress(@lockless_pages_from_mm, %62)) #6 to label %58 [label %59, label %62], !srcloc !4 br label %59 %60 = icmp eq i64 %49, 0 %61 = zext i1 %60 to i32 br label %62 %63 = phi i32 [ %61, %59 ], [ 0, %44 ] %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %73 %66 = call fastcc i32 @gup_p4d_range(i64 %49, i64 %47, i64 %57, i32 %2, %struct.page** %3, i32* nonnull %7) #83 %67 = icmp eq i32 %66, 0 %68 = icmp eq i64 %57, %1 %69 = or i1 %68, %67 br i1 %69, label %74, label %70 %75 = and i64 %30, 512 %76 = icmp eq i64 %75, 0 br i1 %76, label %78, label %77 br i1 %17, label %87, label %79 %80 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %81 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %80, i64 0, i32 0, i32 28, i32 0 %82 = load volatile i32, i32* %81, align 4 %83 = icmp eq i32 %82, %28 br i1 %83, label %87, label %84 %85 = load i32, i32* %7, align 4 %86 = sext i32 %85 to i64 call void @unpin_user_pages(%struct.page** %3, i64 %86) #84 ------------- Use: =BAD PATH= Call Stack: 0 lockless_pages_from_mm 1 internal_get_user_pages_fast 2 get_user_pages_fast 3 get_futex_key 4 futex_wake 5 do_futex 6 __se_sys_futex_time32 7 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 Function:get_user_pages_fast %5 = and i32 %2, 262144 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 65536 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11, !prof !4, !misexpect !5 %13 = or i32 %2, 4 %14 = sext i32 %1 to i64 %15 = tail call fastcc i32 @internal_get_user_pages_fast(i64 %0, i64 %14, i32 %13, %struct.page** %3) #83 Function:internal_get_user_pages_fast %5 = and i32 %2, -852118 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 262144 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 47 %15 = load %struct.mm_struct*, %struct.mm_struct** %14, align 8 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %15, i64 0, i32 0, i32 45 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 268435456 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %23 %21 = bitcast i64* %16 to i8* %22 = getelementptr i8, i8* %21, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %22, i32 16, i8* %22) #6, !srcloc !9 br label %23 %24 = and i32 %2, 524288 %25 = and i64 %0, -4096 %26 = shl i64 %1, 12 %28 = extractvalue { i64, i1 } %27, 1 %29 = extractvalue { i64, i1 } %27, 0 br i1 %28, label %57, label %30 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !10 %32 = extractvalue { i64, i1 } %27, 1 %33 = icmp ugt i64 %29, %31 %34 = or i1 %32, %33 br i1 %34, label %57, label %35, !prof !11, !misexpect !5 %36 = tail call fastcc i64 @lockless_pages_from_mm(i64 %25, i64 %29, i32 %2, %struct.page** %3) #83 Function:lockless_pages_from_mm %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %11), i8* blockaddress(@lockless_pages_from_mm, %10)) #6 to label %9 [label %11, label %10], !srcloc !4 %12 = phi i64 [ 47, %10 ], [ 56, %4 ], [ 56, %9 ] %13 = lshr i64 %1, %12 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %90 %16 = and i32 %2, 262144 %17 = icmp eq i32 %16, 0 br i1 %17, label %27, label %18 %28 = phi i32 [ %24, %18 ], [ undef, %15 ] %29 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %30 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %31 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 %34 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 %35 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 10 %36 = load %struct.anon.1*, %struct.anon.1** %35, align 8 %37 = load i32, i32* @pgdir_shift, align 4 %38 = zext i32 %37 to i64 %39 = lshr i64 %0, %38 %40 = and i64 %39, 511 %41 = getelementptr %struct.anon.1, %struct.anon.1* %36, i64 %40 %42 = add i64 %1, -1 %43 = bitcast i64* %5 to i8* br label %44 %45 = phi i32 [ %37, %27 ], [ %72, %70 ] %46 = phi %struct.anon.1* [ %41, %27 ], [ %71, %70 ] %47 = phi i64 [ %0, %27 ], [ %57, %70 ] %48 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %46, i64 0, i32 0 %49 = load volatile i64, i64* %48, align 8 store volatile i64 %49, i64* %5, align 8 %50 = zext i32 %45 to i64 %51 = shl nuw i64 1, %50 %52 = add i64 %51, %47 %53 = sub i64 0, %51 %54 = and i64 %52, %53 %55 = add i64 %54, -1 %56 = icmp ult i64 %55, %42 %57 = select i1 %56, i64 %54, i64 %1 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %59), i8* blockaddress(@lockless_pages_from_mm, %62)) #6 to label %58 [label %59, label %62], !srcloc !4 br label %59 %60 = icmp eq i64 %49, 0 %61 = zext i1 %60 to i32 br label %62 %63 = phi i32 [ %61, %59 ], [ 0, %44 ] %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %73 %66 = call fastcc i32 @gup_p4d_range(i64 %49, i64 %47, i64 %57, i32 %2, %struct.page** %3, i32* nonnull %7) #83 %67 = icmp eq i32 %66, 0 %68 = icmp eq i64 %57, %1 %69 = or i1 %68, %67 br i1 %69, label %74, label %70 %75 = and i64 %30, 512 %76 = icmp eq i64 %75, 0 br i1 %76, label %78, label %77 br i1 %17, label %87, label %79 %80 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %81 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %80, i64 0, i32 0, i32 28, i32 0 %82 = load volatile i32, i32* %81, align 4 %83 = icmp eq i32 %82, %28 br i1 %83, label %87, label %84 %85 = load i32, i32* %7, align 4 %86 = sext i32 %85 to i64 call void @unpin_user_pages(%struct.page** %3, i64 %86) #84 ------------- Use: =BAD PATH= Call Stack: 0 lockless_pages_from_mm 1 internal_get_user_pages_fast 2 get_user_pages_fast 3 get_futex_key 4 futex_wake 5 do_futex 6 __se_sys_futex_time32 7 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 Function:get_user_pages_fast %5 = and i32 %2, 262144 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 65536 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11, !prof !4, !misexpect !5 %13 = or i32 %2, 4 %14 = sext i32 %1 to i64 %15 = tail call fastcc i32 @internal_get_user_pages_fast(i64 %0, i64 %14, i32 %13, %struct.page** %3) #83 Function:internal_get_user_pages_fast %5 = and i32 %2, -852118 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 262144 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 47 %15 = load %struct.mm_struct*, %struct.mm_struct** %14, align 8 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %15, i64 0, i32 0, i32 45 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 268435456 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %23 %21 = bitcast i64* %16 to i8* %22 = getelementptr i8, i8* %21, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %22, i32 16, i8* %22) #6, !srcloc !9 br label %23 %24 = and i32 %2, 524288 %25 = and i64 %0, -4096 %26 = shl i64 %1, 12 %28 = extractvalue { i64, i1 } %27, 1 %29 = extractvalue { i64, i1 } %27, 0 br i1 %28, label %57, label %30 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !10 %32 = extractvalue { i64, i1 } %27, 1 %33 = icmp ugt i64 %29, %31 %34 = or i1 %32, %33 br i1 %34, label %57, label %35, !prof !11, !misexpect !5 %36 = tail call fastcc i64 @lockless_pages_from_mm(i64 %25, i64 %29, i32 %2, %struct.page** %3) #83 Function:lockless_pages_from_mm %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %11), i8* blockaddress(@lockless_pages_from_mm, %10)) #6 to label %9 [label %11, label %10], !srcloc !4 %12 = phi i64 [ 47, %10 ], [ 56, %4 ], [ 56, %9 ] %13 = lshr i64 %1, %12 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %90 %16 = and i32 %2, 262144 %17 = icmp eq i32 %16, 0 br i1 %17, label %27, label %18 %28 = phi i32 [ %24, %18 ], [ undef, %15 ] %29 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %30 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %31 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 %34 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 %35 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 10 %36 = load %struct.anon.1*, %struct.anon.1** %35, align 8 %37 = load i32, i32* @pgdir_shift, align 4 %38 = zext i32 %37 to i64 %39 = lshr i64 %0, %38 %40 = and i64 %39, 511 %41 = getelementptr %struct.anon.1, %struct.anon.1* %36, i64 %40 %42 = add i64 %1, -1 %43 = bitcast i64* %5 to i8* br label %44 %45 = phi i32 [ %37, %27 ], [ %72, %70 ] %46 = phi %struct.anon.1* [ %41, %27 ], [ %71, %70 ] %47 = phi i64 [ %0, %27 ], [ %57, %70 ] %48 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %46, i64 0, i32 0 %49 = load volatile i64, i64* %48, align 8 store volatile i64 %49, i64* %5, align 8 %50 = zext i32 %45 to i64 %51 = shl nuw i64 1, %50 %52 = add i64 %51, %47 %53 = sub i64 0, %51 %54 = and i64 %52, %53 %55 = add i64 %54, -1 %56 = icmp ult i64 %55, %42 %57 = select i1 %56, i64 %54, i64 %1 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %59), i8* blockaddress(@lockless_pages_from_mm, %62)) #6 to label %58 [label %59, label %62], !srcloc !4 br label %59 %60 = icmp eq i64 %49, 0 %61 = zext i1 %60 to i32 br label %62 %63 = phi i32 [ %61, %59 ], [ 0, %44 ] %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %73 %66 = call fastcc i32 @gup_p4d_range(i64 %49, i64 %47, i64 %57, i32 %2, %struct.page** %3, i32* nonnull %7) #83 %67 = icmp eq i32 %66, 0 %68 = icmp eq i64 %57, %1 %69 = or i1 %68, %67 br i1 %69, label %74, label %70 %75 = and i64 %30, 512 %76 = icmp eq i64 %75, 0 br i1 %76, label %78, label %77 br i1 %17, label %87, label %79 %80 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %81 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %80, i64 0, i32 0, i32 28, i32 0 %82 = load volatile i32, i32* %81, align 4 %83 = icmp eq i32 %82, %28 br i1 %83, label %87, label %84 %85 = load i32, i32* %7, align 4 %86 = sext i32 %85 to i64 call void @unpin_user_pages(%struct.page** %3, i64 %86) #84 ------------- Good: 37 Bad: 4 Ignored: 38 Check Use of Function:compat_put_bitmap Check Use of Function:tg3_frob_aux_power Check Use of Function:mm_release Check Use of Function:put_pi_state Check Use of Function:probe_acpi_namespace_devices Check Use of Function:futex_unqueue_pi Check Use of Function:acpi_exception Check Use of Function:setup_arg_pages Check Use of Function:setup_new_exec Check Use of Function:set_personality_ia32 Check Use of Function:__set_task_comm Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %48 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 15 store i8 0, i8* %48, align 1 %49 = inttoptr i64 %1 to i8* %50 = call i64 @strncpy_from_user(i8* nonnull %9, i8* %49, i64 15) #83 %51 = icmp slt i64 %50, 0 br i1 %51, label %276, label %52 call void @__set_task_comm(%struct.task_struct* %8, i8* nonnull %9, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %48 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 15 store i8 0, i8* %48, align 1 %49 = inttoptr i64 %1 to i8* %50 = call i64 @strncpy_from_user(i8* nonnull %9, i8* %49, i64 15) #83 %51 = icmp slt i64 %50, 0 br i1 %51, label %276, label %52 call void @__set_task_comm(%struct.task_struct* %8, i8* nonnull %9, i1 zeroext false) #83 ------------- Good: 6 Bad: 2 Ignored: 4 Check Use of Function:security_bprm_committing_creds Check Use of Function:perf_event_exec Check Use of Function:strrchr Use: =BAD PATH= Call Stack: 0 dmi_get_date 1 dmi_get_bios_year 2 pci_bridge_d3_possible 3 pci_bridge_d3_update 4 pci_d3cold_disable 5 d3cold_allowed_store ------------- Path:  Function:d3cold_allowed_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %7 = bitcast %struct.irq_domain** %6 to %struct.pci_dev.313800* %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #83 %10 = icmp slt i32 %9, 0 br i1 %10, label %24, label %11 %12 = load i64, i64* %5, align 8 %13 = icmp eq i64 %12, 0 %14 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %7, i64 0, i32 33 %15 = bitcast i24* %14 to i32* %16 = load i32, i32* %15, align 2 %17 = select i1 %13, i32 0, i32 2048 %18 = and i32 %16, -2049 %19 = or i32 %18, %17 store i32 %19, i32* %15, align 2 br i1 %13, label %21, label %20 call void @pci_d3cold_disable(%struct.pci_dev.313800* %7) #83 Function:pci_d3cold_disable %2 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 33 %3 = bitcast i24* %2 to i32* %4 = load i32, i32* %3, align 2 %5 = and i32 %4, 512 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %9 %8 = or i32 %4, 512 store i32 %8, i32* %3, align 2 tail call void @pci_bridge_d3_update(%struct.pci_dev.313800* %0) #83 Function:pci_bridge_d3_update %2 = alloca i8, align 1 %3 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 46, i32 0, i32 7 %4 = load i8, i8* %3, align 4 %5 = and i8 %4, 2 %6 = icmp eq i8 %5, 0 store i8 1, i8* %2, align 1 %7 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 1 %8 = load %struct.pci_bus.313802*, %struct.pci_bus.313802** %7, align 8 %9 = getelementptr inbounds %struct.pci_bus.313802, %struct.pci_bus.313802* %8, i64 0, i32 1 %10 = load %struct.pci_bus.313802*, %struct.pci_bus.313802** %9, align 8 %11 = icmp eq %struct.pci_bus.313802* %10, null br i1 %11, label %78, label %12 %13 = getelementptr inbounds %struct.pci_bus.313802, %struct.pci_bus.313802* %8, i64 0, i32 4 %14 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %13, align 8 %15 = icmp eq %struct.pci_dev.313800* %14, null br i1 %15, label %78, label %16 %17 = tail call zeroext i1 @pci_bridge_d3_possible(%struct.pci_dev.313800* nonnull %14) #83 Function:pci_bridge_d3_possible %2 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 18 %3 = load i8, i8* %2, align 4 %4 = icmp eq i8 %3, 0 br i1 %4, label %42, label %5 %6 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 24 %7 = load i16, i16* %6, align 2 %8 = lshr i16 %7, 4 %9 = and i16 %8, 15 %10 = zext i16 %9 to i32 %11 = add nsw i32 %10, -4 %12 = icmp ult i32 %11, 3 br i1 %12, label %13, label %41 %14 = load i1, i1* @pci_bridge_d3_disable, align 1 br i1 %14, label %42, label %15 %16 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 51 %17 = bitcast [5 x i8]* %16 to i40* %18 = load i40, i40* %17, align 1 %19 = and i40 %18, 8388608 %20 = icmp eq i40 %19, 0 br i1 %20, label %23, label %21 %24 = load i1, i1* @pci_bridge_d3_force, align 1 br i1 %24, label %42, label %25 %26 = load i40, i40* %17, align 1 %27 = and i40 %26, 33554432 %28 = icmp eq i40 %27, 0 br i1 %28, label %29, label %42 %30 = tail call zeroext i1 bitcast (i1 (%struct.pci_dev.322956*)* @acpi_pci_bridge_d3 to i1 (%struct.pci_dev.313800*)*)(%struct.pci_dev.313800* %0) #83 br i1 %30, label %42, label %31 %32 = load i40, i40* %17, align 1 %33 = and i40 %32, 8388608 %34 = icmp eq i40 %33, 0 br i1 %34, label %35, label %42 %36 = tail call i32 @dmi_check_system(%struct.dmi_system_id* bitcast ([2 x { i32 (%struct.dmi_system_id*)*, i8*, [4 x %struct.dmi_strmatch], i8* }]* @bridge_d3_blacklist to %struct.dmi_system_id*)) #83 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = tail call i32 @dmi_get_bios_year() #83 Function:dmi_get_bios_year %1 = alloca i32, align 4 %2 = bitcast i32* %1 to i8* %3 = call zeroext i1 @dmi_get_date(i32 3, i32* nonnull %1, i32* null, i32* null) #83 Function:dmi_get_date %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* %7 = sext i32 %0 to i64 %8 = getelementptr [23 x i8*], [23 x i8*]* @dmi_ident, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 %10 = icmp ne i8* %9, null br i1 %10, label %11, label %54 %12 = tail call i8* @strrchr(i8* nonnull %9, i32 47) #83 ------------- Good: 31 Bad: 1 Ignored: 32 Check Use of Function:__azx_runtime_resume Check Use of Function:do_close_on_exec Check Use of Function:__cleanup_sighand Check Use of Function:exit_itimers Check Use of Function:perf_event_exit_task Check Use of Function:membarrier_exec_mmap Check Use of Function:perf_event_enable Check Use of Function:switch_mm Check Use of Function:pci_unlock_rescan_remove Check Use of Function:handle_mm_fault Check Use of Function:iov_iter_advance Use: =BAD PATH= Call Stack: 0 write_iter_null ------------- Path:  Function:write_iter_null %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 tail call void @iov_iter_advance(%struct.iov_iter* %1, i64 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 write_iter_null ------------- Path:  Function:write_iter_null %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 tail call void @iov_iter_advance(%struct.iov_iter* %1, i64 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.152564, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.152564* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.152964*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.152964* %2, i64 %3) #83 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 18 %24 = load %struct.address_space.152957*, %struct.address_space.152957** %23, align 8 %25 = getelementptr inbounds %struct.address_space.152957, %struct.address_space.152957* %24, i64 0, i32 0 %26 = load %struct.inode.152950*, %struct.inode.152950** %25, align 8 %27 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %26, i64 0, i32 8 %28 = load %struct.super_block.152933*, %struct.super_block.152933** %27, align 8 %29 = getelementptr inbounds %struct.super_block.152933, %struct.super_block.152933* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 2 %47 = load %struct.inode.152950*, %struct.inode.152950** %46, align 8 %48 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.152858** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.152858**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.152858* %55 = getelementptr inbounds %struct.task_struct.152858, %struct.task_struct.152858* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 0 store %struct.file.152865* %0, %struct.file.152865** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 7 store %struct.wait_page_queue.152563* null, %struct.wait_page_queue.152563** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 3 %79 = load %struct.file_operations.152636*, %struct.file_operations.152636** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.152636, %struct.file_operations.152636* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.152564*, %struct.iov_iter*)*, i64 (%struct.kiocb.152564*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.152564* nonnull %7, %struct.iov_iter* nonnull %6) #83 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %93 = icmp slt i32 %83, 0 br i1 %93, label %94, label %98 store i32 %12, i32* %11, align 8 %95 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 3 store i64 0, i64* %95, align 8 call void @iov_iter_advance(%struct.iov_iter* nonnull %6, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.152564, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.152564* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.152964*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.152964* %2, i64 %3) #83 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 18 %24 = load %struct.address_space.152957*, %struct.address_space.152957** %23, align 8 %25 = getelementptr inbounds %struct.address_space.152957, %struct.address_space.152957* %24, i64 0, i32 0 %26 = load %struct.inode.152950*, %struct.inode.152950** %25, align 8 %27 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %26, i64 0, i32 8 %28 = load %struct.super_block.152933*, %struct.super_block.152933** %27, align 8 %29 = getelementptr inbounds %struct.super_block.152933, %struct.super_block.152933* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 2 %47 = load %struct.inode.152950*, %struct.inode.152950** %46, align 8 %48 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.152858** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.152858**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.152858* %55 = getelementptr inbounds %struct.task_struct.152858, %struct.task_struct.152858* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 0 store %struct.file.152865* %0, %struct.file.152865** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 7 store %struct.wait_page_queue.152563* null, %struct.wait_page_queue.152563** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 3 %79 = load %struct.file_operations.152636*, %struct.file_operations.152636** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.152636, %struct.file_operations.152636* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.152564*, %struct.iov_iter*)*, i64 (%struct.kiocb.152564*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.152564* nonnull %7, %struct.iov_iter* nonnull %6) #83 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %93 = icmp slt i32 %83, 0 br i1 %93, label %94, label %98 store i32 %12, i32* %11, align 8 %95 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 3 store i64 0, i64* %95, align 8 call void @iov_iter_advance(%struct.iov_iter* nonnull %6, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read 1 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket** %8 = load %struct.socket*, %struct.socket** %7, align 8 %9 = getelementptr inbounds %struct.socket, %struct.socket* %8, i64 0, i32 5 %10 = load %struct.proto_ops*, %struct.proto_ops** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %10, i64 0, i32 21 %12 = load i64 (%struct.socket*, i64*, %struct.pipe_inode_info*, i64, i32)*, i64 (%struct.socket*, i64*, %struct.pipe_inode_info*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket*, i64*, %struct.pipe_inode_info*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.152865*, i64*, %struct.pipe_inode_info.152964*, i64, i32)* @generic_file_splice_read to i64 (%struct.file*, i64*, %struct.pipe_inode_info*, i64, i32)*)(%struct.file* %0, i64* %1, %struct.pipe_inode_info* %2, i64 %3, i32 %4) #83 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.152564, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.152564* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.152964*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.152964* %2, i64 %3) #83 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 18 %24 = load %struct.address_space.152957*, %struct.address_space.152957** %23, align 8 %25 = getelementptr inbounds %struct.address_space.152957, %struct.address_space.152957* %24, i64 0, i32 0 %26 = load %struct.inode.152950*, %struct.inode.152950** %25, align 8 %27 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %26, i64 0, i32 8 %28 = load %struct.super_block.152933*, %struct.super_block.152933** %27, align 8 %29 = getelementptr inbounds %struct.super_block.152933, %struct.super_block.152933* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 2 %47 = load %struct.inode.152950*, %struct.inode.152950** %46, align 8 %48 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.152858** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.152858**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.152858* %55 = getelementptr inbounds %struct.task_struct.152858, %struct.task_struct.152858* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 0 store %struct.file.152865* %0, %struct.file.152865** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 7 store %struct.wait_page_queue.152563* null, %struct.wait_page_queue.152563** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 3 %79 = load %struct.file_operations.152636*, %struct.file_operations.152636** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.152636, %struct.file_operations.152636* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.152564*, %struct.iov_iter*)*, i64 (%struct.kiocb.152564*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.152564* nonnull %7, %struct.iov_iter* nonnull %6) #83 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %93 = icmp slt i32 %83, 0 br i1 %93, label %94, label %98 store i32 %12, i32* %11, align 8 %95 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 3 store i64 0, i64* %95, align 8 call void @iov_iter_advance(%struct.iov_iter* nonnull %6, i64 0) #83 ------------- Good: 61 Bad: 5 Ignored: 27 Check Use of Function:__get_user_pages Use: =BAD PATH= Call Stack: 0 faultin_vma_page_range 1 madvise_populate 2 do_madvise 3 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 faultin_vma_page_range 1 madvise_populate 2 do_madvise 3 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #83 ------------- Good: 70 Bad: 2 Ignored: 48 Check Use of Function:in_gate_area Check Use of Function:get_gate_page Check Use of Function:__ext4_journal_start_sb Check Use of Function:follow_hugetlb_page Check Use of Function:copy_string_kernel Check Use of Function:check_vma_flags Use: =BAD PATH= Call Stack: 0 faultin_vma_page_range 1 madvise_populate 2 do_madvise 3 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 ------------- Use: =BAD PATH= Call Stack: 0 faultin_vma_page_range 1 madvise_populate 2 do_madvise 3 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 ------------- Good: 17 Bad: 2 Ignored: 9 Check Use of Function:create_elf_tables Check Use of Function:start_thread Check Use of Function:vm_brk_flags Check Use of Function:elf_map.18508 Check Use of Function:set_binfmt Check Use of Function:vm_mmap Use: =BAD PATH= Call Stack: 0 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %153 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %11 = bitcast %struct.mutex* %10 to i8* %12 = load i8, i8* %11, align 8 %13 = icmp ugt i8 %12, 12 br i1 %13, label %153, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 32 %16 = bitcast i8* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ult i64 %17, 2 br i1 %18, label %19, label %153 %20 = icmp eq i64 %17, 0 br i1 %20, label %25, label %21 %22 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %23 = and i64 %22, 65536 %24 = icmp eq i64 %23, 0 br i1 %24, label %153, label %25 %26 = bitcast i8* %1 to i32* %27 = load i32, i32* %26, align 8 tail call void @__rcu_read_lock() #83 %28 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %29 = zext i32 %27 to i64 %30 = tail call i8* @idr_find(%struct.idr* %28, i64 %29) #83 %31 = icmp eq i8* %30, null br i1 %31, label %55, label %32 %33 = bitcast i8* %30 to %struct.seqcount_spinlock* %34 = bitcast i8* %30 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %34, i32 %39, i32* nonnull %34, i32 %38) #6, !srcloc !4 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %45 = extractvalue { i8, i32 } %40, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %37 %48 = phi i32 [ 0, %32 ], [ %38, %37 ], [ 0, %44 ] %49 = add i32 %48, 1 %50 = or i32 %49, %48 %51 = icmp sgt i32 %50, -1 br i1 %51, label %53, label %52, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %33, i32 0) #83 br label %53 %54 = icmp eq i32 %48, 0 br i1 %54, label %55, label %56 tail call void @__rcu_read_unlock() #83 %57 = getelementptr inbounds i8, i8* %30, i64 16 %58 = bitcast i8* %57 to %struct.file** %59 = load %struct.file*, %struct.file** %58, align 8 %60 = icmp eq %struct.file* %59, null br i1 %60, label %140, label %61 %62 = getelementptr inbounds i8, i8* %1, i64 8 %63 = bitcast i8* %62 to i64* %64 = load i64, i64* %63, align 8 %65 = getelementptr inbounds i8, i8* %1, i64 16 %66 = bitcast i8* %65 to i64* %67 = getelementptr inbounds i8, i8* %30, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %64 br i1 %70, label %71, label %140 %72 = load i64, i64* %66, align 8 %73 = sub i64 %69, %64 %74 = icmp ugt i64 %72, %73 br i1 %74, label %140, label %75 %76 = tail call i64 @vm_mmap(%struct.file* nonnull %59, i64 0, i64 %72, i64 3, i64 1, i64 %64) #83 ------------- Good: 12 Bad: 1 Ignored: 3 Check Use of Function:tg3_request_irq Check Use of Function:create_elf_tables.18509 Check Use of Function:arch_randomize_brk Check Use of Function:vm_stat_account Check Use of Function:move_vma Check Use of Function:selinux_netlbl_socket_connect_locked Check Use of Function:selinux_netlbl_socket_connect Check Use of Function:security_sid_mls_copy Check Use of Function:current_is_single_threaded Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __ia32_sys_unshare ------------- Path:  Function:__ia32_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call i32 @ksys_unshare(i64 %4) #83 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %152 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 74 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %152 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 105 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 16 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %152, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __x64_sys_unshare ------------- Path:  Function:__x64_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call i32 @ksys_unshare(i64 %3) #83 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %152 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 74 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %152 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 105 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 16 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %152, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #83 ------------- Use: =BAD PATH= Call Stack: 0 timens_install ------------- Path:  Function:timens_install %3 = getelementptr inbounds %struct.nsset, %struct.nsset* %0, i64 0, i32 1 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %5 = getelementptr %struct.ns_common, %struct.ns_common* %1, i64 -1, i32 1 %6 = bitcast %struct.proc_ns_operations** %5 to %struct.time_namespace* %7 = tail call zeroext i1 @current_is_single_threaded() #83 ------------- Use: =BAD PATH= Call Stack: 0 timens_install ------------- Path:  Function:timens_install %3 = getelementptr inbounds %struct.nsset, %struct.nsset* %0, i64 0, i32 1 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %5 = getelementptr %struct.ns_common, %struct.ns_common* %1, i64 -1, i32 1 %6 = bitcast %struct.proc_ns_operations** %5 to %struct.time_namespace* %7 = tail call zeroext i1 @current_is_single_threaded() #83 ------------- Good: 1 Bad: 4 Ignored: 1 Check Use of Function:security_bounded_transition Check Use of Function:audit_log_format Check Use of Function:cap_capable Check Use of Function:audit_log_start Use: =BAD PATH= Call Stack: 0 audit_set_loginuid 1 proc_loginuid_write ------------- Path:  Function:proc_loginuid_write %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 2 %7 = load %struct.inode.176051*, %struct.inode.176051** %6, align 8 %8 = bitcast i32* %5 to i8* %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.176180** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.176180**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.176180* %11 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %10, i64 0, i32 4 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 2097152 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %35 tail call void @__rcu_read_lock() #83 %16 = getelementptr %struct.inode.176051, %struct.inode.176051* %7, i64 -1, i32 41, i32 13 %17 = bitcast %struct.list_head* %16 to %struct.pid.175867** %18 = load %struct.pid.175867*, %struct.pid.175867** %17, align 8 %19 = tail call %struct.task_struct.176180* bitcast (%struct.task_struct* (%struct.pid*, i32)* @pid_task to %struct.task_struct.176180* (%struct.pid.175867*, i32)*)(%struct.pid.175867* %18, i32 0) #83 %20 = icmp eq %struct.task_struct.176180* %19, %10 tail call void @__rcu_read_unlock() #83 br i1 %20, label %21, label %35 %22 = load i64, i64* %3, align 8 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %35 %25 = call i32 @kstrtouint_from_user(i8* %1, i64 %2, i32 10, i32* nonnull %5) #83 %26 = icmp slt i32 %25, 0 br i1 %26, label %27, label %29 %30 = load i32, i32* %5, align 4 %31 = call i32 @audit_set_loginuid(i32 %30) #83 Function:audit_set_loginuid %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 115, i32 0 %5 = load i32, i32* %4, align 16 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 116 %7 = load i32, i32* %6, align 4 %8 = icmp eq i32 %5, -1 br i1 %8, label %21, label %9 %10 = load i32, i32* getelementptr inbounds (%struct.ist_info, %struct.ist_info* @af, i64 0, i32 2), align 4 %11 = and i32 %10, 2 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %32 %14 = tail call zeroext i1 @capable(i32 30) #83 br i1 %14, label %15, label %32 %33 = phi i32 [ 0, %15 ], [ 1, %30 ], [ 0, %9 ], [ 0, %13 ] %34 = phi i32 [ -1, %15 ], [ 0, %30 ], [ -1, %9 ], [ -1, %13 ] %35 = phi i32 [ -1, %15 ], [ %31, %30 ], [ -1, %9 ], [ -1, %13 ] %36 = load i32, i32* @audit_enabled, align 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %57, label %38 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %40 = load %struct.audit_context*, %struct.audit_context** %39, align 8 %41 = tail call %struct.audit_buffer* @audit_log_start(%struct.audit_context* %40, i32 3264, i32 1006) #83 ------------- Use: =BAD PATH= Call Stack: 0 audit_log_multicast 1 audit_multicast_unbind ------------- Path:  Function:audit_multicast_unbind tail call fastcc void @audit_log_multicast(i32 %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.62.10985, i64 0, i64 0), i32 0) #83 Function:audit_log_multicast %4 = alloca [16 x i8], align 16 %5 = getelementptr inbounds [16 x i8], [16 x i8]* %4, i64 0, i64 0 %6 = load i32, i32* @audit_enabled, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %62, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 114 %12 = load %struct.audit_context*, %struct.audit_context** %11, align 8 %13 = tail call %struct.audit_buffer* @audit_log_start(%struct.audit_context* %12, i32 3264, i32 1335) #83 ------------- Good: 141 Bad: 2 Ignored: 107 Check Use of Function:__mmu_notifier_invalidate_range_end Check Use of Function:audit_log_n_untrustedstring Check Use of Function:audit_log_end Check Use of Function:security_validate_transition Check Use of Function:security_transition_sid Check Use of Function:clear_itimer Check Use of Function:flush_signal_handlers Check Use of Function:tty_ldisc_reinit Check Use of Function:__wake_up_parent Check Use of Function:pc_nvram_initialize Check Use of Function:tty_kref_put Check Use of Function:no_tty Check Use of Function:iterate_fd Check Use of Function:update_rlimit_cpu Check Use of Function:sel_netnode_sid Check Use of Function:security_validate_transition_user Check Use of Function:simple_read_from_buffer Use: =BAD PATH= Call Stack: 0 mon_stat_read ------------- Path:  Function:mon_stat_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.snap** %7 = load %struct.snap*, %struct.snap** %6, align 8 %8 = getelementptr inbounds %struct.snap, %struct.snap* %7, i64 0, i32 1, i64 0 %9 = getelementptr inbounds %struct.snap, %struct.snap* %7, i64 0, i32 0 %10 = load i32, i32* %9, align 4 %11 = sext i32 %10 to i64 %12 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %8, i64 %11) #83 ------------- Use: =BAD PATH= Call Stack: 0 sel_read_handle_status ------------- Path:  Function:sel_read_handle_status %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.page** %7 = load %struct.page*, %struct.page** %6, align 8 %8 = icmp eq %struct.page* %7, null br i1 %8, label %9, label %10, !prof !4, !misexpect !5 %11 = load i64, i64* @vmemmap_base, align 8 %12 = ptrtoint %struct.page* %7 to i64 %13 = sub i64 %12, %11 %14 = shl i64 %13, 6 %15 = load i64, i64* @page_offset_base, align 8 %16 = add i64 %14, %15 %17 = inttoptr i64 %16 to i8* %18 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %17, i64 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 u32_array_read ------------- Path:  Function:u32_array_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = load i8*, i8** %5, align 8 %7 = tail call i64 @strlen(i8* %6) #83 %8 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %6, i64 %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 auxv_read ------------- Path:  Function:auxv_read %5 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.mm_struct.176084** %7 = load %struct.mm_struct.176084*, %struct.mm_struct.176084** %6, align 8 %8 = icmp eq %struct.mm_struct.176084* %7, null br i1 %8, label %22, label %9 %10 = phi i32 [ %11, %9 ], [ 0, %4 ] %11 = add i32 %10, 2 %12 = zext i32 %10 to i64 %13 = getelementptr %struct.mm_struct.176084, %struct.mm_struct.176084* %7, i64 0, i32 0, i32 41, i64 %12 %14 = load i64, i64* %13, align 8 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %9 %17 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %7, i64 0, i32 0, i32 41, i64 0 %18 = bitcast i64* %17 to i8* %19 = zext i32 %11 to i64 %20 = shl nuw nsw i64 %19, 3 %21 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %18, i64 %20) #83 ------------- Use: =BAD PATH= Call Stack: 0 bm_status_read ------------- Path:  Function:bm_status_read %5 = load i1, i1* @enabled, align 4 %6 = select i1 %5, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.6.18485, i64 0, i64 0), i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.18486, i64 0, i64 0) %7 = select i1 %5, i64 9, i64 8 %8 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %6, i64 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 bm_entry_read ------------- Path:  Function:bm_entry_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 47 %8 = bitcast i8** %7 to %struct.Node** %9 = load %struct.Node*, %struct.Node** %8, align 8 %10 = tail call i64 @__get_free_pages(i32 3264, i32 0) #83 %11 = inttoptr i64 %10 to i8* %12 = icmp eq i64 %10, 0 br i1 %12, label %91, label %13 %14 = getelementptr inbounds %struct.Node, %struct.Node* %9, i64 0, i32 1 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 1 %17 = icmp eq i64 %16, 0 %18 = select i1 %17, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.13.18479, i64 0, i64 0), i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.14.18480, i64 0, i64 0) %19 = getelementptr inbounds %struct.Node, %struct.Node* %9, i64 0, i32 6 %20 = load i8*, i8** %19, align 8 %21 = tail call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %11, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.15.18481, i64 0, i64 0), i8* %18, i8* %20) #83 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %11, i64 %22 %24 = bitcast i8* %23 to i64* store i64 9071466584829030, i64* %24, align 1 %25 = getelementptr i8, i8* %23, i64 7 %26 = load i64, i64* %14, align 8 %27 = icmp ult i64 %26, 2147483648 br i1 %27, label %31, label %28 %29 = getelementptr i8, i8* %25, i64 1 store i8 80, i8* %25, align 1 %30 = load i64, i64* %14, align 8 br label %31 %32 = phi i64 [ %30, %28 ], [ %26, %13 ] %33 = phi i8* [ %29, %28 ], [ %25, %13 ] %34 = and i64 %32, 1073741824 %35 = icmp eq i64 %34, 0 br i1 %35, label %39, label %36 %37 = getelementptr i8, i8* %33, i64 1 store i8 79, i8* %33, align 1 %38 = load i64, i64* %14, align 8 br label %39 %40 = phi i64 [ %38, %36 ], [ %32, %31 ] %41 = phi i8* [ %37, %36 ], [ %33, %31 ] %42 = and i64 %40, 536870912 %43 = icmp eq i64 %42, 0 br i1 %43, label %47, label %44 %45 = getelementptr i8, i8* %41, i64 1 store i8 67, i8* %41, align 1 %46 = load i64, i64* %14, align 8 br label %47 %48 = phi i64 [ %46, %44 ], [ %40, %39 ] %49 = phi i8* [ %45, %44 ], [ %41, %39 ] %50 = and i64 %48, 268435456 %51 = icmp eq i64 %50, 0 br i1 %51, label %54, label %52 %53 = getelementptr i8, i8* %49, i64 1 store i8 70, i8* %49, align 1 br label %54 %55 = phi i8* [ %53, %52 ], [ %49, %47 ] %56 = getelementptr i8, i8* %55, i64 1 store i8 10, i8* %55, align 1 %57 = load volatile i64, i64* %14, align 8 %58 = and i64 %57, 2 %59 = icmp eq i64 %58, 0 br i1 %59, label %60, label %64 %61 = getelementptr inbounds %struct.Node, %struct.Node* %9, i64 0, i32 4 %62 = load i8*, i8** %61, align 8 %63 = tail call i32 (i8*, i8*, ...) @sprintf(i8* %56, i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.17.18482, i64 0, i64 0), i8* %62) #83 br label %88 %89 = tail call i64 @strlen(i8* nonnull %11) #84 %90 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %11, i64 %89) #83 ------------- Use: =BAD PATH= Call Stack: 0 tlbflush_read_file ------------- Path:  Function:tlbflush_read_file %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* @tlb_single_page_flush_ceiling, align 8 %8 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %6, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.4552, i64 0, i64 0), i64 %7) #83 %9 = zext i32 %8 to i64 %10 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %6, i64 %9) #84 ------------- Use: =BAD PATH= Call Stack: 0 init_pkru_read_file ------------- Path:  Function:init_pkru_read_file %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = load i32, i32* @init_pkru_value, align 4 %8 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %6, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.1.4773, i64 0, i64 0), i32 %7) #83 %9 = zext i32 %8 to i64 %10 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %6, i64 %9) #84 ------------- Use: =BAD PATH= Call Stack: 0 read_enabled_file_bool ------------- Path:  Function:read_enabled_file_bool %5 = alloca [3 x i8], align 1 %6 = getelementptr inbounds [3 x i8], [3 x i8]* %5, i64 0, i64 0 %7 = load i1, i1* @kprobes_all_disarmed, align 1 %8 = select i1 %7, i8 48, i8 49 store i8 %8, i8* %6, align 1 %9 = getelementptr inbounds [3 x i8], [3 x i8]* %5, i64 0, i64 1 store i8 10, i8* %9, align 1 %10 = getelementptr inbounds [3 x i8], [3 x i8]* %5, i64 0, i64 2 store i8 0, i8* %10, align 1 %11 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %6, i64 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 trace_options_read ------------- Path:  Function:trace_options_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_option_dentry** %7 = load %struct.trace_option_dentry*, %struct.trace_option_dentry** %6, align 8 %8 = getelementptr inbounds %struct.trace_option_dentry, %struct.trace_option_dentry* %7, i64 0, i32 1 %9 = load %struct.tracer_flags*, %struct.tracer_flags** %8, align 8 %10 = getelementptr inbounds %struct.tracer_flags, %struct.tracer_flags* %9, i64 0, i32 0 %11 = load i32, i32* %10, align 8 %12 = getelementptr inbounds %struct.trace_option_dentry, %struct.trace_option_dentry* %7, i64 0, i32 0 %13 = load %struct.uuidcmp*, %struct.uuidcmp** %12, align 8 %14 = getelementptr inbounds %struct.uuidcmp, %struct.uuidcmp* %13, i64 0, i32 1 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, %11 %17 = icmp eq i32 %16, 0 %18 = select i1 %17, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.138.11491, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.137.11492, i64 0, i64 0) %19 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %18, i64 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_readme_read ------------- Path:  Function:tracing_readme_read %5 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* getelementptr inbounds ([4692 x i8], [4692 x i8]* @readme_msg, i64 0, i64 0), i64 4691) #83 ------------- Use: =BAD PATH= Call Stack: 0 trace_options_core_read ------------- Path:  Function:trace_options_core_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = load i8*, i8** %5, align 8 %7 = load i8, i8* %6, align 1 %8 = zext i8 %7 to i32 %9 = zext i8 %7 to i64 %10 = sub nsw i64 0, %9 %11 = getelementptr i8, i8* %6, i64 %10 %12 = getelementptr i8, i8* %11, i64 -124 %13 = getelementptr inbounds i8, i8* %12, i64 120 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = shl nuw i32 1, %8 %17 = and i32 %16, %15 %18 = icmp eq i32 %17, 0 %19 = select i1 %18, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.138.11491, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.137.11492, i64 0, i64 0) %20 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %19, i64 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 buffer_percent_read ------------- Path:  Function:buffer_percent_read %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %10 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 11 %11 = load i32, i32* %10, align 8 %12 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %9, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.174.11568, i64 0, i64 0), i32 %11) #83 %13 = sext i32 %12 to i64 %14 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %9, i64 %13) #84 ------------- Use: =BAD PATH= Call Stack: 0 rb_simple_read ------------- Path:  Function:rb_simple_read %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %10 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %11 = load %struct.trace_buffer*, %struct.trace_buffer** %10, align 8 %12 = icmp eq %struct.trace_buffer* %11, null br i1 %12, label %15, label %13 %14 = tail call zeroext i1 @ring_buffer_record_is_on(%struct.trace_buffer* nonnull %11) #83 br label %19 %20 = phi i1 [ %14, %13 ], [ %18, %15 ] %21 = zext i1 %20 to i32 %22 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %9, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.174.11568, i64 0, i64 0), i32 %21) #84 %23 = sext i32 %22 to i64 %24 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %9, i64 %23) #83 ------------- Use: =BAD PATH= Call Stack: 0 event_id_read ------------- Path:  Function:event_id_read %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds %struct.file.108396, %struct.file.108396* %0, i64 0, i32 2 %7 = load %struct.inode.108445*, %struct.inode.108445** %6, align 8 %8 = getelementptr inbounds %struct.inode.108445, %struct.inode.108445* %7, i64 0, i32 47 %9 = load volatile i8*, i8** %8, align 8 %10 = ptrtoint i8* %9 to i64 %11 = trunc i64 %10 to i32 %12 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %13 = icmp eq i32 %11, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %12, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.34.11998, i64 0, i64 0), i32 %11) #83 %16 = sext i32 %15 to i64 %17 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %12, i64 %16) #84 ------------- Use: =BAD PATH= Call Stack: 0 simple_transaction_read ------------- Path:  Function:simple_transaction_read %5 = getelementptr inbounds %struct.file.151769, %struct.file.151769* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.prb_data_block** %7 = load %struct.prb_data_block*, %struct.prb_data_block** %6, align 8 %8 = icmp eq %struct.prb_data_block* %7, null br i1 %8, label %14, label %9 %10 = getelementptr inbounds %struct.prb_data_block, %struct.prb_data_block* %7, i64 0, i32 1, i64 0 %11 = getelementptr inbounds %struct.prb_data_block, %struct.prb_data_block* %7, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %10, i64 %12) #83 ------------- Good: 45 Bad: 16 Ignored: 14 Check Use of Function:memdup_user_nul Use: =BAD PATH= Call Stack: 0 i915_displayport_test_active_write ------------- Path:  Function:i915_displayport_test_active_write %5 = alloca %struct.drm_connector_list_iter, align 8 %6 = alloca i32, align 4 %7 = bitcast %struct.drm_connector_list_iter* %5 to i8* %8 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_device.373290** %14 = load %struct.drm_device.373290*, %struct.drm_device.373290** %13, align 8 %15 = icmp eq i64 %2, 0 br i1 %15, label %82, label %16 %17 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 crc_control_write ------------- Path:  Function:crc_control_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_crtc.400184** %11 = load %struct.drm_crtc.400184*, %struct.drm_crtc.400184** %10, align 8 %12 = bitcast i64* %5 to i8* %13 = icmp eq i64 %2, 0 br i1 %13, label %48, label %14 %15 = icmp ugt i64 %2, 4095 br i1 %15, label %16, label %17 %18 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse_user 1 irq_affinity_proc_write ------------- Path:  Function:irq_affinity_proc_write %5 = alloca [1 x %struct.cpumask], align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = tail call i8* @PDE_DATA(%struct.inode* %7) #83 %9 = ptrtoint i8* %8 to i64 %10 = trunc i64 %9 to i32 %11 = bitcast [1 x %struct.cpumask]* %5 to i8* %12 = tail call zeroext i1 @irq_can_set_affinity_usr(i32 %10) #83 %13 = xor i1 %12, true %14 = load i32, i32* @no_irq_affinity, align 4 %15 = icmp ne i32 %14, 0 %16 = or i1 %15, %13 br i1 %16, label %35, label %17 %18 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %18, align 8 %19 = trunc i64 %2 to i32 %20 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0 %21 = call i32 @bitmap_parse_user(i8* %1, i32 %19, i64* nonnull %18, i32 64) #83 Function:bitmap_parse_user %5 = zext i32 %1 to i64 %6 = tail call i8* @memdup_user_nul(i8* %0, i64 %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse_user 1 default_affinity_write ------------- Path:  Function:default_affinity_write %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = trunc i64 %2 to i32 %9 = call i32 @bitmap_parse_user(i8* %1, i32 %8, i64* nonnull %7, i32 64) #83 Function:bitmap_parse_user %5 = zext i32 %1 to i64 %6 = tail call i8* @memdup_user_nul(i8* %0, i64 %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse_user 1 tracing_cpumask_write ------------- Path:  Function:tracing_cpumask_write %5 = alloca [1 x %struct.cpumask], align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 47 %9 = bitcast i8** %8 to %struct.trace_array** %10 = load %struct.trace_array*, %struct.trace_array** %9, align 8 %11 = bitcast [1 x %struct.cpumask]* %5 to i8* %12 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = trunc i64 %2 to i32 %14 = call i32 @bitmap_parse_user(i8* %1, i32 %13, i64* nonnull %12, i32 64) #83 Function:bitmap_parse_user %5 = zext i32 %1 to i64 %6 = tail call i8* @memdup_user_nul(i8* %0, i64 %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parselist_user 1 irq_affinity_list_proc_write ------------- Path:  Function:irq_affinity_list_proc_write %5 = alloca [1 x %struct.cpumask], align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = tail call i8* @PDE_DATA(%struct.inode* %7) #83 %9 = ptrtoint i8* %8 to i64 %10 = trunc i64 %9 to i32 %11 = bitcast [1 x %struct.cpumask]* %5 to i8* %12 = tail call zeroext i1 @irq_can_set_affinity_usr(i32 %10) #83 %13 = xor i1 %12, true %14 = load i32, i32* @no_irq_affinity, align 4 %15 = icmp ne i32 %14, 0 %16 = or i1 %15, %13 br i1 %16, label %35, label %17 %18 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %18, align 8 %19 = trunc i64 %2 to i32 %20 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0 %21 = call i32 @bitmap_parselist_user(i8* %1, i32 %19, i64* nonnull %18, i32 64) #83 Function:bitmap_parselist_user %5 = zext i32 %1 to i64 %6 = tail call i8* @memdup_user_nul(i8* %0, i64 %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 sel_write_bool ------------- Path:  Function:sel_write_bool %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 11 %15 = load i64, i64* %14, align 8 %16 = trunc i64 %15 to i32 %17 = and i32 %16, 16777215 %18 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %19 = load %struct.dentry*, %struct.dentry** %18, align 8 %20 = getelementptr inbounds %struct.dentry, %struct.dentry* %19, i64 0, i32 4, i32 1 %21 = load i8*, i8** %20, align 8 %22 = icmp ugt i64 %2, 4095 br i1 %22, label %78, label %23 %24 = load i64, i64* %3, align 8 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %78 %27 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 sel_write_enforce ------------- Path:  Function:sel_write_enforce %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = icmp ugt i64 %2, 4095 br i1 %16, label %79, label %17 %18 = load i64, i64* %3, align 8 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %79 %21 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 sel_commit_bools_write ------------- Path:  Function:sel_commit_bools_write %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = bitcast i32* %5 to i8* %14 = icmp ugt i64 %2, 4095 br i1 %14, label %64, label %15 %16 = load i64, i64* %3, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %64 %19 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_simple_write ------------- Path:  Function:proc_simple_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 9 %12 = load i32 (%struct.file*, i8*, i64)*, i32 (%struct.file*, i8*, i64)** %11, align 8 %13 = icmp eq i32 (%struct.file*, i8*, i64)* %12, null br i1 %13, label %28, label %14 %15 = add i64 %2, -1 %16 = icmp ugt i64 %15, 4094 br i1 %16, label %28, label %17 %18 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_simple_write ------------- Path:  Function:proc_simple_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 9 %12 = load i32 (%struct.file*, i8*, i64)*, i32 (%struct.file*, i8*, i64)** %11, align 8 %13 = icmp eq i32 (%struct.file*, i8*, i64)* %12, null br i1 %13, label %28, label %14 %15 = add i64 %2, -1 %16 = icmp ugt i64 %15, 4094 br i1 %16, label %28, label %17 %18 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 timens_offsets_write ------------- Path:  Function:timens_offsets_write %5 = alloca [2 x %struct.proc_timens_offset], align 16 %6 = alloca [10 x i8], align 1 %7 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 2 %8 = load %struct.inode.176051*, %struct.inode.176051** %7, align 8 %9 = bitcast [2 x %struct.proc_timens_offset]* %5 to i8* %10 = load i64, i64* %3, align 8 %11 = icmp ne i64 %10, 0 %12 = icmp ugt i64 %2, 4095 %13 = or i1 %12, %11 br i1 %13, label %98, label %14 %15 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_msg_write ------------- Path:  Function:blk_msg_write %5 = icmp ugt i64 %2, 127 br i1 %5, label %15, label %6 %7 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 event_filter_write ------------- Path:  Function:event_filter_write %5 = icmp ugt i64 %2, 4095 br i1 %5, label %28, label %6 %7 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 subsystem_filter_write ------------- Path:  Function:subsystem_filter_write %5 = getelementptr inbounds %struct.file.108396, %struct.file.108396* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_subsystem_dir.108342** %7 = load %struct.trace_subsystem_dir.108342*, %struct.trace_subsystem_dir.108342** %6, align 8 %8 = icmp ugt i64 %2, 4095 br i1 %8, label %22, label %9 %10 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 event_trigger_write ------------- Path:  Function:event_trigger_write %5 = icmp eq i64 %2, 0 br i1 %5, label %29, label %6 %7 = icmp ugt i64 %2, 4095 br i1 %7, label %29, label %8 %9 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #83 ------------- Good: 5 Bad: 16 Ignored: 13 Check Use of Function:security_change_sid Check Use of Function:hex_to_bin Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #83 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #83 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #83 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #83 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #83 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #83 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #83 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #83 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #83 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 signext %132) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #83 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #83 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #83 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 signext %132) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #83 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #83 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #83 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 signext %132) #83 %143 = icmp slt i32 %142, 0 br i1 %143, label %183, label %144 %145 = shl i32 %142, 24 %146 = or i32 %145, %129 %147 = icmp ult i8* %141, %0 br i1 %147, label %178, label %148 %149 = load i8, i8* %141, align 1 %150 = zext i8 %149 to i64 %151 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %150 %152 = load i8, i8* %151, align 1 %153 = and i8 %152, 32 %154 = icmp ne i8 %153, 0 %155 = icmp eq i8 %149, 44 %156 = or i1 %155, %154 br i1 %156, label %178, label %157 %158 = getelementptr i8, i8* %32, i64 -8 %159 = tail call i32 @hex_to_bin(i8 signext %149) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #83 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #83 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #83 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 signext %132) #83 %143 = icmp slt i32 %142, 0 br i1 %143, label %183, label %144 %145 = shl i32 %142, 24 %146 = or i32 %145, %129 %147 = icmp ult i8* %141, %0 br i1 %147, label %178, label %148 %149 = load i8, i8* %141, align 1 %150 = zext i8 %149 to i64 %151 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %150 %152 = load i8, i8* %151, align 1 %153 = and i8 %152, 32 %154 = icmp ne i8 %153, 0 %155 = icmp eq i8 %149, 44 %156 = or i1 %155, %154 br i1 %156, label %178, label %157 %158 = getelementptr i8, i8* %32, i64 -8 %159 = tail call i32 @hex_to_bin(i8 signext %149) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #83 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #83 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #83 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 signext %132) #83 %143 = icmp slt i32 %142, 0 br i1 %143, label %183, label %144 %145 = shl i32 %142, 24 %146 = or i32 %145, %129 %147 = icmp ult i8* %141, %0 br i1 %147, label %178, label %148 %149 = load i8, i8* %141, align 1 %150 = zext i8 %149 to i64 %151 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %150 %152 = load i8, i8* %151, align 1 %153 = and i8 %152, 32 %154 = icmp ne i8 %153, 0 %155 = icmp eq i8 %149, 44 %156 = or i1 %155, %154 br i1 %156, label %178, label %157 %158 = getelementptr i8, i8* %32, i64 -8 %159 = tail call i32 @hex_to_bin(i8 signext %149) #83 %160 = icmp slt i32 %159, 0 br i1 %160, label %183, label %161 %162 = shl i32 %159, 28 %163 = or i32 %162, %146 %164 = icmp ult i8* %158, %0 br i1 %164, label %178, label %165 %166 = load i8, i8* %158, align 1 %167 = zext i8 %166 to i64 %168 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %167 %169 = load i8, i8* %168, align 1 %170 = and i8 %169, 32 %171 = icmp ne i8 %170, 0 %172 = icmp eq i8 %166, 44 %173 = or i1 %172, %171 br i1 %173, label %178, label %174 %175 = getelementptr i8, i8* %32, i64 -9 %176 = tail call i32 @hex_to_bin(i8 signext %166) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %14, -1 %36 = icmp eq i32 %14, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 signext %41) #83 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 signext %51) #83 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 signext %64) #83 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 signext %81) #83 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 signext %98) #83 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 signext %115) #83 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 signext %132) #83 %143 = icmp slt i32 %142, 0 br i1 %143, label %183, label %144 %145 = shl i32 %142, 24 %146 = or i32 %145, %129 %147 = icmp ult i8* %141, %0 br i1 %147, label %178, label %148 %149 = load i8, i8* %141, align 1 %150 = zext i8 %149 to i64 %151 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %150 %152 = load i8, i8* %151, align 1 %153 = and i8 %152, 32 %154 = icmp ne i8 %153, 0 %155 = icmp eq i8 %149, 44 %156 = or i1 %155, %154 br i1 %156, label %178, label %157 %158 = getelementptr i8, i8* %32, i64 -8 %159 = tail call i32 @hex_to_bin(i8 signext %149) #83 %160 = icmp slt i32 %159, 0 br i1 %160, label %183, label %161 %162 = shl i32 %159, 28 %163 = or i32 %162, %146 %164 = icmp ult i8* %158, %0 br i1 %164, label %178, label %165 %166 = load i8, i8* %158, align 1 %167 = zext i8 %166 to i64 %168 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %167 %169 = load i8, i8* %168, align 1 %170 = and i8 %169, 32 %171 = icmp ne i8 %170, 0 %172 = icmp eq i8 %166, 44 %173 = or i1 %172, %171 br i1 %173, label %178, label %174 %175 = getelementptr i8, i8* %32, i64 -9 %176 = tail call i32 @hex_to_bin(i8 signext %166) #83 ------------- Good: 138 Bad: 18 Ignored: 159 Check Use of Function:security_transition_sid_user Check Use of Function:tty_name Check Use of Function:avc_ss_reset Check Use of Function:security_get_permissions Check Use of Function:cpumask_weight.6851 Check Use of Function:security_get_classes Check Use of Function:d_genocide Check Use of Function:d_alloc_name Check Use of Function:security_get_bools Check Use of Function:selinux_policy_genfs_sid Check Use of Function:get_zeroed_page Use: =BAD PATH= Call Stack: 0 simple_transaction_get 1 selinux_transaction_write ------------- Path:  Function:selinux_transaction_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = icmp ugt i64 %8, 14 br i1 %9, label %25, label %10 %11 = getelementptr [15 x i64 (%struct.file*, i8*, i64)*], [15 x i64 (%struct.file*, i8*, i64)*]* @write_op, i64 0, i64 %8 %12 = lshr i64 15391, %8 %13 = and i64 %12, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %25 %16 = tail call i8* bitcast (i8* (%struct.file.151769*, i8*, i64)* @simple_transaction_get to i8* (%struct.file*, i8*, i64)*)(%struct.file* %0, i8* %1, i64 %2) #83 Function:simple_transaction_get %4 = icmp ugt i64 %2, 4087 br i1 %4, label %20, label %5 %6 = tail call i64 @get_zeroed_page(i32 3264) #83 ------------- Good: 483 Bad: 1 Ignored: 562 Check Use of Function:flush_thread Check Use of Function:sel_make_dir Check Use of Function:mnt_clone_internal Check Use of Function:destroy_local_trace_uprobe Check Use of Function:e1000e_open Check Use of Function:__mnt_want_write Check Use of Function:dev_add_pack Check Use of Function:dev_set_alias Check Use of Function:security_task_getscheduler Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval ------------- Path:  Function:__ia32_sys_sched_rr_get_interval %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.cpu_itimer* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.cpu_itimer* nonnull %2) #83 Function:sched_rr_get_interval %3 = alloca %struct.rq_flags, align 8 %4 = bitcast %struct.rq_flags* %3 to i8* %5 = icmp slt i32 %0, 0 br i1 %5, label %37, label %6 tail call void @__rcu_read_lock() #83 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %13 %14 = phi %struct.task_struct* [ %9, %8 ], [ %12, %10 ] %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %35, label %16 %17 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %14) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__ia32_sys_sched_rr_get_interval_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.cpu_itimer* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.cpu_itimer* nonnull %2) #83 Function:sched_rr_get_interval %3 = alloca %struct.rq_flags, align 8 %4 = bitcast %struct.rq_flags* %3 to i8* %5 = icmp slt i32 %0, 0 br i1 %5, label %37, label %6 tail call void @__rcu_read_lock() #83 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %13 %14 = phi %struct.task_struct* [ %9, %8 ], [ %12, %10 ] %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %35, label %16 %17 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %14) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval ------------- Path:  Function:__x64_sys_sched_rr_get_interval %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.cpu_itimer** %7 = load %struct.cpu_itimer*, %struct.cpu_itimer** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.cpu_itimer* nonnull %2) #83 Function:sched_rr_get_interval %3 = alloca %struct.rq_flags, align 8 %4 = bitcast %struct.rq_flags* %3 to i8* %5 = icmp slt i32 %0, 0 br i1 %5, label %37, label %6 tail call void @__rcu_read_lock() #83 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %13 %14 = phi %struct.task_struct* [ %9, %8 ], [ %12, %10 ] %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %35, label %16 %17 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %14) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__x64_sys_sched_rr_get_interval_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.cpu_itimer* nonnull %2) #83 Function:sched_rr_get_interval %3 = alloca %struct.rq_flags, align 8 %4 = bitcast %struct.rq_flags* %3 to i8* %5 = icmp slt i32 %0, 0 br i1 %5, label %37, label %6 tail call void @__rcu_read_lock() #83 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %13 %14 = phi %struct.task_struct* [ %9, %8 ], [ %12, %10 ] %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %35, label %16 %17 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %14) #83 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getscheduler ------------- Path:  Function:__x64_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %31, label %6 tail call void @__rcu_read_lock() #83 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* br label %13 %14 = phi %struct.task_struct* [ %9, %8 ], [ %12, %10 ] %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %28, label %16 %17 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %14) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getparam 1 __ia32_sys_sched_getparam ------------- Path:  Function:__ia32_sys_sched_getparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_sched_getparam(i64 %4, i64 %7) #83 Function:__se_sys_sched_getparam %3 = alloca %struct.kuid_t, align 4 %4 = trunc i64 %0 to i32 %5 = bitcast %struct.kuid_t* %3 to i8* %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 store i32 0, i32* %6, align 4 %7 = icmp eq i64 %1, 0 %8 = icmp slt i32 %4, 0 %9 = or i1 %8, %7 br i1 %9, label %39, label %10 tail call void @__rcu_read_lock() #83 %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* br label %17 %18 = phi %struct.task_struct* [ %13, %12 ], [ %16, %14 ] %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %36, label %20 %21 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %18) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getparam 1 __x64_sys_sched_getparam ------------- Path:  Function:__x64_sys_sched_getparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_sched_getparam(i64 %3, i64 %5) #83 Function:__se_sys_sched_getparam %3 = alloca %struct.kuid_t, align 4 %4 = trunc i64 %0 to i32 %5 = bitcast %struct.kuid_t* %3 to i8* %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 store i32 0, i32* %6, align 4 %7 = icmp eq i64 %1, 0 %8 = icmp slt i32 %4, 0 %9 = or i1 %8, %7 br i1 %9, label %39, label %10 tail call void @__rcu_read_lock() #83 %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* br label %17 %18 = phi %struct.task_struct* [ %13, %12 ], [ %16, %14 ] %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %36, label %20 %21 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %18) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __ia32_sys_sched_getattr ------------- Path:  Function:__ia32_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %4, i64 %7, i64 %10, i64 %13) #83 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %81, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %81, label %18 tail call void @__rcu_read_lock() #83 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %24 = inttoptr i64 %23 to %struct.task_struct* br label %25 %26 = phi %struct.task_struct* [ %21, %20 ], [ %24, %22 ] %27 = icmp eq %struct.task_struct* %26, null br i1 %27, label %78, label %28 %29 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %26) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __x64_sys_sched_getattr ------------- Path:  Function:__x64_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %3, i64 %5, i64 %7, i64 %9) #83 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %81, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %81, label %18 tail call void @__rcu_read_lock() #83 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %24 = inttoptr i64 %23 to %struct.task_struct* br label %25 %26 = phi %struct.task_struct* [ %21, %20 ], [ %24, %22 ] %27 = icmp eq %struct.task_struct* %26, null br i1 %27, label %78, label %28 %29 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %26) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __se_compat_sys_sched_getaffinity 2 __ia32_compat_sys_sched_getaffinity ------------- Path:  Function:__ia32_compat_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #83 Function:__se_compat_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %1 to i32 %6 = inttoptr i64 %2 to i32* %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %5, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %5, 3 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %65 %15 = trunc i64 %0 to i32 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %17 = call i64 @sched_getaffinity(i32 %15, %struct.cpumask* nonnull %16) #83 Function:sched_getaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %23, label %12 %13 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __ia32_sys_sched_getaffinity ------------- Path:  Function:__ia32_sys_sched_getaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %6 to i32 %11 = bitcast [1 x %struct.cpumask]* %2 to i8* %12 = shl i32 %10, 3 %13 = load i32, i32* @nr_cpu_ids, align 4 %14 = icmp uge i32 %12, %13 %15 = and i32 %10, 7 %16 = icmp eq i32 %15, 0 %17 = and i1 %16, %14 br i1 %17, label %18, label %35 %19 = trunc i64 %4 to i32 %20 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %21 = call i64 @sched_getaffinity(i32 %19, %struct.cpumask* nonnull %20) #83 Function:sched_getaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %23, label %12 %13 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __x64_sys_sched_getaffinity ------------- Path:  Function:__x64_sys_sched_getaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %6 to i32 %11 = bitcast [1 x %struct.cpumask]* %2 to i8* %12 = shl i32 %10, 3 %13 = load i32, i32* @nr_cpu_ids, align 4 %14 = icmp uge i32 %12, %13 %15 = and i32 %10, 7 %16 = icmp eq i32 %15, 0 %17 = and i1 %16, %14 br i1 %17, label %18, label %34 %19 = trunc i64 %4 to i32 %20 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %21 = call i64 @sched_getaffinity(i32 %19, %struct.cpumask* nonnull %20) #83 Function:sched_getaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %23, label %12 %13 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getscheduler ------------- Path:  Function:__ia32_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %31, label %6 tail call void @__rcu_read_lock() #83 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* br label %13 %14 = phi %struct.task_struct* [ %9, %8 ], [ %12, %10 ] %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %28, label %16 %17 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %14) #83 ------------- Good: 1 Bad: 13 Ignored: 1 Check Use of Function:dm_blk_ioctl Check Use of Function:sr_block_ioctl Check Use of Function:md_ioctl Use: =BAD PATH= Call Stack: 0 md_compat_ioctl ------------- Path:  Function:md_compat_ioctl switch i32 %2, label %5 [ i32 2338, label %7 i32 2344, label %7 i32 2345, label %7 i32 1074006315, label %7 ] %8 = phi i64 [ %6, %5 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ] %9 = tail call i32 @md_ioctl(%struct.block_device.687185* %0, i32 %1, i32 %2, i64 %8) #83 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:lo_ioctl Use: =BAD PATH= Call Stack: 0 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %8 = load %struct.gendisk.604060*, %struct.gendisk.604060** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.604038* %0, i32 %1, i32 %2, i64 %35) #84 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:md_compat_ioctl Check Use of Function:dm_pr_preempt Check Use of Function:sd_pr_release Check Use of Function:dm_pr_register Check Use of Function:sd_pr_register Check Use of Function:copy_page Check Use of Function:md_set_read_only Check Use of Function:dm_pr_reserve Check Use of Function:sd_pr_clear Check Use of Function:isolate_lru_page Check Use of Function:drv_ampdu_action Check Use of Function:snd_hwdep_ioctl_compat Check Use of Function:acpi_sysfs_init Check Use of Function:drv_event_callback Check Use of Function:bdev_add_partition Check Use of Function:mqueue_unlink Check Use of Function:skb_copy_bits Use: =BAD PATH= Call Stack: 0 ipv6_skip_exthdr 1 icmp6_send 2 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.873416, %struct.sk_buff.873416* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.744749*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.873416*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.873416* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #83 Function:icmp6_send %7 = alloca %struct.dst_entry.744500*, align 8 %8 = alloca %struct.dst_entry.744500*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca %struct.icmp6hdr, align 4 %15 = alloca %struct.flowi6, align 8 %16 = alloca %struct.icmpv6_msg, align 8 %17 = alloca %struct.ipcm6_cookie, align 8 %18 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 40 %19 = load i8*, i8** %18, align 8 %20 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 35 %21 = load i16, i16* %20, align 4 %22 = zext i16 %21 to i64 %23 = getelementptr i8, i8* %19, i64 %22 %24 = getelementptr inbounds %struct.icmp6hdr, %struct.icmp6hdr* %14, i64 0, i32 0 %25 = bitcast %struct.flowi6* %15 to i8* %26 = bitcast %struct.icmpv6_msg* %16 to i8* %27 = bitcast %struct.ipcm6_cookie* %17 to i8* %28 = icmp ult i8* %23, %19 br i1 %28, label %487, label %29 %30 = getelementptr i8, i8* %23, i64 40 %31 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 38 %32 = load i32, i32* %31, align 8 %33 = zext i32 %32 to i64 %34 = getelementptr i8, i8* %19, i64 %33 %35 = icmp ugt i8* %30, %34 br i1 %35, label %487, label %36 %37 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %38 = load %struct.net_device.744736*, %struct.net_device.744736** %37, align 8 %39 = icmp eq %struct.net_device.744736* %38, null br i1 %39, label %487, label %40 %41 = getelementptr inbounds %struct.net_device.744736, %struct.net_device.744736* %38, i64 0, i32 110, i32 0 %42 = load %struct.net.744609*, %struct.net.744609** %41, align 8 %43 = getelementptr inbounds %struct.net.744609, %struct.net.744609* %42, i64 0, i32 35, i32 1, i32 26 %44 = load i8, i8* %43, align 2 %45 = icmp eq i8 %44, 0 br i1 %45, label %49, label %46 %50 = phi i32 [ %48, %46 ], [ 0, %40 ] %51 = getelementptr inbounds i8, i8* %23, i64 24 %52 = bitcast i8* %51 to %struct.in6_addr* %53 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %52) #83 %54 = load %struct.net_device.744736*, %struct.net_device.744736** %37, align 8 %55 = tail call i32 bitcast (i32 (%struct.net.872340*, %struct.in6_addr*, %struct.net_device.872226*, i32)* @ipv6_chk_addr to i32 (%struct.net.744609*, %struct.in6_addr*, %struct.net_device.744736*, i32)*)(%struct.net.744609* %42, %struct.in6_addr* %52, %struct.net_device.744736* %54, i32 0) #83 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %60 br label %61 %62 = phi %struct.in6_addr* [ %52, %60 ], [ null, %57 ] %63 = and i32 %53, 2 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 16 %67 = load i16, i16* %66, align 8 %68 = and i16 %67, 7 %69 = icmp eq i16 %68, 0 br i1 %69, label %108, label %70 switch i8 %1, label %487 [ i8 2, label %108 i8 4, label %71 ] %72 = icmp eq i8 %2, 2 br i1 %72, label %73, label %487 %74 = load i8*, i8** %18, align 8 %75 = load i16, i16* %20, align 4 %76 = zext i16 %75 to i64 %77 = getelementptr i8, i8* %74, i64 %76 %78 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 41 %79 = bitcast i8** %78 to i64* %80 = load i64, i64* %79, align 8 %81 = ptrtoint i8* %77 to i64 %82 = sub i64 %81, %80 %83 = trunc i64 %82 to i32 %84 = add i32 %83, %3 %85 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 6 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 7 %88 = load i32, i32* %87, align 4 %89 = sub i32 %86, %88 %90 = sub i32 %89, %84 %91 = icmp sgt i32 %90, 0 br i1 %91, label %97, label %92, !prof !4, !misexpect !5 %98 = inttoptr i64 %80 to i8* %99 = sext i32 %84 to i64 %100 = getelementptr i8, i8* %98, i64 %99 %101 = icmp eq i8* %100, null br i1 %101, label %102, label %103 br label %108 %109 = phi %struct.in6_addr* [ %62, %65 ], [ null, %70 ], [ null, %103 ], [ null, %102 ] %110 = getelementptr inbounds i8, i8* %23, i64 8 %111 = bitcast i8* %110 to %struct.in6_addr* %112 = call i32 @__ipv6_addr_type(%struct.in6_addr* %111) #83 %113 = and i32 %112, 65535 %114 = and i32 %112, 32 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %122 %117 = and i32 %112, 2 %118 = icmp ne i32 %117, 0 %119 = and i32 %112, 48 %120 = icmp ne i32 %119, 0 %121 = and i1 %118, %120 br i1 %121, label %122, label %145 %146 = phi i32 [ %125, %127 ], [ %144, %137 ], [ %125, %132 ], [ 0, %116 ] %147 = icmp ne i32 %113, 0 %148 = and i32 %112, 2 %149 = icmp eq i32 %148, 0 %150 = and i1 %147, %149 br i1 %150, label %151, label %487 %152 = load i8*, i8** %18, align 8 %153 = load i16, i16* %20, align 4 %154 = zext i16 %153 to i64 %155 = getelementptr i8, i8* %152, i64 %154 %156 = getelementptr i8, i8* %155, i64 40 %157 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 41 %158 = bitcast i8** %157 to i64* %159 = load i64, i64* %158, align 8 %160 = ptrtoint i8* %156 to i64 %161 = sub i64 %160, %159 %162 = trunc i64 %161 to i32 %163 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 6 %164 = load i32, i32* %163, align 8 %165 = sub i32 %164, %162 %166 = getelementptr inbounds i8, i8* %155, i64 6 %167 = load i8, i8* %166, align 2 store i8 %167, i8* %10, align 1 %168 = bitcast i16* %11 to i8* %169 = icmp slt i32 %165, 0 br i1 %169, label %197, label %170 %171 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.744749*, i32, i8*, i16*)*)(%struct.sk_buff.744749* %0, i32 %162, i8* nonnull %10, i16* nonnull %11) #83 Function:ipv6_skip_exthdr %5 = alloca [2 x i8], align 1 %6 = alloca i16, align 2 %7 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %8 = load i8, i8* %2, align 1 store i16 0, i16* %3, align 2 %9 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %10 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %11 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %12 = icmp eq %struct.sk_buff* %0, null %13 = bitcast i16* %6 to i8* br label %14 %15 = phi i8 [ %8, %4 ], [ %75, %73 ] %16 = phi i32 [ %1, %4 ], [ %76, %73 ] switch i8 %15, label %77 [ i8 0, label %17 i8 43, label %17 i8 44, label %17 i8 51, label %17 i8 59, label %17 i8 60, label %17 ] %18 = icmp eq i8 %15, 59 br i1 %18, label %72, label %19 %20 = load i32, i32* %9, align 8 %21 = load i32, i32* %10, align 4 %22 = sub i32 %20, %16 %23 = sub i32 %22, %21 %24 = icmp slt i32 %23, 2 br i1 %24, label %25, label %29, !prof !4, !misexpect !5 br i1 %12, label %72, label %26 %27 = call i32 @skb_copy_bits(%struct.sk_buff* nonnull %0, i32 %16, i8* nonnull %7, i32 2) #83 %28 = icmp sgt i32 %27, -1 br i1 %28, label %34, label %72 %35 = phi i8* [ %32, %29 ], [ %7, %26 ] %36 = icmp eq i8 %15, 44 br i1 %36, label %37, label %61 %38 = add i32 %16, 2 %39 = load i32, i32* %9, align 8 %40 = load i32, i32* %10, align 4 %41 = sub i32 %39, %38 %42 = sub i32 %41, %40 %43 = icmp slt i32 %42, 2 br i1 %43, label %44, label %48, !prof !4, !misexpect !5 br i1 %12, label %53, label %45 %46 = call i32 @skb_copy_bits(%struct.sk_buff* nonnull %0, i32 %38, i8* nonnull %13, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipv6_skip_exthdr 1 icmp6_send 2 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.873416, %struct.sk_buff.873416* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.744749*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.873416*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.873416* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #83 Function:icmp6_send %7 = alloca %struct.dst_entry.744500*, align 8 %8 = alloca %struct.dst_entry.744500*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca %struct.icmp6hdr, align 4 %15 = alloca %struct.flowi6, align 8 %16 = alloca %struct.icmpv6_msg, align 8 %17 = alloca %struct.ipcm6_cookie, align 8 %18 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 40 %19 = load i8*, i8** %18, align 8 %20 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 35 %21 = load i16, i16* %20, align 4 %22 = zext i16 %21 to i64 %23 = getelementptr i8, i8* %19, i64 %22 %24 = getelementptr inbounds %struct.icmp6hdr, %struct.icmp6hdr* %14, i64 0, i32 0 %25 = bitcast %struct.flowi6* %15 to i8* %26 = bitcast %struct.icmpv6_msg* %16 to i8* %27 = bitcast %struct.ipcm6_cookie* %17 to i8* %28 = icmp ult i8* %23, %19 br i1 %28, label %487, label %29 %30 = getelementptr i8, i8* %23, i64 40 %31 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 38 %32 = load i32, i32* %31, align 8 %33 = zext i32 %32 to i64 %34 = getelementptr i8, i8* %19, i64 %33 %35 = icmp ugt i8* %30, %34 br i1 %35, label %487, label %36 %37 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %38 = load %struct.net_device.744736*, %struct.net_device.744736** %37, align 8 %39 = icmp eq %struct.net_device.744736* %38, null br i1 %39, label %487, label %40 %41 = getelementptr inbounds %struct.net_device.744736, %struct.net_device.744736* %38, i64 0, i32 110, i32 0 %42 = load %struct.net.744609*, %struct.net.744609** %41, align 8 %43 = getelementptr inbounds %struct.net.744609, %struct.net.744609* %42, i64 0, i32 35, i32 1, i32 26 %44 = load i8, i8* %43, align 2 %45 = icmp eq i8 %44, 0 br i1 %45, label %49, label %46 %50 = phi i32 [ %48, %46 ], [ 0, %40 ] %51 = getelementptr inbounds i8, i8* %23, i64 24 %52 = bitcast i8* %51 to %struct.in6_addr* %53 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %52) #83 %54 = load %struct.net_device.744736*, %struct.net_device.744736** %37, align 8 %55 = tail call i32 bitcast (i32 (%struct.net.872340*, %struct.in6_addr*, %struct.net_device.872226*, i32)* @ipv6_chk_addr to i32 (%struct.net.744609*, %struct.in6_addr*, %struct.net_device.744736*, i32)*)(%struct.net.744609* %42, %struct.in6_addr* %52, %struct.net_device.744736* %54, i32 0) #83 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %60 br label %61 %62 = phi %struct.in6_addr* [ %52, %60 ], [ null, %57 ] %63 = and i32 %53, 2 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 16 %67 = load i16, i16* %66, align 8 %68 = and i16 %67, 7 %69 = icmp eq i16 %68, 0 br i1 %69, label %108, label %70 switch i8 %1, label %487 [ i8 2, label %108 i8 4, label %71 ] %72 = icmp eq i8 %2, 2 br i1 %72, label %73, label %487 %74 = load i8*, i8** %18, align 8 %75 = load i16, i16* %20, align 4 %76 = zext i16 %75 to i64 %77 = getelementptr i8, i8* %74, i64 %76 %78 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 41 %79 = bitcast i8** %78 to i64* %80 = load i64, i64* %79, align 8 %81 = ptrtoint i8* %77 to i64 %82 = sub i64 %81, %80 %83 = trunc i64 %82 to i32 %84 = add i32 %83, %3 %85 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 6 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 7 %88 = load i32, i32* %87, align 4 %89 = sub i32 %86, %88 %90 = sub i32 %89, %84 %91 = icmp sgt i32 %90, 0 br i1 %91, label %97, label %92, !prof !4, !misexpect !5 %98 = inttoptr i64 %80 to i8* %99 = sext i32 %84 to i64 %100 = getelementptr i8, i8* %98, i64 %99 %101 = icmp eq i8* %100, null br i1 %101, label %102, label %103 br label %108 %109 = phi %struct.in6_addr* [ %62, %65 ], [ null, %70 ], [ null, %103 ], [ null, %102 ] %110 = getelementptr inbounds i8, i8* %23, i64 8 %111 = bitcast i8* %110 to %struct.in6_addr* %112 = call i32 @__ipv6_addr_type(%struct.in6_addr* %111) #83 %113 = and i32 %112, 65535 %114 = and i32 %112, 32 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %122 %117 = and i32 %112, 2 %118 = icmp ne i32 %117, 0 %119 = and i32 %112, 48 %120 = icmp ne i32 %119, 0 %121 = and i1 %118, %120 br i1 %121, label %122, label %145 %146 = phi i32 [ %125, %127 ], [ %144, %137 ], [ %125, %132 ], [ 0, %116 ] %147 = icmp ne i32 %113, 0 %148 = and i32 %112, 2 %149 = icmp eq i32 %148, 0 %150 = and i1 %147, %149 br i1 %150, label %151, label %487 %152 = load i8*, i8** %18, align 8 %153 = load i16, i16* %20, align 4 %154 = zext i16 %153 to i64 %155 = getelementptr i8, i8* %152, i64 %154 %156 = getelementptr i8, i8* %155, i64 40 %157 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 41 %158 = bitcast i8** %157 to i64* %159 = load i64, i64* %158, align 8 %160 = ptrtoint i8* %156 to i64 %161 = sub i64 %160, %159 %162 = trunc i64 %161 to i32 %163 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 6 %164 = load i32, i32* %163, align 8 %165 = sub i32 %164, %162 %166 = getelementptr inbounds i8, i8* %155, i64 6 %167 = load i8, i8* %166, align 2 store i8 %167, i8* %10, align 1 %168 = bitcast i16* %11 to i8* %169 = icmp slt i32 %165, 0 br i1 %169, label %197, label %170 %171 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.744749*, i32, i8*, i16*)*)(%struct.sk_buff.744749* %0, i32 %162, i8* nonnull %10, i16* nonnull %11) #83 Function:ipv6_skip_exthdr %5 = alloca [2 x i8], align 1 %6 = alloca i16, align 2 %7 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %8 = load i8, i8* %2, align 1 store i16 0, i16* %3, align 2 %9 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %10 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %11 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %12 = icmp eq %struct.sk_buff* %0, null %13 = bitcast i16* %6 to i8* br label %14 %15 = phi i8 [ %8, %4 ], [ %75, %73 ] %16 = phi i32 [ %1, %4 ], [ %76, %73 ] switch i8 %15, label %77 [ i8 0, label %17 i8 43, label %17 i8 44, label %17 i8 51, label %17 i8 59, label %17 i8 60, label %17 ] %18 = icmp eq i8 %15, 59 br i1 %18, label %72, label %19 %20 = load i32, i32* %9, align 8 %21 = load i32, i32* %10, align 4 %22 = sub i32 %20, %16 %23 = sub i32 %22, %21 %24 = icmp slt i32 %23, 2 br i1 %24, label %25, label %29, !prof !4, !misexpect !5 br i1 %12, label %72, label %26 %27 = call i32 @skb_copy_bits(%struct.sk_buff* nonnull %0, i32 %16, i8* nonnull %7, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 __icmp_send 1 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %26) #83 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %63) #83 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void @__rcu_read_lock() #83 %78 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.813395*, %struct.net_device.813395** %78, align 8 %80 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %79, i64 0, i32 110, i32 0 %81 = load %struct.net.813150*, %struct.net.813150** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.813150* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.813309* %0, i32* null) #83 call void @__rcu_read_unlock() #83 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %85 call void @__icmp_send(%struct.sk_buff.813309* %0, i32 3, i32 1, i32 0, %struct.ip_options* nonnull %2) #83 Function:__icmp_send %6 = alloca %struct.flowi4, align 8 %7 = alloca %struct.flowi4, align 8 %8 = alloca %struct.inetpeer_addr, align 4 %9 = alloca %struct.icmp_bxm, align 8 %10 = alloca %struct.rtable.813060*, align 8 %11 = alloca %struct.ipcm_cookie, align 8 %12 = alloca %struct.flowi4, align 8 %13 = alloca i8, align 1 %14 = bitcast %struct.icmp_bxm* %9 to i8* %15 = bitcast %struct.rtable.813060** %10 to i8* %16 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 4, i32 0, i32 0 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, -2 %19 = inttoptr i64 %18 to %struct.rtable.813060* store %struct.rtable.813060* %19, %struct.rtable.813060** %10, align 8 %20 = bitcast %struct.ipcm_cookie* %11 to i8* %21 = bitcast %struct.flowi4* %12 to i8* %22 = icmp eq i64 %18, 0 br i1 %22, label %465, label %23 %24 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %19, i64 0, i32 0, i32 0 %25 = load %struct.net_device.813395*, %struct.net_device.813395** %24, align 8 %26 = icmp eq %struct.net_device.813395* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.813395*, %struct.net_device.813395** %28, align 8 %30 = icmp eq %struct.net_device.813395* %29, null br i1 %30, label %465, label %31 %32 = phi %struct.net_device.813395* [ %25, %23 ], [ %29, %27 ] %33 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %32, i64 0, i32 110, i32 0 %34 = load %struct.net.813150*, %struct.net.813150** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 40 %36 = load i8*, i8** %35, align 8 %37 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 35 %38 = load i16, i16* %37, align 4 %39 = zext i16 %38 to i64 %40 = getelementptr i8, i8* %36, i64 %39 %41 = icmp ult i8* %40, %36 br i1 %41, label %465, label %42 %43 = getelementptr i8, i8* %40, i64 20 %44 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 38 %45 = load i32, i32* %44, align 8 %46 = zext i32 %45 to i64 %47 = getelementptr i8, i8* %36, i64 %46 %48 = icmp ugt i8* %43, %47 br i1 %48, label %465, label %49 %50 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 16 %51 = load i16, i16* %50, align 8 %52 = and i16 %51, 7 %53 = icmp eq i16 %52, 0 br i1 %53, label %54, label %465 %55 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %19, i64 0, i32 2 %56 = load i32, i32* %55, align 4 %57 = and i32 %56, 805306368 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %465 %60 = getelementptr inbounds i8, i8* %40, i64 6 %61 = bitcast i8* %60 to i16* %62 = load i16, i16* %61, align 2 %63 = and i16 %62, -225 %64 = icmp eq i16 %63, 0 br i1 %64, label %65, label %465 %66 = zext i32 %1 to i64 %67 = lshr i64 516353, %66 %68 = and i64 %67, 1 %69 = icmp eq i64 %68, 0 br i1 %69, label %70, label %115 %71 = getelementptr inbounds i8, i8* %40, i64 9 %72 = load i8, i8* %71, align 1 %73 = icmp eq i8 %72, 1 br i1 %73, label %74, label %115 %75 = load i8, i8* %40, align 4 %76 = shl i8 %75, 2 %77 = and i8 %76, 60 %78 = zext i8 %77 to i64 %79 = getelementptr i8, i8* %40, i64 %78 %80 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 41 %81 = bitcast i8** %80 to i64* %82 = load i64, i64* %81, align 8 %83 = ptrtoint i8* %79 to i64 %84 = sub i64 %83, %82 %85 = trunc i64 %84 to i32 %86 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp slt i32 %91, 1 br i1 %92, label %93, label %98, !prof !4, !misexpect !5 %94 = icmp eq %struct.sk_buff.813309* %0, null br i1 %94, label %113, label %95 %96 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.813309*, i32, i8*, i32)*)(%struct.sk_buff.813309* nonnull %0, i32 %85, i8* nonnull %13, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 icmp6_send 1 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.873416, %struct.sk_buff.873416* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.744749*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.873416*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.873416* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #83 Function:icmp6_send %7 = alloca %struct.dst_entry.744500*, align 8 %8 = alloca %struct.dst_entry.744500*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca %struct.icmp6hdr, align 4 %15 = alloca %struct.flowi6, align 8 %16 = alloca %struct.icmpv6_msg, align 8 %17 = alloca %struct.ipcm6_cookie, align 8 %18 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 40 %19 = load i8*, i8** %18, align 8 %20 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 35 %21 = load i16, i16* %20, align 4 %22 = zext i16 %21 to i64 %23 = getelementptr i8, i8* %19, i64 %22 %24 = getelementptr inbounds %struct.icmp6hdr, %struct.icmp6hdr* %14, i64 0, i32 0 %25 = bitcast %struct.flowi6* %15 to i8* %26 = bitcast %struct.icmpv6_msg* %16 to i8* %27 = bitcast %struct.ipcm6_cookie* %17 to i8* %28 = icmp ult i8* %23, %19 br i1 %28, label %487, label %29 %30 = getelementptr i8, i8* %23, i64 40 %31 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 38 %32 = load i32, i32* %31, align 8 %33 = zext i32 %32 to i64 %34 = getelementptr i8, i8* %19, i64 %33 %35 = icmp ugt i8* %30, %34 br i1 %35, label %487, label %36 %37 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %38 = load %struct.net_device.744736*, %struct.net_device.744736** %37, align 8 %39 = icmp eq %struct.net_device.744736* %38, null br i1 %39, label %487, label %40 %41 = getelementptr inbounds %struct.net_device.744736, %struct.net_device.744736* %38, i64 0, i32 110, i32 0 %42 = load %struct.net.744609*, %struct.net.744609** %41, align 8 %43 = getelementptr inbounds %struct.net.744609, %struct.net.744609* %42, i64 0, i32 35, i32 1, i32 26 %44 = load i8, i8* %43, align 2 %45 = icmp eq i8 %44, 0 br i1 %45, label %49, label %46 %50 = phi i32 [ %48, %46 ], [ 0, %40 ] %51 = getelementptr inbounds i8, i8* %23, i64 24 %52 = bitcast i8* %51 to %struct.in6_addr* %53 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %52) #83 %54 = load %struct.net_device.744736*, %struct.net_device.744736** %37, align 8 %55 = tail call i32 bitcast (i32 (%struct.net.872340*, %struct.in6_addr*, %struct.net_device.872226*, i32)* @ipv6_chk_addr to i32 (%struct.net.744609*, %struct.in6_addr*, %struct.net_device.744736*, i32)*)(%struct.net.744609* %42, %struct.in6_addr* %52, %struct.net_device.744736* %54, i32 0) #83 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %60 br label %61 %62 = phi %struct.in6_addr* [ %52, %60 ], [ null, %57 ] %63 = and i32 %53, 2 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 16 %67 = load i16, i16* %66, align 8 %68 = and i16 %67, 7 %69 = icmp eq i16 %68, 0 br i1 %69, label %108, label %70 switch i8 %1, label %487 [ i8 2, label %108 i8 4, label %71 ] %72 = icmp eq i8 %2, 2 br i1 %72, label %73, label %487 %74 = load i8*, i8** %18, align 8 %75 = load i16, i16* %20, align 4 %76 = zext i16 %75 to i64 %77 = getelementptr i8, i8* %74, i64 %76 %78 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 41 %79 = bitcast i8** %78 to i64* %80 = load i64, i64* %79, align 8 %81 = ptrtoint i8* %77 to i64 %82 = sub i64 %81, %80 %83 = trunc i64 %82 to i32 %84 = add i32 %83, %3 %85 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 6 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 7 %88 = load i32, i32* %87, align 4 %89 = sub i32 %86, %88 %90 = sub i32 %89, %84 %91 = icmp sgt i32 %90, 0 br i1 %91, label %97, label %92, !prof !4, !misexpect !5 %93 = icmp eq %struct.sk_buff.744749* %0, null br i1 %93, label %102, label %94 %95 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.744749*, i32, i8*, i32)*)(%struct.sk_buff.744749* nonnull %0, i32 %84, i8* nonnull %13, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %461 = icmp eq i32 %318, 28 %462 = and i1 %280, %461 br i1 %462, label %463, label %467 %464 = load i16, i16* %281, align 2 %465 = and i16 %464, 1 %466 = icmp eq i16 %465, 0 br i1 %466, label %467, label %486 %468 = load i32, i32* %22, align 4 %469 = sub i32 %468, %313 %470 = icmp slt i32 %469, 4 br i1 %470, label %471, label %475, !prof !4, !misexpect !8 br i1 %75, label %536, label %472 %473 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %279, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %461 = icmp eq i32 %318, 28 %462 = and i1 %280, %461 br i1 %462, label %463, label %467 %464 = load i16, i16* %281, align 2 %465 = and i16 %464, 1 %466 = icmp eq i16 %465, 0 br i1 %466, label %467, label %486 %468 = load i32, i32* %22, align 4 %469 = sub i32 %468, %313 %470 = icmp slt i32 %469, 4 br i1 %470, label %471, label %475, !prof !4, !misexpect !8 br i1 %75, label %536, label %472 %473 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %279, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %461 = icmp eq i32 %318, 28 %462 = and i1 %280, %461 br i1 %462, label %463, label %467 %464 = load i16, i16* %281, align 2 %465 = and i16 %464, 1 %466 = icmp eq i16 %465, 0 br i1 %466, label %467, label %486 %468 = load i32, i32* %22, align 4 %469 = sub i32 %468, %313 %470 = icmp slt i32 %469, 4 br i1 %470, label %471, label %475, !prof !4, !misexpect !8 br i1 %75, label %536, label %472 %473 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %279, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %461 = icmp eq i32 %318, 28 %462 = and i1 %280, %461 br i1 %462, label %463, label %467 %464 = load i16, i16* %281, align 2 %465 = and i16 %464, 1 %466 = icmp eq i16 %465, 0 br i1 %466, label %467, label %486 %468 = load i32, i32* %22, align 4 %469 = sub i32 %468, %313 %470 = icmp slt i32 %469, 4 br i1 %470, label %471, label %475, !prof !4, !misexpect !8 br i1 %75, label %536, label %472 %473 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %279, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %461 = icmp eq i32 %318, 28 %462 = and i1 %280, %461 br i1 %462, label %463, label %467 %464 = load i16, i16* %281, align 2 %465 = and i16 %464, 1 %466 = icmp eq i16 %465, 0 br i1 %466, label %467, label %486 %468 = load i32, i32* %22, align 4 %469 = sub i32 %468, %313 %470 = icmp slt i32 %469, 4 br i1 %470, label %471, label %475, !prof !4, !misexpect !8 br i1 %75, label %536, label %472 %473 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %279, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %601 = load i32, i32* %22, align 4 %602 = load i32, i32* %245, align 4 %603 = and i32 %602, 8192 %604 = icmp eq i32 %603, 0 br i1 %604, label %605, label %610 %611 = icmp sgt i32 %317, 6 br i1 %611, label %668, label %612 %613 = sub i32 %601, %313 %614 = icmp slt i32 %613, 4 br i1 %614, label %615, label %621, !prof !4, !misexpect !8 br i1 %75, label %668, label %616 %617 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %270, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %601 = load i32, i32* %22, align 4 %602 = load i32, i32* %245, align 4 %603 = and i32 %602, 8192 %604 = icmp eq i32 %603, 0 br i1 %604, label %605, label %610 %611 = icmp sgt i32 %317, 6 br i1 %611, label %668, label %612 %613 = sub i32 %601, %313 %614 = icmp slt i32 %613, 4 br i1 %614, label %615, label %621, !prof !4, !misexpect !8 br i1 %75, label %668, label %616 %617 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %270, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %601 = load i32, i32* %22, align 4 %602 = load i32, i32* %245, align 4 %603 = and i32 %602, 8192 %604 = icmp eq i32 %603, 0 br i1 %604, label %605, label %610 %611 = icmp sgt i32 %317, 6 br i1 %611, label %668, label %612 %613 = sub i32 %601, %313 %614 = icmp slt i32 %613, 4 br i1 %614, label %615, label %621, !prof !4, !misexpect !8 br i1 %75, label %668, label %616 %617 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %270, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %601 = load i32, i32* %22, align 4 %602 = load i32, i32* %245, align 4 %603 = and i32 %602, 8192 %604 = icmp eq i32 %603, 0 br i1 %604, label %605, label %610 %611 = icmp sgt i32 %317, 6 br i1 %611, label %668, label %612 %613 = sub i32 %601, %313 %614 = icmp slt i32 %613, 4 br i1 %614, label %615, label %621, !prof !4, !misexpect !8 br i1 %75, label %668, label %616 %617 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %270, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %601 = load i32, i32* %22, align 4 %602 = load i32, i32* %245, align 4 %603 = and i32 %602, 8192 %604 = icmp eq i32 %603, 0 br i1 %604, label %605, label %610 %611 = icmp sgt i32 %317, 6 br i1 %611, label %668, label %612 %613 = sub i32 %601, %313 %614 = icmp slt i32 %613, 4 br i1 %614, label %615, label %621, !prof !4, !misexpect !8 br i1 %75, label %668, label %616 %617 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %270, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %680 = load i32, i32* %22, align 4 %681 = load i32, i32* %245, align 4 %682 = and i32 %681, 512 %683 = icmp eq i32 %682, 0 br i1 %683, label %766, label %684 %685 = sub i32 %680, %313 %686 = icmp slt i32 %685, 8 br i1 %686, label %687, label %691, !prof !4, !misexpect !8 br i1 %75, label %766, label %688 %689 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %268, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %680 = load i32, i32* %22, align 4 %681 = load i32, i32* %245, align 4 %682 = and i32 %681, 512 %683 = icmp eq i32 %682, 0 br i1 %683, label %766, label %684 %685 = sub i32 %680, %313 %686 = icmp slt i32 %685, 8 br i1 %686, label %687, label %691, !prof !4, !misexpect !8 br i1 %75, label %766, label %688 %689 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %268, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %680 = load i32, i32* %22, align 4 %681 = load i32, i32* %245, align 4 %682 = and i32 %681, 512 %683 = icmp eq i32 %682, 0 br i1 %683, label %766, label %684 %685 = sub i32 %680, %313 %686 = icmp slt i32 %685, 8 br i1 %686, label %687, label %691, !prof !4, !misexpect !8 br i1 %75, label %766, label %688 %689 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %268, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %680 = load i32, i32* %22, align 4 %681 = load i32, i32* %245, align 4 %682 = and i32 %681, 512 %683 = icmp eq i32 %682, 0 br i1 %683, label %766, label %684 %685 = sub i32 %680, %313 %686 = icmp slt i32 %685, 8 br i1 %686, label %687, label %691, !prof !4, !misexpect !8 br i1 %75, label %766, label %688 %689 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %268, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %680 = load i32, i32* %22, align 4 %681 = load i32, i32* %245, align 4 %682 = and i32 %681, 512 %683 = icmp eq i32 %682, 0 br i1 %683, label %766, label %684 %685 = sub i32 %680, %313 %686 = icmp slt i32 %685, 8 br i1 %686, label %687, label %691, !prof !4, !misexpect !8 br i1 %75, label %766, label %688 %689 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %268, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %680 = load i32, i32* %22, align 4 %681 = load i32, i32* %245, align 4 %682 = and i32 %681, 512 %683 = icmp eq i32 %682, 0 br i1 %683, label %766, label %684 %685 = sub i32 %680, %313 %686 = icmp slt i32 %685, 8 br i1 %686, label %687, label %691, !prof !4, !misexpect !8 %692 = sext i32 %313 to i64 %693 = getelementptr i8, i8* %66, i64 %692 %694 = icmp eq i8* %693, null br i1 %694, label %766, label %695 %696 = phi i8* [ %693, %691 ], [ %268, %688 ] %697 = bitcast i8* %696 to i16* %698 = load i16, i16* %697, align 2 %699 = icmp eq i16 %698, 256 br i1 %699, label %700, label %766 %701 = getelementptr inbounds i8, i8* %696, i64 2 %702 = bitcast i8* %701 to i16* %703 = load i16, i16* %702, align 2 %704 = icmp eq i16 %703, 8 br i1 %704, label %705, label %766 %706 = getelementptr inbounds i8, i8* %696, i64 4 %707 = load i8, i8* %706, align 2 %708 = icmp eq i8 %707, 6 br i1 %708, label %709, label %766 %710 = getelementptr inbounds i8, i8* %696, i64 5 %711 = load i8, i8* %710, align 1 %712 = icmp eq i8 %711, 4 br i1 %712, label %713, label %766 %714 = getelementptr inbounds i8, i8* %696, i64 6 %715 = bitcast i8* %714 to i16* %716 = load i16, i16* %715, align 2 switch i16 %716, label %766 [ i16 512, label %717 i16 256, label %717 ] %718 = add i32 %313, 8 %719 = sub i32 %680, %718 %720 = icmp slt i32 %719, 20 br i1 %720, label %721, label %725, !prof !4, !misexpect !8 br i1 %75, label %766, label %722 %723 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %718, i8* nonnull %267, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %680 = load i32, i32* %22, align 4 %681 = load i32, i32* %245, align 4 %682 = and i32 %681, 512 %683 = icmp eq i32 %682, 0 br i1 %683, label %766, label %684 %685 = sub i32 %680, %313 %686 = icmp slt i32 %685, 8 br i1 %686, label %687, label %691, !prof !4, !misexpect !8 %692 = sext i32 %313 to i64 %693 = getelementptr i8, i8* %66, i64 %692 %694 = icmp eq i8* %693, null br i1 %694, label %766, label %695 %696 = phi i8* [ %693, %691 ], [ %268, %688 ] %697 = bitcast i8* %696 to i16* %698 = load i16, i16* %697, align 2 %699 = icmp eq i16 %698, 256 br i1 %699, label %700, label %766 %701 = getelementptr inbounds i8, i8* %696, i64 2 %702 = bitcast i8* %701 to i16* %703 = load i16, i16* %702, align 2 %704 = icmp eq i16 %703, 8 br i1 %704, label %705, label %766 %706 = getelementptr inbounds i8, i8* %696, i64 4 %707 = load i8, i8* %706, align 2 %708 = icmp eq i8 %707, 6 br i1 %708, label %709, label %766 %710 = getelementptr inbounds i8, i8* %696, i64 5 %711 = load i8, i8* %710, align 1 %712 = icmp eq i8 %711, 4 br i1 %712, label %713, label %766 %714 = getelementptr inbounds i8, i8* %696, i64 6 %715 = bitcast i8* %714 to i16* %716 = load i16, i16* %715, align 2 switch i16 %716, label %766 [ i16 512, label %717 i16 256, label %717 ] %718 = add i32 %313, 8 %719 = sub i32 %680, %718 %720 = icmp slt i32 %719, 20 br i1 %720, label %721, label %725, !prof !4, !misexpect !8 br i1 %75, label %766, label %722 %723 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %718, i8* nonnull %267, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %680 = load i32, i32* %22, align 4 %681 = load i32, i32* %245, align 4 %682 = and i32 %681, 512 %683 = icmp eq i32 %682, 0 br i1 %683, label %766, label %684 %685 = sub i32 %680, %313 %686 = icmp slt i32 %685, 8 br i1 %686, label %687, label %691, !prof !4, !misexpect !8 %692 = sext i32 %313 to i64 %693 = getelementptr i8, i8* %66, i64 %692 %694 = icmp eq i8* %693, null br i1 %694, label %766, label %695 %696 = phi i8* [ %693, %691 ], [ %268, %688 ] %697 = bitcast i8* %696 to i16* %698 = load i16, i16* %697, align 2 %699 = icmp eq i16 %698, 256 br i1 %699, label %700, label %766 %701 = getelementptr inbounds i8, i8* %696, i64 2 %702 = bitcast i8* %701 to i16* %703 = load i16, i16* %702, align 2 %704 = icmp eq i16 %703, 8 br i1 %704, label %705, label %766 %706 = getelementptr inbounds i8, i8* %696, i64 4 %707 = load i8, i8* %706, align 2 %708 = icmp eq i8 %707, 6 br i1 %708, label %709, label %766 %710 = getelementptr inbounds i8, i8* %696, i64 5 %711 = load i8, i8* %710, align 1 %712 = icmp eq i8 %711, 4 br i1 %712, label %713, label %766 %714 = getelementptr inbounds i8, i8* %696, i64 6 %715 = bitcast i8* %714 to i16* %716 = load i16, i16* %715, align 2 switch i16 %716, label %766 [ i16 512, label %717 i16 256, label %717 ] %718 = add i32 %313, 8 %719 = sub i32 %680, %718 %720 = icmp slt i32 %719, 20 br i1 %720, label %721, label %725, !prof !4, !misexpect !8 br i1 %75, label %766, label %722 %723 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %718, i8* nonnull %267, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %680 = load i32, i32* %22, align 4 %681 = load i32, i32* %245, align 4 %682 = and i32 %681, 512 %683 = icmp eq i32 %682, 0 br i1 %683, label %766, label %684 %685 = sub i32 %680, %313 %686 = icmp slt i32 %685, 8 br i1 %686, label %687, label %691, !prof !4, !misexpect !8 %692 = sext i32 %313 to i64 %693 = getelementptr i8, i8* %66, i64 %692 %694 = icmp eq i8* %693, null br i1 %694, label %766, label %695 %696 = phi i8* [ %693, %691 ], [ %268, %688 ] %697 = bitcast i8* %696 to i16* %698 = load i16, i16* %697, align 2 %699 = icmp eq i16 %698, 256 br i1 %699, label %700, label %766 %701 = getelementptr inbounds i8, i8* %696, i64 2 %702 = bitcast i8* %701 to i16* %703 = load i16, i16* %702, align 2 %704 = icmp eq i16 %703, 8 br i1 %704, label %705, label %766 %706 = getelementptr inbounds i8, i8* %696, i64 4 %707 = load i8, i8* %706, align 2 %708 = icmp eq i8 %707, 6 br i1 %708, label %709, label %766 %710 = getelementptr inbounds i8, i8* %696, i64 5 %711 = load i8, i8* %710, align 1 %712 = icmp eq i8 %711, 4 br i1 %712, label %713, label %766 %714 = getelementptr inbounds i8, i8* %696, i64 6 %715 = bitcast i8* %714 to i16* %716 = load i16, i16* %715, align 2 switch i16 %716, label %766 [ i16 512, label %717 i16 256, label %717 ] %718 = add i32 %313, 8 %719 = sub i32 %680, %718 %720 = icmp slt i32 %719, 20 br i1 %720, label %721, label %725, !prof !4, !misexpect !8 br i1 %75, label %766, label %722 %723 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %718, i8* nonnull %267, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %680 = load i32, i32* %22, align 4 %681 = load i32, i32* %245, align 4 %682 = and i32 %681, 512 %683 = icmp eq i32 %682, 0 br i1 %683, label %766, label %684 %685 = sub i32 %680, %313 %686 = icmp slt i32 %685, 8 br i1 %686, label %687, label %691, !prof !4, !misexpect !8 %692 = sext i32 %313 to i64 %693 = getelementptr i8, i8* %66, i64 %692 %694 = icmp eq i8* %693, null br i1 %694, label %766, label %695 %696 = phi i8* [ %693, %691 ], [ %268, %688 ] %697 = bitcast i8* %696 to i16* %698 = load i16, i16* %697, align 2 %699 = icmp eq i16 %698, 256 br i1 %699, label %700, label %766 %701 = getelementptr inbounds i8, i8* %696, i64 2 %702 = bitcast i8* %701 to i16* %703 = load i16, i16* %702, align 2 %704 = icmp eq i16 %703, 8 br i1 %704, label %705, label %766 %706 = getelementptr inbounds i8, i8* %696, i64 4 %707 = load i8, i8* %706, align 2 %708 = icmp eq i8 %707, 6 br i1 %708, label %709, label %766 %710 = getelementptr inbounds i8, i8* %696, i64 5 %711 = load i8, i8* %710, align 1 %712 = icmp eq i8 %711, 4 br i1 %712, label %713, label %766 %714 = getelementptr inbounds i8, i8* %696, i64 6 %715 = bitcast i8* %714 to i16* %716 = load i16, i16* %715, align 2 switch i16 %716, label %766 [ i16 512, label %717 i16 256, label %717 ] %718 = add i32 %313, 8 %719 = sub i32 %680, %718 %720 = icmp slt i32 %719, 20 br i1 %720, label %721, label %725, !prof !4, !misexpect !8 br i1 %75, label %766, label %722 %723 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %718, i8* nonnull %267, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %769 = load i32, i32* %22, align 4 %770 = sub i32 %769, %313 %771 = icmp slt i32 %770, 24 br i1 %771, label %772, label %776, !prof !4, !misexpect !8 br i1 %75, label %795, label %773 %774 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %261, i32 24) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %769 = load i32, i32* %22, align 4 %770 = sub i32 %769, %313 %771 = icmp slt i32 %770, 24 br i1 %771, label %772, label %776, !prof !4, !misexpect !8 br i1 %75, label %795, label %773 %774 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %261, i32 24) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %769 = load i32, i32* %22, align 4 %770 = sub i32 %769, %313 %771 = icmp slt i32 %770, 24 br i1 %771, label %772, label %776, !prof !4, !misexpect !8 br i1 %75, label %795, label %773 %774 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %261, i32 24) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %769 = load i32, i32* %22, align 4 %770 = sub i32 %769, %313 %771 = icmp slt i32 %770, 24 br i1 %771, label %772, label %776, !prof !4, !misexpect !8 br i1 %75, label %795, label %773 %774 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %261, i32 24) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %769 = load i32, i32* %22, align 4 %770 = sub i32 %769, %313 %771 = icmp slt i32 %770, 24 br i1 %771, label %772, label %776, !prof !4, !misexpect !8 br i1 %75, label %795, label %773 %774 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %261, i32 24) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %303, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %841 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !8 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %931, i8* nonnull %305, i32 14) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %303, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %841 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !8 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %931, i8* nonnull %305, i32 14) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %303, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %841 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !8 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %931, i8* nonnull %305, i32 14) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %303, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %841 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !8 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %931, i8* nonnull %305, i32 14) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %303, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %841 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !8 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %931, i8* nonnull %305, i32 14) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %301, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %301, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %301, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %301, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %301, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %303, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %841 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !8 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %954, i8* nonnull %304, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %303, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %841 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !8 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %954, i8* nonnull %304, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %303, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %841 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !8 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %954, i8* nonnull %304, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %303, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %841 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !8 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %954, i8* nonnull %304, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %303, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %841 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !8 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %954, i8* nonnull %304, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %805 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %34, i32 34) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %805 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %34, i32 34) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %805 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %34, i32 34) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %805 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %34, i32 34) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %805 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %34, i32 34) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1091 = load i32, i32* %245, align 4 %1092 = and i32 %1091, 64 %1093 = icmp eq i32 %1092, 0 br i1 %1093, label %1129, label %1094 %1095 = load i32, i32* %22, align 4 %1096 = load i16, i16* %294, align 2 %1097 = zext i16 %1096 to i64 %1098 = getelementptr i8, i8* %3, i64 %1097 %1099 = sub i32 %1095, %841 %1100 = icmp slt i32 %1099, 8 br i1 %1100, label %1101, label %1105, !prof !4, !misexpect !8 br i1 %75, label %1128, label %1102 %1103 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %295, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1091 = load i32, i32* %245, align 4 %1092 = and i32 %1091, 64 %1093 = icmp eq i32 %1092, 0 br i1 %1093, label %1129, label %1094 %1095 = load i32, i32* %22, align 4 %1096 = load i16, i16* %294, align 2 %1097 = zext i16 %1096 to i64 %1098 = getelementptr i8, i8* %3, i64 %1097 %1099 = sub i32 %1095, %841 %1100 = icmp slt i32 %1099, 8 br i1 %1100, label %1101, label %1105, !prof !4, !misexpect !8 br i1 %75, label %1128, label %1102 %1103 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %295, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1091 = load i32, i32* %245, align 4 %1092 = and i32 %1091, 64 %1093 = icmp eq i32 %1092, 0 br i1 %1093, label %1129, label %1094 %1095 = load i32, i32* %22, align 4 %1096 = load i16, i16* %294, align 2 %1097 = zext i16 %1096 to i64 %1098 = getelementptr i8, i8* %3, i64 %1097 %1099 = sub i32 %1095, %841 %1100 = icmp slt i32 %1099, 8 br i1 %1100, label %1101, label %1105, !prof !4, !misexpect !8 br i1 %75, label %1128, label %1102 %1103 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %295, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1091 = load i32, i32* %245, align 4 %1092 = and i32 %1091, 64 %1093 = icmp eq i32 %1092, 0 br i1 %1093, label %1129, label %1094 %1095 = load i32, i32* %22, align 4 %1096 = load i16, i16* %294, align 2 %1097 = zext i16 %1096 to i64 %1098 = getelementptr i8, i8* %3, i64 %1097 %1099 = sub i32 %1095, %841 %1100 = icmp slt i32 %1099, 8 br i1 %1100, label %1101, label %1105, !prof !4, !misexpect !8 br i1 %75, label %1128, label %1102 %1103 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %295, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1091 = load i32, i32* %245, align 4 %1092 = and i32 %1091, 64 %1093 = icmp eq i32 %1092, 0 br i1 %1093, label %1129, label %1094 %1095 = load i32, i32* %22, align 4 %1096 = load i16, i16* %294, align 2 %1097 = zext i16 %1096 to i64 %1098 = getelementptr i8, i8* %3, i64 %1097 %1099 = sub i32 %1095, %841 %1100 = icmp slt i32 %1099, 8 br i1 %1100, label %1101, label %1105, !prof !4, !misexpect !8 br i1 %75, label %1128, label %1102 %1103 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %295, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1061 = load i32, i32* %22, align 4 %1062 = load i32, i32* %245, align 4 %1063 = and i32 %1062, 1048576 %1064 = icmp eq i32 %1063, 0 br i1 %1064, label %1089, label %1065 %1066 = sub i32 %1061, %841 %1067 = icmp slt i32 %1066, 20 br i1 %1067, label %1068, label %1072, !prof !4, !misexpect !8 br i1 %75, label %1089, label %1069 %1070 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %296, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1061 = load i32, i32* %22, align 4 %1062 = load i32, i32* %245, align 4 %1063 = and i32 %1062, 1048576 %1064 = icmp eq i32 %1063, 0 br i1 %1064, label %1089, label %1065 %1066 = sub i32 %1061, %841 %1067 = icmp slt i32 %1066, 20 br i1 %1067, label %1068, label %1072, !prof !4, !misexpect !8 br i1 %75, label %1089, label %1069 %1070 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %296, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1061 = load i32, i32* %22, align 4 %1062 = load i32, i32* %245, align 4 %1063 = and i32 %1062, 1048576 %1064 = icmp eq i32 %1063, 0 br i1 %1064, label %1089, label %1065 %1066 = sub i32 %1061, %841 %1067 = icmp slt i32 %1066, 20 br i1 %1067, label %1068, label %1072, !prof !4, !misexpect !8 br i1 %75, label %1089, label %1069 %1070 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %296, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1061 = load i32, i32* %22, align 4 %1062 = load i32, i32* %245, align 4 %1063 = and i32 %1062, 1048576 %1064 = icmp eq i32 %1063, 0 br i1 %1064, label %1089, label %1065 %1066 = sub i32 %1061, %841 %1067 = icmp slt i32 %1066, 20 br i1 %1067, label %1068, label %1072, !prof !4, !misexpect !8 br i1 %75, label %1089, label %1069 %1070 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %296, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1061 = load i32, i32* %22, align 4 %1062 = load i32, i32* %245, align 4 %1063 = and i32 %1062, 1048576 %1064 = icmp eq i32 %1063, 0 br i1 %1064, label %1089, label %1065 %1066 = sub i32 %1061, %841 %1067 = icmp slt i32 %1066, 20 br i1 %1067, label %1068, label %1072, !prof !4, !misexpect !8 br i1 %75, label %1089, label %1069 %1070 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %296, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %392 = load i32, i32* %22, align 4 %393 = sub i32 %392, %313 %394 = icmp slt i32 %393, 40 br i1 %394, label %395, label %399, !prof !4, !misexpect !8 br i1 %75, label %456, label %396 %397 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %284, i32 40) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %392 = load i32, i32* %22, align 4 %393 = sub i32 %392, %313 %394 = icmp slt i32 %393, 40 br i1 %394, label %395, label %399, !prof !4, !misexpect !8 br i1 %75, label %456, label %396 %397 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %284, i32 40) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %392 = load i32, i32* %22, align 4 %393 = sub i32 %392, %313 %394 = icmp slt i32 %393, 40 br i1 %394, label %395, label %399, !prof !4, !misexpect !8 br i1 %75, label %456, label %396 %397 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %284, i32 40) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %392 = load i32, i32* %22, align 4 %393 = sub i32 %392, %313 %394 = icmp slt i32 %393, 40 br i1 %394, label %395, label %399, !prof !4, !misexpect !8 br i1 %75, label %456, label %396 %397 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %284, i32 40) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %392 = load i32, i32* %22, align 4 %393 = sub i32 %392, %313 %394 = icmp slt i32 %393, 40 br i1 %394, label %395, label %399, !prof !4, !misexpect !8 br i1 %75, label %456, label %396 %397 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %284, i32 40) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1091 = load i32, i32* %245, align 4 %1092 = and i32 %1091, 64 %1093 = icmp eq i32 %1092, 0 br i1 %1093, label %1129, label %1094 %1095 = load i32, i32* %22, align 4 %1096 = load i16, i16* %294, align 2 %1097 = zext i16 %1096 to i64 %1098 = getelementptr i8, i8* %3, i64 %1097 %1099 = sub i32 %1095, %841 %1100 = icmp slt i32 %1099, 8 br i1 %1100, label %1101, label %1105, !prof !4, !misexpect !8 %1106 = sext i32 %841 to i64 %1107 = getelementptr i8, i8* %66, i64 %1106 %1108 = icmp eq i8* %1107, null br i1 %1108, label %1128, label %1109 %1110 = phi i8* [ %1107, %1105 ], [ %295, %1102 ] %1111 = load i8, i8* %1110, align 4 store i8 %1111, i8* %1098, align 2 %1112 = getelementptr inbounds i8, i8* %1110, i64 1 %1113 = load i8, i8* %1112, align 1 %1114 = getelementptr inbounds i8, i8* %1098, i64 1 store i8 %1113, i8* %1114, align 1 %1115 = load i8, i8* %1110, align 4 switch i8 %1115, label %1125 [ i8 8, label %1116 i8 0, label %1116 i8 13, label %1116 i8 14, label %1116 i8 -128, label %1116 i8 -127, label %1116 ] %1126 = getelementptr inbounds i8, i8* %1098, i64 2 %1127 = bitcast i8* %1126 to i16* store i16 0, i16* %1127, align 2 br label %1128 br label %1129 %1130 = phi i16 [ %840, %839 ], [ %840, %1089 ], [ 18312, %1059 ], [ -8826, %1056 ], [ %840, %1055 ], [ 8, %1052 ], [ %840, %1051 ], [ %840, %1047 ], [ %840, %1015 ], [ %989, %988 ], [ %840, %844 ], [ %840, %1090 ], [ %840, %1128 ] %1131 = phi i32 [ %841, %839 ], [ %841, %1089 ], [ %841, %1059 ], [ %841, %1056 ], [ %841, %1055 ], [ %841, %1052 ], [ %841, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %841, %844 ], [ %841, %1090 ], [ %841, %1128 ] %1132 = phi i8 [ %843, %839 ], [ 6, %1089 ], [ -119, %1059 ], [ 41, %1056 ], [ 41, %1055 ], [ 4, %1052 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ 47, %844 ], [ %843, %1090 ], [ %843, %1128 ] %1133 = phi i32 [ 4, %839 ], [ 4, %1089 ], [ 2, %1059 ], [ %266, %1056 ], [ 0, %1055 ], [ %266, %1052 ], [ 0, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 0, %844 ], [ 4, %1090 ], [ 4, %1128 ] %1134 = load i32, i32* %263, align 4 %1135 = and i32 %1134, 1 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1184 %1138 = load i32, i32* %22, align 4 %1139 = load i32, i32* %245, align 4 %1140 = and i32 %1139, 16 %1141 = icmp eq i32 %1140, 0 br i1 %1141, label %1142, label %1145 %1143 = and i32 %1139, 32 %1144 = icmp eq i32 %1143, 0 br i1 %1144, label %1184, label %1145 %1146 = phi i64 [ 5, %1142 ], [ 4, %1137 ] %1147 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1146 %1148 = load i16, i16* %1147, align 2 %1149 = zext i16 %1148 to i64 %1150 = getelementptr i8, i8* %3, i64 %1149 switch i8 %1132, label %1152 [ i8 6, label %1153 i8 17, label %1153 i8 33, label %1153 i8 50, label %1153 i8 -124, label %1153 i8 -120, label %1153 i8 51, label %1151 ] br label %1153 %1154 = phi i1 [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1151 ], [ false, %1152 ] %1155 = phi i32 [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 4, %1151 ], [ -22, %1152 ] br i1 %306, label %1156, label %1161 %1157 = load i8*, i8** %307, align 8 %1158 = load i32, i32* %308, align 8 %1159 = load i32, i32* %309, align 4 %1160 = sub i32 %1158, %1159 br label %1161 %1162 = phi i32 [ %1138, %1153 ], [ %1160, %1156 ] %1163 = phi i8* [ %66, %1153 ], [ %1157, %1156 ] br i1 %1154, label %1164, label %1181 %1165 = add i32 %1155, %1131 %1166 = sub i32 %1162, %1165 %1167 = icmp slt i32 %1166, 4 br i1 %1167, label %1168, label %1172, !prof !4, !misexpect !8 br i1 %75, label %1176, label %1169 %1170 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %1165, i8* nonnull %310, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1091 = load i32, i32* %245, align 4 %1092 = and i32 %1091, 64 %1093 = icmp eq i32 %1092, 0 br i1 %1093, label %1129, label %1094 %1095 = load i32, i32* %22, align 4 %1096 = load i16, i16* %294, align 2 %1097 = zext i16 %1096 to i64 %1098 = getelementptr i8, i8* %3, i64 %1097 %1099 = sub i32 %1095, %841 %1100 = icmp slt i32 %1099, 8 br i1 %1100, label %1101, label %1105, !prof !4, !misexpect !8 %1106 = sext i32 %841 to i64 %1107 = getelementptr i8, i8* %66, i64 %1106 %1108 = icmp eq i8* %1107, null br i1 %1108, label %1128, label %1109 %1110 = phi i8* [ %1107, %1105 ], [ %295, %1102 ] %1111 = load i8, i8* %1110, align 4 store i8 %1111, i8* %1098, align 2 %1112 = getelementptr inbounds i8, i8* %1110, i64 1 %1113 = load i8, i8* %1112, align 1 %1114 = getelementptr inbounds i8, i8* %1098, i64 1 store i8 %1113, i8* %1114, align 1 %1115 = load i8, i8* %1110, align 4 switch i8 %1115, label %1125 [ i8 8, label %1116 i8 0, label %1116 i8 13, label %1116 i8 14, label %1116 i8 -128, label %1116 i8 -127, label %1116 ] %1126 = getelementptr inbounds i8, i8* %1098, i64 2 %1127 = bitcast i8* %1126 to i16* store i16 0, i16* %1127, align 2 br label %1128 br label %1129 %1130 = phi i16 [ %840, %839 ], [ %840, %1089 ], [ 18312, %1059 ], [ -8826, %1056 ], [ %840, %1055 ], [ 8, %1052 ], [ %840, %1051 ], [ %840, %1047 ], [ %840, %1015 ], [ %989, %988 ], [ %840, %844 ], [ %840, %1090 ], [ %840, %1128 ] %1131 = phi i32 [ %841, %839 ], [ %841, %1089 ], [ %841, %1059 ], [ %841, %1056 ], [ %841, %1055 ], [ %841, %1052 ], [ %841, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %841, %844 ], [ %841, %1090 ], [ %841, %1128 ] %1132 = phi i8 [ %843, %839 ], [ 6, %1089 ], [ -119, %1059 ], [ 41, %1056 ], [ 41, %1055 ], [ 4, %1052 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ 47, %844 ], [ %843, %1090 ], [ %843, %1128 ] %1133 = phi i32 [ 4, %839 ], [ 4, %1089 ], [ 2, %1059 ], [ %266, %1056 ], [ 0, %1055 ], [ %266, %1052 ], [ 0, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 0, %844 ], [ 4, %1090 ], [ 4, %1128 ] %1134 = load i32, i32* %263, align 4 %1135 = and i32 %1134, 1 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1184 %1138 = load i32, i32* %22, align 4 %1139 = load i32, i32* %245, align 4 %1140 = and i32 %1139, 16 %1141 = icmp eq i32 %1140, 0 br i1 %1141, label %1142, label %1145 %1143 = and i32 %1139, 32 %1144 = icmp eq i32 %1143, 0 br i1 %1144, label %1184, label %1145 %1146 = phi i64 [ 5, %1142 ], [ 4, %1137 ] %1147 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1146 %1148 = load i16, i16* %1147, align 2 %1149 = zext i16 %1148 to i64 %1150 = getelementptr i8, i8* %3, i64 %1149 switch i8 %1132, label %1152 [ i8 6, label %1153 i8 17, label %1153 i8 33, label %1153 i8 50, label %1153 i8 -124, label %1153 i8 -120, label %1153 i8 51, label %1151 ] br label %1153 %1154 = phi i1 [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1151 ], [ false, %1152 ] %1155 = phi i32 [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 4, %1151 ], [ -22, %1152 ] br i1 %306, label %1156, label %1161 %1157 = load i8*, i8** %307, align 8 %1158 = load i32, i32* %308, align 8 %1159 = load i32, i32* %309, align 4 %1160 = sub i32 %1158, %1159 br label %1161 %1162 = phi i32 [ %1138, %1153 ], [ %1160, %1156 ] %1163 = phi i8* [ %66, %1153 ], [ %1157, %1156 ] br i1 %1154, label %1164, label %1181 %1165 = add i32 %1155, %1131 %1166 = sub i32 %1162, %1165 %1167 = icmp slt i32 %1166, 4 br i1 %1167, label %1168, label %1172, !prof !4, !misexpect !8 br i1 %75, label %1176, label %1169 %1170 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %1165, i8* nonnull %310, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1091 = load i32, i32* %245, align 4 %1092 = and i32 %1091, 64 %1093 = icmp eq i32 %1092, 0 br i1 %1093, label %1129, label %1094 %1095 = load i32, i32* %22, align 4 %1096 = load i16, i16* %294, align 2 %1097 = zext i16 %1096 to i64 %1098 = getelementptr i8, i8* %3, i64 %1097 %1099 = sub i32 %1095, %841 %1100 = icmp slt i32 %1099, 8 br i1 %1100, label %1101, label %1105, !prof !4, !misexpect !8 %1106 = sext i32 %841 to i64 %1107 = getelementptr i8, i8* %66, i64 %1106 %1108 = icmp eq i8* %1107, null br i1 %1108, label %1128, label %1109 %1110 = phi i8* [ %1107, %1105 ], [ %295, %1102 ] %1111 = load i8, i8* %1110, align 4 store i8 %1111, i8* %1098, align 2 %1112 = getelementptr inbounds i8, i8* %1110, i64 1 %1113 = load i8, i8* %1112, align 1 %1114 = getelementptr inbounds i8, i8* %1098, i64 1 store i8 %1113, i8* %1114, align 1 %1115 = load i8, i8* %1110, align 4 switch i8 %1115, label %1125 [ i8 8, label %1116 i8 0, label %1116 i8 13, label %1116 i8 14, label %1116 i8 -128, label %1116 i8 -127, label %1116 ] %1126 = getelementptr inbounds i8, i8* %1098, i64 2 %1127 = bitcast i8* %1126 to i16* store i16 0, i16* %1127, align 2 br label %1128 br label %1129 %1130 = phi i16 [ %840, %839 ], [ %840, %1089 ], [ 18312, %1059 ], [ -8826, %1056 ], [ %840, %1055 ], [ 8, %1052 ], [ %840, %1051 ], [ %840, %1047 ], [ %840, %1015 ], [ %989, %988 ], [ %840, %844 ], [ %840, %1090 ], [ %840, %1128 ] %1131 = phi i32 [ %841, %839 ], [ %841, %1089 ], [ %841, %1059 ], [ %841, %1056 ], [ %841, %1055 ], [ %841, %1052 ], [ %841, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %841, %844 ], [ %841, %1090 ], [ %841, %1128 ] %1132 = phi i8 [ %843, %839 ], [ 6, %1089 ], [ -119, %1059 ], [ 41, %1056 ], [ 41, %1055 ], [ 4, %1052 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ 47, %844 ], [ %843, %1090 ], [ %843, %1128 ] %1133 = phi i32 [ 4, %839 ], [ 4, %1089 ], [ 2, %1059 ], [ %266, %1056 ], [ 0, %1055 ], [ %266, %1052 ], [ 0, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 0, %844 ], [ 4, %1090 ], [ 4, %1128 ] %1134 = load i32, i32* %263, align 4 %1135 = and i32 %1134, 1 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1184 %1138 = load i32, i32* %22, align 4 %1139 = load i32, i32* %245, align 4 %1140 = and i32 %1139, 16 %1141 = icmp eq i32 %1140, 0 br i1 %1141, label %1142, label %1145 %1143 = and i32 %1139, 32 %1144 = icmp eq i32 %1143, 0 br i1 %1144, label %1184, label %1145 %1146 = phi i64 [ 5, %1142 ], [ 4, %1137 ] %1147 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1146 %1148 = load i16, i16* %1147, align 2 %1149 = zext i16 %1148 to i64 %1150 = getelementptr i8, i8* %3, i64 %1149 switch i8 %1132, label %1152 [ i8 6, label %1153 i8 17, label %1153 i8 33, label %1153 i8 50, label %1153 i8 -124, label %1153 i8 -120, label %1153 i8 51, label %1151 ] br label %1153 %1154 = phi i1 [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1151 ], [ false, %1152 ] %1155 = phi i32 [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 4, %1151 ], [ -22, %1152 ] br i1 %306, label %1156, label %1161 %1157 = load i8*, i8** %307, align 8 %1158 = load i32, i32* %308, align 8 %1159 = load i32, i32* %309, align 4 %1160 = sub i32 %1158, %1159 br label %1161 %1162 = phi i32 [ %1138, %1153 ], [ %1160, %1156 ] %1163 = phi i8* [ %66, %1153 ], [ %1157, %1156 ] br i1 %1154, label %1164, label %1181 %1165 = add i32 %1155, %1131 %1166 = sub i32 %1162, %1165 %1167 = icmp slt i32 %1166, 4 br i1 %1167, label %1168, label %1172, !prof !4, !misexpect !8 br i1 %75, label %1176, label %1169 %1170 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %1165, i8* nonnull %310, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1091 = load i32, i32* %245, align 4 %1092 = and i32 %1091, 64 %1093 = icmp eq i32 %1092, 0 br i1 %1093, label %1129, label %1094 %1095 = load i32, i32* %22, align 4 %1096 = load i16, i16* %294, align 2 %1097 = zext i16 %1096 to i64 %1098 = getelementptr i8, i8* %3, i64 %1097 %1099 = sub i32 %1095, %841 %1100 = icmp slt i32 %1099, 8 br i1 %1100, label %1101, label %1105, !prof !4, !misexpect !8 %1106 = sext i32 %841 to i64 %1107 = getelementptr i8, i8* %66, i64 %1106 %1108 = icmp eq i8* %1107, null br i1 %1108, label %1128, label %1109 %1110 = phi i8* [ %1107, %1105 ], [ %295, %1102 ] %1111 = load i8, i8* %1110, align 4 store i8 %1111, i8* %1098, align 2 %1112 = getelementptr inbounds i8, i8* %1110, i64 1 %1113 = load i8, i8* %1112, align 1 %1114 = getelementptr inbounds i8, i8* %1098, i64 1 store i8 %1113, i8* %1114, align 1 %1115 = load i8, i8* %1110, align 4 switch i8 %1115, label %1125 [ i8 8, label %1116 i8 0, label %1116 i8 13, label %1116 i8 14, label %1116 i8 -128, label %1116 i8 -127, label %1116 ] %1126 = getelementptr inbounds i8, i8* %1098, i64 2 %1127 = bitcast i8* %1126 to i16* store i16 0, i16* %1127, align 2 br label %1128 br label %1129 %1130 = phi i16 [ %840, %839 ], [ %840, %1089 ], [ 18312, %1059 ], [ -8826, %1056 ], [ %840, %1055 ], [ 8, %1052 ], [ %840, %1051 ], [ %840, %1047 ], [ %840, %1015 ], [ %989, %988 ], [ %840, %844 ], [ %840, %1090 ], [ %840, %1128 ] %1131 = phi i32 [ %841, %839 ], [ %841, %1089 ], [ %841, %1059 ], [ %841, %1056 ], [ %841, %1055 ], [ %841, %1052 ], [ %841, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %841, %844 ], [ %841, %1090 ], [ %841, %1128 ] %1132 = phi i8 [ %843, %839 ], [ 6, %1089 ], [ -119, %1059 ], [ 41, %1056 ], [ 41, %1055 ], [ 4, %1052 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ 47, %844 ], [ %843, %1090 ], [ %843, %1128 ] %1133 = phi i32 [ 4, %839 ], [ 4, %1089 ], [ 2, %1059 ], [ %266, %1056 ], [ 0, %1055 ], [ %266, %1052 ], [ 0, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 0, %844 ], [ 4, %1090 ], [ 4, %1128 ] %1134 = load i32, i32* %263, align 4 %1135 = and i32 %1134, 1 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1184 %1138 = load i32, i32* %22, align 4 %1139 = load i32, i32* %245, align 4 %1140 = and i32 %1139, 16 %1141 = icmp eq i32 %1140, 0 br i1 %1141, label %1142, label %1145 %1143 = and i32 %1139, 32 %1144 = icmp eq i32 %1143, 0 br i1 %1144, label %1184, label %1145 %1146 = phi i64 [ 5, %1142 ], [ 4, %1137 ] %1147 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1146 %1148 = load i16, i16* %1147, align 2 %1149 = zext i16 %1148 to i64 %1150 = getelementptr i8, i8* %3, i64 %1149 switch i8 %1132, label %1152 [ i8 6, label %1153 i8 17, label %1153 i8 33, label %1153 i8 50, label %1153 i8 -124, label %1153 i8 -120, label %1153 i8 51, label %1151 ] br label %1153 %1154 = phi i1 [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1151 ], [ false, %1152 ] %1155 = phi i32 [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 4, %1151 ], [ -22, %1152 ] br i1 %306, label %1156, label %1161 %1157 = load i8*, i8** %307, align 8 %1158 = load i32, i32* %308, align 8 %1159 = load i32, i32* %309, align 4 %1160 = sub i32 %1158, %1159 br label %1161 %1162 = phi i32 [ %1138, %1153 ], [ %1160, %1156 ] %1163 = phi i8* [ %66, %1153 ], [ %1157, %1156 ] br i1 %1154, label %1164, label %1181 %1165 = add i32 %1155, %1131 %1166 = sub i32 %1162, %1165 %1167 = icmp slt i32 %1166, 4 br i1 %1167, label %1168, label %1172, !prof !4, !misexpect !8 br i1 %75, label %1176, label %1169 %1170 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %1165, i8* nonnull %310, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1091 = load i32, i32* %245, align 4 %1092 = and i32 %1091, 64 %1093 = icmp eq i32 %1092, 0 br i1 %1093, label %1129, label %1094 %1095 = load i32, i32* %22, align 4 %1096 = load i16, i16* %294, align 2 %1097 = zext i16 %1096 to i64 %1098 = getelementptr i8, i8* %3, i64 %1097 %1099 = sub i32 %1095, %841 %1100 = icmp slt i32 %1099, 8 br i1 %1100, label %1101, label %1105, !prof !4, !misexpect !8 %1106 = sext i32 %841 to i64 %1107 = getelementptr i8, i8* %66, i64 %1106 %1108 = icmp eq i8* %1107, null br i1 %1108, label %1128, label %1109 %1110 = phi i8* [ %1107, %1105 ], [ %295, %1102 ] %1111 = load i8, i8* %1110, align 4 store i8 %1111, i8* %1098, align 2 %1112 = getelementptr inbounds i8, i8* %1110, i64 1 %1113 = load i8, i8* %1112, align 1 %1114 = getelementptr inbounds i8, i8* %1098, i64 1 store i8 %1113, i8* %1114, align 1 %1115 = load i8, i8* %1110, align 4 switch i8 %1115, label %1125 [ i8 8, label %1116 i8 0, label %1116 i8 13, label %1116 i8 14, label %1116 i8 -128, label %1116 i8 -127, label %1116 ] %1126 = getelementptr inbounds i8, i8* %1098, i64 2 %1127 = bitcast i8* %1126 to i16* store i16 0, i16* %1127, align 2 br label %1128 br label %1129 %1130 = phi i16 [ %840, %839 ], [ %840, %1089 ], [ 18312, %1059 ], [ -8826, %1056 ], [ %840, %1055 ], [ 8, %1052 ], [ %840, %1051 ], [ %840, %1047 ], [ %840, %1015 ], [ %989, %988 ], [ %840, %844 ], [ %840, %1090 ], [ %840, %1128 ] %1131 = phi i32 [ %841, %839 ], [ %841, %1089 ], [ %841, %1059 ], [ %841, %1056 ], [ %841, %1055 ], [ %841, %1052 ], [ %841, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %841, %844 ], [ %841, %1090 ], [ %841, %1128 ] %1132 = phi i8 [ %843, %839 ], [ 6, %1089 ], [ -119, %1059 ], [ 41, %1056 ], [ 41, %1055 ], [ 4, %1052 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ 47, %844 ], [ %843, %1090 ], [ %843, %1128 ] %1133 = phi i32 [ 4, %839 ], [ 4, %1089 ], [ 2, %1059 ], [ %266, %1056 ], [ 0, %1055 ], [ %266, %1052 ], [ 0, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 0, %844 ], [ 4, %1090 ], [ 4, %1128 ] %1134 = load i32, i32* %263, align 4 %1135 = and i32 %1134, 1 %1136 = icmp eq i32 %1135, 0 br i1 %1136, label %1137, label %1184 %1138 = load i32, i32* %22, align 4 %1139 = load i32, i32* %245, align 4 %1140 = and i32 %1139, 16 %1141 = icmp eq i32 %1140, 0 br i1 %1141, label %1142, label %1145 %1143 = and i32 %1139, 32 %1144 = icmp eq i32 %1143, 0 br i1 %1144, label %1184, label %1145 %1146 = phi i64 [ 5, %1142 ], [ 4, %1137 ] %1147 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1146 %1148 = load i16, i16* %1147, align 2 %1149 = zext i16 %1148 to i64 %1150 = getelementptr i8, i8* %3, i64 %1149 switch i8 %1132, label %1152 [ i8 6, label %1153 i8 17, label %1153 i8 33, label %1153 i8 50, label %1153 i8 -124, label %1153 i8 -120, label %1153 i8 51, label %1151 ] br label %1153 %1154 = phi i1 [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1145 ], [ true, %1151 ], [ false, %1152 ] %1155 = phi i32 [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 0, %1145 ], [ 4, %1151 ], [ -22, %1152 ] br i1 %306, label %1156, label %1161 %1157 = load i8*, i8** %307, align 8 %1158 = load i32, i32* %308, align 8 %1159 = load i32, i32* %309, align 4 %1160 = sub i32 %1158, %1159 br label %1161 %1162 = phi i32 [ %1138, %1153 ], [ %1160, %1156 ] %1163 = phi i8* [ %66, %1153 ], [ %1157, %1156 ] br i1 %1154, label %1164, label %1181 %1165 = add i32 %1155, %1131 %1166 = sub i32 %1162, %1165 %1167 = icmp slt i32 %1166, 4 br i1 %1167, label %1168, label %1172, !prof !4, !misexpect !8 br i1 %75, label %1176, label %1169 %1170 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %1165, i8* nonnull %310, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1020 = icmp eq i16 %840, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %841 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !8 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %300, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1020 = icmp eq i16 %840, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %841 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !8 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %300, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1020 = icmp eq i16 %840, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %841 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !8 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %300, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1020 = icmp eq i16 %840, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %841 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !8 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %300, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1020 = icmp eq i16 %840, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %841 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !8 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %300, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %320 = load i32, i32* %22, align 4 %321 = sub i32 %320, %313 %322 = icmp slt i32 %321, 20 br i1 %322, label %323, label %327, !prof !4, !misexpect !8 br i1 %75, label %387, label %324 %325 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %290, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %320 = load i32, i32* %22, align 4 %321 = sub i32 %320, %313 %322 = icmp slt i32 %321, 20 br i1 %322, label %323, label %327, !prof !4, !misexpect !8 br i1 %75, label %387, label %324 %325 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %290, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %320 = load i32, i32* %22, align 4 %321 = sub i32 %320, %313 %322 = icmp slt i32 %321, 20 br i1 %322, label %323, label %327, !prof !4, !misexpect !8 br i1 %75, label %387, label %324 %325 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %290, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %320 = load i32, i32* %22, align 4 %321 = sub i32 %320, %313 %322 = icmp slt i32 %321, 20 br i1 %322, label %323, label %327, !prof !4, !misexpect !8 br i1 %75, label %387, label %324 %325 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %290, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %320 = load i32, i32* %22, align 4 %321 = sub i32 %320, %313 %322 = icmp slt i32 %321, 20 br i1 %322, label %323, label %327, !prof !4, !misexpect !8 br i1 %75, label %387, label %324 %325 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %290, i32 20) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %993 = icmp eq i16 %840, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %841 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !8 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %33, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %993 = icmp eq i16 %840, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %841 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !8 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %33, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %993 = icmp eq i16 %840, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %841 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !8 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %33, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %993 = icmp eq i16 %840, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %841 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !8 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %33, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %993 = icmp eq i16 %840, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %841 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !8 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %33, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %542 = load i32, i32* %22, align 4 %543 = sub i32 %542, %313 %544 = icmp slt i32 %543, 8 br i1 %544, label %545, label %549, !prof !4, !misexpect !8 br i1 %75, label %561, label %546 %547 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %278, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %542 = load i32, i32* %22, align 4 %543 = sub i32 %542, %313 %544 = icmp slt i32 %543, 8 br i1 %544, label %545, label %549, !prof !4, !misexpect !8 br i1 %75, label %561, label %546 %547 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %278, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %542 = load i32, i32* %22, align 4 %543 = sub i32 %542, %313 %544 = icmp slt i32 %543, 8 br i1 %544, label %545, label %549, !prof !4, !misexpect !8 br i1 %75, label %561, label %546 %547 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %278, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %542 = load i32, i32* %22, align 4 %543 = sub i32 %542, %313 %544 = icmp slt i32 %543, 8 br i1 %544, label %545, label %549, !prof !4, !misexpect !8 br i1 %75, label %561, label %546 %547 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %278, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %542 = load i32, i32* %22, align 4 %543 = sub i32 %542, %313 %544 = icmp slt i32 %543, 8 br i1 %544, label %545, label %549, !prof !4, !misexpect !8 br i1 %75, label %561, label %546 %547 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %278, i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %566 = load i32, i32* %22, align 4 %567 = sub i32 %566, %313 %568 = icmp slt i32 %567, 16 br i1 %568, label %569, label %573, !prof !4, !misexpect !8 br i1 %75, label %598, label %570 %571 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %273, i32 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %566 = load i32, i32* %22, align 4 %567 = sub i32 %566, %313 %568 = icmp slt i32 %567, 16 br i1 %568, label %569, label %573, !prof !4, !misexpect !8 br i1 %75, label %598, label %570 %571 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %273, i32 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %566 = load i32, i32* %22, align 4 %567 = sub i32 %566, %313 %568 = icmp slt i32 %567, 16 br i1 %568, label %569, label %573, !prof !4, !misexpect !8 br i1 %75, label %598, label %570 %571 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %273, i32 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %566 = load i32, i32* %22, align 4 %567 = sub i32 %566, %313 %568 = icmp slt i32 %567, 16 br i1 %568, label %569, label %573, !prof !4, !misexpect !8 br i1 %75, label %598, label %570 %571 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %273, i32 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %566 = load i32, i32* %22, align 4 %567 = sub i32 %566, %313 %568 = icmp slt i32 %567, 16 br i1 %568, label %569, label %573, !prof !4, !misexpect !8 br i1 %75, label %598, label %570 %571 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %273, i32 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %894, i8* nonnull %302, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %894, i8* nonnull %302, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %894, i8* nonnull %302, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %894, i8* nonnull %302, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] br i1 %299, label %845, label %1129 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %841 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !8 %854 = sext i32 %841 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %301, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] %894 = add i32 %893, %841 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !8 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %894, i8* nonnull %302, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 ipv6_skip_exthdr 2 icmp6_send 3 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.873416, %struct.sk_buff.873416* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.744749*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.873416*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.873416* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #83 Function:icmp6_send %7 = alloca %struct.dst_entry.744500*, align 8 %8 = alloca %struct.dst_entry.744500*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca %struct.icmp6hdr, align 4 %15 = alloca %struct.flowi6, align 8 %16 = alloca %struct.icmpv6_msg, align 8 %17 = alloca %struct.ipcm6_cookie, align 8 %18 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 40 %19 = load i8*, i8** %18, align 8 %20 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 35 %21 = load i16, i16* %20, align 4 %22 = zext i16 %21 to i64 %23 = getelementptr i8, i8* %19, i64 %22 %24 = getelementptr inbounds %struct.icmp6hdr, %struct.icmp6hdr* %14, i64 0, i32 0 %25 = bitcast %struct.flowi6* %15 to i8* %26 = bitcast %struct.icmpv6_msg* %16 to i8* %27 = bitcast %struct.ipcm6_cookie* %17 to i8* %28 = icmp ult i8* %23, %19 br i1 %28, label %487, label %29 %30 = getelementptr i8, i8* %23, i64 40 %31 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 38 %32 = load i32, i32* %31, align 8 %33 = zext i32 %32 to i64 %34 = getelementptr i8, i8* %19, i64 %33 %35 = icmp ugt i8* %30, %34 br i1 %35, label %487, label %36 %37 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %38 = load %struct.net_device.744736*, %struct.net_device.744736** %37, align 8 %39 = icmp eq %struct.net_device.744736* %38, null br i1 %39, label %487, label %40 %41 = getelementptr inbounds %struct.net_device.744736, %struct.net_device.744736* %38, i64 0, i32 110, i32 0 %42 = load %struct.net.744609*, %struct.net.744609** %41, align 8 %43 = getelementptr inbounds %struct.net.744609, %struct.net.744609* %42, i64 0, i32 35, i32 1, i32 26 %44 = load i8, i8* %43, align 2 %45 = icmp eq i8 %44, 0 br i1 %45, label %49, label %46 %50 = phi i32 [ %48, %46 ], [ 0, %40 ] %51 = getelementptr inbounds i8, i8* %23, i64 24 %52 = bitcast i8* %51 to %struct.in6_addr* %53 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %52) #83 %54 = load %struct.net_device.744736*, %struct.net_device.744736** %37, align 8 %55 = tail call i32 bitcast (i32 (%struct.net.872340*, %struct.in6_addr*, %struct.net_device.872226*, i32)* @ipv6_chk_addr to i32 (%struct.net.744609*, %struct.in6_addr*, %struct.net_device.744736*, i32)*)(%struct.net.744609* %42, %struct.in6_addr* %52, %struct.net_device.744736* %54, i32 0) #83 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %60 br label %61 %62 = phi %struct.in6_addr* [ %52, %60 ], [ null, %57 ] %63 = and i32 %53, 2 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %70 %66 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 16 %67 = load i16, i16* %66, align 8 %68 = and i16 %67, 7 %69 = icmp eq i16 %68, 0 br i1 %69, label %108, label %70 switch i8 %1, label %487 [ i8 2, label %108 i8 4, label %71 ] %72 = icmp eq i8 %2, 2 br i1 %72, label %73, label %487 %74 = load i8*, i8** %18, align 8 %75 = load i16, i16* %20, align 4 %76 = zext i16 %75 to i64 %77 = getelementptr i8, i8* %74, i64 %76 %78 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 41 %79 = bitcast i8** %78 to i64* %80 = load i64, i64* %79, align 8 %81 = ptrtoint i8* %77 to i64 %82 = sub i64 %81, %80 %83 = trunc i64 %82 to i32 %84 = add i32 %83, %3 %85 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 6 %86 = load i32, i32* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 7 %88 = load i32, i32* %87, align 4 %89 = sub i32 %86, %88 %90 = sub i32 %89, %84 %91 = icmp sgt i32 %90, 0 br i1 %91, label %97, label %92, !prof !4, !misexpect !5 %98 = inttoptr i64 %80 to i8* %99 = sext i32 %84 to i64 %100 = getelementptr i8, i8* %98, i64 %99 %101 = icmp eq i8* %100, null br i1 %101, label %102, label %103 br label %108 %109 = phi %struct.in6_addr* [ %62, %65 ], [ null, %70 ], [ null, %103 ], [ null, %102 ] %110 = getelementptr inbounds i8, i8* %23, i64 8 %111 = bitcast i8* %110 to %struct.in6_addr* %112 = call i32 @__ipv6_addr_type(%struct.in6_addr* %111) #83 %113 = and i32 %112, 65535 %114 = and i32 %112, 32 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %122 %117 = and i32 %112, 2 %118 = icmp ne i32 %117, 0 %119 = and i32 %112, 48 %120 = icmp ne i32 %119, 0 %121 = and i1 %118, %120 br i1 %121, label %122, label %145 %146 = phi i32 [ %125, %127 ], [ %144, %137 ], [ %125, %132 ], [ 0, %116 ] %147 = icmp ne i32 %113, 0 %148 = and i32 %112, 2 %149 = icmp eq i32 %148, 0 %150 = and i1 %147, %149 br i1 %150, label %151, label %487 %152 = load i8*, i8** %18, align 8 %153 = load i16, i16* %20, align 4 %154 = zext i16 %153 to i64 %155 = getelementptr i8, i8* %152, i64 %154 %156 = getelementptr i8, i8* %155, i64 40 %157 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 41 %158 = bitcast i8** %157 to i64* %159 = load i64, i64* %158, align 8 %160 = ptrtoint i8* %156 to i64 %161 = sub i64 %160, %159 %162 = trunc i64 %161 to i32 %163 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 6 %164 = load i32, i32* %163, align 8 %165 = sub i32 %164, %162 %166 = getelementptr inbounds i8, i8* %155, i64 6 %167 = load i8, i8* %166, align 2 store i8 %167, i8* %10, align 1 %168 = bitcast i16* %11 to i8* %169 = icmp slt i32 %165, 0 br i1 %169, label %197, label %170 %171 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.744749*, i32, i8*, i16*)*)(%struct.sk_buff.744749* %0, i32 %162, i8* nonnull %10, i16* nonnull %11) #83 Function:ipv6_skip_exthdr %5 = alloca [2 x i8], align 1 %6 = alloca i16, align 2 %7 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %8 = load i8, i8* %2, align 1 store i16 0, i16* %3, align 2 %9 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %10 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %11 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %12 = icmp eq %struct.sk_buff* %0, null %13 = bitcast i16* %6 to i8* br label %14 %15 = phi i8 [ %8, %4 ], [ %75, %73 ] %16 = phi i32 [ %1, %4 ], [ %76, %73 ] switch i8 %15, label %77 [ i8 0, label %17 i8 43, label %17 i8 44, label %17 i8 51, label %17 i8 59, label %17 i8 60, label %17 ] %18 = icmp eq i8 %15, 59 br i1 %18, label %72, label %19 %20 = load i32, i32* %9, align 8 %21 = load i32, i32* %10, align 4 %22 = sub i32 %20, %16 %23 = sub i32 %22, %21 %24 = icmp slt i32 %23, 2 br i1 %24, label %25, label %29, !prof !4, !misexpect !5 br i1 %12, label %72, label %26 %27 = call i32 @skb_copy_bits(%struct.sk_buff* nonnull %0, i32 %16, i8* nonnull %7, i32 2) #83 %28 = icmp sgt i32 %27, -1 br i1 %28, label %34, label %72 %35 = phi i8* [ %32, %29 ], [ %7, %26 ] %36 = icmp eq i8 %15, 44 br i1 %36, label %37, label %61 %38 = add i32 %16, 2 %39 = load i32, i32* %9, align 8 %40 = load i32, i32* %10, align 4 %41 = sub i32 %39, %38 %42 = sub i32 %41, %40 %43 = icmp slt i32 %42, 2 br i1 %43, label %44, label %48, !prof !4, !misexpect !5 br i1 %12, label %53, label %45 %46 = call i32 @skb_copy_bits(%struct.sk_buff* nonnull %0, i32 %38, i8* nonnull %13, i32 2) #83 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %165, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %166, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %117, label %42 %43 = phi i64 [ %108, %104 ], [ 0, %29 ] %44 = phi i8* [ %112, %104 ], [ %38, %29 ] %45 = phi i32 [ %107, %104 ], [ %32, %29 ] %46 = phi i8* [ %106, %104 ], [ %31, %29 ] %47 = phi i32 [ %105, %104 ], [ %30, %29 ] %48 = phi i32 [ %57, %104 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.64787, i64 0, i64 0), i32 2342, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "769:\0A\09.pushsection .discard.reachable\0A\09.long 769b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %54 %55 = getelementptr [17 x %struct.page_frag], [17 x %struct.page_frag]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %104 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag], [17 x %struct.page_frag]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %97, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag], [17 x %struct.page_frag]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page*, %struct.page** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page, %struct.page* %71, i64 %73 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !9 %76 = inttoptr i64 %75 to %struct.task_struct* %77 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 176 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @preempt_count_sub(i32 1) #83 %92 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !13 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %97, !prof !4, !misexpect !5 %96 = tail call i64 asm sideeffect "call __SCT__preempt_schedule", "={rsp},0,~{dirflag},~{fpsr},~{flags}"(i64 %95) #6, !srcloc !14 br label %97 %98 = sub i32 %47, %62 %99 = icmp eq i32 %98, 0 %100 = sext i32 %62 to i64 %101 = getelementptr i8, i8* %46, i64 %100 %102 = select i1 %99, i32 0, i32 %62 %103 = add i32 %102, %45 br i1 %99, label %166, label %104 %105 = phi i32 [ %98, %97 ], [ %47, %54 ] %106 = phi i8* [ %101, %97 ], [ %46, %54 ] %107 = phi i32 [ %103, %97 ], [ %45, %54 ] %108 = add nuw nsw i64 %43, 1 %109 = load i8*, i8** %33, align 8 %110 = load i32, i32* %35, align 4 %111 = zext i32 %110 to i64 %112 = getelementptr i8, i8* %109, i64 %111 %113 = getelementptr inbounds i8, i8* %112, i64 2 %114 = load i8, i8* %113, align 2 %115 = zext i8 %114 to i64 %116 = icmp ult i64 %108, %115 br i1 %116, label %42, label %117 %118 = phi i32 [ %9, %29 ], [ %57, %104 ] %119 = phi i32 [ %30, %29 ], [ %105, %104 ] %120 = phi i8* [ %31, %29 ], [ %106, %104 ] %121 = phi i32 [ %32, %29 ], [ %107, %104 ] %122 = phi i8* [ %38, %29 ], [ %112, %104 ] %123 = getelementptr inbounds i8, i8* %122, i64 8 %124 = bitcast i8* %123 to %struct.sk_buff** %125 = load %struct.sk_buff*, %struct.sk_buff** %124, align 8 %126 = icmp eq %struct.sk_buff* %125, null br i1 %126, label %162, label %127 %128 = phi %struct.sk_buff* [ %160, %155 ], [ %125, %117 ] %129 = phi i32 [ %158, %155 ], [ %121, %117 ] %130 = phi i8* [ %157, %155 ], [ %120, %117 ] %131 = phi i32 [ %156, %155 ], [ %119, %117 ] %132 = phi i32 [ %139, %155 ], [ %118, %117 ] %133 = add i32 %129, %131 %134 = icmp sgt i32 %132, %133 br i1 %134, label %135, label %136, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.64787, i64 0, i64 0), i32 2372, i32 2305, i64 12) #6, !srcloc !15 tail call void asm sideeffect "775:\0A\09.pushsection .discard.reachable\0A\09.long 775b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %136 %137 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %128, i64 0, i32 6 %138 = load i32, i32* %137, align 8 %139 = add i32 %138, %132 %140 = sub i32 %139, %129 %141 = icmp sgt i32 %140, 0 br i1 %141, label %142, label %155 %143 = icmp sgt i32 %140, %131 %144 = select i1 %143, i32 %131, i32 %140 %145 = sub i32 %129, %132 %146 = tail call i32 @skb_copy_bits(%struct.sk_buff* nonnull %128, i32 %145, i8* %130, i32 %144) #84 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __pskb_pull_tail 2 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %26) #83 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %63) #83 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff* %0, i32 0, i32 %27, i32 2592) #83 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %287 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff* %0, i32 %38, i8* %42, i32 %1) #83 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %165, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %166, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %117, label %42 %43 = phi i64 [ %108, %104 ], [ 0, %29 ] %44 = phi i8* [ %112, %104 ], [ %38, %29 ] %45 = phi i32 [ %107, %104 ], [ %32, %29 ] %46 = phi i8* [ %106, %104 ], [ %31, %29 ] %47 = phi i32 [ %105, %104 ], [ %30, %29 ] %48 = phi i32 [ %57, %104 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.64787, i64 0, i64 0), i32 2342, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "769:\0A\09.pushsection .discard.reachable\0A\09.long 769b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %54 %55 = getelementptr [17 x %struct.page_frag], [17 x %struct.page_frag]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %104 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag], [17 x %struct.page_frag]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %97, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag], [17 x %struct.page_frag]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page*, %struct.page** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page, %struct.page* %71, i64 %73 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !9 %76 = inttoptr i64 %75 to %struct.task_struct* %77 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 176 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @preempt_count_sub(i32 1) #83 %92 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !13 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %97, !prof !4, !misexpect !5 %96 = tail call i64 asm sideeffect "call __SCT__preempt_schedule", "={rsp},0,~{dirflag},~{fpsr},~{flags}"(i64 %95) #6, !srcloc !14 br label %97 %98 = sub i32 %47, %62 %99 = icmp eq i32 %98, 0 %100 = sext i32 %62 to i64 %101 = getelementptr i8, i8* %46, i64 %100 %102 = select i1 %99, i32 0, i32 %62 %103 = add i32 %102, %45 br i1 %99, label %166, label %104 %105 = phi i32 [ %98, %97 ], [ %47, %54 ] %106 = phi i8* [ %101, %97 ], [ %46, %54 ] %107 = phi i32 [ %103, %97 ], [ %45, %54 ] %108 = add nuw nsw i64 %43, 1 %109 = load i8*, i8** %33, align 8 %110 = load i32, i32* %35, align 4 %111 = zext i32 %110 to i64 %112 = getelementptr i8, i8* %109, i64 %111 %113 = getelementptr inbounds i8, i8* %112, i64 2 %114 = load i8, i8* %113, align 2 %115 = zext i8 %114 to i64 %116 = icmp ult i64 %108, %115 br i1 %116, label %42, label %117 %118 = phi i32 [ %9, %29 ], [ %57, %104 ] %119 = phi i32 [ %30, %29 ], [ %105, %104 ] %120 = phi i8* [ %31, %29 ], [ %106, %104 ] %121 = phi i32 [ %32, %29 ], [ %107, %104 ] %122 = phi i8* [ %38, %29 ], [ %112, %104 ] %123 = getelementptr inbounds i8, i8* %122, i64 8 %124 = bitcast i8* %123 to %struct.sk_buff** %125 = load %struct.sk_buff*, %struct.sk_buff** %124, align 8 %126 = icmp eq %struct.sk_buff* %125, null br i1 %126, label %162, label %127 %128 = phi %struct.sk_buff* [ %160, %155 ], [ %125, %117 ] %129 = phi i32 [ %158, %155 ], [ %121, %117 ] %130 = phi i8* [ %157, %155 ], [ %120, %117 ] %131 = phi i32 [ %156, %155 ], [ %119, %117 ] %132 = phi i32 [ %139, %155 ], [ %118, %117 ] %133 = add i32 %129, %131 %134 = icmp sgt i32 %132, %133 br i1 %134, label %135, label %136, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.64787, i64 0, i64 0), i32 2372, i32 2305, i64 12) #6, !srcloc !15 tail call void asm sideeffect "775:\0A\09.pushsection .discard.reachable\0A\09.long 775b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %136 %137 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %128, i64 0, i32 6 %138 = load i32, i32* %137, align 8 %139 = add i32 %138, %132 %140 = sub i32 %139, %129 %141 = icmp sgt i32 %140, 0 br i1 %141, label %142, label %155 %143 = icmp sgt i32 %140, %131 %144 = select i1 %143, i32 %131, i32 %140 %145 = sub i32 %129, %132 %146 = tail call i32 @skb_copy_bits(%struct.sk_buff* nonnull %128, i32 %145, i8* %130, i32 %144) #84 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __skb_flow_dissect 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %800 = load i32, i32* %22, align 4 %801 = sub i32 %800, %313 %802 = icmp slt i32 %801, 34 br i1 %802, label %803, label %807, !prof !4, !misexpect !8 br i1 %75, label %819, label %804 %820 = phi i32 [ %313, %807 ], [ %818, %811 ], [ %313, %804 ], [ %313, %803 ] %821 = phi i32 [ 1, %807 ], [ 0, %811 ], [ 1, %804 ], [ 1, %803 ] br label %822 %823 = phi i16 [ -2168, %819 ], [ %796, %795 ], [ %312, %766 ], [ %312, %668 ], [ -13688, %598 ], [ %562, %561 ], [ %537, %536 ], [ -8826, %456 ], [ 8, %387 ] %824 = phi i32 [ %820, %819 ], [ %797, %795 ], [ %313, %766 ], [ %671, %668 ], [ %313, %598 ], [ %563, %561 ], [ %538, %536 ], [ %457, %456 ], [ %388, %387 ] %825 = phi i8 [ %314, %819 ], [ %314, %795 ], [ %314, %766 ], [ %669, %668 ], [ %314, %598 ], [ %314, %561 ], [ %314, %536 ], [ %314, %456 ], [ %314, %387 ] %826 = phi i8 [ %316, %819 ], [ %316, %795 ], [ %316, %766 ], [ %316, %668 ], [ %316, %598 ], [ %316, %561 ], [ %316, %536 ], [ %458, %456 ], [ %389, %387 ] %827 = phi i32 [ %317, %819 ], [ %317, %795 ], [ %317, %766 ], [ %672, %668 ], [ %317, %598 ], [ %317, %561 ], [ %317, %536 ], [ %317, %456 ], [ %317, %387 ] %828 = phi i32 [ %318, %819 ], [ %318, %795 ], [ %318, %766 ], [ %318, %668 ], [ %318, %598 ], [ %318, %561 ], [ %539, %536 ], [ %318, %456 ], [ %318, %387 ] %829 = phi i32 [ %821, %819 ], [ %798, %795 ], [ %767, %766 ], [ %670, %668 ], [ %599, %598 ], [ %564, %561 ], [ %540, %536 ], [ %459, %456 ], [ %390, %387 ] switch i32 %829, label %1206 [ i32 0, label %1191 i32 2, label %831 i32 4, label %830 i32 3, label %830 ] br label %839 %840 = phi i16 [ %1130, %1188 ], [ %823, %830 ] %841 = phi i32 [ %1131, %1188 ], [ %824, %830 ] %842 = phi i32 [ %1189, %1188 ], [ %315, %830 ] %843 = phi i8 [ %1132, %1188 ], [ %826, %830 ] switch i8 %843, label %1129 [ i8 47, label %844 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1055 i8 -119, label %1059 i8 6, label %1060 i8 1, label %1090 i8 58, label %1090 ] %1061 = load i32, i32* %22, align 4 %1062 = load i32, i32* %245, align 4 %1063 = and i32 %1062, 1048576 %1064 = icmp eq i32 %1063, 0 br i1 %1064, label %1089, label %1065 %1066 = sub i32 %1061, %841 %1067 = icmp slt i32 %1066, 20 br i1 %1067, label %1068, label %1072, !prof !4, !misexpect !8 br i1 %75, label %1089, label %1069 %1070 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %841, i8* nonnull %296, i32 20) #83 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %165, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %166, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %117, label %42 %43 = phi i64 [ %108, %104 ], [ 0, %29 ] %44 = phi i8* [ %112, %104 ], [ %38, %29 ] %45 = phi i32 [ %107, %104 ], [ %32, %29 ] %46 = phi i8* [ %106, %104 ], [ %31, %29 ] %47 = phi i32 [ %105, %104 ], [ %30, %29 ] %48 = phi i32 [ %57, %104 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.64787, i64 0, i64 0), i32 2342, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "769:\0A\09.pushsection .discard.reachable\0A\09.long 769b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %54 %55 = getelementptr [17 x %struct.page_frag], [17 x %struct.page_frag]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %104 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag], [17 x %struct.page_frag]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %97, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag], [17 x %struct.page_frag]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page*, %struct.page** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page, %struct.page* %71, i64 %73 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !9 %76 = inttoptr i64 %75 to %struct.task_struct* %77 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 176 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @preempt_count_sub(i32 1) #83 %92 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !13 %93 = icmp eq i32 %92, 0 br i1 %93, label %94, label %97, !prof !4, !misexpect !5 %96 = tail call i64 asm sideeffect "call __SCT__preempt_schedule", "={rsp},0,~{dirflag},~{fpsr},~{flags}"(i64 %95) #6, !srcloc !14 br label %97 %98 = sub i32 %47, %62 %99 = icmp eq i32 %98, 0 %100 = sext i32 %62 to i64 %101 = getelementptr i8, i8* %46, i64 %100 %102 = select i1 %99, i32 0, i32 %62 %103 = add i32 %102, %45 br i1 %99, label %166, label %104 %105 = phi i32 [ %98, %97 ], [ %47, %54 ] %106 = phi i8* [ %101, %97 ], [ %46, %54 ] %107 = phi i32 [ %103, %97 ], [ %45, %54 ] %108 = add nuw nsw i64 %43, 1 %109 = load i8*, i8** %33, align 8 %110 = load i32, i32* %35, align 4 %111 = zext i32 %110 to i64 %112 = getelementptr i8, i8* %109, i64 %111 %113 = getelementptr inbounds i8, i8* %112, i64 2 %114 = load i8, i8* %113, align 2 %115 = zext i8 %114 to i64 %116 = icmp ult i64 %108, %115 br i1 %116, label %42, label %117 %118 = phi i32 [ %9, %29 ], [ %57, %104 ] %119 = phi i32 [ %30, %29 ], [ %105, %104 ] %120 = phi i8* [ %31, %29 ], [ %106, %104 ] %121 = phi i32 [ %32, %29 ], [ %107, %104 ] %122 = phi i8* [ %38, %29 ], [ %112, %104 ] %123 = getelementptr inbounds i8, i8* %122, i64 8 %124 = bitcast i8* %123 to %struct.sk_buff** %125 = load %struct.sk_buff*, %struct.sk_buff** %124, align 8 %126 = icmp eq %struct.sk_buff* %125, null br i1 %126, label %162, label %127 %128 = phi %struct.sk_buff* [ %160, %155 ], [ %125, %117 ] %129 = phi i32 [ %158, %155 ], [ %121, %117 ] %130 = phi i8* [ %157, %155 ], [ %120, %117 ] %131 = phi i32 [ %156, %155 ], [ %119, %117 ] %132 = phi i32 [ %139, %155 ], [ %118, %117 ] %133 = add i32 %129, %131 %134 = icmp sgt i32 %132, %133 br i1 %134, label %135, label %136, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.64787, i64 0, i64 0), i32 2372, i32 2305, i64 12) #6, !srcloc !15 tail call void asm sideeffect "775:\0A\09.pushsection .discard.reachable\0A\09.long 775b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %136 %137 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %128, i64 0, i32 6 %138 = load i32, i32* %137, align 8 %139 = add i32 %138, %132 %140 = sub i32 %139, %129 %141 = icmp sgt i32 %140, 0 br i1 %141, label %142, label %155 %143 = icmp sgt i32 %140, %131 %144 = select i1 %143, i32 %131, i32 %140 %145 = sub i32 %129, %132 %146 = tail call i32 @skb_copy_bits(%struct.sk_buff* nonnull %128, i32 %145, i8* %130, i32 %144) #84 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %26) #83 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %63) #83 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff* %0, i32 0, i32 %27, i32 2592) #83 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %287 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff* %0, i32 %38, i8* %42, i32 %1) #83 ------------- Good: 5678 Bad: 103 Ignored: 14001 Check Use of Function:consume_skb Use: =BAD PATH= Call Stack: 0 do_mq_notify 1 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #83 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mq_notify 1 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #83 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mq_notify 1 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 ------------- Good: 253 Bad: 3 Ignored: 319 Check Use of Function:__pskb_pull_tail Use: =BAD PATH= Call Stack: 0 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %490, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.841818*, i32)*)(%struct.sk_buff.841818* %0, i32 %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %26) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %26) #83 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %63) #83 ------------- Good: 902 Bad: 3 Ignored: 2120 Check Use of Function:azx_probe_codecs Check Use of Function:skb_copy_expand Check Use of Function:__ieee80211_rx_h_amsdu Check Use of Function:acpi_early_processor_set_pdc Check Use of Function:ieee80211_sta_cap_rx_bw Check Use of Function:cfg80211_rx_mgmt_khz Check Use of Function:ieee80211_sta_get_rates Check Use of Function:ieee80211_send_4addr_nullfunc Check Use of Function:propagate_mount_busy Check Use of Function:ioam6_exit Check Use of Function:translate_table.69877 Check Use of Function:dec_usb_memory_use_count Check Use of Function:cfg80211_assoc_timeout Check Use of Function:ieee80211_setup_sdata Check Use of Function:finalize_exec Check Use of Function:__neigh_event_send Check Use of Function:ieee80211_request_sched_scan_stop Check Use of Function:ieee80211_sta_tear_down_BA_sessions Check Use of Function:ieee80211_wake_queues_by_reason Check Use of Function:blkdev_ioctl Check Use of Function:gen_replace_estimator Check Use of Function:pcie_walk_rcec Check Use of Function:nla_strscpy Check Use of Function:drv_remove_interface Check Use of Function:selinux_status_update_setenforce Check Use of Function:pci_disable_msi Check Use of Function:is_subdir Check Use of Function:security_bprm_committed_creds Check Use of Function:write_iter_null Check Use of Function:cfg80211_iftype_allowed Check Use of Function:ieee80211_dfs_cac_cancel Check Use of Function:nl80211_parse_mon_options Check Use of Function:netlink_unicast Check Use of Function:refcount_warn_saturate Use: =BAD PATH= Call Stack: 0 xprt_switch_get 1 rpc_sysfs_xprt_switch_info_show ------------- Path:  Function:rpc_sysfs_xprt_switch_info_show %4 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1, i32 1 %5 = bitcast %struct.list_head* %4 to %struct.rpc_xprt_switch** %6 = load %struct.rpc_xprt_switch*, %struct.rpc_xprt_switch** %5, align 8 %7 = tail call %struct.rpc_xprt_switch* @xprt_switch_get(%struct.rpc_xprt_switch* %6) #83 Function:xprt_switch_get %2 = icmp eq %struct.rpc_xprt_switch* %0, null br i1 %2, label %27, label %3 %4 = getelementptr inbounds %struct.rpc_xprt_switch, %struct.rpc_xprt_switch* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %19, label %9 %10 = phi i32 [ %17, %16 ], [ %7, %3 ] %11 = add i32 %10, 1 %12 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %11, i32* %6, i32 %10) #6, !srcloc !4 %13 = extractvalue { i8, i32 } %12, 0 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %16, label %19, !prof !5, !misexpect !6 %17 = extractvalue { i8, i32 } %12, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %9 %20 = phi i32 [ 0, %3 ], [ %10, %9 ], [ 0, %16 ] %21 = add i32 %20, 1 %22 = or i32 %21, %20 %23 = icmp sgt i32 %22, -1 br i1 %23, label %25, label %24, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %5, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_rpccred 1 nfs_ctx_key_to_expire 2 nfs_key_timeout_notify 3 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.212839, %struct.kiocb.212839* %0, i64 0, i32 0 %4 = load %struct.file.213286*, %struct.file.213286** %3, align 8 %5 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %4, i64 0, i32 2 %6 = load %struct.inode.213279*, %struct.inode.213279** %5, align 8 %7 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %6, i64 0, i32 8 %8 = load %struct.super_block.213267*, %struct.super_block.213267** %7, align 8 %9 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.213423** %11 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.213286*, %struct.inode.213279*)*)(%struct.file.213286* %4, %struct.inode.213279* %6) #83 Function:nfs_key_timeout_notify %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.nfs_open_context** %5 = load %struct.nfs_open_context*, %struct.nfs_open_context** %4, align 8 %6 = tail call zeroext i1 @nfs_ctx_key_to_expire(%struct.nfs_open_context* %5, %struct.inode* %1) #83 Function:nfs_ctx_key_to_expire %3 = alloca %struct.auth_cred, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server** %8 = load %struct.nfs_server*, %struct.nfs_server** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server, %struct.nfs_server* %8, i64 0, i32 3 %10 = load %struct.rpc_clnt*, %struct.rpc_clnt** %9, align 8 %11 = getelementptr inbounds %struct.rpc_clnt, %struct.rpc_clnt* %10, i64 0, i32 11 %12 = load %struct.rpc_auth*, %struct.rpc_auth** %11, align 8 %13 = bitcast %struct.auth_cred* %3 to i8* %14 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 3 %15 = bitcast %struct.cred** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = bitcast %struct.auth_cred* %3 to i64* store i64 %16, i64* %17, align 8 %18 = getelementptr inbounds %struct.auth_cred, %struct.auth_cred* %3, i64 0, i32 1 store i8* null, i8** %18, align 8 tail call void @__rcu_read_lock() #83 %19 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 4 %20 = load volatile %struct.rpc_cred*, %struct.rpc_cred** %19, align 8 %21 = icmp eq %struct.rpc_cred* %20, null br i1 %21, label %31, label %22 %23 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %20, i64 0, i32 4 %24 = load %struct.rpc_credops*, %struct.rpc_credops** %23, align 8 %25 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %24, i64 0, i32 9 %26 = load i32 (%struct.rpc_cred*)*, i32 (%struct.rpc_cred*)** %25, align 8 %27 = icmp eq i32 (%struct.rpc_cred*)* %26, null br i1 %27, label %55, label %28 %29 = tail call i32 %26(%struct.rpc_cred* nonnull %20) #83 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 tail call void @__rcu_read_unlock() #83 %32 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %12, i64 0, i32 5 %33 = load %struct.rpc_authops*, %struct.rpc_authops** %32, align 8 %34 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %33, i64 0, i32 6 %35 = load %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)*, %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)** %34, align 8 %36 = call %struct.rpc_cred* %35(%struct.rpc_auth* %12, %struct.auth_cred* nonnull %3, i32 0) #83 %37 = icmp eq %struct.rpc_cred* %36, %20 br i1 %37, label %58, label %38 %59 = phi %struct.rpc_cred* [ %57, %55 ], [ %20, %31 ] %60 = phi i1 [ %56, %55 ], [ true, %31 ] call void @put_rpccred(%struct.rpc_cred* %59) #83 Function:put_rpccred %2 = icmp eq %struct.rpc_cred* %0, null br i1 %2, label %114, label %3 tail call void @__rcu_read_lock() #83 %4 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !4 %7 = icmp eq i32 %6, 1 br i1 %7, label %13, label %8 %9 = add i32 %6, -1 %10 = or i32 %9, %6 %11 = icmp sgt i32 %10, -1 br i1 %11, label %14, label %12, !prof !5, !misexpect !6 %15 = load volatile i32, i32* %5, align 4 %16 = icmp eq i32 %15, 1 br i1 %16, label %17, label %108 %18 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 6 %19 = load volatile i64, i64* %18, align 8 %20 = and i64 %19, 4 %21 = icmp eq i64 %20, 0 br i1 %21, label %108, label %22 %23 = load volatile i64, i64* %18, align 8 %24 = and i64 %23, 2 %25 = icmp eq i64 %24, 0 br i1 %25, label %61, label %26 %62 = load volatile i64, i64* %18, align 8 %63 = and i64 %62, 4 %64 = icmp eq i64 %63, 0 br i1 %64, label %108, label %65 %66 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 3 %67 = load %struct.rpc_auth*, %struct.rpc_auth** %66, align 8 %68 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %67, i64 0, i32 8 %69 = load %struct.rpc_cred_cache*, %struct.rpc_cred_cache** %68, align 8 %70 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %69, i64 0, i32 2, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %70) #83 %71 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %18, i64 2, i64* %18) #6, !srcloc !9 %72 = and i8 %71, 1 %73 = icmp eq i8 %72, 0 br i1 %73, label %82, label %74 %75 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 0, i32 0 %76 = load %struct.hlist_node*, %struct.hlist_node** %75, align 8 %77 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 0, i32 1 %78 = load %struct.hlist_node**, %struct.hlist_node*** %77, align 8 store volatile %struct.hlist_node* %76, %struct.hlist_node** %78, align 8 %79 = icmp eq %struct.hlist_node* %76, null br i1 %79, label %83, label %80 store volatile %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %77, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %70) #83 %84 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 1 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %84, i64 0, i32 0 %86 = load volatile %struct.list_head*, %struct.list_head** %85, align 8 %87 = icmp eq %struct.list_head* %86, %84 br i1 %87, label %99, label %88 %100 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !4 %101 = icmp eq i32 %100, 1 br i1 %101, label %107, label %102 %103 = add i32 %100, -1 %104 = or i32 %103, %100 %105 = icmp sgt i32 %104, -1 br i1 %105, label %108, label %106, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_rpccred 1 nfs_ctx_key_to_expire 2 nfs_key_timeout_notify 3 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.212839, %struct.kiocb.212839* %0, i64 0, i32 0 %4 = load %struct.file.213286*, %struct.file.213286** %3, align 8 %5 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %4, i64 0, i32 2 %6 = load %struct.inode.213279*, %struct.inode.213279** %5, align 8 %7 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %6, i64 0, i32 8 %8 = load %struct.super_block.213267*, %struct.super_block.213267** %7, align 8 %9 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.213423** %11 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.213286*, %struct.inode.213279*)*)(%struct.file.213286* %4, %struct.inode.213279* %6) #83 Function:nfs_key_timeout_notify %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.nfs_open_context** %5 = load %struct.nfs_open_context*, %struct.nfs_open_context** %4, align 8 %6 = tail call zeroext i1 @nfs_ctx_key_to_expire(%struct.nfs_open_context* %5, %struct.inode* %1) #83 Function:nfs_ctx_key_to_expire %3 = alloca %struct.auth_cred, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server** %8 = load %struct.nfs_server*, %struct.nfs_server** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server, %struct.nfs_server* %8, i64 0, i32 3 %10 = load %struct.rpc_clnt*, %struct.rpc_clnt** %9, align 8 %11 = getelementptr inbounds %struct.rpc_clnt, %struct.rpc_clnt* %10, i64 0, i32 11 %12 = load %struct.rpc_auth*, %struct.rpc_auth** %11, align 8 %13 = bitcast %struct.auth_cred* %3 to i8* %14 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 3 %15 = bitcast %struct.cred** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = bitcast %struct.auth_cred* %3 to i64* store i64 %16, i64* %17, align 8 %18 = getelementptr inbounds %struct.auth_cred, %struct.auth_cred* %3, i64 0, i32 1 store i8* null, i8** %18, align 8 tail call void @__rcu_read_lock() #83 %19 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 4 %20 = load volatile %struct.rpc_cred*, %struct.rpc_cred** %19, align 8 %21 = icmp eq %struct.rpc_cred* %20, null br i1 %21, label %31, label %22 %23 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %20, i64 0, i32 4 %24 = load %struct.rpc_credops*, %struct.rpc_credops** %23, align 8 %25 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %24, i64 0, i32 9 %26 = load i32 (%struct.rpc_cred*)*, i32 (%struct.rpc_cred*)** %25, align 8 %27 = icmp eq i32 (%struct.rpc_cred*)* %26, null br i1 %27, label %55, label %28 %29 = tail call i32 %26(%struct.rpc_cred* nonnull %20) #83 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 tail call void @__rcu_read_unlock() #83 %32 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %12, i64 0, i32 5 %33 = load %struct.rpc_authops*, %struct.rpc_authops** %32, align 8 %34 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %33, i64 0, i32 6 %35 = load %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)*, %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)** %34, align 8 %36 = call %struct.rpc_cred* %35(%struct.rpc_auth* %12, %struct.auth_cred* nonnull %3, i32 0) #83 %37 = icmp eq %struct.rpc_cred* %36, %20 br i1 %37, label %58, label %38 %59 = phi %struct.rpc_cred* [ %57, %55 ], [ %20, %31 ] %60 = phi i1 [ %56, %55 ], [ true, %31 ] call void @put_rpccred(%struct.rpc_cred* %59) #83 Function:put_rpccred %2 = icmp eq %struct.rpc_cred* %0, null br i1 %2, label %114, label %3 tail call void @__rcu_read_lock() #83 %4 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !4 %7 = icmp eq i32 %6, 1 br i1 %7, label %13, label %8 %9 = add i32 %6, -1 %10 = or i32 %9, %6 %11 = icmp sgt i32 %10, -1 br i1 %11, label %14, label %12, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 rpcauth_lookup_credcache 1 gss_lookup_cred 2 nfs_ctx_key_to_expire 3 nfs_key_timeout_notify 4 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.212839, %struct.kiocb.212839* %0, i64 0, i32 0 %4 = load %struct.file.213286*, %struct.file.213286** %3, align 8 %5 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %4, i64 0, i32 2 %6 = load %struct.inode.213279*, %struct.inode.213279** %5, align 8 %7 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %6, i64 0, i32 8 %8 = load %struct.super_block.213267*, %struct.super_block.213267** %7, align 8 %9 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.213423** %11 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.213286*, %struct.inode.213279*)*)(%struct.file.213286* %4, %struct.inode.213279* %6) #83 Function:nfs_key_timeout_notify %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.nfs_open_context** %5 = load %struct.nfs_open_context*, %struct.nfs_open_context** %4, align 8 %6 = tail call zeroext i1 @nfs_ctx_key_to_expire(%struct.nfs_open_context* %5, %struct.inode* %1) #83 Function:nfs_ctx_key_to_expire %3 = alloca %struct.auth_cred, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server** %8 = load %struct.nfs_server*, %struct.nfs_server** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server, %struct.nfs_server* %8, i64 0, i32 3 %10 = load %struct.rpc_clnt*, %struct.rpc_clnt** %9, align 8 %11 = getelementptr inbounds %struct.rpc_clnt, %struct.rpc_clnt* %10, i64 0, i32 11 %12 = load %struct.rpc_auth*, %struct.rpc_auth** %11, align 8 %13 = bitcast %struct.auth_cred* %3 to i8* %14 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 3 %15 = bitcast %struct.cred** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = bitcast %struct.auth_cred* %3 to i64* store i64 %16, i64* %17, align 8 %18 = getelementptr inbounds %struct.auth_cred, %struct.auth_cred* %3, i64 0, i32 1 store i8* null, i8** %18, align 8 tail call void @__rcu_read_lock() #83 %19 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 4 %20 = load volatile %struct.rpc_cred*, %struct.rpc_cred** %19, align 8 %21 = icmp eq %struct.rpc_cred* %20, null br i1 %21, label %31, label %22 %23 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %20, i64 0, i32 4 %24 = load %struct.rpc_credops*, %struct.rpc_credops** %23, align 8 %25 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %24, i64 0, i32 9 %26 = load i32 (%struct.rpc_cred*)*, i32 (%struct.rpc_cred*)** %25, align 8 %27 = icmp eq i32 (%struct.rpc_cred*)* %26, null br i1 %27, label %55, label %28 %29 = tail call i32 %26(%struct.rpc_cred* nonnull %20) #83 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 tail call void @__rcu_read_unlock() #83 %32 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %12, i64 0, i32 5 %33 = load %struct.rpc_authops*, %struct.rpc_authops** %32, align 8 %34 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %33, i64 0, i32 6 %35 = load %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)*, %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)** %34, align 8 %36 = call %struct.rpc_cred* %35(%struct.rpc_auth* %12, %struct.auth_cred* nonnull %3, i32 0) #83 Function:gss_lookup_cred %4 = tail call %struct.rpc_cred* @rpcauth_lookup_credcache(%struct.rpc_auth* %0, %struct.auth_cred* %1, i32 %2, i32 3136) #83 Function:rpcauth_lookup_credcache %5 = alloca %struct.list_head, align 8 %6 = bitcast %struct.list_head* %5 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 store %struct.list_head* %5, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 1 store %struct.list_head* %5, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %0, i64 0, i32 8 %10 = load %struct.rpc_cred_cache*, %struct.rpc_cred_cache** %9, align 8 %11 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %0, i64 0, i32 5 %12 = load %struct.rpc_authops*, %struct.rpc_authops** %11, align 8 %13 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %12, i64 0, i32 5 %14 = load i32 (%struct.auth_cred*, i32)*, i32 (%struct.auth_cred*, i32)** %13, align 8 %15 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 1 %16 = load i32, i32* %15, align 8 %17 = call i32 %14(%struct.auth_cred* %1, i32 %16) #83 call void @__rcu_read_lock() #83 %18 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 0 %19 = load %struct.hlist_head*, %struct.hlist_head** %18, align 8 %20 = zext i32 %17 to i64 %21 = getelementptr %struct.hlist_head, %struct.hlist_head* %19, i64 %20, i32 0 %22 = load volatile %struct.hlist_node*, %struct.hlist_node** %21, align 8 %23 = icmp eq %struct.hlist_node* %22, null br i1 %23, label %64, label %24 %25 = phi %struct.hlist_node* [ %60, %58 ], [ %22, %4 ] %26 = bitcast %struct.hlist_node* %25 to %struct.rpc_cred* %27 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %25, i64 3, i32 1 %28 = bitcast %struct.hlist_node*** %27 to %struct.rpc_credops** %29 = load %struct.rpc_credops*, %struct.rpc_credops** %28, align 8 %30 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %29, i64 0, i32 3 %31 = load i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)*, i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)** %30, align 8 %32 = call i32 %31(%struct.auth_cred* %1, %struct.rpc_cred* nonnull %26, i32 %2) #83 %33 = icmp eq i32 %32, 0 br i1 %33, label %58, label %34 %35 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %25, i64 5 %36 = bitcast %struct.hlist_node* %35 to %struct.seqcount_spinlock* %37 = bitcast %struct.hlist_node* %35 to i32* %38 = load volatile i32, i32* %37, align 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %50, label %40 %41 = phi i32 [ %48, %47 ], [ %38, %34 ] %42 = add i32 %41, 1 %43 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %37, i32 %42, i32* %37, i32 %41) #6, !srcloc !4 %44 = extractvalue { i8, i32 } %43, 0 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %47, label %50, !prof !5, !misexpect !6 %48 = extractvalue { i8, i32 } %43, 1 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %40 %51 = phi i32 [ 0, %34 ], [ %41, %40 ], [ 0, %47 ] %52 = add i32 %51, 1 %53 = or i32 %52, %51 %54 = icmp sgt i32 %53, -1 br i1 %54, label %56, label %55, !prof !7, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %36, i32 0) #83 br label %56 %57 = icmp eq i32 %51, 0 br i1 %57, label %58, label %62 %59 = getelementptr %struct.hlist_node, %struct.hlist_node* %25, i64 0, i32 0 %60 = load volatile %struct.hlist_node*, %struct.hlist_node** %59, align 8 %61 = icmp eq %struct.hlist_node* %60, null br i1 %61, label %64, label %24 call void @__rcu_read_unlock() #83 %65 = load %struct.rpc_authops*, %struct.rpc_authops** %11, align 8 %66 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %65, i64 0, i32 7 %67 = load %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32, i32)*, %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32, i32)** %66, align 8 %68 = call %struct.rpc_cred* %67(%struct.rpc_auth* %0, %struct.auth_cred* %1, i32 %2, i32 %3) #83 %69 = icmp ugt %struct.rpc_cred* %68, inttoptr (i64 -4096 to %struct.rpc_cred*) br i1 %69, label %189, label %70 %71 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %71) #83 %72 = load %struct.hlist_head*, %struct.hlist_head** %18, align 8 %73 = getelementptr %struct.hlist_head, %struct.hlist_head* %72, i64 %20, i32 0 %74 = bitcast %struct.hlist_node** %73 to %struct.rpc_cred** %75 = load %struct.rpc_cred*, %struct.rpc_cred** %74, align 8 %76 = icmp eq %struct.rpc_cred* %75, null br i1 %76, label %112, label %77 %78 = phi %struct.rpc_cred* [ %110, %108 ], [ %75, %70 ] %79 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %78, i64 0, i32 4 %80 = load %struct.rpc_credops*, %struct.rpc_credops** %79, align 8 %81 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %80, i64 0, i32 3 %82 = load i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)*, i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)** %81, align 8 %83 = call i32 %82(%struct.auth_cred* %1, %struct.rpc_cred* nonnull %78, i32 %2) #83 %84 = icmp eq i32 %83, 0 br i1 %84, label %108, label %85 %86 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %78, i64 0, i32 7 %87 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %86, i64 0, i32 0, i32 0 %88 = load volatile i32, i32* %87, align 4 %89 = icmp eq i32 %88, 0 br i1 %89, label %100, label %90 %91 = phi i32 [ %98, %97 ], [ %88, %85 ] %92 = add i32 %91, 1 %93 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %87, i32 %92, i32* %87, i32 %91) #6, !srcloc !4 %94 = extractvalue { i8, i32 } %93, 0 %95 = and i8 %94, 1 %96 = icmp eq i8 %95, 0 br i1 %96, label %97, label %100, !prof !5, !misexpect !6 %98 = extractvalue { i8, i32 } %93, 1 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %90 %101 = phi i32 [ 0, %85 ], [ %91, %90 ], [ 0, %97 ] %102 = add i32 %101, 1 %103 = or i32 %102, %101 %104 = icmp sgt i32 %103, -1 br i1 %104, label %106, label %105, !prof !7, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %86, i32 0) #83 br label %106 %107 = icmp eq i32 %101, 0 br i1 %107, label %108, label %135 %109 = bitcast %struct.rpc_cred* %78 to %struct.rpc_cred** %110 = load %struct.rpc_cred*, %struct.rpc_cred** %109, align 8 %111 = icmp eq %struct.rpc_cred* %110, null br i1 %111, label %112, label %77 %113 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %68, i64 0, i32 6 %114 = bitcast i64* %113 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %114, i32 4, i8* %114) #6, !srcloc !8 %115 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %68, i64 0, i32 7 %116 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %115, i64 0, i32 0, i32 0 %117 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %116, i32 1, i32* %116) #6, !srcloc !9 %118 = icmp eq i32 %117, 0 br i1 %118, label %123, label %119, !prof !5, !misexpect !6 %120 = add i32 %117, 1 %121 = or i32 %120, %117 %122 = icmp sgt i32 %121, -1 br i1 %122, label %125, label %123, !prof !7, !misexpect !6 %124 = phi i32 [ 2, %112 ], [ 1, %119 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %115, i32 %124) #83 ------------- Use: =BAD PATH= Call Stack: 0 rpcauth_lookup_credcache 1 gss_lookup_cred 2 nfs_ctx_key_to_expire 3 nfs_key_timeout_notify 4 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.212839, %struct.kiocb.212839* %0, i64 0, i32 0 %4 = load %struct.file.213286*, %struct.file.213286** %3, align 8 %5 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %4, i64 0, i32 2 %6 = load %struct.inode.213279*, %struct.inode.213279** %5, align 8 %7 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %6, i64 0, i32 8 %8 = load %struct.super_block.213267*, %struct.super_block.213267** %7, align 8 %9 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.213423** %11 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.213286*, %struct.inode.213279*)*)(%struct.file.213286* %4, %struct.inode.213279* %6) #83 Function:nfs_key_timeout_notify %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.nfs_open_context** %5 = load %struct.nfs_open_context*, %struct.nfs_open_context** %4, align 8 %6 = tail call zeroext i1 @nfs_ctx_key_to_expire(%struct.nfs_open_context* %5, %struct.inode* %1) #83 Function:nfs_ctx_key_to_expire %3 = alloca %struct.auth_cred, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server** %8 = load %struct.nfs_server*, %struct.nfs_server** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server, %struct.nfs_server* %8, i64 0, i32 3 %10 = load %struct.rpc_clnt*, %struct.rpc_clnt** %9, align 8 %11 = getelementptr inbounds %struct.rpc_clnt, %struct.rpc_clnt* %10, i64 0, i32 11 %12 = load %struct.rpc_auth*, %struct.rpc_auth** %11, align 8 %13 = bitcast %struct.auth_cred* %3 to i8* %14 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 3 %15 = bitcast %struct.cred** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = bitcast %struct.auth_cred* %3 to i64* store i64 %16, i64* %17, align 8 %18 = getelementptr inbounds %struct.auth_cred, %struct.auth_cred* %3, i64 0, i32 1 store i8* null, i8** %18, align 8 tail call void @__rcu_read_lock() #83 %19 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 4 %20 = load volatile %struct.rpc_cred*, %struct.rpc_cred** %19, align 8 %21 = icmp eq %struct.rpc_cred* %20, null br i1 %21, label %31, label %22 %23 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %20, i64 0, i32 4 %24 = load %struct.rpc_credops*, %struct.rpc_credops** %23, align 8 %25 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %24, i64 0, i32 9 %26 = load i32 (%struct.rpc_cred*)*, i32 (%struct.rpc_cred*)** %25, align 8 %27 = icmp eq i32 (%struct.rpc_cred*)* %26, null br i1 %27, label %55, label %28 %29 = tail call i32 %26(%struct.rpc_cred* nonnull %20) #83 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 tail call void @__rcu_read_unlock() #83 %32 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %12, i64 0, i32 5 %33 = load %struct.rpc_authops*, %struct.rpc_authops** %32, align 8 %34 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %33, i64 0, i32 6 %35 = load %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)*, %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)** %34, align 8 %36 = call %struct.rpc_cred* %35(%struct.rpc_auth* %12, %struct.auth_cred* nonnull %3, i32 0) #83 Function:gss_lookup_cred %4 = tail call %struct.rpc_cred* @rpcauth_lookup_credcache(%struct.rpc_auth* %0, %struct.auth_cred* %1, i32 %2, i32 3136) #83 Function:rpcauth_lookup_credcache %5 = alloca %struct.list_head, align 8 %6 = bitcast %struct.list_head* %5 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 store %struct.list_head* %5, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 1 store %struct.list_head* %5, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %0, i64 0, i32 8 %10 = load %struct.rpc_cred_cache*, %struct.rpc_cred_cache** %9, align 8 %11 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %0, i64 0, i32 5 %12 = load %struct.rpc_authops*, %struct.rpc_authops** %11, align 8 %13 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %12, i64 0, i32 5 %14 = load i32 (%struct.auth_cred*, i32)*, i32 (%struct.auth_cred*, i32)** %13, align 8 %15 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 1 %16 = load i32, i32* %15, align 8 %17 = call i32 %14(%struct.auth_cred* %1, i32 %16) #83 call void @__rcu_read_lock() #83 %18 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 0 %19 = load %struct.hlist_head*, %struct.hlist_head** %18, align 8 %20 = zext i32 %17 to i64 %21 = getelementptr %struct.hlist_head, %struct.hlist_head* %19, i64 %20, i32 0 %22 = load volatile %struct.hlist_node*, %struct.hlist_node** %21, align 8 %23 = icmp eq %struct.hlist_node* %22, null br i1 %23, label %64, label %24 %25 = phi %struct.hlist_node* [ %60, %58 ], [ %22, %4 ] %26 = bitcast %struct.hlist_node* %25 to %struct.rpc_cred* %27 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %25, i64 3, i32 1 %28 = bitcast %struct.hlist_node*** %27 to %struct.rpc_credops** %29 = load %struct.rpc_credops*, %struct.rpc_credops** %28, align 8 %30 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %29, i64 0, i32 3 %31 = load i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)*, i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)** %30, align 8 %32 = call i32 %31(%struct.auth_cred* %1, %struct.rpc_cred* nonnull %26, i32 %2) #83 %33 = icmp eq i32 %32, 0 br i1 %33, label %58, label %34 %35 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %25, i64 5 %36 = bitcast %struct.hlist_node* %35 to %struct.seqcount_spinlock* %37 = bitcast %struct.hlist_node* %35 to i32* %38 = load volatile i32, i32* %37, align 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %50, label %40 %41 = phi i32 [ %48, %47 ], [ %38, %34 ] %42 = add i32 %41, 1 %43 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %37, i32 %42, i32* %37, i32 %41) #6, !srcloc !4 %44 = extractvalue { i8, i32 } %43, 0 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %47, label %50, !prof !5, !misexpect !6 %48 = extractvalue { i8, i32 } %43, 1 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %40 %51 = phi i32 [ 0, %34 ], [ %41, %40 ], [ 0, %47 ] %52 = add i32 %51, 1 %53 = or i32 %52, %51 %54 = icmp sgt i32 %53, -1 br i1 %54, label %56, label %55, !prof !7, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %36, i32 0) #83 br label %56 %57 = icmp eq i32 %51, 0 br i1 %57, label %58, label %62 %59 = getelementptr %struct.hlist_node, %struct.hlist_node* %25, i64 0, i32 0 %60 = load volatile %struct.hlist_node*, %struct.hlist_node** %59, align 8 %61 = icmp eq %struct.hlist_node* %60, null br i1 %61, label %64, label %24 call void @__rcu_read_unlock() #83 %65 = load %struct.rpc_authops*, %struct.rpc_authops** %11, align 8 %66 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %65, i64 0, i32 7 %67 = load %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32, i32)*, %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32, i32)** %66, align 8 %68 = call %struct.rpc_cred* %67(%struct.rpc_auth* %0, %struct.auth_cred* %1, i32 %2, i32 %3) #83 %69 = icmp ugt %struct.rpc_cred* %68, inttoptr (i64 -4096 to %struct.rpc_cred*) br i1 %69, label %189, label %70 %71 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %71) #83 %72 = load %struct.hlist_head*, %struct.hlist_head** %18, align 8 %73 = getelementptr %struct.hlist_head, %struct.hlist_head* %72, i64 %20, i32 0 %74 = bitcast %struct.hlist_node** %73 to %struct.rpc_cred** %75 = load %struct.rpc_cred*, %struct.rpc_cred** %74, align 8 %76 = icmp eq %struct.rpc_cred* %75, null br i1 %76, label %112, label %77 %78 = phi %struct.rpc_cred* [ %110, %108 ], [ %75, %70 ] %79 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %78, i64 0, i32 4 %80 = load %struct.rpc_credops*, %struct.rpc_credops** %79, align 8 %81 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %80, i64 0, i32 3 %82 = load i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)*, i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)** %81, align 8 %83 = call i32 %82(%struct.auth_cred* %1, %struct.rpc_cred* nonnull %78, i32 %2) #83 %84 = icmp eq i32 %83, 0 br i1 %84, label %108, label %85 %86 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %78, i64 0, i32 7 %87 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %86, i64 0, i32 0, i32 0 %88 = load volatile i32, i32* %87, align 4 %89 = icmp eq i32 %88, 0 br i1 %89, label %100, label %90 %91 = phi i32 [ %98, %97 ], [ %88, %85 ] %92 = add i32 %91, 1 %93 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %87, i32 %92, i32* %87, i32 %91) #6, !srcloc !4 %94 = extractvalue { i8, i32 } %93, 0 %95 = and i8 %94, 1 %96 = icmp eq i8 %95, 0 br i1 %96, label %97, label %100, !prof !5, !misexpect !6 %98 = extractvalue { i8, i32 } %93, 1 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %90 %101 = phi i32 [ 0, %85 ], [ %91, %90 ], [ 0, %97 ] %102 = add i32 %101, 1 %103 = or i32 %102, %101 %104 = icmp sgt i32 %103, -1 br i1 %104, label %106, label %105, !prof !7, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %86, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 rpcauth_lookup_credcache 1 gss_lookup_cred 2 nfs_ctx_key_to_expire 3 nfs_key_timeout_notify 4 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.212839, %struct.kiocb.212839* %0, i64 0, i32 0 %4 = load %struct.file.213286*, %struct.file.213286** %3, align 8 %5 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %4, i64 0, i32 2 %6 = load %struct.inode.213279*, %struct.inode.213279** %5, align 8 %7 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %6, i64 0, i32 8 %8 = load %struct.super_block.213267*, %struct.super_block.213267** %7, align 8 %9 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.213423** %11 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.213286*, %struct.inode.213279*)*)(%struct.file.213286* %4, %struct.inode.213279* %6) #83 Function:nfs_key_timeout_notify %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.nfs_open_context** %5 = load %struct.nfs_open_context*, %struct.nfs_open_context** %4, align 8 %6 = tail call zeroext i1 @nfs_ctx_key_to_expire(%struct.nfs_open_context* %5, %struct.inode* %1) #83 Function:nfs_ctx_key_to_expire %3 = alloca %struct.auth_cred, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server** %8 = load %struct.nfs_server*, %struct.nfs_server** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server, %struct.nfs_server* %8, i64 0, i32 3 %10 = load %struct.rpc_clnt*, %struct.rpc_clnt** %9, align 8 %11 = getelementptr inbounds %struct.rpc_clnt, %struct.rpc_clnt* %10, i64 0, i32 11 %12 = load %struct.rpc_auth*, %struct.rpc_auth** %11, align 8 %13 = bitcast %struct.auth_cred* %3 to i8* %14 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 3 %15 = bitcast %struct.cred** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = bitcast %struct.auth_cred* %3 to i64* store i64 %16, i64* %17, align 8 %18 = getelementptr inbounds %struct.auth_cred, %struct.auth_cred* %3, i64 0, i32 1 store i8* null, i8** %18, align 8 tail call void @__rcu_read_lock() #83 %19 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 4 %20 = load volatile %struct.rpc_cred*, %struct.rpc_cred** %19, align 8 %21 = icmp eq %struct.rpc_cred* %20, null br i1 %21, label %31, label %22 %23 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %20, i64 0, i32 4 %24 = load %struct.rpc_credops*, %struct.rpc_credops** %23, align 8 %25 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %24, i64 0, i32 9 %26 = load i32 (%struct.rpc_cred*)*, i32 (%struct.rpc_cred*)** %25, align 8 %27 = icmp eq i32 (%struct.rpc_cred*)* %26, null br i1 %27, label %55, label %28 %29 = tail call i32 %26(%struct.rpc_cred* nonnull %20) #83 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 tail call void @__rcu_read_unlock() #83 %32 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %12, i64 0, i32 5 %33 = load %struct.rpc_authops*, %struct.rpc_authops** %32, align 8 %34 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %33, i64 0, i32 6 %35 = load %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)*, %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)** %34, align 8 %36 = call %struct.rpc_cred* %35(%struct.rpc_auth* %12, %struct.auth_cred* nonnull %3, i32 0) #83 Function:gss_lookup_cred %4 = tail call %struct.rpc_cred* @rpcauth_lookup_credcache(%struct.rpc_auth* %0, %struct.auth_cred* %1, i32 %2, i32 3136) #83 Function:rpcauth_lookup_credcache %5 = alloca %struct.list_head, align 8 %6 = bitcast %struct.list_head* %5 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 store %struct.list_head* %5, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 1 store %struct.list_head* %5, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %0, i64 0, i32 8 %10 = load %struct.rpc_cred_cache*, %struct.rpc_cred_cache** %9, align 8 %11 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %0, i64 0, i32 5 %12 = load %struct.rpc_authops*, %struct.rpc_authops** %11, align 8 %13 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %12, i64 0, i32 5 %14 = load i32 (%struct.auth_cred*, i32)*, i32 (%struct.auth_cred*, i32)** %13, align 8 %15 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 1 %16 = load i32, i32* %15, align 8 %17 = call i32 %14(%struct.auth_cred* %1, i32 %16) #83 call void @__rcu_read_lock() #83 %18 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 0 %19 = load %struct.hlist_head*, %struct.hlist_head** %18, align 8 %20 = zext i32 %17 to i64 %21 = getelementptr %struct.hlist_head, %struct.hlist_head* %19, i64 %20, i32 0 %22 = load volatile %struct.hlist_node*, %struct.hlist_node** %21, align 8 %23 = icmp eq %struct.hlist_node* %22, null br i1 %23, label %64, label %24 %25 = phi %struct.hlist_node* [ %60, %58 ], [ %22, %4 ] %26 = bitcast %struct.hlist_node* %25 to %struct.rpc_cred* %27 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %25, i64 3, i32 1 %28 = bitcast %struct.hlist_node*** %27 to %struct.rpc_credops** %29 = load %struct.rpc_credops*, %struct.rpc_credops** %28, align 8 %30 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %29, i64 0, i32 3 %31 = load i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)*, i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)** %30, align 8 %32 = call i32 %31(%struct.auth_cred* %1, %struct.rpc_cred* nonnull %26, i32 %2) #83 %33 = icmp eq i32 %32, 0 br i1 %33, label %58, label %34 %35 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %25, i64 5 %36 = bitcast %struct.hlist_node* %35 to %struct.seqcount_spinlock* %37 = bitcast %struct.hlist_node* %35 to i32* %38 = load volatile i32, i32* %37, align 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %50, label %40 %41 = phi i32 [ %48, %47 ], [ %38, %34 ] %42 = add i32 %41, 1 %43 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %37, i32 %42, i32* %37, i32 %41) #6, !srcloc !4 %44 = extractvalue { i8, i32 } %43, 0 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %47, label %50, !prof !5, !misexpect !6 %48 = extractvalue { i8, i32 } %43, 1 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %40 %51 = phi i32 [ 0, %34 ], [ %41, %40 ], [ 0, %47 ] %52 = add i32 %51, 1 %53 = or i32 %52, %51 %54 = icmp sgt i32 %53, -1 br i1 %54, label %56, label %55, !prof !7, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %36, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 xprt_get 1 rpc_sysfs_xprt_dstaddr_show ------------- Path:  Function:rpc_sysfs_xprt_dstaddr_show %4 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %5 = bitcast %struct.kobject* %4 to %struct.rpc_xprt** %6 = load %struct.rpc_xprt*, %struct.rpc_xprt** %5, align 8 %7 = tail call %struct.rpc_xprt* @xprt_get(%struct.rpc_xprt* %6) #83 Function:xprt_get %2 = icmp eq %struct.rpc_xprt* %0, null br i1 %2, label %26, label %3 %4 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %0, i64 0, i32 0, i32 0 %5 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %18, label %8 %9 = phi i32 [ %16, %15 ], [ %6, %3 ] %10 = add i32 %9, 1 %11 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 %10, i32* %5, i32 %9) #6, !srcloc !4 %12 = extractvalue { i8, i32 } %11, 0 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %18, !prof !5, !misexpect !6 %16 = extractvalue { i8, i32 } %11, 1 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %8 %19 = phi i32 [ 0, %3 ], [ %9, %8 ], [ 0, %15 ] %20 = add i32 %19, 1 %21 = or i32 %20, %19 %22 = icmp sgt i32 %21, -1 br i1 %22, label %24, label %23, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 xprt_get 1 rpc_sysfs_xprt_dstaddr_store ------------- Path:  Function:rpc_sysfs_xprt_dstaddr_store %5 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %6 = bitcast %struct.kobject* %5 to %struct.rpc_xprt** %7 = load %struct.rpc_xprt*, %struct.rpc_xprt** %6, align 8 %8 = tail call %struct.rpc_xprt* @xprt_get(%struct.rpc_xprt* %7) #83 Function:xprt_get %2 = icmp eq %struct.rpc_xprt* %0, null br i1 %2, label %26, label %3 %4 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %0, i64 0, i32 0, i32 0 %5 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %18, label %8 %9 = phi i32 [ %16, %15 ], [ %6, %3 ] %10 = add i32 %9, 1 %11 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 %10, i32* %5, i32 %9) #6, !srcloc !4 %12 = extractvalue { i8, i32 } %11, 0 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %18, !prof !5, !misexpect !6 %16 = extractvalue { i8, i32 } %11, 1 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %8 %19 = phi i32 [ 0, %3 ], [ %9, %8 ], [ 0, %15 ] %20 = add i32 %19, 1 %21 = or i32 %20, %19 %22 = icmp sgt i32 %21, -1 br i1 %22, label %24, label %23, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 xprt_get 1 rpc_sysfs_xprt_srcaddr_show ------------- Path:  Function:rpc_sysfs_xprt_srcaddr_show %4 = alloca %struct.__kernel_sockaddr_storage, align 8 %5 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %6 = bitcast %struct.kobject* %5 to %struct.rpc_xprt** %7 = load %struct.rpc_xprt*, %struct.rpc_xprt** %6, align 8 %8 = tail call %struct.rpc_xprt* @xprt_get(%struct.rpc_xprt* %7) #83 Function:xprt_get %2 = icmp eq %struct.rpc_xprt* %0, null br i1 %2, label %26, label %3 %4 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %0, i64 0, i32 0, i32 0 %5 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %18, label %8 %9 = phi i32 [ %16, %15 ], [ %6, %3 ] %10 = add i32 %9, 1 %11 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 %10, i32* %5, i32 %9) #6, !srcloc !4 %12 = extractvalue { i8, i32 } %11, 0 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %18, !prof !5, !misexpect !6 %16 = extractvalue { i8, i32 } %11, 1 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %8 %19 = phi i32 [ 0, %3 ], [ %9, %8 ], [ 0, %15 ] %20 = add i32 %19, 1 %21 = or i32 %20, %19 %22 = icmp sgt i32 %21, -1 br i1 %22, label %24, label %23, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 xprt_get 1 rpc_sysfs_xprt_info_show ------------- Path:  Function:rpc_sysfs_xprt_info_show %4 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %5 = bitcast %struct.kobject* %4 to %struct.rpc_xprt** %6 = load %struct.rpc_xprt*, %struct.rpc_xprt** %5, align 8 %7 = tail call %struct.rpc_xprt* @xprt_get(%struct.rpc_xprt* %6) #83 Function:xprt_get %2 = icmp eq %struct.rpc_xprt* %0, null br i1 %2, label %26, label %3 %4 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %0, i64 0, i32 0, i32 0 %5 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %18, label %8 %9 = phi i32 [ %16, %15 ], [ %6, %3 ] %10 = add i32 %9, 1 %11 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 %10, i32* %5, i32 %9) #6, !srcloc !4 %12 = extractvalue { i8, i32 } %11, 0 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %18, !prof !5, !misexpect !6 %16 = extractvalue { i8, i32 } %11, 1 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %8 %19 = phi i32 [ 0, %3 ], [ %9, %8 ], [ 0, %15 ] %20 = add i32 %19, 1 %21 = or i32 %20, %19 %22 = icmp sgt i32 %21, -1 br i1 %22, label %24, label %23, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 xprt_get 1 rpc_sysfs_xprt_state_show ------------- Path:  Function:rpc_sysfs_xprt_state_show %4 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %5 = bitcast %struct.kobject* %4 to %struct.rpc_xprt** %6 = load %struct.rpc_xprt*, %struct.rpc_xprt** %5, align 8 %7 = tail call %struct.rpc_xprt* @xprt_get(%struct.rpc_xprt* %6) #83 Function:xprt_get %2 = icmp eq %struct.rpc_xprt* %0, null br i1 %2, label %26, label %3 %4 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %0, i64 0, i32 0, i32 0 %5 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %18, label %8 %9 = phi i32 [ %16, %15 ], [ %6, %3 ] %10 = add i32 %9, 1 %11 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 %10, i32* %5, i32 %9) #6, !srcloc !4 %12 = extractvalue { i8, i32 } %11, 0 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %18, !prof !5, !misexpect !6 %16 = extractvalue { i8, i32 } %11, 1 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %8 %19 = phi i32 [ 0, %3 ], [ %9, %8 ], [ 0, %15 ] %20 = add i32 %19, 1 %21 = or i32 %20, %19 %22 = icmp sgt i32 %21, -1 br i1 %22, label %24, label %23, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 xprt_get 1 rpc_sysfs_xprt_state_change ------------- Path:  Function:rpc_sysfs_xprt_state_change %5 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %6 = bitcast %struct.kobject* %5 to %struct.rpc_xprt** %7 = load %struct.rpc_xprt*, %struct.rpc_xprt** %6, align 8 %8 = tail call %struct.rpc_xprt* @xprt_get(%struct.rpc_xprt* %7) #83 Function:xprt_get %2 = icmp eq %struct.rpc_xprt* %0, null br i1 %2, label %26, label %3 %4 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %0, i64 0, i32 0, i32 0 %5 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %18, label %8 %9 = phi i32 [ %16, %15 ], [ %6, %3 ] %10 = add i32 %9, 1 %11 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 %10, i32* %5, i32 %9) #6, !srcloc !4 %12 = extractvalue { i8, i32 } %11, 0 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %18, !prof !5, !misexpect !6 %16 = extractvalue { i8, i32 } %11, 1 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %8 %19 = phi i32 [ 0, %3 ], [ %9, %8 ], [ 0, %15 ] %20 = add i32 %19, 1 %21 = or i32 %20, %19 %22 = icmp sgt i32 %21, -1 br i1 %22, label %24, label %23, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %490, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.841818*, i32)*)(%struct.sk_buff.841818* %0, i32 %33) #83 %35 = icmp eq i8* %34, null br i1 %35, label %490, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %490 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2361 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2366 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2376 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2388 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 15 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %131, label %86 %87 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.841612* %91 = icmp eq i64 %89, 0 br i1 %91, label %484, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.841612, %struct.dst_entry.841612* %90, i64 0, i32 1 %95 = load %struct.dst_ops.841594*, %struct.dst_ops.841594** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.841594, %struct.dst_ops.841594* %95, i64 0, i32 14 %97 = load %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)*, %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.841593* %97(%struct.dst_entry.841612* nonnull %90, %struct.sk_buff.841818* null, i8* %93) #83 %99 = icmp ugt %struct.neighbour.841593* %98, inttoptr (i64 -4096 to %struct.neighbour.841593*) %100 = icmp eq %struct.neighbour.841593* %98, null %101 = or i1 %99, %100 br i1 %101, label %484, label %102 %103 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %98, i64 0, i32 27 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #83 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %98, i64 0, i32 6 %121 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %120, i64 0, i32 0, i32 0 %122 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %121, i32 -1, i32* %121) #6, !srcloc !7 %123 = icmp eq i32 %122, 1 br i1 %123, label %129, label %124 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.841593*)*)(%struct.neighbour.841593* nonnull %98) #83 br label %130 br i1 %119, label %484, label %131 %132 = phi i32 [ %68, %80 ], [ %118, %130 ] %133 = icmp eq i32 %132, 0 br i1 %133, label %134, label %196 %135 = getelementptr inbounds i8, i8* %59, i64 24 %136 = bitcast i8* %135 to i16* %137 = load i16, i16* %136, align 4 %138 = icmp eq i16 %137, 544 br i1 %138, label %139, label %144 %140 = getelementptr i8, i8* %135, i64 2 %141 = bitcast i8* %140 to i32* %142 = load i32, i32* %141, align 2 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %196 %145 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 4, i32 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = and i64 %146, -2 %148 = inttoptr i64 %147 to %struct.dst_entry.841612* %149 = icmp eq i64 %147, 0 br i1 %149, label %484, label %150 %151 = getelementptr inbounds %struct.dst_entry.841612, %struct.dst_entry.841612* %148, i64 0, i32 1 %152 = load %struct.dst_ops.841594*, %struct.dst_ops.841594** %151, align 8 %153 = getelementptr inbounds %struct.dst_ops.841594, %struct.dst_ops.841594* %152, i64 0, i32 14 %154 = load %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)*, %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)** %153, align 8 %155 = tail call %struct.neighbour.841593* %154(%struct.dst_entry.841612* nonnull %148, %struct.sk_buff.841818* null, i8* %135) #83 %156 = icmp ugt %struct.neighbour.841593* %155, inttoptr (i64 -4096 to %struct.neighbour.841593*) %157 = icmp eq %struct.neighbour.841593* %155, null %158 = or i1 %156, %157 br i1 %158, label %484, label %159 %160 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %155, i64 0, i32 27 %161 = bitcast [0 x i8]* %160 to %struct.in6_addr* %162 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %161) #83 %163 = and i32 %162, 65535 %164 = icmp eq i32 %163, 0 br i1 %164, label %165, label %174 %166 = load i8*, i8** %11, align 8 %167 = load i16, i16* %13, align 4 %168 = zext i16 %167 to i64 %169 = getelementptr i8, i8* %166, i64 %168 %170 = getelementptr inbounds i8, i8* %169, i64 24 %171 = bitcast i8* %170 to %struct.in6_addr* %172 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %171) #83 %173 = and i32 %172, 65535 br label %174 %175 = phi %struct.in6_addr* [ %171, %165 ], [ %161, %159 ] %176 = phi i32 [ %173, %165 ], [ %163, %159 ] %177 = trunc i32 %176 to i8 %178 = icmp sgt i8 %177, -1 br i1 %178, label %182, label %179 %180 = getelementptr %struct.in6_addr, %struct.in6_addr* %175, i64 0, i32 0, i32 0, i64 3 %181 = load i32, i32* %180, align 4 br label %182 %183 = phi i32 [ %181, %179 ], [ 0, %174 ] %184 = phi i1 [ false, %179 ], [ true, %174 ] %185 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %155, i64 0, i32 6 %186 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %185, i64 0, i32 0, i32 0 %187 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %186, i32 -1, i32* %186) #6, !srcloc !7 %188 = icmp eq i32 %187, 1 br i1 %188, label %194, label %189 %190 = add i32 %187, -1 %191 = or i32 %190, %187 %192 = icmp sgt i32 %191, -1 br i1 %192, label %195, label %193, !prof !8, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %185, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %490, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.841818*, i32)*)(%struct.sk_buff.841818* %0, i32 %33) #83 %35 = icmp eq i8* %34, null br i1 %35, label %490, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %490 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2361 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2366 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2376 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2388 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 15 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %131, label %86 %87 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.841612* %91 = icmp eq i64 %89, 0 br i1 %91, label %484, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.841612, %struct.dst_entry.841612* %90, i64 0, i32 1 %95 = load %struct.dst_ops.841594*, %struct.dst_ops.841594** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.841594, %struct.dst_ops.841594* %95, i64 0, i32 14 %97 = load %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)*, %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.841593* %97(%struct.dst_entry.841612* nonnull %90, %struct.sk_buff.841818* null, i8* %93) #83 %99 = icmp ugt %struct.neighbour.841593* %98, inttoptr (i64 -4096 to %struct.neighbour.841593*) %100 = icmp eq %struct.neighbour.841593* %98, null %101 = or i1 %99, %100 br i1 %101, label %484, label %102 %103 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %98, i64 0, i32 27 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #83 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %98, i64 0, i32 6 %121 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %120, i64 0, i32 0, i32 0 %122 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %121, i32 -1, i32* %121) #6, !srcloc !7 %123 = icmp eq i32 %122, 1 br i1 %123, label %129, label %124 %125 = add i32 %122, -1 %126 = or i32 %125, %122 %127 = icmp sgt i32 %126, -1 br i1 %127, label %130, label %128, !prof !8, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %120, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 ip6_dst_ifdown ------------- Path:  Function:ip6_dst_ifdown %4 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 1, i32 13 %5 = bitcast i64* %4 to %struct.inet6_dev.873326** %6 = load %struct.inet6_dev.873326*, %struct.inet6_dev.873326** %5, align 8 %7 = getelementptr inbounds %struct.net_device.873404, %struct.net_device.873404* %1, i64 0, i32 110, i32 0 %8 = load %struct.net.873518*, %struct.net.873518** %7, align 8 %9 = getelementptr inbounds %struct.net.873518, %struct.net.873518* %8, i64 0, i32 26 %10 = load %struct.net_device.873404*, %struct.net_device.873404** %9, align 8 %11 = icmp eq %struct.inet6_dev.873326* %6, null br i1 %11, label %43, label %12 %13 = getelementptr inbounds %struct.inet6_dev.873326, %struct.inet6_dev.873326* %6, i64 0, i32 0 %14 = load %struct.net_device.873404*, %struct.net_device.873404** %13, align 8 %15 = icmp eq %struct.net_device.873404* %14, %10 br i1 %15, label %43, label %16 tail call void @__rcu_read_lock() #83 %17 = getelementptr inbounds %struct.net_device.873404, %struct.net_device.873404* %10, i64 0, i32 68 %18 = load volatile %struct.inet6_dev.873326*, %struct.inet6_dev.873326** %17, align 16 %19 = icmp eq %struct.inet6_dev.873326* %18, null br i1 %19, label %29, label %20 %21 = getelementptr inbounds %struct.inet6_dev.873326, %struct.inet6_dev.873326* %18, i64 0, i32 24 %22 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %21, i64 0, i32 0, i32 0 %23 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 1, i32* %22) #6, !srcloc !4 %24 = icmp eq i32 %23, 0 br i1 %24, label %30, label %25, !prof !5, !misexpect !6 %26 = add i32 %23, 1 %27 = or i32 %26, %23 %28 = icmp sgt i32 %27, -1 br i1 %28, label %32, label %30, !prof !7, !misexpect !6 %31 = phi i32 [ 2, %20 ], [ 1, %25 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %21, i32 %31) #83 br label %32 tail call void @__rcu_read_unlock() #83 store %struct.inet6_dev.873326* %18, %struct.inet6_dev.873326** %5, align 8 %33 = getelementptr inbounds %struct.inet6_dev.873326, %struct.inet6_dev.873326* %6, i64 0, i32 24 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 0, i32 0, i32 0 %35 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 -1, i32* %34) #6, !srcloc !8 %36 = icmp eq i32 %35, 1 br i1 %36, label %42, label %37 %38 = add i32 %35, -1 %39 = or i32 %38, %35 %40 = icmp sgt i32 %39, -1 br i1 %40, label %43, label %41, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %33, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 ip6_dst_ifdown ------------- Path:  Function:ip6_dst_ifdown %4 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 1, i32 13 %5 = bitcast i64* %4 to %struct.inet6_dev.873326** %6 = load %struct.inet6_dev.873326*, %struct.inet6_dev.873326** %5, align 8 %7 = getelementptr inbounds %struct.net_device.873404, %struct.net_device.873404* %1, i64 0, i32 110, i32 0 %8 = load %struct.net.873518*, %struct.net.873518** %7, align 8 %9 = getelementptr inbounds %struct.net.873518, %struct.net.873518* %8, i64 0, i32 26 %10 = load %struct.net_device.873404*, %struct.net_device.873404** %9, align 8 %11 = icmp eq %struct.inet6_dev.873326* %6, null br i1 %11, label %43, label %12 %13 = getelementptr inbounds %struct.inet6_dev.873326, %struct.inet6_dev.873326* %6, i64 0, i32 0 %14 = load %struct.net_device.873404*, %struct.net_device.873404** %13, align 8 %15 = icmp eq %struct.net_device.873404* %14, %10 br i1 %15, label %43, label %16 tail call void @__rcu_read_lock() #83 %17 = getelementptr inbounds %struct.net_device.873404, %struct.net_device.873404* %10, i64 0, i32 68 %18 = load volatile %struct.inet6_dev.873326*, %struct.inet6_dev.873326** %17, align 16 %19 = icmp eq %struct.inet6_dev.873326* %18, null br i1 %19, label %29, label %20 %21 = getelementptr inbounds %struct.inet6_dev.873326, %struct.inet6_dev.873326* %18, i64 0, i32 24 %22 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %21, i64 0, i32 0, i32 0 %23 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 1, i32* %22) #6, !srcloc !4 %24 = icmp eq i32 %23, 0 br i1 %24, label %30, label %25, !prof !5, !misexpect !6 %26 = add i32 %23, 1 %27 = or i32 %26, %23 %28 = icmp sgt i32 %27, -1 br i1 %28, label %32, label %30, !prof !7, !misexpect !6 %31 = phi i32 [ 2, %20 ], [ 1, %25 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %21, i32 %31) #83 ------------- Use: =BAD PATH= Call Stack: 0 ip6_dst_destroy ------------- Path:  Function:ip6_dst_destroy %2 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 0, i32 2 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.dst_metrics* %6 = icmp eq %struct.dst_metrics* %5, @dst_default_metrics br i1 %6, label %19, label %7 %20 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 1, i32 15 %21 = bitcast %struct.callback_head* %20 to %struct.list_head* %22 = bitcast %struct.callback_head* %20 to %struct.list_head** %23 = load volatile %struct.list_head*, %struct.list_head** %22, align 8 %24 = icmp eq %struct.list_head* %23, %21 br i1 %24, label %43, label %25 %44 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 1, i32 13 %45 = bitcast i64* %44 to %struct.inet6_dev.873326** %46 = load %struct.inet6_dev.873326*, %struct.inet6_dev.873326** %45, align 8 %47 = icmp eq %struct.inet6_dev.873326* %46, null br i1 %47, label %59, label %48 store %struct.inet6_dev.873326* null, %struct.inet6_dev.873326** %45, align 8 %49 = getelementptr inbounds %struct.inet6_dev.873326, %struct.inet6_dev.873326* %46, i64 0, i32 24 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %49, i64 0, i32 0, i32 0 %51 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %50, i32 -1, i32* %50) #6, !srcloc !4 %52 = icmp eq i32 %51, 1 br i1 %52, label %58, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void bitcast (void (%struct.inet6_dev*)* @in6_dev_finish_destroy to void (%struct.inet6_dev.873326*)*)(%struct.inet6_dev.873326* nonnull %46) #83 br label %59 %60 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 1 %61 = bitcast %struct.dst_entry.873303* %60 to %struct.fib6_info.873318** %62 = tail call %struct.fib6_info.873318* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.fib6_info.873318** %61, %struct.fib6_info.873318* null, %struct.fib6_info.873318** %61) #6, !srcloc !9 %63 = icmp eq %struct.fib6_info.873318* %62, null br i1 %63, label %76, label %64 %65 = getelementptr inbounds %struct.fib6_info.873318, %struct.fib6_info.873318* %62, i64 0, i32 5 %66 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %65, i64 0, i32 0, i32 0 %67 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %66, i32 -1, i32* %66) #6, !srcloc !4 %68 = icmp eq i32 %67, 1 br i1 %68, label %74, label %69 %70 = add i32 %67, -1 %71 = or i32 %70, %67 %72 = icmp sgt i32 %71, -1 br i1 %72, label %76, label %73, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %65, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 ip6_dst_destroy ------------- Path:  Function:ip6_dst_destroy %2 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 0, i32 2 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.dst_metrics* %6 = icmp eq %struct.dst_metrics* %5, @dst_default_metrics br i1 %6, label %19, label %7 %20 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 1, i32 15 %21 = bitcast %struct.callback_head* %20 to %struct.list_head* %22 = bitcast %struct.callback_head* %20 to %struct.list_head** %23 = load volatile %struct.list_head*, %struct.list_head** %22, align 8 %24 = icmp eq %struct.list_head* %23, %21 br i1 %24, label %43, label %25 %44 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 1, i32 13 %45 = bitcast i64* %44 to %struct.inet6_dev.873326** %46 = load %struct.inet6_dev.873326*, %struct.inet6_dev.873326** %45, align 8 %47 = icmp eq %struct.inet6_dev.873326* %46, null br i1 %47, label %59, label %48 store %struct.inet6_dev.873326* null, %struct.inet6_dev.873326** %45, align 8 %49 = getelementptr inbounds %struct.inet6_dev.873326, %struct.inet6_dev.873326* %46, i64 0, i32 24 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %49, i64 0, i32 0, i32 0 %51 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %50, i32 -1, i32* %50) #6, !srcloc !4 %52 = icmp eq i32 %51, 1 br i1 %52, label %58, label %53 %54 = add i32 %51, -1 %55 = or i32 %54, %51 %56 = icmp sgt i32 %55, -1 br i1 %56, label %59, label %57, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %49, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 ip6_dst_destroy ------------- Path:  Function:ip6_dst_destroy %2 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 0, i32 2 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.dst_metrics* %6 = icmp eq %struct.dst_metrics* %5, @dst_default_metrics br i1 %6, label %19, label %7 %8 = getelementptr inbounds %struct.dst_metrics, %struct.dst_metrics* %5, i64 0, i32 1 %9 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 0, i32 0, i32 0 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32 -1, i32* %9) #6, !srcloc !4 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12 %13 = add i32 %10, -1 %14 = or i32 %13, %10 %15 = icmp sgt i32 %14, -1 br i1 %15, label %19, label %16, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %8, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 ip6_rt_cache_alloc 1 __ip6_rt_update_pmtu 2 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.873416* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.873303* %0, %struct.sock.873449* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #83 Function:__ip6_rt_update_pmtu %6 = alloca %struct.fib6_nh_match_arg, align 8 %7 = alloca %struct.fib6_result.873772, align 8 %8 = alloca %struct.fib6_nh_match_arg, align 8 %9 = bitcast %struct.dst_entry.873303* %0 to %struct.rt6_info.873315* %10 = icmp eq %struct.ipv6hdr* %2, null br i1 %10, label %13, label %11 %14 = icmp eq %struct.sock.873449* %1, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.sock.873449, %struct.sock.873449* %1, i64 0, i32 0, i32 10 %17 = getelementptr inbounds %struct.sock.873449, %struct.sock.873449* %1, i64 0, i32 0, i32 4 %18 = load volatile i8, i8* %17, align 2 br label %19 %20 = phi %struct.in6_addr* [ %12, %11 ], [ null, %13 ], [ %16, %15 ] br i1 %4, label %21, label %29 %22 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 0, i32 1 %23 = load %struct.dst_ops.873282*, %struct.dst_ops.873282** %22, align 8 %24 = getelementptr inbounds %struct.dst_ops.873282, %struct.dst_ops.873282* %23, i64 0, i32 15 %25 = load void (%struct.dst_entry.873303*, i8*)*, void (%struct.dst_entry.873303*, i8*)** %24, align 16 %26 = icmp eq void (%struct.dst_entry.873303*, i8*)* %25, null br i1 %26, label %29, label %27 %28 = bitcast %struct.in6_addr* %20 to i8* tail call void %25(%struct.dst_entry.873303* %0, i8* %28) #83 br label %29 %30 = icmp ult i32 %3, 1280 br i1 %30, label %271, label %31 %32 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 0, i32 1 %33 = load %struct.dst_ops.873282*, %struct.dst_ops.873282** %32, align 8 %34 = getelementptr inbounds %struct.dst_ops.873282, %struct.dst_ops.873282* %33, i64 0, i32 5 %35 = load i32 (%struct.dst_entry.873303*)*, i32 (%struct.dst_entry.873303*)** %34, align 32 %36 = icmp eq i32 (%struct.dst_entry.873303*)* %35, @ip6_mtu br i1 %36, label %37, label %56, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 0, i32 2 %39 = load i64, i64* %38, align 8 %40 = and i64 %39, -4 %41 = inttoptr i64 %40 to i32* %42 = getelementptr i32, i32* %41, i64 1 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %62 %63 = phi i32 [ %59, %58 ], [ %61, %60 ], [ %43, %37 ], [ %55, %54 ] %64 = icmp ugt i32 %63, %3 br i1 %64, label %65, label %271 %66 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 1, i32 14 %67 = bitcast %struct.lwtunnel_state.873279** %66 to i32* %68 = load i32, i32* %67, align 8 %69 = and i32 %68, 16777216 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %79 %72 = and i32 %68, 1073741824 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %168 %75 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 1 %76 = bitcast %struct.dst_entry.873303* %75 to %struct.fib6_info.873318** %77 = load volatile %struct.fib6_info.873318*, %struct.fib6_info.873318** %76, align 8 %78 = icmp eq %struct.fib6_info.873318* %77, null br i1 %78, label %79, label %168 %169 = icmp eq %struct.in6_addr* %20, null br i1 %169, label %271, label %170 %171 = bitcast %struct.fib6_result.873772* %7 to i8* tail call void @__rcu_read_lock() #83 %172 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 1 %173 = bitcast %struct.dst_entry.873303* %172 to %struct.fib6_info.873318** %174 = load volatile %struct.fib6_info.873318*, %struct.fib6_info.873318** %173, align 8 %175 = getelementptr inbounds %struct.fib6_result.873772, %struct.fib6_result.873772* %7, i64 0, i32 1 store %struct.fib6_info.873318* %174, %struct.fib6_info.873318** %175, align 8 %176 = icmp eq %struct.fib6_info.873318* %174, null br i1 %176, label %270, label %177 %178 = getelementptr inbounds %struct.fib6_info.873318, %struct.fib6_info.873318* %174, i64 0, i32 9 %179 = load i32, i32* %178, align 4 %180 = getelementptr inbounds %struct.fib6_result.873772, %struct.fib6_result.873772* %7, i64 0, i32 2 store i32 %179, i32* %180, align 8 %181 = getelementptr inbounds %struct.fib6_info.873318, %struct.fib6_info.873318* %174, i64 0, i32 14 %182 = load i8, i8* %181, align 1 %183 = getelementptr inbounds %struct.fib6_result.873772, %struct.fib6_result.873772* %7, i64 0, i32 3 store i8 %182, i8* %183, align 4 %184 = getelementptr inbounds %struct.fib6_info.873318, %struct.fib6_info.873318* %174, i64 0, i32 17 %185 = load %struct.nexthop.873314*, %struct.nexthop.873314** %184, align 8 %186 = icmp eq %struct.nexthop.873314* %185, null br i1 %186, label %201, label %187 %188 = bitcast %struct.fib6_nh_match_arg* %8 to i8* %189 = bitcast %struct.dst_entry.873303* %0 to i64* %190 = load i64, i64* %189, align 8 %191 = bitcast %struct.fib6_nh_match_arg* %8 to i64* store i64 %190, i64* %191, align 8 %192 = getelementptr inbounds %struct.fib6_nh_match_arg, %struct.fib6_nh_match_arg* %8, i64 0, i32 1 %193 = getelementptr inbounds %struct.rt6_info.873315, %struct.rt6_info.873315* %9, i64 0, i32 5 store %struct.in6_addr* %193, %struct.in6_addr** %192, align 8 %194 = getelementptr inbounds %struct.fib6_nh_match_arg, %struct.fib6_nh_match_arg* %8, i64 0, i32 2 store %struct.fib6_nh.873317* null, %struct.fib6_nh.873317** %194, align 8 %195 = call i32 bitcast (i32 (%struct.nexthop.843590*, i32 (%struct.fib6_nh.843593*, i8*)*, i8*)* @nexthop_for_each_fib6_nh to i32 (%struct.nexthop.873314*, i32 (%struct.fib6_nh.873317*, i8*)*, i8*)*)(%struct.nexthop.873314* nonnull %185, i32 (%struct.fib6_nh.873317*, i8*)* nonnull @fib6_nh_find_match, i8* nonnull %188) #83 %196 = load %struct.fib6_nh.873317*, %struct.fib6_nh.873317** %194, align 8 %197 = icmp eq %struct.fib6_nh.873317* %196, null br i1 %197, label %200, label %198 %199 = getelementptr inbounds %struct.fib6_result.873772, %struct.fib6_result.873772* %7, i64 0, i32 0 store %struct.fib6_nh.873317* %196, %struct.fib6_nh.873317** %199, align 8 br label %204 %205 = call fastcc %struct.rt6_info.873315* @ip6_rt_cache_alloc(%struct.fib6_result.873772* nonnull %7, %struct.in6_addr* nonnull %20) #84 Function:ip6_rt_cache_alloc %3 = getelementptr inbounds %struct.fib6_result.873772, %struct.fib6_result.873772* %0, i64 0, i32 1 %4 = load %struct.fib6_info.873318*, %struct.fib6_info.873318** %3, align 8 %5 = getelementptr inbounds %struct.fib6_info.873318, %struct.fib6_info.873318* %4, i64 0, i32 5 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %19, label %9 %10 = phi i32 [ %17, %16 ], [ %7, %2 ] %11 = add i32 %10, 1 %12 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %11, i32* %6, i32 %10) #6, !srcloc !4 %13 = extractvalue { i8, i32 } %12, 0 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %16, label %19, !prof !5, !misexpect !6 %17 = extractvalue { i8, i32 } %12, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %9 %20 = phi i32 [ 0, %2 ], [ %10, %9 ], [ 0, %16 ] %21 = add i32 %20, 1 %22 = or i32 %21, %20 %23 = icmp sgt i32 %22, -1 br i1 %23, label %25, label %24, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %5, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_release_sock 1 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #83 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #84 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #83 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 %9 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 0 %10 = load %struct.hlist_node*, %struct.hlist_node** %9, align 8 store volatile %struct.hlist_node* %10, %struct.hlist_node** %6, align 8 %11 = icmp eq %struct.hlist_node* %10, null br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %10, i64 0, i32 1 store volatile %struct.hlist_node** %6, %struct.hlist_node*** %13, align 8 br label %14 store %struct.hlist_node** null, %struct.hlist_node*** %5, align 8 %15 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 19 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 0, i32 0, i32 0 %17 = load volatile i32, i32* %16, align 4 %18 = icmp eq i32 %17, 1 br i1 %18, label %19, label %20, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.4.68878, i64 0, i64 0), i32 725, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "465:\0A\09.pushsection .discard.reachable\0A\09.long 465b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %20 %21 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 -1, i32* %16) #6, !srcloc !8 %22 = icmp slt i32 %21, 2 br i1 %22, label %23, label %24, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_release_sock 1 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #83 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #84 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #83 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 %9 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 0 %10 = load %struct.hlist_node*, %struct.hlist_node** %9, align 8 store volatile %struct.hlist_node* %10, %struct.hlist_node** %6, align 8 %11 = icmp eq %struct.hlist_node* %10, null br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %10, i64 0, i32 1 store volatile %struct.hlist_node** %6, %struct.hlist_node*** %13, align 8 br label %14 store %struct.hlist_node** null, %struct.hlist_node*** %5, align 8 %15 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 19 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 0, i32 0, i32 0 %17 = load volatile i32, i32* %16, align 4 %18 = icmp eq i32 %17, 1 br i1 %18, label %19, label %20, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.4.68878, i64 0, i64 0), i32 725, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "465:\0A\09.pushsection .discard.reachable\0A\09.long 465b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %20 %21 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 -1, i32* %16) #6, !srcloc !8 %22 = icmp slt i32 %21, 2 br i1 %22, label %23, label %24, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_release_sock 1 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #83 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #84 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #83 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 %9 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 0 %10 = load %struct.hlist_node*, %struct.hlist_node** %9, align 8 store volatile %struct.hlist_node* %10, %struct.hlist_node** %6, align 8 %11 = icmp eq %struct.hlist_node* %10, null br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %10, i64 0, i32 1 store volatile %struct.hlist_node** %6, %struct.hlist_node*** %13, align 8 br label %14 store %struct.hlist_node** null, %struct.hlist_node*** %5, align 8 %15 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 19 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 0, i32 0, i32 0 %17 = load volatile i32, i32* %16, align 4 %18 = icmp eq i32 %17, 1 br i1 %18, label %19, label %20, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.4.68878, i64 0, i64 0), i32 725, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "465:\0A\09.pushsection .discard.reachable\0A\09.long 465b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %20 %21 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 -1, i32* %16) #6, !srcloc !8 %22 = icmp slt i32 %21, 2 br i1 %22, label %23, label %24, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_socketpair ------------- Path:  Function:unix_socketpair %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %1, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 0, i32 19 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 0 br i1 %10, label %15, label %11, !prof !5, !misexpect !6 %12 = add i32 %9, 1 %13 = or i32 %12, %9 %14 = icmp sgt i32 %13, -1 br i1 %14, label %17, label %15, !prof !7, !misexpect !6 %16 = phi i32 [ 2, %2 ], [ 1, %11 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %7, i32 %16) #83 br label %17 %18 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 19 %19 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %18, i64 0, i32 0, i32 0 %20 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 1, i32* %19) #6, !srcloc !4 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22, !prof !5, !misexpect !6 %23 = add i32 %20, 1 %24 = or i32 %23, %20 %25 = icmp sgt i32 %24, -1 br i1 %25, label %28, label %26, !prof !7, !misexpect !6 %27 = phi i32 [ 2, %17 ], [ 1, %22 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %18, i32 %27) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_socketpair ------------- Path:  Function:unix_socketpair %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %1, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 0, i32 19 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 0 br i1 %10, label %15, label %11, !prof !5, !misexpect !6 %12 = add i32 %9, 1 %13 = or i32 %12, %9 %14 = icmp sgt i32 %13, -1 br i1 %14, label %17, label %15, !prof !7, !misexpect !6 %16 = phi i32 [ 2, %2 ], [ 1, %11 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %7, i32 %16) #83 br label %17 %18 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 19 %19 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %18, i64 0, i32 0, i32 0 %20 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 1, i32* %19) #6, !srcloc !4 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22, !prof !5, !misexpect !6 %23 = add i32 %20, 1 %24 = or i32 %23, %20 %25 = icmp sgt i32 %24, -1 br i1 %25, label %28, label %26, !prof !7, !misexpect !6 %27 = phi i32 [ 2, %17 ], [ 1, %22 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %18, i32 %27) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_socketpair ------------- Path:  Function:unix_socketpair %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %1, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 0, i32 19 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 0 br i1 %10, label %15, label %11, !prof !5, !misexpect !6 %12 = add i32 %9, 1 %13 = or i32 %12, %9 %14 = icmp sgt i32 %13, -1 br i1 %14, label %17, label %15, !prof !7, !misexpect !6 %16 = phi i32 [ 2, %2 ], [ 1, %11 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %7, i32 %16) #83 br label %17 %18 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 19 %19 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %18, i64 0, i32 0, i32 0 %20 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 1, i32* %19) #6, !srcloc !4 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22, !prof !5, !misexpect !6 %23 = add i32 %20, 1 %24 = or i32 %23, %20 %25 = icmp sgt i32 %24, -1 br i1 %25, label %28, label %26, !prof !7, !misexpect !6 %27 = phi i32 [ 2, %17 ], [ 1, %22 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %18, i32 %27) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_socketpair ------------- Path:  Function:unix_socketpair %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %1, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 0, i32 19 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 0 br i1 %10, label %15, label %11, !prof !5, !misexpect !6 %12 = add i32 %9, 1 %13 = or i32 %12, %9 %14 = icmp sgt i32 %13, -1 br i1 %14, label %17, label %15, !prof !7, !misexpect !6 %16 = phi i32 [ 2, %2 ], [ 1, %11 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %7, i32 %16) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_socketpair ------------- Path:  Function:unix_socketpair %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %1, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 0, i32 19 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 0 br i1 %10, label %15, label %11, !prof !5, !misexpect !6 %12 = add i32 %9, 1 %13 = or i32 %12, %9 %14 = icmp sgt i32 %13, -1 br i1 %14, label %17, label %15, !prof !7, !misexpect !6 %16 = phi i32 [ 2, %2 ], [ 1, %11 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %7, i32 %16) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_socketpair ------------- Path:  Function:unix_socketpair %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %1, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 0, i32 19 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 0 br i1 %10, label %15, label %11, !prof !5, !misexpect !6 %12 = add i32 %9, 1 %13 = or i32 %12, %9 %14 = icmp sgt i32 %13, -1 br i1 %14, label %17, label %15, !prof !7, !misexpect !6 %16 = phi i32 [ 2, %2 ], [ 1, %11 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %7, i32 %16) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_getname ------------- Path:  Function:unix_getname %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = icmp eq i32 %2, 0 br i1 %6, label %27, label %7 %28 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 0, i32 19 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %28, i64 0, i32 0, i32 0 %30 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %29, i32 1, i32* %29) #6, !srcloc !4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %33, !prof !5, !misexpect !6 %34 = add i32 %30, 1 %35 = or i32 %34, %30 %36 = icmp sgt i32 %35, -1 br i1 %36, label %38, label %37, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %28, i32 1) #83 br label %38 %39 = phi %struct.sock* [ %12, %25 ], [ %5, %32 ], [ %5, %33 ], [ %5, %37 ] %40 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1 %41 = bitcast %struct.sock* %40 to %struct.unix_address** %42 = load volatile %struct.unix_address*, %struct.unix_address** %41, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %43 = icmp eq %struct.unix_address* %42, null br i1 %43, label %44, label %47 %48 = getelementptr inbounds %struct.unix_address, %struct.unix_address* %42, i64 0, i32 1 %49 = load i32, i32* %48, align 4 %50 = bitcast %struct.sys_desc_table* %1 to i8* %51 = getelementptr inbounds %struct.unix_address, %struct.unix_address* %42, i64 0, i32 3, i64 0 %52 = bitcast %struct.sockaddr_un* %51 to i8* %53 = sext i32 %49 to i64 br label %54 %55 = phi i32 [ %49, %47 ], [ 2, %44 ] %56 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %57 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %56, i64 0, i32 0, i32 0 %58 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %57, i32 -1, i32* %57) #6, !srcloc !9 %59 = icmp eq i32 %58, 1 br i1 %59, label %65, label %60 %61 = add i32 %58, -1 %62 = or i32 %61, %58 %63 = icmp sgt i32 %62, -1 br i1 %63, label %66, label %64, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %56, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_getname ------------- Path:  Function:unix_getname %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = icmp eq i32 %2, 0 br i1 %6, label %27, label %7 %28 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 0, i32 19 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %28, i64 0, i32 0, i32 0 %30 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %29, i32 1, i32* %29) #6, !srcloc !4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %33, !prof !5, !misexpect !6 %34 = add i32 %30, 1 %35 = or i32 %34, %30 %36 = icmp sgt i32 %35, -1 br i1 %36, label %38, label %37, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %28, i32 1) #83 br label %38 %39 = phi %struct.sock* [ %12, %25 ], [ %5, %32 ], [ %5, %33 ], [ %5, %37 ] %40 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1 %41 = bitcast %struct.sock* %40 to %struct.unix_address** %42 = load volatile %struct.unix_address*, %struct.unix_address** %41, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %43 = icmp eq %struct.unix_address* %42, null br i1 %43, label %44, label %47 %48 = getelementptr inbounds %struct.unix_address, %struct.unix_address* %42, i64 0, i32 1 %49 = load i32, i32* %48, align 4 %50 = bitcast %struct.sys_desc_table* %1 to i8* %51 = getelementptr inbounds %struct.unix_address, %struct.unix_address* %42, i64 0, i32 3, i64 0 %52 = bitcast %struct.sockaddr_un* %51 to i8* %53 = sext i32 %49 to i64 br label %54 %55 = phi i32 [ %49, %47 ], [ 2, %44 ] %56 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %57 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %56, i64 0, i32 0, i32 0 %58 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %57, i32 -1, i32* %57) #6, !srcloc !9 %59 = icmp eq i32 %58, 1 br i1 %59, label %65, label %60 %61 = add i32 %58, -1 %62 = or i32 %61, %58 %63 = icmp sgt i32 %62, -1 br i1 %63, label %66, label %64, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %56, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_getname ------------- Path:  Function:unix_getname %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = icmp eq i32 %2, 0 br i1 %6, label %27, label %7 %28 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 0, i32 19 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %28, i64 0, i32 0, i32 0 %30 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %29, i32 1, i32* %29) #6, !srcloc !4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %33, !prof !5, !misexpect !6 %34 = add i32 %30, 1 %35 = or i32 %34, %30 %36 = icmp sgt i32 %35, -1 br i1 %36, label %38, label %37, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %28, i32 1) #83 br label %38 %39 = phi %struct.sock* [ %12, %25 ], [ %5, %32 ], [ %5, %33 ], [ %5, %37 ] %40 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1 %41 = bitcast %struct.sock* %40 to %struct.unix_address** %42 = load volatile %struct.unix_address*, %struct.unix_address** %41, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %43 = icmp eq %struct.unix_address* %42, null br i1 %43, label %44, label %47 %48 = getelementptr inbounds %struct.unix_address, %struct.unix_address* %42, i64 0, i32 1 %49 = load i32, i32* %48, align 4 %50 = bitcast %struct.sys_desc_table* %1 to i8* %51 = getelementptr inbounds %struct.unix_address, %struct.unix_address* %42, i64 0, i32 3, i64 0 %52 = bitcast %struct.sockaddr_un* %51 to i8* %53 = sext i32 %49 to i64 br label %54 %55 = phi i32 [ %49, %47 ], [ 2, %44 ] %56 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %57 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %56, i64 0, i32 0, i32 0 %58 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %57, i32 -1, i32* %57) #6, !srcloc !9 %59 = icmp eq i32 %58, 1 br i1 %59, label %65, label %60 %61 = add i32 %58, -1 %62 = or i32 %61, %58 %63 = icmp sgt i32 %62, -1 br i1 %63, label %66, label %64, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %56, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_getname ------------- Path:  Function:unix_getname %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = icmp eq i32 %2, 0 br i1 %6, label %27, label %7 %28 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 0, i32 19 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %28, i64 0, i32 0, i32 0 %30 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %29, i32 1, i32* %29) #6, !srcloc !4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %33, !prof !5, !misexpect !6 %34 = add i32 %30, 1 %35 = or i32 %34, %30 %36 = icmp sgt i32 %35, -1 br i1 %36, label %38, label %37, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %28, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_getname ------------- Path:  Function:unix_getname %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = icmp eq i32 %2, 0 br i1 %6, label %27, label %7 %28 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 0, i32 19 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %28, i64 0, i32 0, i32 0 %30 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %29, i32 1, i32* %29) #6, !srcloc !4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %33, !prof !5, !misexpect !6 %34 = add i32 %30, 1 %35 = or i32 %34, %30 %36 = icmp sgt i32 %35, -1 br i1 %36, label %38, label %37, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %28, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_getname ------------- Path:  Function:unix_getname %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = icmp eq i32 %2, 0 br i1 %6, label %27, label %7 %28 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 0, i32 19 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %28, i64 0, i32 0, i32 0 %30 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %29, i32 1, i32* %29) #6, !srcloc !4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %33, !prof !5, !misexpect !6 %34 = add i32 %30, 1 %35 = or i32 %34, %30 %36 = icmp sgt i32 %35, -1 br i1 %36, label %38, label %37, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %28, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_getname ------------- Path:  Function:unix_getname %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = icmp eq i32 %2, 0 br i1 %6, label %27, label %7 %28 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 0, i32 19 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %28, i64 0, i32 0, i32 0 %30 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %29, i32 1, i32* %29) #6, !srcloc !4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %33, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %28, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_getname ------------- Path:  Function:unix_getname %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = icmp eq i32 %2, 0 br i1 %6, label %27, label %7 %28 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 0, i32 19 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %28, i64 0, i32 0, i32 0 %30 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %29, i32 1, i32* %29) #6, !srcloc !4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %33, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %28, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_getname ------------- Path:  Function:unix_getname %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = icmp eq i32 %2, 0 br i1 %6, label %27, label %7 %28 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 0, i32 19 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %28, i64 0, i32 0, i32 0 %30 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %29, i32 1, i32* %29) #6, !srcloc !4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %33, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %28, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_getname ------------- Path:  Function:unix_getname %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = icmp eq i32 %2, 0 br i1 %6, label %27, label %7 %8 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 1, i32 0, i32 16 %9 = bitcast i16* %8 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 1, i32 0, i32 12 %11 = bitcast %struct.anon.1* %10 to %struct.sock** %12 = load %struct.sock*, %struct.sock** %11, align 8 %13 = icmp eq %struct.sock* %12, null br i1 %13, label %26, label %14 %15 = getelementptr inbounds %struct.sock, %struct.sock* %12, i64 0, i32 0, i32 19 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 0, i32 0, i32 0 %17 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 1, i32* %16) #6, !srcloc !4 %18 = icmp eq i32 %17, 0 br i1 %18, label %23, label %19, !prof !5, !misexpect !6 %20 = add i32 %17, 1 %21 = or i32 %20, %17 %22 = icmp sgt i32 %21, -1 br i1 %22, label %25, label %23, !prof !7, !misexpect !6 %24 = phi i32 [ 2, %14 ], [ 1, %19 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 %24) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_getname ------------- Path:  Function:unix_getname %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = icmp eq i32 %2, 0 br i1 %6, label %27, label %7 %8 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 1, i32 0, i32 16 %9 = bitcast i16* %8 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 1, i32 0, i32 12 %11 = bitcast %struct.anon.1* %10 to %struct.sock** %12 = load %struct.sock*, %struct.sock** %11, align 8 %13 = icmp eq %struct.sock* %12, null br i1 %13, label %26, label %14 %15 = getelementptr inbounds %struct.sock, %struct.sock* %12, i64 0, i32 0, i32 19 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 0, i32 0, i32 0 %17 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 1, i32* %16) #6, !srcloc !4 %18 = icmp eq i32 %17, 0 br i1 %18, label %23, label %19, !prof !5, !misexpect !6 %20 = add i32 %17, 1 %21 = or i32 %20, %17 %22 = icmp sgt i32 %21, -1 br i1 %22, label %25, label %23, !prof !7, !misexpect !6 %24 = phi i32 [ 2, %14 ], [ 1, %19 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 %24) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_getname ------------- Path:  Function:unix_getname %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = icmp eq i32 %2, 0 br i1 %6, label %27, label %7 %8 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 1, i32 0, i32 16 %9 = bitcast i16* %8 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 1, i32 0, i32 12 %11 = bitcast %struct.anon.1* %10 to %struct.sock** %12 = load %struct.sock*, %struct.sock** %11, align 8 %13 = icmp eq %struct.sock* %12, null br i1 %13, label %26, label %14 %15 = getelementptr inbounds %struct.sock, %struct.sock* %12, i64 0, i32 0, i32 19 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 0, i32 0, i32 0 %17 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 1, i32* %16) #6, !srcloc !4 %18 = icmp eq i32 %17, 0 br i1 %18, label %23, label %19, !prof !5, !misexpect !6 %20 = add i32 %17, 1 %21 = or i32 %20, %17 %22 = icmp sgt i32 %21, -1 br i1 %22, label %25, label %23, !prof !7, !misexpect !6 %24 = phi i32 [ 2, %14 ], [ 1, %19 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 %24) #83 ------------- Use: =BAD PATH= Call Stack: 0 init_peercred 1 unix_listen ------------- Path:  Function:unix_listen %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %6 = load i16, i16* %5, align 4 switch i16 %6, label %30 [ i16 1, label %7 i16 5, label %7 ] %8 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1 %9 = bitcast %struct.sock* %8 to %struct.unix_address** %10 = load %struct.unix_address*, %struct.unix_address** %9, align 16 %11 = icmp eq %struct.unix_address* %10, null br i1 %11, label %30, label %12 %13 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 16 %14 = bitcast i16* %13 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %14) #83 %15 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 0, i32 4 %16 = load volatile i8, i8* %15, align 2 %17 = icmp eq i8 %16, 7 br i1 %17, label %21, label %18 %19 = load volatile i8, i8* %15, align 2 %20 = icmp eq i8 %19, 10 br i1 %20, label %21, label %28 %22 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 55 %23 = load i32, i32* %22, align 4 %24 = icmp ult i32 %23, %1 br i1 %24, label %25, label %27 %26 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 1, i32 2 tail call void @__wake_up(%struct.wait_queue_head* %26, i32 1, i32 0, i8* null) #83 br label %27 store i32 %1, i32* %22, align 4 store volatile i8 10, i8* %15, align 2 tail call fastcc void @init_peercred(%struct.sock* %4) #84 Function:init_peercred %2 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 59, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 60 %4 = load %struct.pid*, %struct.pid** %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 61 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 104 %10 = load %struct.signal_struct*, %struct.signal_struct** %9, align 8 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid*, %struct.pid** %11, align 8 %13 = icmp eq %struct.pid* %12, null br i1 %13, label %25, label %14 %15 = getelementptr inbounds %struct.pid, %struct.pid* %12, i64 0, i32 0 %16 = getelementptr inbounds %struct.pid, %struct.pid* %12, i64 0, i32 0, i32 0, i32 0 %17 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 1, i32* %16) #6, !srcloc !5 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !6, !misexpect !7 %21 = add i32 %17, 1 %22 = or i32 %21, %17 %23 = icmp sgt i32 %22, -1 br i1 %23, label %25, label %24, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 init_peercred 1 unix_listen ------------- Path:  Function:unix_listen %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %6 = load i16, i16* %5, align 4 switch i16 %6, label %30 [ i16 1, label %7 i16 5, label %7 ] %8 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1 %9 = bitcast %struct.sock* %8 to %struct.unix_address** %10 = load %struct.unix_address*, %struct.unix_address** %9, align 16 %11 = icmp eq %struct.unix_address* %10, null br i1 %11, label %30, label %12 %13 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 16 %14 = bitcast i16* %13 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %14) #83 %15 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 0, i32 4 %16 = load volatile i8, i8* %15, align 2 %17 = icmp eq i8 %16, 7 br i1 %17, label %21, label %18 %19 = load volatile i8, i8* %15, align 2 %20 = icmp eq i8 %19, 10 br i1 %20, label %21, label %28 %22 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 55 %23 = load i32, i32* %22, align 4 %24 = icmp ult i32 %23, %1 br i1 %24, label %25, label %27 %26 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 1, i32 2 tail call void @__wake_up(%struct.wait_queue_head* %26, i32 1, i32 0, i8* null) #83 br label %27 store i32 %1, i32* %22, align 4 store volatile i8 10, i8* %15, align 2 tail call fastcc void @init_peercred(%struct.sock* %4) #84 Function:init_peercred %2 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 59, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 60 %4 = load %struct.pid*, %struct.pid** %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 61 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 104 %10 = load %struct.signal_struct*, %struct.signal_struct** %9, align 8 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid*, %struct.pid** %11, align 8 %13 = icmp eq %struct.pid* %12, null br i1 %13, label %25, label %14 %15 = getelementptr inbounds %struct.pid, %struct.pid* %12, i64 0, i32 0 %16 = getelementptr inbounds %struct.pid, %struct.pid* %12, i64 0, i32 0, i32 0, i32 0 %17 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 1, i32* %16) #6, !srcloc !5 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !6, !misexpect !7 %21 = add i32 %17, 1 %22 = or i32 %21, %17 %23 = icmp sgt i32 %22, -1 br i1 %23, label %25, label %24, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 init_peercred 1 unix_listen ------------- Path:  Function:unix_listen %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %6 = load i16, i16* %5, align 4 switch i16 %6, label %30 [ i16 1, label %7 i16 5, label %7 ] %8 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1 %9 = bitcast %struct.sock* %8 to %struct.unix_address** %10 = load %struct.unix_address*, %struct.unix_address** %9, align 16 %11 = icmp eq %struct.unix_address* %10, null br i1 %11, label %30, label %12 %13 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 16 %14 = bitcast i16* %13 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %14) #83 %15 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 0, i32 4 %16 = load volatile i8, i8* %15, align 2 %17 = icmp eq i8 %16, 7 br i1 %17, label %21, label %18 %19 = load volatile i8, i8* %15, align 2 %20 = icmp eq i8 %19, 10 br i1 %20, label %21, label %28 %22 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 55 %23 = load i32, i32* %22, align 4 %24 = icmp ult i32 %23, %1 br i1 %24, label %25, label %27 %26 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 1, i32 2 tail call void @__wake_up(%struct.wait_queue_head* %26, i32 1, i32 0, i8* null) #83 br label %27 store i32 %1, i32* %22, align 4 store volatile i8 10, i8* %15, align 2 tail call fastcc void @init_peercred(%struct.sock* %4) #84 Function:init_peercred %2 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 59, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 60 %4 = load %struct.pid*, %struct.pid** %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 61 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 104 %10 = load %struct.signal_struct*, %struct.signal_struct** %9, align 8 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid*, %struct.pid** %11, align 8 %13 = icmp eq %struct.pid* %12, null br i1 %13, label %25, label %14 %15 = getelementptr inbounds %struct.pid, %struct.pid* %12, i64 0, i32 0 %16 = getelementptr inbounds %struct.pid, %struct.pid* %12, i64 0, i32 0, i32 0, i32 0 %17 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 1, i32* %16) #6, !srcloc !5 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 init_peercred 1 unix_listen ------------- Path:  Function:unix_listen %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %6 = load i16, i16* %5, align 4 switch i16 %6, label %30 [ i16 1, label %7 i16 5, label %7 ] %8 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1 %9 = bitcast %struct.sock* %8 to %struct.unix_address** %10 = load %struct.unix_address*, %struct.unix_address** %9, align 16 %11 = icmp eq %struct.unix_address* %10, null br i1 %11, label %30, label %12 %13 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 16 %14 = bitcast i16* %13 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %14) #83 %15 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 0, i32 4 %16 = load volatile i8, i8* %15, align 2 %17 = icmp eq i8 %16, 7 br i1 %17, label %21, label %18 %19 = load volatile i8, i8* %15, align 2 %20 = icmp eq i8 %19, 10 br i1 %20, label %21, label %28 %22 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 55 %23 = load i32, i32* %22, align 4 %24 = icmp ult i32 %23, %1 br i1 %24, label %25, label %27 %26 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 1, i32 2 tail call void @__wake_up(%struct.wait_queue_head* %26, i32 1, i32 0, i8* null) #83 br label %27 store i32 %1, i32* %22, align 4 store volatile i8 10, i8* %15, align 2 tail call fastcc void @init_peercred(%struct.sock* %4) #84 Function:init_peercred %2 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 59, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 60 %4 = load %struct.pid*, %struct.pid** %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 61 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 104 %10 = load %struct.signal_struct*, %struct.signal_struct** %9, align 8 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %10, i64 0, i32 22, i64 1 %12 = load %struct.pid*, %struct.pid** %11, align 8 %13 = icmp eq %struct.pid* %12, null br i1 %13, label %25, label %14 %15 = getelementptr inbounds %struct.pid, %struct.pid* %12, i64 0, i32 0 %16 = getelementptr inbounds %struct.pid, %struct.pid* %12, i64 0, i32 0, i32 0, i32 0 %17 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 1, i32* %16) #6, !srcloc !5 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_shutdown ------------- Path:  Function:unix_shutdown %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = icmp ugt i32 %1, 2 br i1 %5, label %87, label %6 %7 = add nuw nsw i32 %1, 1 %8 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 16 %9 = bitcast i16* %8 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 66 %11 = load i8, i8* %10, align 8 %12 = trunc i32 %7 to i8 %13 = or i8 %11, %12 store i8 %13, i8* %10, align 8 %14 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 12 %15 = bitcast %struct.anon.1* %14 to %struct.sock** %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = icmp eq %struct.sock* %16, null br i1 %17, label %75, label %18 %19 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 0, i32 19 %20 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %19, i64 0, i32 0, i32 0 %21 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 1, i32* %20) #6, !srcloc !4 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23, !prof !5, !misexpect !6 %24 = add i32 %21, 1 %25 = or i32 %24, %21 %26 = icmp sgt i32 %25, -1 br i1 %26, label %29, label %27, !prof !7, !misexpect !6 %28 = phi i32 [ 2, %18 ], [ 1, %23 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 %28) #83 br label %29 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %30 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 76 %31 = load void (%struct.sock*)*, void (%struct.sock*)** %30, align 8 tail call void %31(%struct.sock* %4) #83 %32 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 46 %33 = load i16, i16* %32, align 2 switch i16 %33, label %78 [ i16 1, label %34 i16 5, label %34 ] %35 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 0, i32 8 %36 = load volatile %struct.proto*, %struct.proto** %35, align 8 %37 = getelementptr inbounds %struct.proto, %struct.proto* %36, i64 0, i32 22 %38 = load void (%struct.sock*)*, void (%struct.sock*)** %37, align 8 %39 = icmp eq void (%struct.sock*)* %38, null br i1 %39, label %41, label %40 %42 = shl nuw nsw i32 %7, 1 %43 = and i32 %42, 2 %44 = lshr i32 %7, 1 %45 = or i32 %44, %43 %46 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 1, i32 0, i32 16 %47 = bitcast i16* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #83 %48 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 66 %49 = load i8, i8* %48, align 8 %50 = trunc i32 %45 to i8 %51 = or i8 %49, %50 store i8 %51, i8* %48, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %47) #83 %52 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 76 %53 = load void (%struct.sock*)*, void (%struct.sock*)** %52, align 8 tail call void %53(%struct.sock* nonnull %16) #83 %54 = icmp eq i32 %45, 3 br i1 %54, label %55, label %64 %65 = icmp eq i32 %44, 0 br i1 %65, label %78, label %66 %67 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 0, i32 13, i32 0 %68 = load volatile i64, i64* %67, align 8 %69 = and i64 %68, 65536 %70 = icmp eq i64 %69, 0 br i1 %70, label %78, label %71 tail call void @__rcu_read_lock() #83 %72 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 13, i32 0 %73 = load volatile %struct.socket_wq*, %struct.socket_wq** %72, align 8 %74 = tail call i32 @sock_wake_async(%struct.socket_wq* %73, i32 1, i32 1) #83 tail call void @__rcu_read_unlock() #83 br label %78 %79 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 -1, i32* %20) #6, !srcloc !8 %80 = icmp eq i32 %79, 1 br i1 %80, label %86, label %81 %82 = add i32 %79, -1 %83 = or i32 %82, %79 %84 = icmp sgt i32 %83, -1 br i1 %84, label %87, label %85, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_shutdown ------------- Path:  Function:unix_shutdown %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = icmp ugt i32 %1, 2 br i1 %5, label %87, label %6 %7 = add nuw nsw i32 %1, 1 %8 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 16 %9 = bitcast i16* %8 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 66 %11 = load i8, i8* %10, align 8 %12 = trunc i32 %7 to i8 %13 = or i8 %11, %12 store i8 %13, i8* %10, align 8 %14 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 12 %15 = bitcast %struct.anon.1* %14 to %struct.sock** %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = icmp eq %struct.sock* %16, null br i1 %17, label %75, label %18 %19 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 0, i32 19 %20 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %19, i64 0, i32 0, i32 0 %21 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 1, i32* %20) #6, !srcloc !4 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23, !prof !5, !misexpect !6 %24 = add i32 %21, 1 %25 = or i32 %24, %21 %26 = icmp sgt i32 %25, -1 br i1 %26, label %29, label %27, !prof !7, !misexpect !6 %28 = phi i32 [ 2, %18 ], [ 1, %23 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 %28) #83 br label %29 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %30 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 76 %31 = load void (%struct.sock*)*, void (%struct.sock*)** %30, align 8 tail call void %31(%struct.sock* %4) #83 %32 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 46 %33 = load i16, i16* %32, align 2 switch i16 %33, label %78 [ i16 1, label %34 i16 5, label %34 ] %35 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 0, i32 8 %36 = load volatile %struct.proto*, %struct.proto** %35, align 8 %37 = getelementptr inbounds %struct.proto, %struct.proto* %36, i64 0, i32 22 %38 = load void (%struct.sock*)*, void (%struct.sock*)** %37, align 8 %39 = icmp eq void (%struct.sock*)* %38, null br i1 %39, label %41, label %40 %42 = shl nuw nsw i32 %7, 1 %43 = and i32 %42, 2 %44 = lshr i32 %7, 1 %45 = or i32 %44, %43 %46 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 1, i32 0, i32 16 %47 = bitcast i16* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #83 %48 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 66 %49 = load i8, i8* %48, align 8 %50 = trunc i32 %45 to i8 %51 = or i8 %49, %50 store i8 %51, i8* %48, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %47) #83 %52 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 76 %53 = load void (%struct.sock*)*, void (%struct.sock*)** %52, align 8 tail call void %53(%struct.sock* nonnull %16) #83 %54 = icmp eq i32 %45, 3 br i1 %54, label %55, label %64 %65 = icmp eq i32 %44, 0 br i1 %65, label %78, label %66 %67 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 0, i32 13, i32 0 %68 = load volatile i64, i64* %67, align 8 %69 = and i64 %68, 65536 %70 = icmp eq i64 %69, 0 br i1 %70, label %78, label %71 tail call void @__rcu_read_lock() #83 %72 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 13, i32 0 %73 = load volatile %struct.socket_wq*, %struct.socket_wq** %72, align 8 %74 = tail call i32 @sock_wake_async(%struct.socket_wq* %73, i32 1, i32 1) #83 tail call void @__rcu_read_unlock() #83 br label %78 %79 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 -1, i32* %20) #6, !srcloc !8 %80 = icmp eq i32 %79, 1 br i1 %80, label %86, label %81 %82 = add i32 %79, -1 %83 = or i32 %82, %79 %84 = icmp sgt i32 %83, -1 br i1 %84, label %87, label %85, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_shutdown ------------- Path:  Function:unix_shutdown %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = icmp ugt i32 %1, 2 br i1 %5, label %87, label %6 %7 = add nuw nsw i32 %1, 1 %8 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 16 %9 = bitcast i16* %8 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 66 %11 = load i8, i8* %10, align 8 %12 = trunc i32 %7 to i8 %13 = or i8 %11, %12 store i8 %13, i8* %10, align 8 %14 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 12 %15 = bitcast %struct.anon.1* %14 to %struct.sock** %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = icmp eq %struct.sock* %16, null br i1 %17, label %75, label %18 %19 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 0, i32 19 %20 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %19, i64 0, i32 0, i32 0 %21 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 1, i32* %20) #6, !srcloc !4 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23, !prof !5, !misexpect !6 %24 = add i32 %21, 1 %25 = or i32 %24, %21 %26 = icmp sgt i32 %25, -1 br i1 %26, label %29, label %27, !prof !7, !misexpect !6 %28 = phi i32 [ 2, %18 ], [ 1, %23 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 %28) #83 br label %29 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %30 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 76 %31 = load void (%struct.sock*)*, void (%struct.sock*)** %30, align 8 tail call void %31(%struct.sock* %4) #83 %32 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 46 %33 = load i16, i16* %32, align 2 switch i16 %33, label %78 [ i16 1, label %34 i16 5, label %34 ] %35 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 0, i32 8 %36 = load volatile %struct.proto*, %struct.proto** %35, align 8 %37 = getelementptr inbounds %struct.proto, %struct.proto* %36, i64 0, i32 22 %38 = load void (%struct.sock*)*, void (%struct.sock*)** %37, align 8 %39 = icmp eq void (%struct.sock*)* %38, null br i1 %39, label %41, label %40 %42 = shl nuw nsw i32 %7, 1 %43 = and i32 %42, 2 %44 = lshr i32 %7, 1 %45 = or i32 %44, %43 %46 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 1, i32 0, i32 16 %47 = bitcast i16* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #83 %48 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 66 %49 = load i8, i8* %48, align 8 %50 = trunc i32 %45 to i8 %51 = or i8 %49, %50 store i8 %51, i8* %48, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %47) #83 %52 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 76 %53 = load void (%struct.sock*)*, void (%struct.sock*)** %52, align 8 tail call void %53(%struct.sock* nonnull %16) #83 %54 = icmp eq i32 %45, 3 br i1 %54, label %55, label %64 %65 = icmp eq i32 %44, 0 br i1 %65, label %78, label %66 %67 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 0, i32 13, i32 0 %68 = load volatile i64, i64* %67, align 8 %69 = and i64 %68, 65536 %70 = icmp eq i64 %69, 0 br i1 %70, label %78, label %71 tail call void @__rcu_read_lock() #83 %72 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 13, i32 0 %73 = load volatile %struct.socket_wq*, %struct.socket_wq** %72, align 8 %74 = tail call i32 @sock_wake_async(%struct.socket_wq* %73, i32 1, i32 1) #83 tail call void @__rcu_read_unlock() #83 br label %78 %79 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 -1, i32* %20) #6, !srcloc !8 %80 = icmp eq i32 %79, 1 br i1 %80, label %86, label %81 %82 = add i32 %79, -1 %83 = or i32 %82, %79 %84 = icmp sgt i32 %83, -1 br i1 %84, label %87, label %85, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_shutdown ------------- Path:  Function:unix_shutdown %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = icmp ugt i32 %1, 2 br i1 %5, label %87, label %6 %7 = add nuw nsw i32 %1, 1 %8 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 16 %9 = bitcast i16* %8 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 66 %11 = load i8, i8* %10, align 8 %12 = trunc i32 %7 to i8 %13 = or i8 %11, %12 store i8 %13, i8* %10, align 8 %14 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 12 %15 = bitcast %struct.anon.1* %14 to %struct.sock** %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = icmp eq %struct.sock* %16, null br i1 %17, label %75, label %18 %19 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 0, i32 19 %20 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %19, i64 0, i32 0, i32 0 %21 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 1, i32* %20) #6, !srcloc !4 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23, !prof !5, !misexpect !6 %24 = add i32 %21, 1 %25 = or i32 %24, %21 %26 = icmp sgt i32 %25, -1 br i1 %26, label %29, label %27, !prof !7, !misexpect !6 %28 = phi i32 [ 2, %18 ], [ 1, %23 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 %28) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_shutdown ------------- Path:  Function:unix_shutdown %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = icmp ugt i32 %1, 2 br i1 %5, label %87, label %6 %7 = add nuw nsw i32 %1, 1 %8 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 16 %9 = bitcast i16* %8 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 66 %11 = load i8, i8* %10, align 8 %12 = trunc i32 %7 to i8 %13 = or i8 %11, %12 store i8 %13, i8* %10, align 8 %14 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 12 %15 = bitcast %struct.anon.1* %14 to %struct.sock** %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = icmp eq %struct.sock* %16, null br i1 %17, label %75, label %18 %19 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 0, i32 19 %20 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %19, i64 0, i32 0, i32 0 %21 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 1, i32* %20) #6, !srcloc !4 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23, !prof !5, !misexpect !6 %24 = add i32 %21, 1 %25 = or i32 %24, %21 %26 = icmp sgt i32 %25, -1 br i1 %26, label %29, label %27, !prof !7, !misexpect !6 %28 = phi i32 [ 2, %18 ], [ 1, %23 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 %28) #83 ------------- Use: =BAD PATH= Call Stack: 0 unix_shutdown ------------- Path:  Function:unix_shutdown %3 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %4 = load %struct.sock*, %struct.sock** %3, align 8 %5 = icmp ugt i32 %1, 2 br i1 %5, label %87, label %6 %7 = add nuw nsw i32 %1, 1 %8 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 16 %9 = bitcast i16* %8 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 0, i32 66 %11 = load i8, i8* %10, align 8 %12 = trunc i32 %7 to i8 %13 = or i8 %11, %12 store i8 %13, i8* %10, align 8 %14 = getelementptr inbounds %struct.sock, %struct.sock* %4, i64 1, i32 0, i32 12 %15 = bitcast %struct.anon.1* %14 to %struct.sock** %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = icmp eq %struct.sock* %16, null br i1 %17, label %75, label %18 %19 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 0, i32 19 %20 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %19, i64 0, i32 0, i32 0 %21 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 1, i32* %20) #6, !srcloc !4 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23, !prof !5, !misexpect !6 %24 = add i32 %21, 1 %25 = or i32 %24, %21 %26 = icmp sgt i32 %25, -1 br i1 %26, label %29, label %27, !prof !7, !misexpect !6 %28 = phi i32 [ 2, %18 ], [ 1, %23 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 %28) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib4_rule_suppress 1 fib_rules_lookup 2 __fib_lookup 3 fib_compute_spec_dst 4 __ip_options_compile 5 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %26) #83 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %63) #83 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void @__rcu_read_lock() #83 %78 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.813395*, %struct.net_device.813395** %78, align 8 %80 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %79, i64 0, i32 110, i32 0 %81 = load %struct.net.813150*, %struct.net.813150** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.813150* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.813309* %0, i32* null) #83 Function:__ip_options_compile %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* %7 = icmp eq %struct.sk_buff.813309* %2, null br i1 %7, label %20, label %8 %21 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 10, i64 0 br label %22 %23 = phi i8* [ %21, %20 ], [ %19, %8 ] %24 = phi %struct.rtable.813060* [ null, %20 ], [ %12, %8 ] store i8* %23, i8** %5, align 8 %25 = getelementptr i8, i8* %23, i64 -20 %26 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 2 %27 = load i8, i8* %26, align 4 %28 = icmp eq i8 %27, 0 br i1 %28, label %386, label %29 %30 = zext i8 %27 to i32 %31 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 11 %32 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 8 %33 = bitcast i8** %5 to i64* %34 = ptrtoint i8* %25 to i64 %35 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 7 %36 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 5 %37 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 6 %38 = icmp eq %struct.rtable.813060* %24, null %39 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 4 %40 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 3 %41 = getelementptr %struct.ip_options, %struct.ip_options* %1, i64 0, i32 0 br label %42 %43 = phi i8* [ %23, %29 ], [ %356, %351 ] %44 = phi i32 [ %30, %29 ], [ %353, %351 ] %45 = phi i32 [ 0, %29 ], [ %352, %351 ] br label %46 %47 = phi i8* [ %43, %42 ], [ %88, %86 ] %48 = phi i32 [ %44, %42 ], [ %87, %86 ] %49 = load i8, i8* %47, align 1 switch i8 %49, label %90 [ i8 0, label %50 i8 1, label %86 ] %91 = ptrtoint i8* %47 to i64 %92 = icmp slt i32 %48, 2 br i1 %92, label %376, label %93, !prof !4, !misexpect !5 %94 = getelementptr i8, i8* %47, i64 1 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = icmp ult i8 %95, 2 %98 = icmp slt i32 %48, %96 %99 = or i1 %97, %98 br i1 %99, label %376, label %100 switch i8 %49, label %345 [ i8 -119, label %101 i8 -125, label %101 i8 7, label %141 i8 68, label %191 i8 -108, label %314 i8 -122, label %328 ] %192 = load i8, i8* %36, align 1 %193 = icmp eq i8 %192, 0 br i1 %193, label %194, label %376 %195 = icmp ult i8 %95, 4 br i1 %195, label %366, label %196 %197 = getelementptr i8, i8* %47, i64 2 %198 = load i8, i8* %197, align 1 %199 = zext i8 %198 to i32 %200 = icmp ult i8 %198, 5 br i1 %200, label %376, label %201 %202 = icmp ugt i8 %198, %95 br i1 %202, label %292, label %203 %204 = add nuw nsw i32 %199, 3 %205 = icmp ugt i32 %204, %96 br i1 %205, label %376, label %206 %207 = getelementptr i8, i8* %47, i64 3 %208 = load i8, i8* %207, align 1 %209 = and i8 %208, 15 %210 = zext i8 %209 to i32 switch i32 %210, label %266 [ i32 0, label %211 i32 1, label %219 i32 3, label %244 ] %220 = add nuw nsw i32 %199, 7 %221 = icmp ugt i32 %220, %96 br i1 %221, label %376, label %222 br i1 %38, label %273, label %223 %224 = icmp eq i32 %45, 0 br i1 %224, label %225, label %230 %226 = call i32 bitcast (i32 (%struct.sk_buff.749126*)* @fib_compute_spec_dst to i32 (%struct.sk_buff.813309*)*)(%struct.sk_buff.813309* %2) #83 Function:fib_compute_spec_dst %2 = alloca %struct.fib_result, align 8 %3 = alloca %struct.flowi4, align 8 %4 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %5 = load %struct.net_device.749113*, %struct.net_device.749113** %4, align 8 %6 = bitcast %struct.fib_result* %2 to i8* %7 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 4, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -2 %10 = inttoptr i64 %9 to %struct.rtable.748923* %11 = getelementptr inbounds %struct.rtable.748923, %struct.rtable.748923* %10, i64 0, i32 2 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, -1342177280 %14 = icmp eq i32 %13, -2147483648 br i1 %14, label %15, label %25 %26 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %5, i64 0, i32 67 %27 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %26, align 8 %28 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %5, i64 0, i32 110, i32 0 %29 = load %struct.net.749003*, %struct.net.749003** %28, align 8 %30 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 40 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 35 %33 = load i16, i16* %32, align 4 %34 = zext i16 %33 to i64 %35 = getelementptr i8, i8* %31, i64 %34 %36 = getelementptr inbounds i8, i8* %35, i64 12 %37 = bitcast i8* %36 to i32* %38 = load i32, i32* %37, align 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %115, label %40 %41 = icmp eq %struct.in_device.749041* %27, null br i1 %41, label %56, label %42 %43 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %27, i64 0, i32 0 %44 = load %struct.net_device.749113*, %struct.net_device.749113** %43, align 8 %45 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %44, i64 0, i32 110, i32 0 %46 = load %struct.net.749003*, %struct.net.749003** %45, align 8 %47 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %46, i64 0, i32 34, i32 6 %48 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %47, align 8 %49 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %48, i64 0, i32 1, i64 23 %50 = load i32, i32* %49, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %56 %57 = phi i1 [ false, %40 ], [ true, %42 ], [ %55, %52 ] %58 = bitcast %struct.flowi4* %3 to i8* %59 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 0, i32* %59, align 8 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %60, align 4 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 br i1 %57, label %62, label %65 %66 = phi i32 [ %64, %62 ], [ 0, %56 ] store i32 %66, i32* %61, align 8 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 %68 = getelementptr inbounds i8, i8* %35, i64 1 %69 = load i8, i8* %68, align 1 %70 = and i8 %69, 28 store i8 %70, i8* %67, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 0, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 %74 = load i32, i32* %37, align 4 store i32 %74, i32* %73, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3, i32 0 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %29, i64 0, i32 34, i32 14 %77 = load i8, i8* %76, align 4, !range !4 %78 = icmp eq i8 %77, 0 br i1 %78, label %81, label %79 %80 = call i32 @__fib_lookup(%struct.net.749003* %29, %struct.flowi4* nonnull %3, %struct.fib_result* nonnull %2, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %91 = tail call i32 %86(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 br label %92 %93 = phi i32 [ %89, %88 ], [ %91, %90 ] switch i32 %93, label %103 [ i32 0, label %94 i32 -11, label %133 ] %95 = load i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*, i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)** %17, align 8 %96 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, null br i1 %96, label %103, label %97 %98 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %98, label %99, label %101, !prof !4, !misexpect !5 %100 = tail call zeroext i1 bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 Function:fib4_rule_suppress %4 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %2, i64 0, i32 2 %5 = bitcast i8** %4 to %struct.fib_result** %6 = load %struct.fib_result*, %struct.fib_result** %5, align 8 %7 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %6, i64 0, i32 7 %8 = load %struct.fib_info.748927*, %struct.fib_info.748927** %7, align 8 %9 = icmp eq %struct.fib_info.748927* %8, null br i1 %9, label %44, label %10 %45 = phi %struct.net_device.749113* [ %43, %40 ], [ null, %3 ] %46 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %6, i64 0, i32 1 %47 = load i8, i8* %46, align 4 %48 = zext i8 %47 to i32 %49 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 18 %50 = load i32, i32* %49, align 4 %51 = icmp slt i32 %50, %48 br i1 %51, label %52, label %62 %63 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %2, i64 0, i32 5 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 1 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %8, i64 0, i32 5 %69 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %68, i64 0, i32 0, i32 0 %70 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %69, i32 -1, i32* %69) #6, !srcloc !7 %71 = icmp eq i32 %70, 1 br i1 %71, label %77, label %72 %73 = add i32 %70, -1 %74 = or i32 %73, %70 %75 = icmp sgt i32 %74, -1 br i1 %75, label %78, label %76, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %68, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib4_rule_suppress 1 fib_rules_lookup 2 __fib_lookup 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %91 = tail call i32 %86(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 br label %92 %93 = phi i32 [ %89, %88 ], [ %91, %90 ] switch i32 %93, label %103 [ i32 0, label %94 i32 -11, label %133 ] %95 = load i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*, i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)** %17, align 8 %96 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, null br i1 %96, label %103, label %97 %98 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %98, label %99, label %101, !prof !4, !misexpect !5 %100 = tail call zeroext i1 bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 Function:fib4_rule_suppress %4 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %2, i64 0, i32 2 %5 = bitcast i8** %4 to %struct.fib_result** %6 = load %struct.fib_result*, %struct.fib_result** %5, align 8 %7 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %6, i64 0, i32 7 %8 = load %struct.fib_info.748927*, %struct.fib_info.748927** %7, align 8 %9 = icmp eq %struct.fib_info.748927* %8, null br i1 %9, label %44, label %10 %45 = phi %struct.net_device.749113* [ %43, %40 ], [ null, %3 ] %46 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %6, i64 0, i32 1 %47 = load i8, i8* %46, align 4 %48 = zext i8 %47 to i32 %49 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 18 %50 = load i32, i32* %49, align 4 %51 = icmp slt i32 %50, %48 br i1 %51, label %52, label %62 %63 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %2, i64 0, i32 5 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 1 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %8, i64 0, i32 5 %69 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %68, i64 0, i32 0, i32 0 %70 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %69, i32 -1, i32* %69) #6, !srcloc !7 %71 = icmp eq i32 %70, 1 br i1 %71, label %77, label %72 %73 = add i32 %70, -1 %74 = or i32 %73, %70 %75 = icmp sgt i32 %74, -1 br i1 %75, label %78, label %76, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %68, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib4_rule_suppress 1 fib_rules_lookup 2 __fib_lookup 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %91 = tail call i32 %86(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 br label %92 %93 = phi i32 [ %89, %88 ], [ %91, %90 ] switch i32 %93, label %103 [ i32 0, label %94 i32 -11, label %133 ] %95 = load i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*, i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)** %17, align 8 %96 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, null br i1 %96, label %103, label %97 %98 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %98, label %99, label %101, !prof !4, !misexpect !5 %100 = tail call zeroext i1 bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 Function:fib4_rule_suppress %4 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %2, i64 0, i32 2 %5 = bitcast i8** %4 to %struct.fib_result** %6 = load %struct.fib_result*, %struct.fib_result** %5, align 8 %7 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %6, i64 0, i32 7 %8 = load %struct.fib_info.748927*, %struct.fib_info.748927** %7, align 8 %9 = icmp eq %struct.fib_info.748927* %8, null br i1 %9, label %44, label %10 %45 = phi %struct.net_device.749113* [ %43, %40 ], [ null, %3 ] %46 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %6, i64 0, i32 1 %47 = load i8, i8* %46, align 4 %48 = zext i8 %47 to i32 %49 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 18 %50 = load i32, i32* %49, align 4 %51 = icmp slt i32 %50, %48 br i1 %51, label %52, label %62 %63 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %2, i64 0, i32 5 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 1 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %8, i64 0, i32 5 %69 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %68, i64 0, i32 0, i32 0 %70 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %69, i32 -1, i32* %69) #6, !srcloc !7 %71 = icmp eq i32 %70, 1 br i1 %71, label %77, label %72 %73 = add i32 %70, -1 %74 = or i32 %73, %70 %75 = icmp sgt i32 %74, -1 br i1 %75, label %78, label %76, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %68, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib4_rule_suppress 1 fib_rules_lookup 2 __fib_lookup 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %91 = tail call i32 %86(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 br label %92 %93 = phi i32 [ %89, %88 ], [ %91, %90 ] switch i32 %93, label %103 [ i32 0, label %94 i32 -11, label %133 ] %95 = load i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*, i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)** %17, align 8 %96 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, null br i1 %96, label %103, label %97 %98 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %98, label %99, label %101, !prof !4, !misexpect !5 %100 = tail call zeroext i1 bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 Function:fib4_rule_suppress %4 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %2, i64 0, i32 2 %5 = bitcast i8** %4 to %struct.fib_result** %6 = load %struct.fib_result*, %struct.fib_result** %5, align 8 %7 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %6, i64 0, i32 7 %8 = load %struct.fib_info.748927*, %struct.fib_info.748927** %7, align 8 %9 = icmp eq %struct.fib_info.748927* %8, null br i1 %9, label %44, label %10 %45 = phi %struct.net_device.749113* [ %43, %40 ], [ null, %3 ] %46 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %6, i64 0, i32 1 %47 = load i8, i8* %46, align 4 %48 = zext i8 %47 to i32 %49 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 18 %50 = load i32, i32* %49, align 4 %51 = icmp slt i32 %50, %48 br i1 %51, label %52, label %62 %63 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %2, i64 0, i32 5 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 1 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %8, i64 0, i32 5 %69 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %68, i64 0, i32 0, i32 0 %70 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %69, i32 -1, i32* %69) #6, !srcloc !7 %71 = icmp eq i32 %70, 1 br i1 %71, label %77, label %72 %73 = add i32 %70, -1 %74 = or i32 %73, %70 %75 = icmp sgt i32 %74, -1 br i1 %75, label %78, label %76, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %68, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_table_lookup 1 fib4_rule_action 2 fib_rules_lookup 3 __fib_lookup 4 fib_compute_spec_dst 5 __ip_options_compile 6 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %26) #83 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %63) #83 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void @__rcu_read_lock() #83 %78 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.813395*, %struct.net_device.813395** %78, align 8 %80 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %79, i64 0, i32 110, i32 0 %81 = load %struct.net.813150*, %struct.net.813150** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.813150* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.813309* %0, i32* null) #83 Function:__ip_options_compile %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* %7 = icmp eq %struct.sk_buff.813309* %2, null br i1 %7, label %20, label %8 %21 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 10, i64 0 br label %22 %23 = phi i8* [ %21, %20 ], [ %19, %8 ] %24 = phi %struct.rtable.813060* [ null, %20 ], [ %12, %8 ] store i8* %23, i8** %5, align 8 %25 = getelementptr i8, i8* %23, i64 -20 %26 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 2 %27 = load i8, i8* %26, align 4 %28 = icmp eq i8 %27, 0 br i1 %28, label %386, label %29 %30 = zext i8 %27 to i32 %31 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 11 %32 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 8 %33 = bitcast i8** %5 to i64* %34 = ptrtoint i8* %25 to i64 %35 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 7 %36 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 5 %37 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 6 %38 = icmp eq %struct.rtable.813060* %24, null %39 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 4 %40 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 3 %41 = getelementptr %struct.ip_options, %struct.ip_options* %1, i64 0, i32 0 br label %42 %43 = phi i8* [ %23, %29 ], [ %356, %351 ] %44 = phi i32 [ %30, %29 ], [ %353, %351 ] %45 = phi i32 [ 0, %29 ], [ %352, %351 ] br label %46 %47 = phi i8* [ %43, %42 ], [ %88, %86 ] %48 = phi i32 [ %44, %42 ], [ %87, %86 ] %49 = load i8, i8* %47, align 1 switch i8 %49, label %90 [ i8 0, label %50 i8 1, label %86 ] %91 = ptrtoint i8* %47 to i64 %92 = icmp slt i32 %48, 2 br i1 %92, label %376, label %93, !prof !4, !misexpect !5 %94 = getelementptr i8, i8* %47, i64 1 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = icmp ult i8 %95, 2 %98 = icmp slt i32 %48, %96 %99 = or i1 %97, %98 br i1 %99, label %376, label %100 switch i8 %49, label %345 [ i8 -119, label %101 i8 -125, label %101 i8 7, label %141 i8 68, label %191 i8 -108, label %314 i8 -122, label %328 ] %192 = load i8, i8* %36, align 1 %193 = icmp eq i8 %192, 0 br i1 %193, label %194, label %376 %195 = icmp ult i8 %95, 4 br i1 %195, label %366, label %196 %197 = getelementptr i8, i8* %47, i64 2 %198 = load i8, i8* %197, align 1 %199 = zext i8 %198 to i32 %200 = icmp ult i8 %198, 5 br i1 %200, label %376, label %201 %202 = icmp ugt i8 %198, %95 br i1 %202, label %292, label %203 %204 = add nuw nsw i32 %199, 3 %205 = icmp ugt i32 %204, %96 br i1 %205, label %376, label %206 %207 = getelementptr i8, i8* %47, i64 3 %208 = load i8, i8* %207, align 1 %209 = and i8 %208, 15 %210 = zext i8 %209 to i32 switch i32 %210, label %266 [ i32 0, label %211 i32 1, label %219 i32 3, label %244 ] %220 = add nuw nsw i32 %199, 7 %221 = icmp ugt i32 %220, %96 br i1 %221, label %376, label %222 br i1 %38, label %273, label %223 %224 = icmp eq i32 %45, 0 br i1 %224, label %225, label %230 %226 = call i32 bitcast (i32 (%struct.sk_buff.749126*)* @fib_compute_spec_dst to i32 (%struct.sk_buff.813309*)*)(%struct.sk_buff.813309* %2) #83 Function:fib_compute_spec_dst %2 = alloca %struct.fib_result, align 8 %3 = alloca %struct.flowi4, align 8 %4 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %5 = load %struct.net_device.749113*, %struct.net_device.749113** %4, align 8 %6 = bitcast %struct.fib_result* %2 to i8* %7 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 4, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -2 %10 = inttoptr i64 %9 to %struct.rtable.748923* %11 = getelementptr inbounds %struct.rtable.748923, %struct.rtable.748923* %10, i64 0, i32 2 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, -1342177280 %14 = icmp eq i32 %13, -2147483648 br i1 %14, label %15, label %25 %26 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %5, i64 0, i32 67 %27 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %26, align 8 %28 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %5, i64 0, i32 110, i32 0 %29 = load %struct.net.749003*, %struct.net.749003** %28, align 8 %30 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 40 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 35 %33 = load i16, i16* %32, align 4 %34 = zext i16 %33 to i64 %35 = getelementptr i8, i8* %31, i64 %34 %36 = getelementptr inbounds i8, i8* %35, i64 12 %37 = bitcast i8* %36 to i32* %38 = load i32, i32* %37, align 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %115, label %40 %41 = icmp eq %struct.in_device.749041* %27, null br i1 %41, label %56, label %42 %43 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %27, i64 0, i32 0 %44 = load %struct.net_device.749113*, %struct.net_device.749113** %43, align 8 %45 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %44, i64 0, i32 110, i32 0 %46 = load %struct.net.749003*, %struct.net.749003** %45, align 8 %47 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %46, i64 0, i32 34, i32 6 %48 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %47, align 8 %49 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %48, i64 0, i32 1, i64 23 %50 = load i32, i32* %49, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %56 %57 = phi i1 [ false, %40 ], [ true, %42 ], [ %55, %52 ] %58 = bitcast %struct.flowi4* %3 to i8* %59 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 0, i32* %59, align 8 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %60, align 4 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 br i1 %57, label %62, label %65 %66 = phi i32 [ %64, %62 ], [ 0, %56 ] store i32 %66, i32* %61, align 8 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 %68 = getelementptr inbounds i8, i8* %35, i64 1 %69 = load i8, i8* %68, align 1 %70 = and i8 %69, 28 store i8 %70, i8* %67, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 0, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 %74 = load i32, i32* %37, align 4 store i32 %74, i32* %73, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3, i32 0 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %29, i64 0, i32 34, i32 14 %77 = load i8, i8* %76, align 4, !range !4 %78 = icmp eq i8 %77, 0 br i1 %78, label %81, label %79 %80 = call i32 @__fib_lookup(%struct.net.749003* %29, %struct.flowi4* nonnull %3, %struct.fib_result* nonnull %2, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %89 = tail call i32 bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 Function:fib4_rule_action %5 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 7 %6 = load i8, i8* %5, align 8 switch i8 %6, label %8 [ i8 1, label %9 i8 7, label %26 i8 8, label %7 ] tail call void @__rcu_read_lock() #83 %10 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 14 %13 = load %struct.net.749003*, %struct.net.749003** %12, align 8 %14 = tail call %struct.fib_table* @fib_get_table(%struct.net.749003* %13, i32 %11) #83 %15 = icmp eq %struct.fib_table* %14, null br i1 %15, label %24, label %16 %17 = bitcast %struct.flowi* %1 to %struct.flowi4* %18 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 2 %19 = bitcast i8** %18 to %struct.fib_result** %20 = load %struct.fib_result*, %struct.fib_result** %19, align 8 %21 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 5 %22 = load i32, i32* %21, align 4 %23 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %14, %struct.flowi4* %17, %struct.fib_result* %20, i32 %22) #83 Function:fib_table_lookup %5 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %0, i64 0, i32 4 %6 = bitcast i64** %5 to %struct.trie** %7 = load %struct.trie*, %struct.trie** %6, align 8 %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 4 %11 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0, i32 4 %12 = bitcast %union.anon.65.268540* %11 to %struct.key_vector** %13 = load volatile %struct.key_vector*, %struct.key_vector** %12, align 8 %14 = icmp eq %struct.key_vector* %13, null br i1 %14, label %17, label %15 %16 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0 br label %40 %41 = phi i32 [ %63, %59 ], [ 0, %15 ] %42 = phi %struct.key_vector* [ %64, %59 ], [ %16, %15 ] %43 = phi %struct.key_vector* [ %68, %59 ], [ %13, %15 ] %44 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = xor i32 %45, %10 %47 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 1 %48 = load i8, i8* %47, align 4 %49 = zext i8 %48 to i32 %50 = lshr i32 %46, %49 %51 = zext i32 %50 to i64 %52 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 2 %53 = load i8, i8* %52, align 1 %54 = zext i8 %53 to i64 %55 = lshr i64 %51, %54 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %70 %58 = icmp eq i8 %53, 0 br i1 %58, label %163, label %59 %164 = phi i32 [ %72, %88 ], [ %45, %57 ] %165 = phi i32 [ %73, %88 ], [ %41, %57 ] %166 = phi %struct.key_vector* [ %74, %88 ], [ %42, %57 ] %167 = phi %struct.key_vector* [ %75, %88 ], [ %43, %57 ] %168 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 0 %169 = xor i32 %164, %10 %170 = zext i32 %169 to i64 %171 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 4, i32 0 %172 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %171, i64 0, i32 0 %173 = load volatile %struct.hlist_node*, %struct.hlist_node** %172, align 8 %174 = icmp eq %struct.hlist_node* %173, null br i1 %174, label %102, label %175 %176 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %177 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 %178 = and i32 %3, 2 %179 = icmp eq i32 %178, 0 %180 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %181 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 br label %182 %183 = phi %struct.hlist_node* [ %173, %175 ], [ %499, %497 ] %184 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %185 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1 %186 = bitcast %struct.hlist_node* %185 to %struct.fib_info.748927** %187 = load %struct.fib_info.748927*, %struct.fib_info.748927** %186, align 8 %188 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 5 %189 = load i8, i8* %188, align 1 %190 = zext i8 %189 to i64 %191 = lshr i64 %170, %190 %192 = icmp eq i64 %191, 0 br i1 %192, label %193, label %497 %194 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1, i32 1 %195 = bitcast %struct.hlist_node*** %194 to i8* %196 = load i8, i8* %195, align 8 %197 = icmp eq i8 %196, 0 br i1 %197, label %201, label %198 %199 = load i8, i8* %176, align 4 %200 = icmp eq i8 %196, %199 br i1 %200, label %201, label %497 %202 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 7 %203 = load i8, i8* %202, align 4 %204 = icmp eq i8 %203, 0 br i1 %204, label %205, label %497 %206 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %207 = load i8, i8* %206, align 2 %208 = load i8, i8* %177, align 1 %209 = icmp ult i8 %207, %208 br i1 %209, label %497, label %210 %211 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 4 %212 = load i8, i8* %211, align 2 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %215, label %217 %218 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 3 %219 = load i8, i8* %218, align 1 %220 = zext i8 %219 to i64 %221 = getelementptr [12 x %struct.intel_driver_caps], [12 x %struct.intel_driver_caps]* @fib_props, i64 0, i64 %220, i32 0 %222 = load i32, i32* %221, align 8 %223 = icmp sgt i32 %222, -1 br i1 %223, label %248, label %224, !prof !11, !misexpect !12 %249 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 6 %250 = load i32, i32* %249, align 8 %251 = and i32 %250, 1 %252 = icmp eq i32 %251, 0 br i1 %252, label %253, label %497 %254 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 18 %255 = load %struct.nexthop.748932*, %struct.nexthop.748932** %254, align 8 %256 = icmp eq %struct.nexthop.748932* %255, null br i1 %256, label %257, label %261, !prof !11, !misexpect !12 %258 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 15 %259 = load i32, i32* %258, align 8 %260 = icmp eq i32 %259, 0 br i1 %260, label %497, label %392 %393 = phi i32 [ %495, %494 ], [ 0, %257 ] %394 = sext i32 %393 to i64 %395 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0 %396 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 5 %397 = load i8, i8* %396, align 1 %398 = and i8 %397, 1 %399 = icmp eq i8 %398, 0 br i1 %399, label %400, label %494 %401 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %395, i64 0, i32 0 %402 = load %struct.net_device.749113*, %struct.net_device.749113** %401, align 8 %403 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %402, i64 0, i32 67 %404 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %403, align 8 %405 = icmp eq %struct.in_device.749041* %404, null br i1 %405, label %424, label %406 %407 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 0 %408 = load %struct.net_device.749113*, %struct.net_device.749113** %407, align 8 %409 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %408, i64 0, i32 110, i32 0 %410 = load %struct.net.749003*, %struct.net.749003** %409, align 8 %411 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %410, i64 0, i32 34, i32 6 %412 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %411, align 8 %413 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %412, i64 0, i32 1, i64 28 %414 = load i32, i32* %413, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %416, label %420 %417 = getelementptr %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 20, i32 1, i64 28 %418 = load i32, i32* %417, align 4 %419 = icmp eq i32 %418, 0 br i1 %419, label %424, label %420 %421 = and i8 %397, 16 %422 = icmp ne i8 %421, 0 %423 = and i1 %179, %422 br i1 %423, label %494, label %424 %425 = load i8, i8* %180, align 1 %426 = and i8 %425, 4 %427 = icmp eq i8 %426, 0 br i1 %427, label %428, label %435 %429 = load i32, i32* %181, align 8 %430 = icmp eq i32 %429, 0 br i1 %430, label %435, label %431 %432 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 1 %433 = load i32, i32* %432, align 8 %434 = icmp eq i32 %429, %433 br i1 %434, label %435, label %494 %436 = phi i32 [ %389, %388 ], [ %393, %424 ], [ %393, %428 ], [ %393, %431 ] %437 = phi %struct.fib_nh_common.748926* [ %390, %388 ], [ %395, %424 ], [ %395, %428 ], [ %395, %431 ] %438 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %439 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %440 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 3 %441 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 5 %442 = and i32 %3, 1 %443 = icmp eq i32 %442, 0 br i1 %443, label %444, label %455 %445 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 5 %446 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %445, i64 0, i32 0, i32 0 %447 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %446, i32 1, i32* %446) #6, !srcloc !16 %448 = icmp eq i32 %447, 0 br i1 %448, label %449, label %450, !prof !14, !misexpect !12 %451 = add i32 %447, 1 %452 = or i32 %451, %447 %453 = icmp sgt i32 %452, -1 br i1 %453, label %455, label %454, !prof !11, !misexpect !12 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %445, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_table_lookup 1 fib4_rule_action 2 fib_rules_lookup 3 __fib_lookup 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %89 = tail call i32 bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 Function:fib4_rule_action %5 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 7 %6 = load i8, i8* %5, align 8 switch i8 %6, label %8 [ i8 1, label %9 i8 7, label %26 i8 8, label %7 ] tail call void @__rcu_read_lock() #83 %10 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 14 %13 = load %struct.net.749003*, %struct.net.749003** %12, align 8 %14 = tail call %struct.fib_table* @fib_get_table(%struct.net.749003* %13, i32 %11) #83 %15 = icmp eq %struct.fib_table* %14, null br i1 %15, label %24, label %16 %17 = bitcast %struct.flowi* %1 to %struct.flowi4* %18 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 2 %19 = bitcast i8** %18 to %struct.fib_result** %20 = load %struct.fib_result*, %struct.fib_result** %19, align 8 %21 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 5 %22 = load i32, i32* %21, align 4 %23 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %14, %struct.flowi4* %17, %struct.fib_result* %20, i32 %22) #83 Function:fib_table_lookup %5 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %0, i64 0, i32 4 %6 = bitcast i64** %5 to %struct.trie** %7 = load %struct.trie*, %struct.trie** %6, align 8 %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 4 %11 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0, i32 4 %12 = bitcast %union.anon.65.268540* %11 to %struct.key_vector** %13 = load volatile %struct.key_vector*, %struct.key_vector** %12, align 8 %14 = icmp eq %struct.key_vector* %13, null br i1 %14, label %17, label %15 %16 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0 br label %40 %41 = phi i32 [ %63, %59 ], [ 0, %15 ] %42 = phi %struct.key_vector* [ %64, %59 ], [ %16, %15 ] %43 = phi %struct.key_vector* [ %68, %59 ], [ %13, %15 ] %44 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = xor i32 %45, %10 %47 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 1 %48 = load i8, i8* %47, align 4 %49 = zext i8 %48 to i32 %50 = lshr i32 %46, %49 %51 = zext i32 %50 to i64 %52 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 2 %53 = load i8, i8* %52, align 1 %54 = zext i8 %53 to i64 %55 = lshr i64 %51, %54 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %70 %58 = icmp eq i8 %53, 0 br i1 %58, label %163, label %59 %164 = phi i32 [ %72, %88 ], [ %45, %57 ] %165 = phi i32 [ %73, %88 ], [ %41, %57 ] %166 = phi %struct.key_vector* [ %74, %88 ], [ %42, %57 ] %167 = phi %struct.key_vector* [ %75, %88 ], [ %43, %57 ] %168 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 0 %169 = xor i32 %164, %10 %170 = zext i32 %169 to i64 %171 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 4, i32 0 %172 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %171, i64 0, i32 0 %173 = load volatile %struct.hlist_node*, %struct.hlist_node** %172, align 8 %174 = icmp eq %struct.hlist_node* %173, null br i1 %174, label %102, label %175 %176 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %177 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 %178 = and i32 %3, 2 %179 = icmp eq i32 %178, 0 %180 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %181 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 br label %182 %183 = phi %struct.hlist_node* [ %173, %175 ], [ %499, %497 ] %184 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %185 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1 %186 = bitcast %struct.hlist_node* %185 to %struct.fib_info.748927** %187 = load %struct.fib_info.748927*, %struct.fib_info.748927** %186, align 8 %188 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 5 %189 = load i8, i8* %188, align 1 %190 = zext i8 %189 to i64 %191 = lshr i64 %170, %190 %192 = icmp eq i64 %191, 0 br i1 %192, label %193, label %497 %194 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1, i32 1 %195 = bitcast %struct.hlist_node*** %194 to i8* %196 = load i8, i8* %195, align 8 %197 = icmp eq i8 %196, 0 br i1 %197, label %201, label %198 %199 = load i8, i8* %176, align 4 %200 = icmp eq i8 %196, %199 br i1 %200, label %201, label %497 %202 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 7 %203 = load i8, i8* %202, align 4 %204 = icmp eq i8 %203, 0 br i1 %204, label %205, label %497 %206 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %207 = load i8, i8* %206, align 2 %208 = load i8, i8* %177, align 1 %209 = icmp ult i8 %207, %208 br i1 %209, label %497, label %210 %211 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 4 %212 = load i8, i8* %211, align 2 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %215, label %217 %218 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 3 %219 = load i8, i8* %218, align 1 %220 = zext i8 %219 to i64 %221 = getelementptr [12 x %struct.intel_driver_caps], [12 x %struct.intel_driver_caps]* @fib_props, i64 0, i64 %220, i32 0 %222 = load i32, i32* %221, align 8 %223 = icmp sgt i32 %222, -1 br i1 %223, label %248, label %224, !prof !11, !misexpect !12 %249 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 6 %250 = load i32, i32* %249, align 8 %251 = and i32 %250, 1 %252 = icmp eq i32 %251, 0 br i1 %252, label %253, label %497 %254 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 18 %255 = load %struct.nexthop.748932*, %struct.nexthop.748932** %254, align 8 %256 = icmp eq %struct.nexthop.748932* %255, null br i1 %256, label %257, label %261, !prof !11, !misexpect !12 %258 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 15 %259 = load i32, i32* %258, align 8 %260 = icmp eq i32 %259, 0 br i1 %260, label %497, label %392 %393 = phi i32 [ %495, %494 ], [ 0, %257 ] %394 = sext i32 %393 to i64 %395 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0 %396 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 5 %397 = load i8, i8* %396, align 1 %398 = and i8 %397, 1 %399 = icmp eq i8 %398, 0 br i1 %399, label %400, label %494 %401 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %395, i64 0, i32 0 %402 = load %struct.net_device.749113*, %struct.net_device.749113** %401, align 8 %403 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %402, i64 0, i32 67 %404 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %403, align 8 %405 = icmp eq %struct.in_device.749041* %404, null br i1 %405, label %424, label %406 %407 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 0 %408 = load %struct.net_device.749113*, %struct.net_device.749113** %407, align 8 %409 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %408, i64 0, i32 110, i32 0 %410 = load %struct.net.749003*, %struct.net.749003** %409, align 8 %411 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %410, i64 0, i32 34, i32 6 %412 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %411, align 8 %413 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %412, i64 0, i32 1, i64 28 %414 = load i32, i32* %413, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %416, label %420 %417 = getelementptr %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 20, i32 1, i64 28 %418 = load i32, i32* %417, align 4 %419 = icmp eq i32 %418, 0 br i1 %419, label %424, label %420 %421 = and i8 %397, 16 %422 = icmp ne i8 %421, 0 %423 = and i1 %179, %422 br i1 %423, label %494, label %424 %425 = load i8, i8* %180, align 1 %426 = and i8 %425, 4 %427 = icmp eq i8 %426, 0 br i1 %427, label %428, label %435 %429 = load i32, i32* %181, align 8 %430 = icmp eq i32 %429, 0 br i1 %430, label %435, label %431 %432 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 1 %433 = load i32, i32* %432, align 8 %434 = icmp eq i32 %429, %433 br i1 %434, label %435, label %494 %436 = phi i32 [ %389, %388 ], [ %393, %424 ], [ %393, %428 ], [ %393, %431 ] %437 = phi %struct.fib_nh_common.748926* [ %390, %388 ], [ %395, %424 ], [ %395, %428 ], [ %395, %431 ] %438 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %439 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %440 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 3 %441 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 5 %442 = and i32 %3, 1 %443 = icmp eq i32 %442, 0 br i1 %443, label %444, label %455 %445 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 5 %446 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %445, i64 0, i32 0, i32 0 %447 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %446, i32 1, i32* %446) #6, !srcloc !16 %448 = icmp eq i32 %447, 0 br i1 %448, label %449, label %450, !prof !14, !misexpect !12 %451 = add i32 %447, 1 %452 = or i32 %451, %447 %453 = icmp sgt i32 %452, -1 br i1 %453, label %455, label %454, !prof !11, !misexpect !12 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %445, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_table_lookup 1 fib4_rule_action 2 fib_rules_lookup 3 __fib_lookup 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 ipip6_tunnel_bind_dev 7 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %89 = tail call i32 bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 Function:fib4_rule_action %5 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 7 %6 = load i8, i8* %5, align 8 switch i8 %6, label %8 [ i8 1, label %9 i8 7, label %26 i8 8, label %7 ] tail call void @__rcu_read_lock() #83 %10 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 14 %13 = load %struct.net.749003*, %struct.net.749003** %12, align 8 %14 = tail call %struct.fib_table* @fib_get_table(%struct.net.749003* %13, i32 %11) #83 %15 = icmp eq %struct.fib_table* %14, null br i1 %15, label %24, label %16 %17 = bitcast %struct.flowi* %1 to %struct.flowi4* %18 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 2 %19 = bitcast i8** %18 to %struct.fib_result** %20 = load %struct.fib_result*, %struct.fib_result** %19, align 8 %21 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 5 %22 = load i32, i32* %21, align 4 %23 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %14, %struct.flowi4* %17, %struct.fib_result* %20, i32 %22) #83 Function:fib_table_lookup %5 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %0, i64 0, i32 4 %6 = bitcast i64** %5 to %struct.trie** %7 = load %struct.trie*, %struct.trie** %6, align 8 %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 4 %11 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0, i32 4 %12 = bitcast %union.anon.65.268540* %11 to %struct.key_vector** %13 = load volatile %struct.key_vector*, %struct.key_vector** %12, align 8 %14 = icmp eq %struct.key_vector* %13, null br i1 %14, label %17, label %15 %16 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0 br label %40 %41 = phi i32 [ %63, %59 ], [ 0, %15 ] %42 = phi %struct.key_vector* [ %64, %59 ], [ %16, %15 ] %43 = phi %struct.key_vector* [ %68, %59 ], [ %13, %15 ] %44 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = xor i32 %45, %10 %47 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 1 %48 = load i8, i8* %47, align 4 %49 = zext i8 %48 to i32 %50 = lshr i32 %46, %49 %51 = zext i32 %50 to i64 %52 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 2 %53 = load i8, i8* %52, align 1 %54 = zext i8 %53 to i64 %55 = lshr i64 %51, %54 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %70 %58 = icmp eq i8 %53, 0 br i1 %58, label %163, label %59 %164 = phi i32 [ %72, %88 ], [ %45, %57 ] %165 = phi i32 [ %73, %88 ], [ %41, %57 ] %166 = phi %struct.key_vector* [ %74, %88 ], [ %42, %57 ] %167 = phi %struct.key_vector* [ %75, %88 ], [ %43, %57 ] %168 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 0 %169 = xor i32 %164, %10 %170 = zext i32 %169 to i64 %171 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 4, i32 0 %172 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %171, i64 0, i32 0 %173 = load volatile %struct.hlist_node*, %struct.hlist_node** %172, align 8 %174 = icmp eq %struct.hlist_node* %173, null br i1 %174, label %102, label %175 %176 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %177 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 %178 = and i32 %3, 2 %179 = icmp eq i32 %178, 0 %180 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %181 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 br label %182 %183 = phi %struct.hlist_node* [ %173, %175 ], [ %499, %497 ] %184 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %185 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1 %186 = bitcast %struct.hlist_node* %185 to %struct.fib_info.748927** %187 = load %struct.fib_info.748927*, %struct.fib_info.748927** %186, align 8 %188 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 5 %189 = load i8, i8* %188, align 1 %190 = zext i8 %189 to i64 %191 = lshr i64 %170, %190 %192 = icmp eq i64 %191, 0 br i1 %192, label %193, label %497 %194 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1, i32 1 %195 = bitcast %struct.hlist_node*** %194 to i8* %196 = load i8, i8* %195, align 8 %197 = icmp eq i8 %196, 0 br i1 %197, label %201, label %198 %199 = load i8, i8* %176, align 4 %200 = icmp eq i8 %196, %199 br i1 %200, label %201, label %497 %202 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 7 %203 = load i8, i8* %202, align 4 %204 = icmp eq i8 %203, 0 br i1 %204, label %205, label %497 %206 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %207 = load i8, i8* %206, align 2 %208 = load i8, i8* %177, align 1 %209 = icmp ult i8 %207, %208 br i1 %209, label %497, label %210 %211 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 4 %212 = load i8, i8* %211, align 2 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %215, label %217 %218 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 3 %219 = load i8, i8* %218, align 1 %220 = zext i8 %219 to i64 %221 = getelementptr [12 x %struct.intel_driver_caps], [12 x %struct.intel_driver_caps]* @fib_props, i64 0, i64 %220, i32 0 %222 = load i32, i32* %221, align 8 %223 = icmp sgt i32 %222, -1 br i1 %223, label %248, label %224, !prof !11, !misexpect !12 %249 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 6 %250 = load i32, i32* %249, align 8 %251 = and i32 %250, 1 %252 = icmp eq i32 %251, 0 br i1 %252, label %253, label %497 %254 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 18 %255 = load %struct.nexthop.748932*, %struct.nexthop.748932** %254, align 8 %256 = icmp eq %struct.nexthop.748932* %255, null br i1 %256, label %257, label %261, !prof !11, !misexpect !12 %258 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 15 %259 = load i32, i32* %258, align 8 %260 = icmp eq i32 %259, 0 br i1 %260, label %497, label %392 %393 = phi i32 [ %495, %494 ], [ 0, %257 ] %394 = sext i32 %393 to i64 %395 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0 %396 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 5 %397 = load i8, i8* %396, align 1 %398 = and i8 %397, 1 %399 = icmp eq i8 %398, 0 br i1 %399, label %400, label %494 %401 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %395, i64 0, i32 0 %402 = load %struct.net_device.749113*, %struct.net_device.749113** %401, align 8 %403 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %402, i64 0, i32 67 %404 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %403, align 8 %405 = icmp eq %struct.in_device.749041* %404, null br i1 %405, label %424, label %406 %407 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 0 %408 = load %struct.net_device.749113*, %struct.net_device.749113** %407, align 8 %409 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %408, i64 0, i32 110, i32 0 %410 = load %struct.net.749003*, %struct.net.749003** %409, align 8 %411 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %410, i64 0, i32 34, i32 6 %412 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %411, align 8 %413 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %412, i64 0, i32 1, i64 28 %414 = load i32, i32* %413, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %416, label %420 %417 = getelementptr %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 20, i32 1, i64 28 %418 = load i32, i32* %417, align 4 %419 = icmp eq i32 %418, 0 br i1 %419, label %424, label %420 %421 = and i8 %397, 16 %422 = icmp ne i8 %421, 0 %423 = and i1 %179, %422 br i1 %423, label %494, label %424 %425 = load i8, i8* %180, align 1 %426 = and i8 %425, 4 %427 = icmp eq i8 %426, 0 br i1 %427, label %428, label %435 %429 = load i32, i32* %181, align 8 %430 = icmp eq i32 %429, 0 br i1 %430, label %435, label %431 %432 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 1 %433 = load i32, i32* %432, align 8 %434 = icmp eq i32 %429, %433 br i1 %434, label %435, label %494 %436 = phi i32 [ %389, %388 ], [ %393, %424 ], [ %393, %428 ], [ %393, %431 ] %437 = phi %struct.fib_nh_common.748926* [ %390, %388 ], [ %395, %424 ], [ %395, %428 ], [ %395, %431 ] %438 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %439 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %440 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 3 %441 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 5 %442 = and i32 %3, 1 %443 = icmp eq i32 %442, 0 br i1 %443, label %444, label %455 %445 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 5 %446 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %445, i64 0, i32 0, i32 0 %447 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %446, i32 1, i32* %446) #6, !srcloc !16 %448 = icmp eq i32 %447, 0 br i1 %448, label %449, label %450, !prof !14, !misexpect !12 %451 = add i32 %447, 1 %452 = or i32 %451, %447 %453 = icmp sgt i32 %452, -1 br i1 %453, label %455, label %454, !prof !11, !misexpect !12 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %445, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_table_lookup 1 fib4_rule_action 2 fib_rules_lookup 3 __fib_lookup 4 __ip_rt_update_pmtu 5 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %89 = tail call i32 bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 Function:fib4_rule_action %5 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 7 %6 = load i8, i8* %5, align 8 switch i8 %6, label %8 [ i8 1, label %9 i8 7, label %26 i8 8, label %7 ] tail call void @__rcu_read_lock() #83 %10 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 14 %13 = load %struct.net.749003*, %struct.net.749003** %12, align 8 %14 = tail call %struct.fib_table* @fib_get_table(%struct.net.749003* %13, i32 %11) #83 %15 = icmp eq %struct.fib_table* %14, null br i1 %15, label %24, label %16 %17 = bitcast %struct.flowi* %1 to %struct.flowi4* %18 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 2 %19 = bitcast i8** %18 to %struct.fib_result** %20 = load %struct.fib_result*, %struct.fib_result** %19, align 8 %21 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 5 %22 = load i32, i32* %21, align 4 %23 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %14, %struct.flowi4* %17, %struct.fib_result* %20, i32 %22) #83 Function:fib_table_lookup %5 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %0, i64 0, i32 4 %6 = bitcast i64** %5 to %struct.trie** %7 = load %struct.trie*, %struct.trie** %6, align 8 %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 4 %11 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0, i32 4 %12 = bitcast %union.anon.65.268540* %11 to %struct.key_vector** %13 = load volatile %struct.key_vector*, %struct.key_vector** %12, align 8 %14 = icmp eq %struct.key_vector* %13, null br i1 %14, label %17, label %15 %16 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0 br label %40 %41 = phi i32 [ %63, %59 ], [ 0, %15 ] %42 = phi %struct.key_vector* [ %64, %59 ], [ %16, %15 ] %43 = phi %struct.key_vector* [ %68, %59 ], [ %13, %15 ] %44 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = xor i32 %45, %10 %47 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 1 %48 = load i8, i8* %47, align 4 %49 = zext i8 %48 to i32 %50 = lshr i32 %46, %49 %51 = zext i32 %50 to i64 %52 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 2 %53 = load i8, i8* %52, align 1 %54 = zext i8 %53 to i64 %55 = lshr i64 %51, %54 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %70 %58 = icmp eq i8 %53, 0 br i1 %58, label %163, label %59 %164 = phi i32 [ %72, %88 ], [ %45, %57 ] %165 = phi i32 [ %73, %88 ], [ %41, %57 ] %166 = phi %struct.key_vector* [ %74, %88 ], [ %42, %57 ] %167 = phi %struct.key_vector* [ %75, %88 ], [ %43, %57 ] %168 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 0 %169 = xor i32 %164, %10 %170 = zext i32 %169 to i64 %171 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 4, i32 0 %172 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %171, i64 0, i32 0 %173 = load volatile %struct.hlist_node*, %struct.hlist_node** %172, align 8 %174 = icmp eq %struct.hlist_node* %173, null br i1 %174, label %102, label %175 %176 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %177 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 %178 = and i32 %3, 2 %179 = icmp eq i32 %178, 0 %180 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %181 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 br label %182 %183 = phi %struct.hlist_node* [ %173, %175 ], [ %499, %497 ] %184 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %185 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1 %186 = bitcast %struct.hlist_node* %185 to %struct.fib_info.748927** %187 = load %struct.fib_info.748927*, %struct.fib_info.748927** %186, align 8 %188 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 5 %189 = load i8, i8* %188, align 1 %190 = zext i8 %189 to i64 %191 = lshr i64 %170, %190 %192 = icmp eq i64 %191, 0 br i1 %192, label %193, label %497 %194 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1, i32 1 %195 = bitcast %struct.hlist_node*** %194 to i8* %196 = load i8, i8* %195, align 8 %197 = icmp eq i8 %196, 0 br i1 %197, label %201, label %198 %199 = load i8, i8* %176, align 4 %200 = icmp eq i8 %196, %199 br i1 %200, label %201, label %497 %202 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 7 %203 = load i8, i8* %202, align 4 %204 = icmp eq i8 %203, 0 br i1 %204, label %205, label %497 %206 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %207 = load i8, i8* %206, align 2 %208 = load i8, i8* %177, align 1 %209 = icmp ult i8 %207, %208 br i1 %209, label %497, label %210 %211 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 4 %212 = load i8, i8* %211, align 2 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %215, label %217 %218 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 3 %219 = load i8, i8* %218, align 1 %220 = zext i8 %219 to i64 %221 = getelementptr [12 x %struct.intel_driver_caps], [12 x %struct.intel_driver_caps]* @fib_props, i64 0, i64 %220, i32 0 %222 = load i32, i32* %221, align 8 %223 = icmp sgt i32 %222, -1 br i1 %223, label %248, label %224, !prof !11, !misexpect !12 %249 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 6 %250 = load i32, i32* %249, align 8 %251 = and i32 %250, 1 %252 = icmp eq i32 %251, 0 br i1 %252, label %253, label %497 %254 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 18 %255 = load %struct.nexthop.748932*, %struct.nexthop.748932** %254, align 8 %256 = icmp eq %struct.nexthop.748932* %255, null br i1 %256, label %257, label %261, !prof !11, !misexpect !12 %258 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 15 %259 = load i32, i32* %258, align 8 %260 = icmp eq i32 %259, 0 br i1 %260, label %497, label %392 %393 = phi i32 [ %495, %494 ], [ 0, %257 ] %394 = sext i32 %393 to i64 %395 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0 %396 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 5 %397 = load i8, i8* %396, align 1 %398 = and i8 %397, 1 %399 = icmp eq i8 %398, 0 br i1 %399, label %400, label %494 %401 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %395, i64 0, i32 0 %402 = load %struct.net_device.749113*, %struct.net_device.749113** %401, align 8 %403 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %402, i64 0, i32 67 %404 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %403, align 8 %405 = icmp eq %struct.in_device.749041* %404, null br i1 %405, label %424, label %406 %407 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 0 %408 = load %struct.net_device.749113*, %struct.net_device.749113** %407, align 8 %409 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %408, i64 0, i32 110, i32 0 %410 = load %struct.net.749003*, %struct.net.749003** %409, align 8 %411 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %410, i64 0, i32 34, i32 6 %412 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %411, align 8 %413 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %412, i64 0, i32 1, i64 28 %414 = load i32, i32* %413, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %416, label %420 %417 = getelementptr %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 20, i32 1, i64 28 %418 = load i32, i32* %417, align 4 %419 = icmp eq i32 %418, 0 br i1 %419, label %424, label %420 %421 = and i8 %397, 16 %422 = icmp ne i8 %421, 0 %423 = and i1 %179, %422 br i1 %423, label %494, label %424 %425 = load i8, i8* %180, align 1 %426 = and i8 %425, 4 %427 = icmp eq i8 %426, 0 br i1 %427, label %428, label %435 %429 = load i32, i32* %181, align 8 %430 = icmp eq i32 %429, 0 br i1 %430, label %435, label %431 %432 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 1 %433 = load i32, i32* %432, align 8 %434 = icmp eq i32 %429, %433 br i1 %434, label %435, label %494 %436 = phi i32 [ %389, %388 ], [ %393, %424 ], [ %393, %428 ], [ %393, %431 ] %437 = phi %struct.fib_nh_common.748926* [ %390, %388 ], [ %395, %424 ], [ %395, %428 ], [ %395, %431 ] %438 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %439 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %440 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 3 %441 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 5 %442 = and i32 %3, 1 %443 = icmp eq i32 %442, 0 br i1 %443, label %444, label %455 %445 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 5 %446 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %445, i64 0, i32 0, i32 0 %447 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %446, i32 1, i32* %446) #6, !srcloc !16 %448 = icmp eq i32 %447, 0 br i1 %448, label %449, label %450, !prof !14, !misexpect !12 %451 = add i32 %447, 1 %452 = or i32 %451, %447 %453 = icmp sgt i32 %452, -1 br i1 %453, label %455, label %454, !prof !11, !misexpect !12 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %445, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_table_lookup 1 inet_addr_type_dev_table 2 __inet6_bind ------------- Path:  Function:__inet6_bind %5 = getelementptr inbounds %struct.sock.869179, %struct.sock.869179* %0, i64 0, i32 0, i32 4 %6 = load volatile i8, i8* %5, align 2 %7 = zext i8 %6 to i32 %8 = shl nuw i32 1, %7 %9 = and i32 %8, -4161 %10 = icmp eq i32 %9, 0 br i1 %10, label %15, label %11 %16 = phi i8* [ %14, %11 ], [ null, %4 ] %17 = getelementptr inbounds %struct.sock.869179, %struct.sock.869179* %0, i64 0, i32 0, i32 9, i32 0 %18 = load %struct.net.869250*, %struct.net.869250** %17, align 8 %19 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 10 br i1 %21, label %22, label %226 %23 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 6 %24 = bitcast i8* %23 to %struct.in6_addr* %25 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %24) #83 %26 = and i32 %25, 65535 %27 = and i32 %25, 2 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29 %34 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1 %35 = bitcast [14 x i8]* %34 to i16* %36 = load i16, i16* %35, align 2 %38 = and i32 %3, 8 %39 = icmp ne i32 %38, 0 %40 = icmp eq i16 %36, 0 %41 = or i1 %39, %40 br i1 %41, label %51, label %42 %52 = and i32 %3, 2 %53 = icmp eq i32 %52, 0 br i1 %53, label %55, label %54 %56 = load volatile i8, i8* %5, align 2 %57 = icmp eq i8 %56, 7 br i1 %57, label %58, label %221 %59 = getelementptr inbounds %struct.sock.869179, %struct.sock.869179* %0, i64 0, i32 0, i32 2 %60 = bitcast %struct.kuid_t* %59 to %struct.raw_hdlc_proto* %61 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %60, i64 0, i32 1 %62 = load i16, i16* %61, align 2 %63 = icmp eq i16 %62, 0 br i1 %63, label %64, label %221 %65 = trunc i32 %25 to i16 switch i16 %65, label %106 [ i16 4096, label %66 i16 0, label %151 ] %67 = getelementptr inbounds %struct.sock.869179, %struct.sock.869179* %0, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 1 %69 = and i8 %68, 32 %70 = icmp eq i8 %69, 0 br i1 %70, label %71, label %221 tail call void @__rcu_read_lock() #83 %72 = getelementptr inbounds %struct.sock.869179, %struct.sock.869179* %0, i64 0, i32 0, i32 6 %73 = load i32, i32* %72, align 4 %74 = icmp eq i32 %73, 0 br i1 %74, label %78, label %75 %76 = tail call %struct.net_device.869133* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.869133* (%struct.net.869250*, i32)*)(%struct.net.869250* %18, i32 %73) #83 %77 = icmp eq %struct.net_device.869133* %76, null br i1 %77, label %224, label %78 %79 = phi %struct.net_device.869133* [ %76, %75 ], [ null, %71 ] %80 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 18 %81 = bitcast i8* %80 to i32* %82 = load i32, i32* %81, align 4 %83 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.net_device.749113*, i32)* @inet_addr_type_dev_table to i32 (%struct.net.869250*, %struct.net_device.869133*, i32)*)(%struct.net.869250* %18, %struct.net_device.869133* %79, i32 %82) #83 Function:inet_addr_type_dev_table %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.fib_result, align 8 %6 = bitcast %struct.flowi4* %4 to i8* %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %2, i32* %7, align 4 %8 = bitcast %struct.fib_result* %5 to i8* switch i32 %2, label %9 [ i32 0, label %67 i32 -1, label %67 ] %10 = and i32 %2, 240 %11 = icmp eq i32 %10, 224 br i1 %11, label %67, label %12 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 17 %14 = load %struct.hlist_head*, %struct.hlist_head** %13, align 16 %15 = getelementptr %struct.hlist_head, %struct.hlist_head* %14, i64 255, i32 0 %16 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %17 = icmp eq %struct.hlist_node* %16, null br i1 %17, label %65, label %18 %19 = phi %struct.hlist_node* [ %26, %24 ], [ %16, %12 ] %20 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %19, i64 1 %21 = bitcast %struct.hlist_node* %20 to i32* %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 255 br i1 %23, label %28, label %24 %29 = bitcast %struct.hlist_node* %19 to %struct.fib_table* %30 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %29, %struct.flowi4* nonnull %4, %struct.fib_result* nonnull %5, i32 1) #83 Function:fib_table_lookup %5 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %0, i64 0, i32 4 %6 = bitcast i64** %5 to %struct.trie** %7 = load %struct.trie*, %struct.trie** %6, align 8 %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 4 %11 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0, i32 4 %12 = bitcast %union.anon.65.268540* %11 to %struct.key_vector** %13 = load volatile %struct.key_vector*, %struct.key_vector** %12, align 8 %14 = icmp eq %struct.key_vector* %13, null br i1 %14, label %17, label %15 %16 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0 br label %40 %41 = phi i32 [ %63, %59 ], [ 0, %15 ] %42 = phi %struct.key_vector* [ %64, %59 ], [ %16, %15 ] %43 = phi %struct.key_vector* [ %68, %59 ], [ %13, %15 ] %44 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = xor i32 %45, %10 %47 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 1 %48 = load i8, i8* %47, align 4 %49 = zext i8 %48 to i32 %50 = lshr i32 %46, %49 %51 = zext i32 %50 to i64 %52 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 2 %53 = load i8, i8* %52, align 1 %54 = zext i8 %53 to i64 %55 = lshr i64 %51, %54 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %70 %58 = icmp eq i8 %53, 0 br i1 %58, label %163, label %59 %164 = phi i32 [ %72, %88 ], [ %45, %57 ] %165 = phi i32 [ %73, %88 ], [ %41, %57 ] %166 = phi %struct.key_vector* [ %74, %88 ], [ %42, %57 ] %167 = phi %struct.key_vector* [ %75, %88 ], [ %43, %57 ] %168 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 0 %169 = xor i32 %164, %10 %170 = zext i32 %169 to i64 %171 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 4, i32 0 %172 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %171, i64 0, i32 0 %173 = load volatile %struct.hlist_node*, %struct.hlist_node** %172, align 8 %174 = icmp eq %struct.hlist_node* %173, null br i1 %174, label %102, label %175 %176 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %177 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 %178 = and i32 %3, 2 %179 = icmp eq i32 %178, 0 %180 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %181 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 br label %182 %183 = phi %struct.hlist_node* [ %173, %175 ], [ %499, %497 ] %184 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %185 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1 %186 = bitcast %struct.hlist_node* %185 to %struct.fib_info.748927** %187 = load %struct.fib_info.748927*, %struct.fib_info.748927** %186, align 8 %188 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 5 %189 = load i8, i8* %188, align 1 %190 = zext i8 %189 to i64 %191 = lshr i64 %170, %190 %192 = icmp eq i64 %191, 0 br i1 %192, label %193, label %497 %194 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1, i32 1 %195 = bitcast %struct.hlist_node*** %194 to i8* %196 = load i8, i8* %195, align 8 %197 = icmp eq i8 %196, 0 br i1 %197, label %201, label %198 %199 = load i8, i8* %176, align 4 %200 = icmp eq i8 %196, %199 br i1 %200, label %201, label %497 %202 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 7 %203 = load i8, i8* %202, align 4 %204 = icmp eq i8 %203, 0 br i1 %204, label %205, label %497 %206 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %207 = load i8, i8* %206, align 2 %208 = load i8, i8* %177, align 1 %209 = icmp ult i8 %207, %208 br i1 %209, label %497, label %210 %211 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 4 %212 = load i8, i8* %211, align 2 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %215, label %217 %218 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 3 %219 = load i8, i8* %218, align 1 %220 = zext i8 %219 to i64 %221 = getelementptr [12 x %struct.intel_driver_caps], [12 x %struct.intel_driver_caps]* @fib_props, i64 0, i64 %220, i32 0 %222 = load i32, i32* %221, align 8 %223 = icmp sgt i32 %222, -1 br i1 %223, label %248, label %224, !prof !11, !misexpect !12 %249 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 6 %250 = load i32, i32* %249, align 8 %251 = and i32 %250, 1 %252 = icmp eq i32 %251, 0 br i1 %252, label %253, label %497 %254 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 18 %255 = load %struct.nexthop.748932*, %struct.nexthop.748932** %254, align 8 %256 = icmp eq %struct.nexthop.748932* %255, null br i1 %256, label %257, label %261, !prof !11, !misexpect !12 %258 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 15 %259 = load i32, i32* %258, align 8 %260 = icmp eq i32 %259, 0 br i1 %260, label %497, label %392 %393 = phi i32 [ %495, %494 ], [ 0, %257 ] %394 = sext i32 %393 to i64 %395 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0 %396 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 5 %397 = load i8, i8* %396, align 1 %398 = and i8 %397, 1 %399 = icmp eq i8 %398, 0 br i1 %399, label %400, label %494 %401 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %395, i64 0, i32 0 %402 = load %struct.net_device.749113*, %struct.net_device.749113** %401, align 8 %403 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %402, i64 0, i32 67 %404 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %403, align 8 %405 = icmp eq %struct.in_device.749041* %404, null br i1 %405, label %424, label %406 %407 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 0 %408 = load %struct.net_device.749113*, %struct.net_device.749113** %407, align 8 %409 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %408, i64 0, i32 110, i32 0 %410 = load %struct.net.749003*, %struct.net.749003** %409, align 8 %411 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %410, i64 0, i32 34, i32 6 %412 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %411, align 8 %413 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %412, i64 0, i32 1, i64 28 %414 = load i32, i32* %413, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %416, label %420 %417 = getelementptr %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 20, i32 1, i64 28 %418 = load i32, i32* %417, align 4 %419 = icmp eq i32 %418, 0 br i1 %419, label %424, label %420 %421 = and i8 %397, 16 %422 = icmp ne i8 %421, 0 %423 = and i1 %179, %422 br i1 %423, label %494, label %424 %425 = load i8, i8* %180, align 1 %426 = and i8 %425, 4 %427 = icmp eq i8 %426, 0 br i1 %427, label %428, label %435 %429 = load i32, i32* %181, align 8 %430 = icmp eq i32 %429, 0 br i1 %430, label %435, label %431 %432 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 1 %433 = load i32, i32* %432, align 8 %434 = icmp eq i32 %429, %433 br i1 %434, label %435, label %494 %436 = phi i32 [ %389, %388 ], [ %393, %424 ], [ %393, %428 ], [ %393, %431 ] %437 = phi %struct.fib_nh_common.748926* [ %390, %388 ], [ %395, %424 ], [ %395, %428 ], [ %395, %431 ] %438 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %439 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %440 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 3 %441 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 5 %442 = and i32 %3, 1 %443 = icmp eq i32 %442, 0 br i1 %443, label %444, label %455 %445 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 5 %446 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %445, i64 0, i32 0, i32 0 %447 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %446, i32 1, i32* %446) #6, !srcloc !16 %448 = icmp eq i32 %447, 0 br i1 %448, label %449, label %450, !prof !14, !misexpect !12 %451 = add i32 %447, 1 %452 = or i32 %451, %447 %453 = icmp sgt i32 %452, -1 br i1 %453, label %455, label %454, !prof !11, !misexpect !12 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %445, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_table_lookup 1 inet_addr_type 2 ping_bind ------------- Path:  Function:ping_bind %4 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %5 = load i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %7 = load %struct.net*, %struct.net** %6, align 8 %8 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 3 %9 = load i16, i16* %8, align 8 switch i16 %9, label %200 [ i16 2, label %10 i16 10, label %44 ] %11 = icmp ult i32 %2, 16 br i1 %11, label %200, label %12 %13 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %14 = load i16, i16* %13, align 4 switch i16 %14, label %200 [ i16 2, label %20 i16 0, label %15 ] %21 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 2 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %26 = tail call i32 bitcast (i32 (%struct.net.749003*, i32)* @inet_addr_type to i32 (%struct.net*, i32)*)(%struct.net* %7, i32 %23) #83 Function:inet_addr_type %3 = alloca %struct.flowi4, align 8 %4 = alloca %struct.fib_result, align 8 %5 = bitcast %struct.flowi4* %3 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %1, i32* %6, align 4 %7 = bitcast %struct.fib_result* %4 to i8* switch i32 %1, label %8 [ i32 0, label %66 i32 -1, label %66 ] %9 = and i32 %1, 240 %10 = icmp eq i32 %9, 224 br i1 %10, label %66, label %11 tail call void @__rcu_read_lock() #83 %12 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 17 %13 = load %struct.hlist_head*, %struct.hlist_head** %12, align 16 %14 = getelementptr %struct.hlist_head, %struct.hlist_head* %13, i64 255, i32 0 %15 = load volatile %struct.hlist_node*, %struct.hlist_node** %14, align 8 %16 = icmp eq %struct.hlist_node* %15, null br i1 %16, label %64, label %17 %18 = phi %struct.hlist_node* [ %25, %23 ], [ %15, %11 ] %19 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %18, i64 1 %20 = bitcast %struct.hlist_node* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 255 br i1 %22, label %27, label %23 %28 = bitcast %struct.hlist_node* %18 to %struct.fib_table* %29 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %28, %struct.flowi4* nonnull %3, %struct.fib_result* nonnull %4, i32 1) #83 Function:fib_table_lookup %5 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %0, i64 0, i32 4 %6 = bitcast i64** %5 to %struct.trie** %7 = load %struct.trie*, %struct.trie** %6, align 8 %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 4 %11 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0, i32 4 %12 = bitcast %union.anon.65.268540* %11 to %struct.key_vector** %13 = load volatile %struct.key_vector*, %struct.key_vector** %12, align 8 %14 = icmp eq %struct.key_vector* %13, null br i1 %14, label %17, label %15 %16 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0 br label %40 %41 = phi i32 [ %63, %59 ], [ 0, %15 ] %42 = phi %struct.key_vector* [ %64, %59 ], [ %16, %15 ] %43 = phi %struct.key_vector* [ %68, %59 ], [ %13, %15 ] %44 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = xor i32 %45, %10 %47 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 1 %48 = load i8, i8* %47, align 4 %49 = zext i8 %48 to i32 %50 = lshr i32 %46, %49 %51 = zext i32 %50 to i64 %52 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 2 %53 = load i8, i8* %52, align 1 %54 = zext i8 %53 to i64 %55 = lshr i64 %51, %54 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %70 %58 = icmp eq i8 %53, 0 br i1 %58, label %163, label %59 %164 = phi i32 [ %72, %88 ], [ %45, %57 ] %165 = phi i32 [ %73, %88 ], [ %41, %57 ] %166 = phi %struct.key_vector* [ %74, %88 ], [ %42, %57 ] %167 = phi %struct.key_vector* [ %75, %88 ], [ %43, %57 ] %168 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 0 %169 = xor i32 %164, %10 %170 = zext i32 %169 to i64 %171 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 4, i32 0 %172 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %171, i64 0, i32 0 %173 = load volatile %struct.hlist_node*, %struct.hlist_node** %172, align 8 %174 = icmp eq %struct.hlist_node* %173, null br i1 %174, label %102, label %175 %176 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %177 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 %178 = and i32 %3, 2 %179 = icmp eq i32 %178, 0 %180 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %181 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 br label %182 %183 = phi %struct.hlist_node* [ %173, %175 ], [ %499, %497 ] %184 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %185 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1 %186 = bitcast %struct.hlist_node* %185 to %struct.fib_info.748927** %187 = load %struct.fib_info.748927*, %struct.fib_info.748927** %186, align 8 %188 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 5 %189 = load i8, i8* %188, align 1 %190 = zext i8 %189 to i64 %191 = lshr i64 %170, %190 %192 = icmp eq i64 %191, 0 br i1 %192, label %193, label %497 %194 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1, i32 1 %195 = bitcast %struct.hlist_node*** %194 to i8* %196 = load i8, i8* %195, align 8 %197 = icmp eq i8 %196, 0 br i1 %197, label %201, label %198 %199 = load i8, i8* %176, align 4 %200 = icmp eq i8 %196, %199 br i1 %200, label %201, label %497 %202 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 7 %203 = load i8, i8* %202, align 4 %204 = icmp eq i8 %203, 0 br i1 %204, label %205, label %497 %206 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %207 = load i8, i8* %206, align 2 %208 = load i8, i8* %177, align 1 %209 = icmp ult i8 %207, %208 br i1 %209, label %497, label %210 %211 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 4 %212 = load i8, i8* %211, align 2 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %215, label %217 %218 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 3 %219 = load i8, i8* %218, align 1 %220 = zext i8 %219 to i64 %221 = getelementptr [12 x %struct.intel_driver_caps], [12 x %struct.intel_driver_caps]* @fib_props, i64 0, i64 %220, i32 0 %222 = load i32, i32* %221, align 8 %223 = icmp sgt i32 %222, -1 br i1 %223, label %248, label %224, !prof !11, !misexpect !12 %249 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 6 %250 = load i32, i32* %249, align 8 %251 = and i32 %250, 1 %252 = icmp eq i32 %251, 0 br i1 %252, label %253, label %497 %254 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 18 %255 = load %struct.nexthop.748932*, %struct.nexthop.748932** %254, align 8 %256 = icmp eq %struct.nexthop.748932* %255, null br i1 %256, label %257, label %261, !prof !11, !misexpect !12 %258 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 15 %259 = load i32, i32* %258, align 8 %260 = icmp eq i32 %259, 0 br i1 %260, label %497, label %392 %393 = phi i32 [ %495, %494 ], [ 0, %257 ] %394 = sext i32 %393 to i64 %395 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0 %396 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 5 %397 = load i8, i8* %396, align 1 %398 = and i8 %397, 1 %399 = icmp eq i8 %398, 0 br i1 %399, label %400, label %494 %401 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %395, i64 0, i32 0 %402 = load %struct.net_device.749113*, %struct.net_device.749113** %401, align 8 %403 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %402, i64 0, i32 67 %404 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %403, align 8 %405 = icmp eq %struct.in_device.749041* %404, null br i1 %405, label %424, label %406 %407 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 0 %408 = load %struct.net_device.749113*, %struct.net_device.749113** %407, align 8 %409 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %408, i64 0, i32 110, i32 0 %410 = load %struct.net.749003*, %struct.net.749003** %409, align 8 %411 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %410, i64 0, i32 34, i32 6 %412 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %411, align 8 %413 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %412, i64 0, i32 1, i64 28 %414 = load i32, i32* %413, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %416, label %420 %417 = getelementptr %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 20, i32 1, i64 28 %418 = load i32, i32* %417, align 4 %419 = icmp eq i32 %418, 0 br i1 %419, label %424, label %420 %421 = and i8 %397, 16 %422 = icmp ne i8 %421, 0 %423 = and i1 %179, %422 br i1 %423, label %494, label %424 %425 = load i8, i8* %180, align 1 %426 = and i8 %425, 4 %427 = icmp eq i8 %426, 0 br i1 %427, label %428, label %435 %429 = load i32, i32* %181, align 8 %430 = icmp eq i32 %429, 0 br i1 %430, label %435, label %431 %432 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 1 %433 = load i32, i32* %432, align 8 %434 = icmp eq i32 %429, %433 br i1 %434, label %435, label %494 %436 = phi i32 [ %389, %388 ], [ %393, %424 ], [ %393, %428 ], [ %393, %431 ] %437 = phi %struct.fib_nh_common.748926* [ %390, %388 ], [ %395, %424 ], [ %395, %428 ], [ %395, %431 ] %438 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %439 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %440 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 3 %441 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 5 %442 = and i32 %3, 1 %443 = icmp eq i32 %442, 0 br i1 %443, label %444, label %455 %445 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 5 %446 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %445, i64 0, i32 0, i32 0 %447 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %446, i32 1, i32* %446) #6, !srcloc !16 %448 = icmp eq i32 %447, 0 br i1 %448, label %449, label %450, !prof !14, !misexpect !12 %451 = add i32 %447, 1 %452 = or i32 %451, %447 %453 = icmp sgt i32 %452, -1 br i1 %453, label %455, label %454, !prof !11, !misexpect !12 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %445, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_table_lookup 1 fib4_rule_action 2 fib_rules_lookup 3 __fib_lookup 4 fib_compute_spec_dst 5 __ip_options_compile 6 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %26) #83 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %63) #83 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void @__rcu_read_lock() #83 %78 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.813395*, %struct.net_device.813395** %78, align 8 %80 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %79, i64 0, i32 110, i32 0 %81 = load %struct.net.813150*, %struct.net.813150** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.813150* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.813309* %0, i32* null) #83 Function:__ip_options_compile %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* %7 = icmp eq %struct.sk_buff.813309* %2, null br i1 %7, label %20, label %8 %21 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 10, i64 0 br label %22 %23 = phi i8* [ %21, %20 ], [ %19, %8 ] %24 = phi %struct.rtable.813060* [ null, %20 ], [ %12, %8 ] store i8* %23, i8** %5, align 8 %25 = getelementptr i8, i8* %23, i64 -20 %26 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 2 %27 = load i8, i8* %26, align 4 %28 = icmp eq i8 %27, 0 br i1 %28, label %386, label %29 %30 = zext i8 %27 to i32 %31 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 11 %32 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 8 %33 = bitcast i8** %5 to i64* %34 = ptrtoint i8* %25 to i64 %35 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 7 %36 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 5 %37 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 6 %38 = icmp eq %struct.rtable.813060* %24, null %39 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 4 %40 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 3 %41 = getelementptr %struct.ip_options, %struct.ip_options* %1, i64 0, i32 0 br label %42 %43 = phi i8* [ %23, %29 ], [ %356, %351 ] %44 = phi i32 [ %30, %29 ], [ %353, %351 ] %45 = phi i32 [ 0, %29 ], [ %352, %351 ] br label %46 %47 = phi i8* [ %43, %42 ], [ %88, %86 ] %48 = phi i32 [ %44, %42 ], [ %87, %86 ] %49 = load i8, i8* %47, align 1 switch i8 %49, label %90 [ i8 0, label %50 i8 1, label %86 ] %91 = ptrtoint i8* %47 to i64 %92 = icmp slt i32 %48, 2 br i1 %92, label %376, label %93, !prof !4, !misexpect !5 %94 = getelementptr i8, i8* %47, i64 1 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = icmp ult i8 %95, 2 %98 = icmp slt i32 %48, %96 %99 = or i1 %97, %98 br i1 %99, label %376, label %100 switch i8 %49, label %345 [ i8 -119, label %101 i8 -125, label %101 i8 7, label %141 i8 68, label %191 i8 -108, label %314 i8 -122, label %328 ] %192 = load i8, i8* %36, align 1 %193 = icmp eq i8 %192, 0 br i1 %193, label %194, label %376 %195 = icmp ult i8 %95, 4 br i1 %195, label %366, label %196 %197 = getelementptr i8, i8* %47, i64 2 %198 = load i8, i8* %197, align 1 %199 = zext i8 %198 to i32 %200 = icmp ult i8 %198, 5 br i1 %200, label %376, label %201 %202 = icmp ugt i8 %198, %95 br i1 %202, label %292, label %203 %204 = add nuw nsw i32 %199, 3 %205 = icmp ugt i32 %204, %96 br i1 %205, label %376, label %206 %207 = getelementptr i8, i8* %47, i64 3 %208 = load i8, i8* %207, align 1 %209 = and i8 %208, 15 %210 = zext i8 %209 to i32 switch i32 %210, label %266 [ i32 0, label %211 i32 1, label %219 i32 3, label %244 ] %220 = add nuw nsw i32 %199, 7 %221 = icmp ugt i32 %220, %96 br i1 %221, label %376, label %222 br i1 %38, label %273, label %223 %224 = icmp eq i32 %45, 0 br i1 %224, label %225, label %230 %226 = call i32 bitcast (i32 (%struct.sk_buff.749126*)* @fib_compute_spec_dst to i32 (%struct.sk_buff.813309*)*)(%struct.sk_buff.813309* %2) #83 Function:fib_compute_spec_dst %2 = alloca %struct.fib_result, align 8 %3 = alloca %struct.flowi4, align 8 %4 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %5 = load %struct.net_device.749113*, %struct.net_device.749113** %4, align 8 %6 = bitcast %struct.fib_result* %2 to i8* %7 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 4, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -2 %10 = inttoptr i64 %9 to %struct.rtable.748923* %11 = getelementptr inbounds %struct.rtable.748923, %struct.rtable.748923* %10, i64 0, i32 2 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, -1342177280 %14 = icmp eq i32 %13, -2147483648 br i1 %14, label %15, label %25 %26 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %5, i64 0, i32 67 %27 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %26, align 8 %28 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %5, i64 0, i32 110, i32 0 %29 = load %struct.net.749003*, %struct.net.749003** %28, align 8 %30 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 40 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 35 %33 = load i16, i16* %32, align 4 %34 = zext i16 %33 to i64 %35 = getelementptr i8, i8* %31, i64 %34 %36 = getelementptr inbounds i8, i8* %35, i64 12 %37 = bitcast i8* %36 to i32* %38 = load i32, i32* %37, align 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %115, label %40 %41 = icmp eq %struct.in_device.749041* %27, null br i1 %41, label %56, label %42 %43 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %27, i64 0, i32 0 %44 = load %struct.net_device.749113*, %struct.net_device.749113** %43, align 8 %45 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %44, i64 0, i32 110, i32 0 %46 = load %struct.net.749003*, %struct.net.749003** %45, align 8 %47 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %46, i64 0, i32 34, i32 6 %48 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %47, align 8 %49 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %48, i64 0, i32 1, i64 23 %50 = load i32, i32* %49, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %56 %57 = phi i1 [ false, %40 ], [ true, %42 ], [ %55, %52 ] %58 = bitcast %struct.flowi4* %3 to i8* %59 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 0, i32* %59, align 8 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %60, align 4 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 br i1 %57, label %62, label %65 %66 = phi i32 [ %64, %62 ], [ 0, %56 ] store i32 %66, i32* %61, align 8 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 %68 = getelementptr inbounds i8, i8* %35, i64 1 %69 = load i8, i8* %68, align 1 %70 = and i8 %69, 28 store i8 %70, i8* %67, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 0, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 %74 = load i32, i32* %37, align 4 store i32 %74, i32* %73, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3, i32 0 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %29, i64 0, i32 34, i32 14 %77 = load i8, i8* %76, align 4, !range !4 %78 = icmp eq i8 %77, 0 br i1 %78, label %81, label %79 %80 = call i32 @__fib_lookup(%struct.net.749003* %29, %struct.flowi4* nonnull %3, %struct.fib_result* nonnull %2, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %89 = tail call i32 bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 Function:fib4_rule_action %5 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 7 %6 = load i8, i8* %5, align 8 switch i8 %6, label %8 [ i8 1, label %9 i8 7, label %26 i8 8, label %7 ] tail call void @__rcu_read_lock() #83 %10 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 14 %13 = load %struct.net.749003*, %struct.net.749003** %12, align 8 %14 = tail call %struct.fib_table* @fib_get_table(%struct.net.749003* %13, i32 %11) #83 %15 = icmp eq %struct.fib_table* %14, null br i1 %15, label %24, label %16 %17 = bitcast %struct.flowi* %1 to %struct.flowi4* %18 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 2 %19 = bitcast i8** %18 to %struct.fib_result** %20 = load %struct.fib_result*, %struct.fib_result** %19, align 8 %21 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 5 %22 = load i32, i32* %21, align 4 %23 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %14, %struct.flowi4* %17, %struct.fib_result* %20, i32 %22) #83 Function:fib_table_lookup %5 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %0, i64 0, i32 4 %6 = bitcast i64** %5 to %struct.trie** %7 = load %struct.trie*, %struct.trie** %6, align 8 %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 4 %11 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0, i32 4 %12 = bitcast %union.anon.65.268540* %11 to %struct.key_vector** %13 = load volatile %struct.key_vector*, %struct.key_vector** %12, align 8 %14 = icmp eq %struct.key_vector* %13, null br i1 %14, label %17, label %15 %16 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0 br label %40 %41 = phi i32 [ %63, %59 ], [ 0, %15 ] %42 = phi %struct.key_vector* [ %64, %59 ], [ %16, %15 ] %43 = phi %struct.key_vector* [ %68, %59 ], [ %13, %15 ] %44 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = xor i32 %45, %10 %47 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 1 %48 = load i8, i8* %47, align 4 %49 = zext i8 %48 to i32 %50 = lshr i32 %46, %49 %51 = zext i32 %50 to i64 %52 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 2 %53 = load i8, i8* %52, align 1 %54 = zext i8 %53 to i64 %55 = lshr i64 %51, %54 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %70 %58 = icmp eq i8 %53, 0 br i1 %58, label %163, label %59 %164 = phi i32 [ %72, %88 ], [ %45, %57 ] %165 = phi i32 [ %73, %88 ], [ %41, %57 ] %166 = phi %struct.key_vector* [ %74, %88 ], [ %42, %57 ] %167 = phi %struct.key_vector* [ %75, %88 ], [ %43, %57 ] %168 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 0 %169 = xor i32 %164, %10 %170 = zext i32 %169 to i64 %171 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 4, i32 0 %172 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %171, i64 0, i32 0 %173 = load volatile %struct.hlist_node*, %struct.hlist_node** %172, align 8 %174 = icmp eq %struct.hlist_node* %173, null br i1 %174, label %102, label %175 %176 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %177 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 %178 = and i32 %3, 2 %179 = icmp eq i32 %178, 0 %180 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %181 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 br label %182 %183 = phi %struct.hlist_node* [ %173, %175 ], [ %499, %497 ] %184 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %185 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1 %186 = bitcast %struct.hlist_node* %185 to %struct.fib_info.748927** %187 = load %struct.fib_info.748927*, %struct.fib_info.748927** %186, align 8 %188 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 5 %189 = load i8, i8* %188, align 1 %190 = zext i8 %189 to i64 %191 = lshr i64 %170, %190 %192 = icmp eq i64 %191, 0 br i1 %192, label %193, label %497 %194 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1, i32 1 %195 = bitcast %struct.hlist_node*** %194 to i8* %196 = load i8, i8* %195, align 8 %197 = icmp eq i8 %196, 0 br i1 %197, label %201, label %198 %199 = load i8, i8* %176, align 4 %200 = icmp eq i8 %196, %199 br i1 %200, label %201, label %497 %202 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 7 %203 = load i8, i8* %202, align 4 %204 = icmp eq i8 %203, 0 br i1 %204, label %205, label %497 %206 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %207 = load i8, i8* %206, align 2 %208 = load i8, i8* %177, align 1 %209 = icmp ult i8 %207, %208 br i1 %209, label %497, label %210 %211 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 4 %212 = load i8, i8* %211, align 2 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %215, label %217 %218 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 3 %219 = load i8, i8* %218, align 1 %220 = zext i8 %219 to i64 %221 = getelementptr [12 x %struct.intel_driver_caps], [12 x %struct.intel_driver_caps]* @fib_props, i64 0, i64 %220, i32 0 %222 = load i32, i32* %221, align 8 %223 = icmp sgt i32 %222, -1 br i1 %223, label %248, label %224, !prof !11, !misexpect !12 %249 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 6 %250 = load i32, i32* %249, align 8 %251 = and i32 %250, 1 %252 = icmp eq i32 %251, 0 br i1 %252, label %253, label %497 %254 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 18 %255 = load %struct.nexthop.748932*, %struct.nexthop.748932** %254, align 8 %256 = icmp eq %struct.nexthop.748932* %255, null br i1 %256, label %257, label %261, !prof !11, !misexpect !12 %258 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 15 %259 = load i32, i32* %258, align 8 %260 = icmp eq i32 %259, 0 br i1 %260, label %497, label %392 %393 = phi i32 [ %495, %494 ], [ 0, %257 ] %394 = sext i32 %393 to i64 %395 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0 %396 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 5 %397 = load i8, i8* %396, align 1 %398 = and i8 %397, 1 %399 = icmp eq i8 %398, 0 br i1 %399, label %400, label %494 %401 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %395, i64 0, i32 0 %402 = load %struct.net_device.749113*, %struct.net_device.749113** %401, align 8 %403 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %402, i64 0, i32 67 %404 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %403, align 8 %405 = icmp eq %struct.in_device.749041* %404, null br i1 %405, label %424, label %406 %407 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 0 %408 = load %struct.net_device.749113*, %struct.net_device.749113** %407, align 8 %409 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %408, i64 0, i32 110, i32 0 %410 = load %struct.net.749003*, %struct.net.749003** %409, align 8 %411 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %410, i64 0, i32 34, i32 6 %412 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %411, align 8 %413 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %412, i64 0, i32 1, i64 28 %414 = load i32, i32* %413, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %416, label %420 %417 = getelementptr %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 20, i32 1, i64 28 %418 = load i32, i32* %417, align 4 %419 = icmp eq i32 %418, 0 br i1 %419, label %424, label %420 %421 = and i8 %397, 16 %422 = icmp ne i8 %421, 0 %423 = and i1 %179, %422 br i1 %423, label %494, label %424 %425 = load i8, i8* %180, align 1 %426 = and i8 %425, 4 %427 = icmp eq i8 %426, 0 br i1 %427, label %428, label %435 %429 = load i32, i32* %181, align 8 %430 = icmp eq i32 %429, 0 br i1 %430, label %435, label %431 %432 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 1 %433 = load i32, i32* %432, align 8 %434 = icmp eq i32 %429, %433 br i1 %434, label %435, label %494 %436 = phi i32 [ %389, %388 ], [ %393, %424 ], [ %393, %428 ], [ %393, %431 ] %437 = phi %struct.fib_nh_common.748926* [ %390, %388 ], [ %395, %424 ], [ %395, %428 ], [ %395, %431 ] %438 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %439 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %440 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 3 %441 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 5 %442 = and i32 %3, 1 %443 = icmp eq i32 %442, 0 br i1 %443, label %444, label %455 %445 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 5 %446 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %445, i64 0, i32 0, i32 0 %447 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %446, i32 1, i32* %446) #6, !srcloc !16 %448 = icmp eq i32 %447, 0 br i1 %448, label %449, label %450, !prof !14, !misexpect !12 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %445, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_table_lookup 1 fib4_rule_action 2 fib_rules_lookup 3 __fib_lookup 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %89 = tail call i32 bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 Function:fib4_rule_action %5 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 7 %6 = load i8, i8* %5, align 8 switch i8 %6, label %8 [ i8 1, label %9 i8 7, label %26 i8 8, label %7 ] tail call void @__rcu_read_lock() #83 %10 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 14 %13 = load %struct.net.749003*, %struct.net.749003** %12, align 8 %14 = tail call %struct.fib_table* @fib_get_table(%struct.net.749003* %13, i32 %11) #83 %15 = icmp eq %struct.fib_table* %14, null br i1 %15, label %24, label %16 %17 = bitcast %struct.flowi* %1 to %struct.flowi4* %18 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 2 %19 = bitcast i8** %18 to %struct.fib_result** %20 = load %struct.fib_result*, %struct.fib_result** %19, align 8 %21 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 5 %22 = load i32, i32* %21, align 4 %23 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %14, %struct.flowi4* %17, %struct.fib_result* %20, i32 %22) #83 Function:fib_table_lookup %5 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %0, i64 0, i32 4 %6 = bitcast i64** %5 to %struct.trie** %7 = load %struct.trie*, %struct.trie** %6, align 8 %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 4 %11 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0, i32 4 %12 = bitcast %union.anon.65.268540* %11 to %struct.key_vector** %13 = load volatile %struct.key_vector*, %struct.key_vector** %12, align 8 %14 = icmp eq %struct.key_vector* %13, null br i1 %14, label %17, label %15 %16 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0 br label %40 %41 = phi i32 [ %63, %59 ], [ 0, %15 ] %42 = phi %struct.key_vector* [ %64, %59 ], [ %16, %15 ] %43 = phi %struct.key_vector* [ %68, %59 ], [ %13, %15 ] %44 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = xor i32 %45, %10 %47 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 1 %48 = load i8, i8* %47, align 4 %49 = zext i8 %48 to i32 %50 = lshr i32 %46, %49 %51 = zext i32 %50 to i64 %52 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 2 %53 = load i8, i8* %52, align 1 %54 = zext i8 %53 to i64 %55 = lshr i64 %51, %54 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %70 %58 = icmp eq i8 %53, 0 br i1 %58, label %163, label %59 %164 = phi i32 [ %72, %88 ], [ %45, %57 ] %165 = phi i32 [ %73, %88 ], [ %41, %57 ] %166 = phi %struct.key_vector* [ %74, %88 ], [ %42, %57 ] %167 = phi %struct.key_vector* [ %75, %88 ], [ %43, %57 ] %168 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 0 %169 = xor i32 %164, %10 %170 = zext i32 %169 to i64 %171 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 4, i32 0 %172 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %171, i64 0, i32 0 %173 = load volatile %struct.hlist_node*, %struct.hlist_node** %172, align 8 %174 = icmp eq %struct.hlist_node* %173, null br i1 %174, label %102, label %175 %176 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %177 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 %178 = and i32 %3, 2 %179 = icmp eq i32 %178, 0 %180 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %181 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 br label %182 %183 = phi %struct.hlist_node* [ %173, %175 ], [ %499, %497 ] %184 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %185 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1 %186 = bitcast %struct.hlist_node* %185 to %struct.fib_info.748927** %187 = load %struct.fib_info.748927*, %struct.fib_info.748927** %186, align 8 %188 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 5 %189 = load i8, i8* %188, align 1 %190 = zext i8 %189 to i64 %191 = lshr i64 %170, %190 %192 = icmp eq i64 %191, 0 br i1 %192, label %193, label %497 %194 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1, i32 1 %195 = bitcast %struct.hlist_node*** %194 to i8* %196 = load i8, i8* %195, align 8 %197 = icmp eq i8 %196, 0 br i1 %197, label %201, label %198 %199 = load i8, i8* %176, align 4 %200 = icmp eq i8 %196, %199 br i1 %200, label %201, label %497 %202 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 7 %203 = load i8, i8* %202, align 4 %204 = icmp eq i8 %203, 0 br i1 %204, label %205, label %497 %206 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %207 = load i8, i8* %206, align 2 %208 = load i8, i8* %177, align 1 %209 = icmp ult i8 %207, %208 br i1 %209, label %497, label %210 %211 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 4 %212 = load i8, i8* %211, align 2 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %215, label %217 %218 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 3 %219 = load i8, i8* %218, align 1 %220 = zext i8 %219 to i64 %221 = getelementptr [12 x %struct.intel_driver_caps], [12 x %struct.intel_driver_caps]* @fib_props, i64 0, i64 %220, i32 0 %222 = load i32, i32* %221, align 8 %223 = icmp sgt i32 %222, -1 br i1 %223, label %248, label %224, !prof !11, !misexpect !12 %249 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 6 %250 = load i32, i32* %249, align 8 %251 = and i32 %250, 1 %252 = icmp eq i32 %251, 0 br i1 %252, label %253, label %497 %254 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 18 %255 = load %struct.nexthop.748932*, %struct.nexthop.748932** %254, align 8 %256 = icmp eq %struct.nexthop.748932* %255, null br i1 %256, label %257, label %261, !prof !11, !misexpect !12 %258 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 15 %259 = load i32, i32* %258, align 8 %260 = icmp eq i32 %259, 0 br i1 %260, label %497, label %392 %393 = phi i32 [ %495, %494 ], [ 0, %257 ] %394 = sext i32 %393 to i64 %395 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0 %396 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 5 %397 = load i8, i8* %396, align 1 %398 = and i8 %397, 1 %399 = icmp eq i8 %398, 0 br i1 %399, label %400, label %494 %401 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %395, i64 0, i32 0 %402 = load %struct.net_device.749113*, %struct.net_device.749113** %401, align 8 %403 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %402, i64 0, i32 67 %404 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %403, align 8 %405 = icmp eq %struct.in_device.749041* %404, null br i1 %405, label %424, label %406 %407 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 0 %408 = load %struct.net_device.749113*, %struct.net_device.749113** %407, align 8 %409 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %408, i64 0, i32 110, i32 0 %410 = load %struct.net.749003*, %struct.net.749003** %409, align 8 %411 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %410, i64 0, i32 34, i32 6 %412 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %411, align 8 %413 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %412, i64 0, i32 1, i64 28 %414 = load i32, i32* %413, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %416, label %420 %417 = getelementptr %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 20, i32 1, i64 28 %418 = load i32, i32* %417, align 4 %419 = icmp eq i32 %418, 0 br i1 %419, label %424, label %420 %421 = and i8 %397, 16 %422 = icmp ne i8 %421, 0 %423 = and i1 %179, %422 br i1 %423, label %494, label %424 %425 = load i8, i8* %180, align 1 %426 = and i8 %425, 4 %427 = icmp eq i8 %426, 0 br i1 %427, label %428, label %435 %429 = load i32, i32* %181, align 8 %430 = icmp eq i32 %429, 0 br i1 %430, label %435, label %431 %432 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 1 %433 = load i32, i32* %432, align 8 %434 = icmp eq i32 %429, %433 br i1 %434, label %435, label %494 %436 = phi i32 [ %389, %388 ], [ %393, %424 ], [ %393, %428 ], [ %393, %431 ] %437 = phi %struct.fib_nh_common.748926* [ %390, %388 ], [ %395, %424 ], [ %395, %428 ], [ %395, %431 ] %438 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %439 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %440 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 3 %441 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 5 %442 = and i32 %3, 1 %443 = icmp eq i32 %442, 0 br i1 %443, label %444, label %455 %445 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 5 %446 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %445, i64 0, i32 0, i32 0 %447 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %446, i32 1, i32* %446) #6, !srcloc !16 %448 = icmp eq i32 %447, 0 br i1 %448, label %449, label %450, !prof !14, !misexpect !12 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %445, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_table_lookup 1 fib4_rule_action 2 fib_rules_lookup 3 __fib_lookup 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 ipip6_tunnel_bind_dev 7 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %89 = tail call i32 bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 Function:fib4_rule_action %5 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 7 %6 = load i8, i8* %5, align 8 switch i8 %6, label %8 [ i8 1, label %9 i8 7, label %26 i8 8, label %7 ] tail call void @__rcu_read_lock() #83 %10 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 14 %13 = load %struct.net.749003*, %struct.net.749003** %12, align 8 %14 = tail call %struct.fib_table* @fib_get_table(%struct.net.749003* %13, i32 %11) #83 %15 = icmp eq %struct.fib_table* %14, null br i1 %15, label %24, label %16 %17 = bitcast %struct.flowi* %1 to %struct.flowi4* %18 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 2 %19 = bitcast i8** %18 to %struct.fib_result** %20 = load %struct.fib_result*, %struct.fib_result** %19, align 8 %21 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 5 %22 = load i32, i32* %21, align 4 %23 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %14, %struct.flowi4* %17, %struct.fib_result* %20, i32 %22) #83 Function:fib_table_lookup %5 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %0, i64 0, i32 4 %6 = bitcast i64** %5 to %struct.trie** %7 = load %struct.trie*, %struct.trie** %6, align 8 %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 4 %11 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0, i32 4 %12 = bitcast %union.anon.65.268540* %11 to %struct.key_vector** %13 = load volatile %struct.key_vector*, %struct.key_vector** %12, align 8 %14 = icmp eq %struct.key_vector* %13, null br i1 %14, label %17, label %15 %16 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0 br label %40 %41 = phi i32 [ %63, %59 ], [ 0, %15 ] %42 = phi %struct.key_vector* [ %64, %59 ], [ %16, %15 ] %43 = phi %struct.key_vector* [ %68, %59 ], [ %13, %15 ] %44 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = xor i32 %45, %10 %47 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 1 %48 = load i8, i8* %47, align 4 %49 = zext i8 %48 to i32 %50 = lshr i32 %46, %49 %51 = zext i32 %50 to i64 %52 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 2 %53 = load i8, i8* %52, align 1 %54 = zext i8 %53 to i64 %55 = lshr i64 %51, %54 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %70 %58 = icmp eq i8 %53, 0 br i1 %58, label %163, label %59 %164 = phi i32 [ %72, %88 ], [ %45, %57 ] %165 = phi i32 [ %73, %88 ], [ %41, %57 ] %166 = phi %struct.key_vector* [ %74, %88 ], [ %42, %57 ] %167 = phi %struct.key_vector* [ %75, %88 ], [ %43, %57 ] %168 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 0 %169 = xor i32 %164, %10 %170 = zext i32 %169 to i64 %171 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 4, i32 0 %172 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %171, i64 0, i32 0 %173 = load volatile %struct.hlist_node*, %struct.hlist_node** %172, align 8 %174 = icmp eq %struct.hlist_node* %173, null br i1 %174, label %102, label %175 %176 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %177 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 %178 = and i32 %3, 2 %179 = icmp eq i32 %178, 0 %180 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %181 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 br label %182 %183 = phi %struct.hlist_node* [ %173, %175 ], [ %499, %497 ] %184 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %185 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1 %186 = bitcast %struct.hlist_node* %185 to %struct.fib_info.748927** %187 = load %struct.fib_info.748927*, %struct.fib_info.748927** %186, align 8 %188 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 5 %189 = load i8, i8* %188, align 1 %190 = zext i8 %189 to i64 %191 = lshr i64 %170, %190 %192 = icmp eq i64 %191, 0 br i1 %192, label %193, label %497 %194 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1, i32 1 %195 = bitcast %struct.hlist_node*** %194 to i8* %196 = load i8, i8* %195, align 8 %197 = icmp eq i8 %196, 0 br i1 %197, label %201, label %198 %199 = load i8, i8* %176, align 4 %200 = icmp eq i8 %196, %199 br i1 %200, label %201, label %497 %202 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 7 %203 = load i8, i8* %202, align 4 %204 = icmp eq i8 %203, 0 br i1 %204, label %205, label %497 %206 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %207 = load i8, i8* %206, align 2 %208 = load i8, i8* %177, align 1 %209 = icmp ult i8 %207, %208 br i1 %209, label %497, label %210 %211 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 4 %212 = load i8, i8* %211, align 2 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %215, label %217 %218 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 3 %219 = load i8, i8* %218, align 1 %220 = zext i8 %219 to i64 %221 = getelementptr [12 x %struct.intel_driver_caps], [12 x %struct.intel_driver_caps]* @fib_props, i64 0, i64 %220, i32 0 %222 = load i32, i32* %221, align 8 %223 = icmp sgt i32 %222, -1 br i1 %223, label %248, label %224, !prof !11, !misexpect !12 %249 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 6 %250 = load i32, i32* %249, align 8 %251 = and i32 %250, 1 %252 = icmp eq i32 %251, 0 br i1 %252, label %253, label %497 %254 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 18 %255 = load %struct.nexthop.748932*, %struct.nexthop.748932** %254, align 8 %256 = icmp eq %struct.nexthop.748932* %255, null br i1 %256, label %257, label %261, !prof !11, !misexpect !12 %258 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 15 %259 = load i32, i32* %258, align 8 %260 = icmp eq i32 %259, 0 br i1 %260, label %497, label %392 %393 = phi i32 [ %495, %494 ], [ 0, %257 ] %394 = sext i32 %393 to i64 %395 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0 %396 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 5 %397 = load i8, i8* %396, align 1 %398 = and i8 %397, 1 %399 = icmp eq i8 %398, 0 br i1 %399, label %400, label %494 %401 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %395, i64 0, i32 0 %402 = load %struct.net_device.749113*, %struct.net_device.749113** %401, align 8 %403 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %402, i64 0, i32 67 %404 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %403, align 8 %405 = icmp eq %struct.in_device.749041* %404, null br i1 %405, label %424, label %406 %407 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 0 %408 = load %struct.net_device.749113*, %struct.net_device.749113** %407, align 8 %409 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %408, i64 0, i32 110, i32 0 %410 = load %struct.net.749003*, %struct.net.749003** %409, align 8 %411 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %410, i64 0, i32 34, i32 6 %412 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %411, align 8 %413 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %412, i64 0, i32 1, i64 28 %414 = load i32, i32* %413, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %416, label %420 %417 = getelementptr %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 20, i32 1, i64 28 %418 = load i32, i32* %417, align 4 %419 = icmp eq i32 %418, 0 br i1 %419, label %424, label %420 %421 = and i8 %397, 16 %422 = icmp ne i8 %421, 0 %423 = and i1 %179, %422 br i1 %423, label %494, label %424 %425 = load i8, i8* %180, align 1 %426 = and i8 %425, 4 %427 = icmp eq i8 %426, 0 br i1 %427, label %428, label %435 %429 = load i32, i32* %181, align 8 %430 = icmp eq i32 %429, 0 br i1 %430, label %435, label %431 %432 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 1 %433 = load i32, i32* %432, align 8 %434 = icmp eq i32 %429, %433 br i1 %434, label %435, label %494 %436 = phi i32 [ %389, %388 ], [ %393, %424 ], [ %393, %428 ], [ %393, %431 ] %437 = phi %struct.fib_nh_common.748926* [ %390, %388 ], [ %395, %424 ], [ %395, %428 ], [ %395, %431 ] %438 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %439 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %440 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 3 %441 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 5 %442 = and i32 %3, 1 %443 = icmp eq i32 %442, 0 br i1 %443, label %444, label %455 %445 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 5 %446 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %445, i64 0, i32 0, i32 0 %447 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %446, i32 1, i32* %446) #6, !srcloc !16 %448 = icmp eq i32 %447, 0 br i1 %448, label %449, label %450, !prof !14, !misexpect !12 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %445, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_table_lookup 1 fib4_rule_action 2 fib_rules_lookup 3 __fib_lookup 4 __ip_rt_update_pmtu 5 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %89 = tail call i32 bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 Function:fib4_rule_action %5 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 7 %6 = load i8, i8* %5, align 8 switch i8 %6, label %8 [ i8 1, label %9 i8 7, label %26 i8 8, label %7 ] tail call void @__rcu_read_lock() #83 %10 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = getelementptr inbounds %struct.fib_rule.748839, %struct.fib_rule.748839* %0, i64 0, i32 14 %13 = load %struct.net.749003*, %struct.net.749003** %12, align 8 %14 = tail call %struct.fib_table* @fib_get_table(%struct.net.749003* %13, i32 %11) #83 %15 = icmp eq %struct.fib_table* %14, null br i1 %15, label %24, label %16 %17 = bitcast %struct.flowi* %1 to %struct.flowi4* %18 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 2 %19 = bitcast i8** %18 to %struct.fib_result** %20 = load %struct.fib_result*, %struct.fib_result** %19, align 8 %21 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %3, i64 0, i32 5 %22 = load i32, i32* %21, align 4 %23 = tail call i32 @fib_table_lookup(%struct.fib_table* nonnull %14, %struct.flowi4* %17, %struct.fib_result* %20, i32 %22) #83 Function:fib_table_lookup %5 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %0, i64 0, i32 4 %6 = bitcast i64** %5 to %struct.trie** %7 = load %struct.trie*, %struct.trie** %6, align 8 %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 4 %11 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0, i32 4 %12 = bitcast %union.anon.65.268540* %11 to %struct.key_vector** %13 = load volatile %struct.key_vector*, %struct.key_vector** %12, align 8 %14 = icmp eq %struct.key_vector* %13, null br i1 %14, label %17, label %15 %16 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0 br label %40 %41 = phi i32 [ %63, %59 ], [ 0, %15 ] %42 = phi %struct.key_vector* [ %64, %59 ], [ %16, %15 ] %43 = phi %struct.key_vector* [ %68, %59 ], [ %13, %15 ] %44 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = xor i32 %45, %10 %47 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 1 %48 = load i8, i8* %47, align 4 %49 = zext i8 %48 to i32 %50 = lshr i32 %46, %49 %51 = zext i32 %50 to i64 %52 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 2 %53 = load i8, i8* %52, align 1 %54 = zext i8 %53 to i64 %55 = lshr i64 %51, %54 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %70 %58 = icmp eq i8 %53, 0 br i1 %58, label %163, label %59 %164 = phi i32 [ %72, %88 ], [ %45, %57 ] %165 = phi i32 [ %73, %88 ], [ %41, %57 ] %166 = phi %struct.key_vector* [ %74, %88 ], [ %42, %57 ] %167 = phi %struct.key_vector* [ %75, %88 ], [ %43, %57 ] %168 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 0 %169 = xor i32 %164, %10 %170 = zext i32 %169 to i64 %171 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 4, i32 0 %172 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %171, i64 0, i32 0 %173 = load volatile %struct.hlist_node*, %struct.hlist_node** %172, align 8 %174 = icmp eq %struct.hlist_node* %173, null br i1 %174, label %102, label %175 %176 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %177 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 %178 = and i32 %3, 2 %179 = icmp eq i32 %178, 0 %180 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %181 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 br label %182 %183 = phi %struct.hlist_node* [ %173, %175 ], [ %499, %497 ] %184 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %185 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1 %186 = bitcast %struct.hlist_node* %185 to %struct.fib_info.748927** %187 = load %struct.fib_info.748927*, %struct.fib_info.748927** %186, align 8 %188 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 5 %189 = load i8, i8* %188, align 1 %190 = zext i8 %189 to i64 %191 = lshr i64 %170, %190 %192 = icmp eq i64 %191, 0 br i1 %192, label %193, label %497 %194 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1, i32 1 %195 = bitcast %struct.hlist_node*** %194 to i8* %196 = load i8, i8* %195, align 8 %197 = icmp eq i8 %196, 0 br i1 %197, label %201, label %198 %199 = load i8, i8* %176, align 4 %200 = icmp eq i8 %196, %199 br i1 %200, label %201, label %497 %202 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 7 %203 = load i8, i8* %202, align 4 %204 = icmp eq i8 %203, 0 br i1 %204, label %205, label %497 %206 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %207 = load i8, i8* %206, align 2 %208 = load i8, i8* %177, align 1 %209 = icmp ult i8 %207, %208 br i1 %209, label %497, label %210 %211 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 4 %212 = load i8, i8* %211, align 2 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %215, label %217 %218 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 3 %219 = load i8, i8* %218, align 1 %220 = zext i8 %219 to i64 %221 = getelementptr [12 x %struct.intel_driver_caps], [12 x %struct.intel_driver_caps]* @fib_props, i64 0, i64 %220, i32 0 %222 = load i32, i32* %221, align 8 %223 = icmp sgt i32 %222, -1 br i1 %223, label %248, label %224, !prof !11, !misexpect !12 %249 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 6 %250 = load i32, i32* %249, align 8 %251 = and i32 %250, 1 %252 = icmp eq i32 %251, 0 br i1 %252, label %253, label %497 %254 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 18 %255 = load %struct.nexthop.748932*, %struct.nexthop.748932** %254, align 8 %256 = icmp eq %struct.nexthop.748932* %255, null br i1 %256, label %257, label %261, !prof !11, !misexpect !12 %258 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 15 %259 = load i32, i32* %258, align 8 %260 = icmp eq i32 %259, 0 br i1 %260, label %497, label %392 %393 = phi i32 [ %495, %494 ], [ 0, %257 ] %394 = sext i32 %393 to i64 %395 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0 %396 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 5 %397 = load i8, i8* %396, align 1 %398 = and i8 %397, 1 %399 = icmp eq i8 %398, 0 br i1 %399, label %400, label %494 %401 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %395, i64 0, i32 0 %402 = load %struct.net_device.749113*, %struct.net_device.749113** %401, align 8 %403 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %402, i64 0, i32 67 %404 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %403, align 8 %405 = icmp eq %struct.in_device.749041* %404, null br i1 %405, label %424, label %406 %407 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 0 %408 = load %struct.net_device.749113*, %struct.net_device.749113** %407, align 8 %409 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %408, i64 0, i32 110, i32 0 %410 = load %struct.net.749003*, %struct.net.749003** %409, align 8 %411 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %410, i64 0, i32 34, i32 6 %412 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %411, align 8 %413 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %412, i64 0, i32 1, i64 28 %414 = load i32, i32* %413, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %416, label %420 %417 = getelementptr %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 20, i32 1, i64 28 %418 = load i32, i32* %417, align 4 %419 = icmp eq i32 %418, 0 br i1 %419, label %424, label %420 %421 = and i8 %397, 16 %422 = icmp ne i8 %421, 0 %423 = and i1 %179, %422 br i1 %423, label %494, label %424 %425 = load i8, i8* %180, align 1 %426 = and i8 %425, 4 %427 = icmp eq i8 %426, 0 br i1 %427, label %428, label %435 %429 = load i32, i32* %181, align 8 %430 = icmp eq i32 %429, 0 br i1 %430, label %435, label %431 %432 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 1 %433 = load i32, i32* %432, align 8 %434 = icmp eq i32 %429, %433 br i1 %434, label %435, label %494 %436 = phi i32 [ %389, %388 ], [ %393, %424 ], [ %393, %428 ], [ %393, %431 ] %437 = phi %struct.fib_nh_common.748926* [ %390, %388 ], [ %395, %424 ], [ %395, %428 ], [ %395, %431 ] %438 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %439 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %440 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 3 %441 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 5 %442 = and i32 %3, 1 %443 = icmp eq i32 %442, 0 br i1 %443, label %444, label %455 %445 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 5 %446 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %445, i64 0, i32 0, i32 0 %447 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %446, i32 1, i32* %446) #6, !srcloc !16 %448 = icmp eq i32 %447, 0 br i1 %448, label %449, label %450, !prof !14, !misexpect !12 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %445, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_table_lookup 1 inet_addr_type_dev_table 2 __inet6_bind ------------- Path:  Function:__inet6_bind %5 = getelementptr inbounds %struct.sock.869179, %struct.sock.869179* %0, i64 0, i32 0, i32 4 %6 = load volatile i8, i8* %5, align 2 %7 = zext i8 %6 to i32 %8 = shl nuw i32 1, %7 %9 = and i32 %8, -4161 %10 = icmp eq i32 %9, 0 br i1 %10, label %15, label %11 %16 = phi i8* [ %14, %11 ], [ null, %4 ] %17 = getelementptr inbounds %struct.sock.869179, %struct.sock.869179* %0, i64 0, i32 0, i32 9, i32 0 %18 = load %struct.net.869250*, %struct.net.869250** %17, align 8 %19 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 10 br i1 %21, label %22, label %226 %23 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 6 %24 = bitcast i8* %23 to %struct.in6_addr* %25 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %24) #83 %26 = and i32 %25, 65535 %27 = and i32 %25, 2 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29 %34 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1 %35 = bitcast [14 x i8]* %34 to i16* %36 = load i16, i16* %35, align 2 %38 = and i32 %3, 8 %39 = icmp ne i32 %38, 0 %40 = icmp eq i16 %36, 0 %41 = or i1 %39, %40 br i1 %41, label %51, label %42 %52 = and i32 %3, 2 %53 = icmp eq i32 %52, 0 br i1 %53, label %55, label %54 %56 = load volatile i8, i8* %5, align 2 %57 = icmp eq i8 %56, 7 br i1 %57, label %58, label %221 %59 = getelementptr inbounds %struct.sock.869179, %struct.sock.869179* %0, i64 0, i32 0, i32 2 %60 = bitcast %struct.kuid_t* %59 to %struct.raw_hdlc_proto* %61 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %60, i64 0, i32 1 %62 = load i16, i16* %61, align 2 %63 = icmp eq i16 %62, 0 br i1 %63, label %64, label %221 %65 = trunc i32 %25 to i16 switch i16 %65, label %106 [ i16 4096, label %66 i16 0, label %151 ] %67 = getelementptr inbounds %struct.sock.869179, %struct.sock.869179* %0, i64 0, i32 0, i32 5 %68 = load i8, i8* %67, align 1 %69 = and i8 %68, 32 %70 = icmp eq i8 %69, 0 br i1 %70, label %71, label %221 tail call void @__rcu_read_lock() #83 %72 = getelementptr inbounds %struct.sock.869179, %struct.sock.869179* %0, i64 0, i32 0, i32 6 %73 = load i32, i32* %72, align 4 %74 = icmp eq i32 %73, 0 br i1 %74, label %78, label %75 %76 = tail call %struct.net_device.869133* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.869133* (%struct.net.869250*, i32)*)(%struct.net.869250* %18, i32 %73) #83 %77 = icmp eq %struct.net_device.869133* %76, null br i1 %77, label %224, label %78 %79 = phi %struct.net_device.869133* [ %76, %75 ], [ null, %71 ] %80 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 18 %81 = bitcast i8* %80 to i32* %82 = load i32, i32* %81, align 4 %83 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.net_device.749113*, i32)* @inet_addr_type_dev_table to i32 (%struct.net.869250*, %struct.net_device.869133*, i32)*)(%struct.net.869250* %18, %struct.net_device.869133* %79, i32 %82) #83 Function:inet_addr_type_dev_table %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.fib_result, align 8 %6 = bitcast %struct.flowi4* %4 to i8* %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %2, i32* %7, align 4 %8 = bitcast %struct.fib_result* %5 to i8* switch i32 %2, label %9 [ i32 0, label %67 i32 -1, label %67 ] %10 = and i32 %2, 240 %11 = icmp eq i32 %10, 224 br i1 %11, label %67, label %12 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 17 %14 = load %struct.hlist_head*, %struct.hlist_head** %13, align 16 %15 = getelementptr %struct.hlist_head, %struct.hlist_head* %14, i64 255, i32 0 %16 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %17 = icmp eq %struct.hlist_node* %16, null br i1 %17, label %65, label %18 %19 = phi %struct.hlist_node* [ %26, %24 ], [ %16, %12 ] %20 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %19, i64 1 %21 = bitcast %struct.hlist_node* %20 to i32* %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 255 br i1 %23, label %28, label %24 %29 = bitcast %struct.hlist_node* %19 to %struct.fib_table* %30 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %29, %struct.flowi4* nonnull %4, %struct.fib_result* nonnull %5, i32 1) #83 Function:fib_table_lookup %5 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %0, i64 0, i32 4 %6 = bitcast i64** %5 to %struct.trie** %7 = load %struct.trie*, %struct.trie** %6, align 8 %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 4 %11 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0, i32 4 %12 = bitcast %union.anon.65.268540* %11 to %struct.key_vector** %13 = load volatile %struct.key_vector*, %struct.key_vector** %12, align 8 %14 = icmp eq %struct.key_vector* %13, null br i1 %14, label %17, label %15 %16 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0 br label %40 %41 = phi i32 [ %63, %59 ], [ 0, %15 ] %42 = phi %struct.key_vector* [ %64, %59 ], [ %16, %15 ] %43 = phi %struct.key_vector* [ %68, %59 ], [ %13, %15 ] %44 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = xor i32 %45, %10 %47 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 1 %48 = load i8, i8* %47, align 4 %49 = zext i8 %48 to i32 %50 = lshr i32 %46, %49 %51 = zext i32 %50 to i64 %52 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 2 %53 = load i8, i8* %52, align 1 %54 = zext i8 %53 to i64 %55 = lshr i64 %51, %54 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %70 %58 = icmp eq i8 %53, 0 br i1 %58, label %163, label %59 %164 = phi i32 [ %72, %88 ], [ %45, %57 ] %165 = phi i32 [ %73, %88 ], [ %41, %57 ] %166 = phi %struct.key_vector* [ %74, %88 ], [ %42, %57 ] %167 = phi %struct.key_vector* [ %75, %88 ], [ %43, %57 ] %168 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 0 %169 = xor i32 %164, %10 %170 = zext i32 %169 to i64 %171 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 4, i32 0 %172 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %171, i64 0, i32 0 %173 = load volatile %struct.hlist_node*, %struct.hlist_node** %172, align 8 %174 = icmp eq %struct.hlist_node* %173, null br i1 %174, label %102, label %175 %176 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %177 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 %178 = and i32 %3, 2 %179 = icmp eq i32 %178, 0 %180 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %181 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 br label %182 %183 = phi %struct.hlist_node* [ %173, %175 ], [ %499, %497 ] %184 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %185 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1 %186 = bitcast %struct.hlist_node* %185 to %struct.fib_info.748927** %187 = load %struct.fib_info.748927*, %struct.fib_info.748927** %186, align 8 %188 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 5 %189 = load i8, i8* %188, align 1 %190 = zext i8 %189 to i64 %191 = lshr i64 %170, %190 %192 = icmp eq i64 %191, 0 br i1 %192, label %193, label %497 %194 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1, i32 1 %195 = bitcast %struct.hlist_node*** %194 to i8* %196 = load i8, i8* %195, align 8 %197 = icmp eq i8 %196, 0 br i1 %197, label %201, label %198 %199 = load i8, i8* %176, align 4 %200 = icmp eq i8 %196, %199 br i1 %200, label %201, label %497 %202 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 7 %203 = load i8, i8* %202, align 4 %204 = icmp eq i8 %203, 0 br i1 %204, label %205, label %497 %206 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %207 = load i8, i8* %206, align 2 %208 = load i8, i8* %177, align 1 %209 = icmp ult i8 %207, %208 br i1 %209, label %497, label %210 %211 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 4 %212 = load i8, i8* %211, align 2 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %215, label %217 %218 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 3 %219 = load i8, i8* %218, align 1 %220 = zext i8 %219 to i64 %221 = getelementptr [12 x %struct.intel_driver_caps], [12 x %struct.intel_driver_caps]* @fib_props, i64 0, i64 %220, i32 0 %222 = load i32, i32* %221, align 8 %223 = icmp sgt i32 %222, -1 br i1 %223, label %248, label %224, !prof !11, !misexpect !12 %249 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 6 %250 = load i32, i32* %249, align 8 %251 = and i32 %250, 1 %252 = icmp eq i32 %251, 0 br i1 %252, label %253, label %497 %254 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 18 %255 = load %struct.nexthop.748932*, %struct.nexthop.748932** %254, align 8 %256 = icmp eq %struct.nexthop.748932* %255, null br i1 %256, label %257, label %261, !prof !11, !misexpect !12 %258 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 15 %259 = load i32, i32* %258, align 8 %260 = icmp eq i32 %259, 0 br i1 %260, label %497, label %392 %393 = phi i32 [ %495, %494 ], [ 0, %257 ] %394 = sext i32 %393 to i64 %395 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0 %396 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 5 %397 = load i8, i8* %396, align 1 %398 = and i8 %397, 1 %399 = icmp eq i8 %398, 0 br i1 %399, label %400, label %494 %401 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %395, i64 0, i32 0 %402 = load %struct.net_device.749113*, %struct.net_device.749113** %401, align 8 %403 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %402, i64 0, i32 67 %404 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %403, align 8 %405 = icmp eq %struct.in_device.749041* %404, null br i1 %405, label %424, label %406 %407 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 0 %408 = load %struct.net_device.749113*, %struct.net_device.749113** %407, align 8 %409 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %408, i64 0, i32 110, i32 0 %410 = load %struct.net.749003*, %struct.net.749003** %409, align 8 %411 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %410, i64 0, i32 34, i32 6 %412 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %411, align 8 %413 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %412, i64 0, i32 1, i64 28 %414 = load i32, i32* %413, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %416, label %420 %417 = getelementptr %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 20, i32 1, i64 28 %418 = load i32, i32* %417, align 4 %419 = icmp eq i32 %418, 0 br i1 %419, label %424, label %420 %421 = and i8 %397, 16 %422 = icmp ne i8 %421, 0 %423 = and i1 %179, %422 br i1 %423, label %494, label %424 %425 = load i8, i8* %180, align 1 %426 = and i8 %425, 4 %427 = icmp eq i8 %426, 0 br i1 %427, label %428, label %435 %429 = load i32, i32* %181, align 8 %430 = icmp eq i32 %429, 0 br i1 %430, label %435, label %431 %432 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 1 %433 = load i32, i32* %432, align 8 %434 = icmp eq i32 %429, %433 br i1 %434, label %435, label %494 %436 = phi i32 [ %389, %388 ], [ %393, %424 ], [ %393, %428 ], [ %393, %431 ] %437 = phi %struct.fib_nh_common.748926* [ %390, %388 ], [ %395, %424 ], [ %395, %428 ], [ %395, %431 ] %438 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %439 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %440 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 3 %441 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 5 %442 = and i32 %3, 1 %443 = icmp eq i32 %442, 0 br i1 %443, label %444, label %455 %445 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 5 %446 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %445, i64 0, i32 0, i32 0 %447 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %446, i32 1, i32* %446) #6, !srcloc !16 %448 = icmp eq i32 %447, 0 br i1 %448, label %449, label %450, !prof !14, !misexpect !12 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %445, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_table_lookup 1 inet_addr_type 2 ping_bind ------------- Path:  Function:ping_bind %4 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %5 = load i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %7 = load %struct.net*, %struct.net** %6, align 8 %8 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 3 %9 = load i16, i16* %8, align 8 switch i16 %9, label %200 [ i16 2, label %10 i16 10, label %44 ] %11 = icmp ult i32 %2, 16 br i1 %11, label %200, label %12 %13 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %14 = load i16, i16* %13, align 4 switch i16 %14, label %200 [ i16 2, label %20 i16 0, label %15 ] %21 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 2 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %26 = tail call i32 bitcast (i32 (%struct.net.749003*, i32)* @inet_addr_type to i32 (%struct.net*, i32)*)(%struct.net* %7, i32 %23) #83 Function:inet_addr_type %3 = alloca %struct.flowi4, align 8 %4 = alloca %struct.fib_result, align 8 %5 = bitcast %struct.flowi4* %3 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %1, i32* %6, align 4 %7 = bitcast %struct.fib_result* %4 to i8* switch i32 %1, label %8 [ i32 0, label %66 i32 -1, label %66 ] %9 = and i32 %1, 240 %10 = icmp eq i32 %9, 224 br i1 %10, label %66, label %11 tail call void @__rcu_read_lock() #83 %12 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 17 %13 = load %struct.hlist_head*, %struct.hlist_head** %12, align 16 %14 = getelementptr %struct.hlist_head, %struct.hlist_head* %13, i64 255, i32 0 %15 = load volatile %struct.hlist_node*, %struct.hlist_node** %14, align 8 %16 = icmp eq %struct.hlist_node* %15, null br i1 %16, label %64, label %17 %18 = phi %struct.hlist_node* [ %25, %23 ], [ %15, %11 ] %19 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %18, i64 1 %20 = bitcast %struct.hlist_node* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 255 br i1 %22, label %27, label %23 %28 = bitcast %struct.hlist_node* %18 to %struct.fib_table* %29 = call i32 @fib_table_lookup(%struct.fib_table* nonnull %28, %struct.flowi4* nonnull %3, %struct.fib_result* nonnull %4, i32 1) #83 Function:fib_table_lookup %5 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %0, i64 0, i32 4 %6 = bitcast i64** %5 to %struct.trie** %7 = load %struct.trie*, %struct.trie** %6, align 8 %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 4 %11 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0, i32 4 %12 = bitcast %union.anon.65.268540* %11 to %struct.key_vector** %13 = load volatile %struct.key_vector*, %struct.key_vector** %12, align 8 %14 = icmp eq %struct.key_vector* %13, null br i1 %14, label %17, label %15 %16 = getelementptr inbounds %struct.trie, %struct.trie* %7, i64 0, i32 0, i64 0 br label %40 %41 = phi i32 [ %63, %59 ], [ 0, %15 ] %42 = phi %struct.key_vector* [ %64, %59 ], [ %16, %15 ] %43 = phi %struct.key_vector* [ %68, %59 ], [ %13, %15 ] %44 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = xor i32 %45, %10 %47 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 1 %48 = load i8, i8* %47, align 4 %49 = zext i8 %48 to i32 %50 = lshr i32 %46, %49 %51 = zext i32 %50 to i64 %52 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %43, i64 0, i32 2 %53 = load i8, i8* %52, align 1 %54 = zext i8 %53 to i64 %55 = lshr i64 %51, %54 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %70 %58 = icmp eq i8 %53, 0 br i1 %58, label %163, label %59 %164 = phi i32 [ %72, %88 ], [ %45, %57 ] %165 = phi i32 [ %73, %88 ], [ %41, %57 ] %166 = phi %struct.key_vector* [ %74, %88 ], [ %42, %57 ] %167 = phi %struct.key_vector* [ %75, %88 ], [ %43, %57 ] %168 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 0 %169 = xor i32 %164, %10 %170 = zext i32 %169 to i64 %171 = getelementptr inbounds %struct.key_vector, %struct.key_vector* %167, i64 0, i32 4, i32 0 %172 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %171, i64 0, i32 0 %173 = load volatile %struct.hlist_node*, %struct.hlist_node** %172, align 8 %174 = icmp eq %struct.hlist_node* %173, null br i1 %174, label %102, label %175 %176 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %177 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 %178 = and i32 %3, 2 %179 = icmp eq i32 %178, 0 %180 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %181 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 br label %182 %183 = phi %struct.hlist_node* [ %173, %175 ], [ %499, %497 ] %184 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %185 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1 %186 = bitcast %struct.hlist_node* %185 to %struct.fib_info.748927** %187 = load %struct.fib_info.748927*, %struct.fib_info.748927** %186, align 8 %188 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 5 %189 = load i8, i8* %188, align 1 %190 = zext i8 %189 to i64 %191 = lshr i64 %170, %190 %192 = icmp eq i64 %191, 0 br i1 %192, label %193, label %497 %194 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %183, i64 1, i32 1 %195 = bitcast %struct.hlist_node*** %194 to i8* %196 = load i8, i8* %195, align 8 %197 = icmp eq i8 %196, 0 br i1 %197, label %201, label %198 %199 = load i8, i8* %176, align 4 %200 = icmp eq i8 %196, %199 br i1 %200, label %201, label %497 %202 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 7 %203 = load i8, i8* %202, align 4 %204 = icmp eq i8 %203, 0 br i1 %204, label %205, label %497 %206 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %207 = load i8, i8* %206, align 2 %208 = load i8, i8* %177, align 1 %209 = icmp ult i8 %207, %208 br i1 %209, label %497, label %210 %211 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 4 %212 = load i8, i8* %211, align 2 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %215, label %217 %218 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %184, i64 0, i32 3 %219 = load i8, i8* %218, align 1 %220 = zext i8 %219 to i64 %221 = getelementptr [12 x %struct.intel_driver_caps], [12 x %struct.intel_driver_caps]* @fib_props, i64 0, i64 %220, i32 0 %222 = load i32, i32* %221, align 8 %223 = icmp sgt i32 %222, -1 br i1 %223, label %248, label %224, !prof !11, !misexpect !12 %249 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 6 %250 = load i32, i32* %249, align 8 %251 = and i32 %250, 1 %252 = icmp eq i32 %251, 0 br i1 %252, label %253, label %497 %254 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 18 %255 = load %struct.nexthop.748932*, %struct.nexthop.748932** %254, align 8 %256 = icmp eq %struct.nexthop.748932* %255, null br i1 %256, label %257, label %261, !prof !11, !misexpect !12 %258 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 15 %259 = load i32, i32* %258, align 8 %260 = icmp eq i32 %259, 0 br i1 %260, label %497, label %392 %393 = phi i32 [ %495, %494 ], [ 0, %257 ] %394 = sext i32 %393 to i64 %395 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0 %396 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 5 %397 = load i8, i8* %396, align 1 %398 = and i8 %397, 1 %399 = icmp eq i8 %398, 0 br i1 %399, label %400, label %494 %401 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %395, i64 0, i32 0 %402 = load %struct.net_device.749113*, %struct.net_device.749113** %401, align 8 %403 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %402, i64 0, i32 67 %404 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %403, align 8 %405 = icmp eq %struct.in_device.749041* %404, null br i1 %405, label %424, label %406 %407 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 0 %408 = load %struct.net_device.749113*, %struct.net_device.749113** %407, align 8 %409 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %408, i64 0, i32 110, i32 0 %410 = load %struct.net.749003*, %struct.net.749003** %409, align 8 %411 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %410, i64 0, i32 34, i32 6 %412 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %411, align 8 %413 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %412, i64 0, i32 1, i64 28 %414 = load i32, i32* %413, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %416, label %420 %417 = getelementptr %struct.in_device.749041, %struct.in_device.749041* %404, i64 0, i32 20, i32 1, i64 28 %418 = load i32, i32* %417, align 4 %419 = icmp eq i32 %418, 0 br i1 %419, label %424, label %420 %421 = and i8 %397, 16 %422 = icmp ne i8 %421, 0 %423 = and i1 %179, %422 br i1 %423, label %494, label %424 %425 = load i8, i8* %180, align 1 %426 = and i8 %425, 4 %427 = icmp eq i8 %426, 0 br i1 %427, label %428, label %435 %429 = load i32, i32* %181, align 8 %430 = icmp eq i32 %429, 0 br i1 %430, label %435, label %431 %432 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 20, i64 %394, i32 0, i32 1 %433 = load i32, i32* %432, align 8 %434 = icmp eq i32 %429, %433 br i1 %434, label %435, label %494 %436 = phi i32 [ %389, %388 ], [ %393, %424 ], [ %393, %428 ], [ %393, %431 ] %437 = phi %struct.fib_nh_common.748926* [ %390, %388 ], [ %395, %424 ], [ %395, %428 ], [ %395, %431 ] %438 = bitcast %struct.hlist_node* %183 to %struct.fib_alias.838365* %439 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 9 %440 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 3 %441 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %438, i64 0, i32 5 %442 = and i32 %3, 1 %443 = icmp eq i32 %442, 0 br i1 %443, label %444, label %455 %445 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %187, i64 0, i32 5 %446 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %445, i64 0, i32 0, i32 0 %447 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %446, i32 1, i32* %446) #6, !srcloc !16 %448 = icmp eq i32 %447, 0 br i1 %448, label %449, label %450, !prof !14, !misexpect !12 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %445, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_detect_death 1 fib_select_path 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.748927** %5 to i8* store %struct.fib_info.748927* null, %struct.fib_info.748927** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.748927* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.838365* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.838365* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.748927** %82 = load %struct.fib_info.748927*, %struct.fib_info.748927** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 18 %123 = load %struct.nexthop.748932*, %struct.nexthop.748932** %122, align 8 %124 = icmp eq %struct.nexthop.748932* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.748926* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.748927* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %74, i32 %75, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %175) #83 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.838365* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.838365* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.748927* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.838365* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.748927* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.748927* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %228, i32 %227, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %240) #83 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %0, i64 0, i32 18 %7 = load %struct.nexthop.748932*, %struct.nexthop.748932** %6, align 8 %8 = icmp eq %struct.nexthop.748932* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 12 %15 = bitcast %union.anon.113.748931* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.748926* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.902452** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.748907*, %struct.neigh_table.748907** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 0 %52 = load %struct.net_device.749113*, %struct.net_device.749113** %51, align 8 %53 = tail call %struct.neighbour.748910* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.748910* (%struct.neigh_table.748907*, i8*, %struct.net_device.749113*)*)(%struct.neigh_table.748907* %48, i8* %50, %struct.net_device.749113* %52) #83 br label %54 %55 = phi %struct.neighbour.748910* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.748910* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 12 %59 = load i8, i8* %58, align 4 %60 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 %65 = add i32 %62, -1 %66 = or i32 %65, %62 %67 = icmp sgt i32 %66, -1 br i1 %67, label %70, label %68, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %60, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_detect_death 1 fib_select_path 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ipip6_tunnel_bind_dev 5 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.748927** %5 to i8* store %struct.fib_info.748927* null, %struct.fib_info.748927** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.748927* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.838365* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.838365* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.748927** %82 = load %struct.fib_info.748927*, %struct.fib_info.748927** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 18 %123 = load %struct.nexthop.748932*, %struct.nexthop.748932** %122, align 8 %124 = icmp eq %struct.nexthop.748932* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.748926* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.748927* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %74, i32 %75, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %175) #83 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.838365* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.838365* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.748927* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.838365* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.748927* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.748927* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %228, i32 %227, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %240) #83 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %0, i64 0, i32 18 %7 = load %struct.nexthop.748932*, %struct.nexthop.748932** %6, align 8 %8 = icmp eq %struct.nexthop.748932* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 12 %15 = bitcast %union.anon.113.748931* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.748926* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.902452** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.748907*, %struct.neigh_table.748907** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 0 %52 = load %struct.net_device.749113*, %struct.net_device.749113** %51, align 8 %53 = tail call %struct.neighbour.748910* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.748910* (%struct.neigh_table.748907*, i8*, %struct.net_device.749113*)*)(%struct.neigh_table.748907* %48, i8* %50, %struct.net_device.749113* %52) #83 br label %54 %55 = phi %struct.neighbour.748910* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.748910* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 12 %59 = load i8, i8* %58, align 4 %60 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 %65 = add i32 %62, -1 %66 = or i32 %65, %62 %67 = icmp sgt i32 %66, -1 br i1 %67, label %70, label %68, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %60, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_detect_death 1 fib_select_path 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.748927** %5 to i8* store %struct.fib_info.748927* null, %struct.fib_info.748927** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.748927* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.838365* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.838365* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.748927** %82 = load %struct.fib_info.748927*, %struct.fib_info.748927** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 18 %123 = load %struct.nexthop.748932*, %struct.nexthop.748932** %122, align 8 %124 = icmp eq %struct.nexthop.748932* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.748926* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.748927* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %74, i32 %75, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %175) #83 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.838365* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.838365* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.748927* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.838365* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.748927* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.748927* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %228, i32 %227, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %240) #83 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %0, i64 0, i32 18 %7 = load %struct.nexthop.748932*, %struct.nexthop.748932** %6, align 8 %8 = icmp eq %struct.nexthop.748932* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 12 %15 = bitcast %union.anon.113.748931* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.748926* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.902452** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.748907*, %struct.neigh_table.748907** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 0 %52 = load %struct.net_device.749113*, %struct.net_device.749113** %51, align 8 %53 = tail call %struct.neighbour.748910* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.748910* (%struct.neigh_table.748907*, i8*, %struct.net_device.749113*)*)(%struct.neigh_table.748907* %48, i8* %50, %struct.net_device.749113* %52) #83 br label %54 %55 = phi %struct.neighbour.748910* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.748910* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 12 %59 = load i8, i8* %58, align 4 %60 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 %65 = add i32 %62, -1 %66 = or i32 %65, %62 %67 = icmp sgt i32 %66, -1 br i1 %67, label %70, label %68, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %60, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_detect_death 1 fib_select_path 2 __ip_rt_update_pmtu 3 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.748927** %5 to i8* store %struct.fib_info.748927* null, %struct.fib_info.748927** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.748927* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.838365* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.838365* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.748927** %82 = load %struct.fib_info.748927*, %struct.fib_info.748927** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 18 %123 = load %struct.nexthop.748932*, %struct.nexthop.748932** %122, align 8 %124 = icmp eq %struct.nexthop.748932* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.748926* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.748927* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %74, i32 %75, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %175) #83 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.838365* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.838365* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.748927* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.838365* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.748927* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.748927* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %228, i32 %227, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %240) #83 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %0, i64 0, i32 18 %7 = load %struct.nexthop.748932*, %struct.nexthop.748932** %6, align 8 %8 = icmp eq %struct.nexthop.748932* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 12 %15 = bitcast %union.anon.113.748931* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.748926* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.902452** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.748907*, %struct.neigh_table.748907** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 0 %52 = load %struct.net_device.749113*, %struct.net_device.749113** %51, align 8 %53 = tail call %struct.neighbour.748910* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.748910* (%struct.neigh_table.748907*, i8*, %struct.net_device.749113*)*)(%struct.neigh_table.748907* %48, i8* %50, %struct.net_device.749113* %52) #83 br label %54 %55 = phi %struct.neighbour.748910* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.748910* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 12 %59 = load i8, i8* %58, align 4 %60 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 %65 = add i32 %62, -1 %66 = or i32 %65, %62 %67 = icmp sgt i32 %66, -1 br i1 %67, label %70, label %68, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %60, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_dst_destroy ------------- Path:  Function:ipv4_dst_destroy %2 = getelementptr inbounds %struct.dst_entry.813038, %struct.dst_entry.813038* %0, i64 0, i32 2 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.dst_metrics* %6 = icmp eq %struct.dst_metrics* %5, @dst_default_metrics br i1 %6, label %19, label %7 %8 = getelementptr inbounds %struct.dst_metrics, %struct.dst_metrics* %5, i64 0, i32 1 %9 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 0, i32 0, i32 0 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32 -1, i32* %9) #6, !srcloc !4 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12 %13 = add i32 %10, -1 %14 = or i32 %13, %10 %15 = icmp sgt i32 %14, -1 br i1 %15, label %19, label %16, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %8, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 netlink_sendmsg ------------- Path:  Function:netlink_sendmsg %4 = alloca %struct.scm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.sock* %6 to %struct.netlink_sock* %8 = bitcast %struct.msghdr* %1 to %struct.sctphdr** %9 = load %struct.sctphdr*, %struct.sctphdr** %8, align 8 %10 = bitcast %struct.scm_cookie* %4 to i8* %11 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %194 %16 = icmp eq i64 %2, 0 br i1 %16, label %17, label %21 %22 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 1, i32 0 store i32 -1, i32* %22, align 4 %23 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 2, i32 0 store i32 -1, i32* %23, align 8 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 104 %27 = load %struct.signal_struct*, %struct.signal_struct** %26, align 8 %28 = getelementptr %struct.signal_struct, %struct.signal_struct* %27, i64 0, i32 22, i64 1 %29 = load %struct.pid*, %struct.pid** %28, align 8 %30 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 94 %31 = load %struct.cred*, %struct.cred** %30, align 8 %32 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 1, i32 0 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 2, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq %struct.pid* %29, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0 %39 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0, i32 0, i32 0 %40 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 1, i32* %39) #6, !srcloc !7 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43, !prof !8, !misexpect !5 %44 = add i32 %40, 1 %45 = or i32 %44, %40 %46 = icmp sgt i32 %45, -1 br i1 %46, label %48, label %47, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %38, i32 1) #84 ------------- Use: =BAD PATH= Call Stack: 0 netlink_sendmsg ------------- Path:  Function:netlink_sendmsg %4 = alloca %struct.scm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.sock* %6 to %struct.netlink_sock* %8 = bitcast %struct.msghdr* %1 to %struct.sctphdr** %9 = load %struct.sctphdr*, %struct.sctphdr** %8, align 8 %10 = bitcast %struct.scm_cookie* %4 to i8* %11 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %194 %16 = icmp eq i64 %2, 0 br i1 %16, label %17, label %21 %22 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 1, i32 0 store i32 -1, i32* %22, align 4 %23 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 2, i32 0 store i32 -1, i32* %23, align 8 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 104 %27 = load %struct.signal_struct*, %struct.signal_struct** %26, align 8 %28 = getelementptr %struct.signal_struct, %struct.signal_struct* %27, i64 0, i32 22, i64 1 %29 = load %struct.pid*, %struct.pid** %28, align 8 %30 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 94 %31 = load %struct.cred*, %struct.cred** %30, align 8 %32 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 1, i32 0 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 2, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq %struct.pid* %29, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0 %39 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0, i32 0, i32 0 %40 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 1, i32* %39) #6, !srcloc !7 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43, !prof !8, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %38, i32 2) #84 ------------- Use: =BAD PATH= Call Stack: 0 fib_rules_lookup 1 __fib_lookup 2 fib_compute_spec_dst 3 __ip_options_compile 4 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %26) #83 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.813309*, i32)*)(%struct.sk_buff.813309* %0, i32 %63) #83 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void @__rcu_read_lock() #83 %78 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.813395*, %struct.net_device.813395** %78, align 8 %80 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %79, i64 0, i32 110, i32 0 %81 = load %struct.net.813150*, %struct.net.813150** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.813150* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.813309* %0, i32* null) #83 Function:__ip_options_compile %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* %7 = icmp eq %struct.sk_buff.813309* %2, null br i1 %7, label %20, label %8 %21 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 10, i64 0 br label %22 %23 = phi i8* [ %21, %20 ], [ %19, %8 ] %24 = phi %struct.rtable.813060* [ null, %20 ], [ %12, %8 ] store i8* %23, i8** %5, align 8 %25 = getelementptr i8, i8* %23, i64 -20 %26 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 2 %27 = load i8, i8* %26, align 4 %28 = icmp eq i8 %27, 0 br i1 %28, label %386, label %29 %30 = zext i8 %27 to i32 %31 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 11 %32 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 8 %33 = bitcast i8** %5 to i64* %34 = ptrtoint i8* %25 to i64 %35 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 7 %36 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 5 %37 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 6 %38 = icmp eq %struct.rtable.813060* %24, null %39 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 4 %40 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 3 %41 = getelementptr %struct.ip_options, %struct.ip_options* %1, i64 0, i32 0 br label %42 %43 = phi i8* [ %23, %29 ], [ %356, %351 ] %44 = phi i32 [ %30, %29 ], [ %353, %351 ] %45 = phi i32 [ 0, %29 ], [ %352, %351 ] br label %46 %47 = phi i8* [ %43, %42 ], [ %88, %86 ] %48 = phi i32 [ %44, %42 ], [ %87, %86 ] %49 = load i8, i8* %47, align 1 switch i8 %49, label %90 [ i8 0, label %50 i8 1, label %86 ] %91 = ptrtoint i8* %47 to i64 %92 = icmp slt i32 %48, 2 br i1 %92, label %376, label %93, !prof !4, !misexpect !5 %94 = getelementptr i8, i8* %47, i64 1 %95 = load i8, i8* %94, align 1 %96 = zext i8 %95 to i32 %97 = icmp ult i8 %95, 2 %98 = icmp slt i32 %48, %96 %99 = or i1 %97, %98 br i1 %99, label %376, label %100 switch i8 %49, label %345 [ i8 -119, label %101 i8 -125, label %101 i8 7, label %141 i8 68, label %191 i8 -108, label %314 i8 -122, label %328 ] %192 = load i8, i8* %36, align 1 %193 = icmp eq i8 %192, 0 br i1 %193, label %194, label %376 %195 = icmp ult i8 %95, 4 br i1 %195, label %366, label %196 %197 = getelementptr i8, i8* %47, i64 2 %198 = load i8, i8* %197, align 1 %199 = zext i8 %198 to i32 %200 = icmp ult i8 %198, 5 br i1 %200, label %376, label %201 %202 = icmp ugt i8 %198, %95 br i1 %202, label %292, label %203 %204 = add nuw nsw i32 %199, 3 %205 = icmp ugt i32 %204, %96 br i1 %205, label %376, label %206 %207 = getelementptr i8, i8* %47, i64 3 %208 = load i8, i8* %207, align 1 %209 = and i8 %208, 15 %210 = zext i8 %209 to i32 switch i32 %210, label %266 [ i32 0, label %211 i32 1, label %219 i32 3, label %244 ] %220 = add nuw nsw i32 %199, 7 %221 = icmp ugt i32 %220, %96 br i1 %221, label %376, label %222 br i1 %38, label %273, label %223 %224 = icmp eq i32 %45, 0 br i1 %224, label %225, label %230 %226 = call i32 bitcast (i32 (%struct.sk_buff.749126*)* @fib_compute_spec_dst to i32 (%struct.sk_buff.813309*)*)(%struct.sk_buff.813309* %2) #83 Function:fib_compute_spec_dst %2 = alloca %struct.fib_result, align 8 %3 = alloca %struct.flowi4, align 8 %4 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %5 = load %struct.net_device.749113*, %struct.net_device.749113** %4, align 8 %6 = bitcast %struct.fib_result* %2 to i8* %7 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 4, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -2 %10 = inttoptr i64 %9 to %struct.rtable.748923* %11 = getelementptr inbounds %struct.rtable.748923, %struct.rtable.748923* %10, i64 0, i32 2 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, -1342177280 %14 = icmp eq i32 %13, -2147483648 br i1 %14, label %15, label %25 %26 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %5, i64 0, i32 67 %27 = load volatile %struct.in_device.749041*, %struct.in_device.749041** %26, align 8 %28 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %5, i64 0, i32 110, i32 0 %29 = load %struct.net.749003*, %struct.net.749003** %28, align 8 %30 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 40 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sk_buff.749126, %struct.sk_buff.749126* %0, i64 0, i32 35 %33 = load i16, i16* %32, align 4 %34 = zext i16 %33 to i64 %35 = getelementptr i8, i8* %31, i64 %34 %36 = getelementptr inbounds i8, i8* %35, i64 12 %37 = bitcast i8* %36 to i32* %38 = load i32, i32* %37, align 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %115, label %40 %41 = icmp eq %struct.in_device.749041* %27, null br i1 %41, label %56, label %42 %43 = getelementptr inbounds %struct.in_device.749041, %struct.in_device.749041* %27, i64 0, i32 0 %44 = load %struct.net_device.749113*, %struct.net_device.749113** %43, align 8 %45 = getelementptr inbounds %struct.net_device.749113, %struct.net_device.749113* %44, i64 0, i32 110, i32 0 %46 = load %struct.net.749003*, %struct.net.749003** %45, align 8 %47 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %46, i64 0, i32 34, i32 6 %48 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %47, align 8 %49 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %48, i64 0, i32 1, i64 23 %50 = load i32, i32* %49, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %56 %57 = phi i1 [ false, %40 ], [ true, %42 ], [ %55, %52 ] %58 = bitcast %struct.flowi4* %3 to i8* %59 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 0, i32* %59, align 8 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %60, align 4 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 br i1 %57, label %62, label %65 %66 = phi i32 [ %64, %62 ], [ 0, %56 ] store i32 %66, i32* %61, align 8 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 %68 = getelementptr inbounds i8, i8* %35, i64 1 %69 = load i8, i8* %68, align 1 %70 = and i8 %69, 28 store i8 %70, i8* %67, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 0, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 %74 = load i32, i32* %37, align 4 store i32 %74, i32* %73, align 4 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3, i32 0 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %29, i64 0, i32 34, i32 14 %77 = load i8, i8* %76, align 4, !range !4 %78 = icmp eq i8 %77, 0 br i1 %78, label %81, label %79 %80 = call i32 @__fib_lookup(%struct.net.749003* %29, %struct.flowi4* nonnull %3, %struct.fib_result* nonnull %2, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %91 = tail call i32 %86(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 br label %92 %93 = phi i32 [ %89, %88 ], [ %91, %90 ] switch i32 %93, label %103 [ i32 0, label %94 i32 -11, label %133 ] %95 = load i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*, i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)** %17, align 8 %96 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, null br i1 %96, label %103, label %97 %98 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %98, label %99, label %101, !prof !4, !misexpect !5 %100 = tail call zeroext i1 bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 br i1 %100, label %133, label %103 %104 = getelementptr inbounds %struct.fib_lookup_arg.744528, %struct.fib_lookup_arg.744528* %3, i64 0, i32 5 %105 = load i32, i32* %104, align 4 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %108, label %131 %109 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 15 %110 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %109, i64 0, i32 0, i32 0 %111 = load volatile i32, i32* %110, align 4 %112 = icmp eq i32 %111, 0 br i1 %112, label %123, label %113 %114 = phi i32 [ %121, %120 ], [ %111, %108 ] %115 = add i32 %114, 1 %116 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %110, i32 %115, i32* %110, i32 %114) #6, !srcloc !6 %117 = extractvalue { i8, i32 } %116, 0 %118 = and i8 %117, 1 %119 = icmp eq i8 %118, 0 br i1 %119, label %120, label %123, !prof !7, !misexpect !8 %121 = extractvalue { i8, i32 } %116, 1 %122 = icmp eq i32 %121, 0 br i1 %122, label %123, label %113 %124 = phi i32 [ 0, %108 ], [ 0, %120 ], [ %114, %113 ] %125 = add i32 %124, 1 %126 = or i32 %125, %124 %127 = icmp sgt i32 %126, -1 br i1 %127, label %129, label %128, !prof !4, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %109, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_rules_lookup 1 __fib_lookup 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %91 = tail call i32 %86(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 br label %92 %93 = phi i32 [ %89, %88 ], [ %91, %90 ] switch i32 %93, label %103 [ i32 0, label %94 i32 -11, label %133 ] %95 = load i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*, i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)** %17, align 8 %96 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, null br i1 %96, label %103, label %97 %98 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %98, label %99, label %101, !prof !4, !misexpect !5 %100 = tail call zeroext i1 bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 br i1 %100, label %133, label %103 %104 = getelementptr inbounds %struct.fib_lookup_arg.744528, %struct.fib_lookup_arg.744528* %3, i64 0, i32 5 %105 = load i32, i32* %104, align 4 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %108, label %131 %109 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 15 %110 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %109, i64 0, i32 0, i32 0 %111 = load volatile i32, i32* %110, align 4 %112 = icmp eq i32 %111, 0 br i1 %112, label %123, label %113 %114 = phi i32 [ %121, %120 ], [ %111, %108 ] %115 = add i32 %114, 1 %116 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %110, i32 %115, i32* %110, i32 %114) #6, !srcloc !6 %117 = extractvalue { i8, i32 } %116, 0 %118 = and i8 %117, 1 %119 = icmp eq i8 %118, 0 br i1 %119, label %120, label %123, !prof !7, !misexpect !8 %121 = extractvalue { i8, i32 } %116, 1 %122 = icmp eq i32 %121, 0 br i1 %122, label %123, label %113 %124 = phi i32 [ 0, %108 ], [ 0, %120 ], [ %114, %113 ] %125 = add i32 %124, 1 %126 = or i32 %125, %124 %127 = icmp sgt i32 %126, -1 br i1 %127, label %129, label %128, !prof !4, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %109, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_rules_lookup 1 __fib_lookup 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ipip6_tunnel_bind_dev 5 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %91 = tail call i32 %86(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 br label %92 %93 = phi i32 [ %89, %88 ], [ %91, %90 ] switch i32 %93, label %103 [ i32 0, label %94 i32 -11, label %133 ] %95 = load i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*, i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)** %17, align 8 %96 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, null br i1 %96, label %103, label %97 %98 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %98, label %99, label %101, !prof !4, !misexpect !5 %100 = tail call zeroext i1 bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 br i1 %100, label %133, label %103 %104 = getelementptr inbounds %struct.fib_lookup_arg.744528, %struct.fib_lookup_arg.744528* %3, i64 0, i32 5 %105 = load i32, i32* %104, align 4 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %108, label %131 %109 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 15 %110 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %109, i64 0, i32 0, i32 0 %111 = load volatile i32, i32* %110, align 4 %112 = icmp eq i32 %111, 0 br i1 %112, label %123, label %113 %114 = phi i32 [ %121, %120 ], [ %111, %108 ] %115 = add i32 %114, 1 %116 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %110, i32 %115, i32* %110, i32 %114) #6, !srcloc !6 %117 = extractvalue { i8, i32 } %116, 0 %118 = and i8 %117, 1 %119 = icmp eq i8 %118, 0 br i1 %119, label %120, label %123, !prof !7, !misexpect !8 %121 = extractvalue { i8, i32 } %116, 1 %122 = icmp eq i32 %121, 0 br i1 %122, label %123, label %113 %124 = phi i32 [ 0, %108 ], [ 0, %120 ], [ %114, %113 ] %125 = add i32 %124, 1 %126 = or i32 %125, %124 %127 = icmp sgt i32 %126, -1 br i1 %127, label %129, label %128, !prof !4, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %109, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_rules_lookup 1 __fib_lookup 2 __ip_rt_update_pmtu 3 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 Function:__fib_lookup %5 = alloca %struct.fib_lookup_arg.748846, align 8 %6 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* %7 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.fib_result** %9 = bitcast %struct.fib_lookup_arg.748846* %5 to i8* store %struct.fib_result* %2, %struct.fib_result** %8, align 8 %10 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 3 store %struct.fib_rule.748839* null, %struct.fib_rule.748839** %10, align 8 %11 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 4 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.fib_lookup_arg.748846, %struct.fib_lookup_arg.748846* %5, i64 0, i32 5 store i32 %3, i32* %12, align 4 %13 = getelementptr inbounds %struct.net.749003, %struct.net.749003* %0, i64 0, i32 34, i32 10 %14 = load %struct.fib_rules_ops.748851*, %struct.fib_rules_ops.748851** %13, align 16 %15 = bitcast %struct.flowi4* %1 to %struct.flowi* %16 = call i32 bitcast (i32 (%struct.fib_rules_ops.744530*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* @fib_rules_lookup to i32 (%struct.fib_rules_ops.748851*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)*)(%struct.fib_rules_ops.748851* %14, %struct.flowi* %15, i32 0, %struct.fib_lookup_arg.748846* nonnull %5) #83 Function:fib_rules_lookup tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 18 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 %7 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %8 = icmp eq %struct.list_head* %7, %5 br i1 %8, label %137, label %9 %10 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 0 %12 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 2 %13 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 9, i32 0 %14 = getelementptr inbounds %struct.flowi, %struct.flowi* %1, i64 0, i32 0, i32 0, i32 0, i32 8, i32 0 %15 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 9 %16 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 7 %17 = getelementptr inbounds %struct.fib_rules_ops.744530, %struct.fib_rules_ops.744530* %0, i64 0, i32 8 br label %18 %19 = phi %struct.list_head* [ %7, %9 ], [ %135, %133 ] %20 = bitcast %struct.list_head* %19 to %struct.fib_rule.744527* br label %21 %22 = phi %struct.fib_rule.744527* [ %83, %81 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %29, label %26 %27 = load i32, i32* %10, align 4 %28 = icmp eq i32 %24, %27 br i1 %28, label %29, label %68 %69 = phi i32 [ 0, %26 ], [ 0, %33 ], [ 0, %36 ], [ 0, %49 ], [ 0, %52 ], [ 0, %57 ], [ %65, %64 ], [ %67, %66 ] %70 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 5 %71 = load i32, i32* %70, align 8 %72 = and i32 %71, 2 %73 = icmp eq i32 %72, 0 %74 = icmp eq i32 %69, 0 %75 = zext i1 %74 to i32 %76 = select i1 %73, i32 %69, i32 %75 %77 = icmp eq i32 %76, 0 br i1 %77, label %133, label %78 %79 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 7 %80 = load i8, i8* %79, align 8 switch i8 %80, label %85 [ i8 2, label %81 i8 3, label %133 ] %86 = load i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*, i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)** %16, align 8 %87 = icmp eq i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)* %86, bitcast (i32 (%struct.fib_rule.748839*, %struct.flowi*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_action to i32 (%struct.fib_rule.744527*, %struct.flowi*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %87, label %88, label %90, !prof !4, !misexpect !5 %91 = tail call i32 %86(%struct.fib_rule.744527* %22, %struct.flowi* %1, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 br label %92 %93 = phi i32 [ %89, %88 ], [ %91, %90 ] switch i32 %93, label %103 [ i32 0, label %94 i32 -11, label %133 ] %95 = load i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*, i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)** %17, align 8 %96 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, null br i1 %96, label %103, label %97 %98 = icmp eq i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)* %95, bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*) br i1 %98, label %99, label %101, !prof !4, !misexpect !5 %100 = tail call zeroext i1 bitcast (i1 (%struct.fib_rule.748839*, i32, %struct.fib_lookup_arg.748846*)* @fib4_rule_suppress to i1 (%struct.fib_rule.744527*, i32, %struct.fib_lookup_arg.744528*)*)(%struct.fib_rule.744527* %22, i32 %2, %struct.fib_lookup_arg.744528* %3) #83 br i1 %100, label %133, label %103 %104 = getelementptr inbounds %struct.fib_lookup_arg.744528, %struct.fib_lookup_arg.744528* %3, i64 0, i32 5 %105 = load i32, i32* %104, align 4 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %108, label %131 %109 = getelementptr inbounds %struct.fib_rule.744527, %struct.fib_rule.744527* %22, i64 0, i32 15 %110 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %109, i64 0, i32 0, i32 0 %111 = load volatile i32, i32* %110, align 4 %112 = icmp eq i32 %111, 0 br i1 %112, label %123, label %113 %114 = phi i32 [ %121, %120 ], [ %111, %108 ] %115 = add i32 %114, 1 %116 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %110, i32 %115, i32* %110, i32 %114) #6, !srcloc !6 %117 = extractvalue { i8, i32 } %116, 0 %118 = and i8 %117, 1 %119 = icmp eq i8 %118, 0 br i1 %119, label %120, label %123, !prof !7, !misexpect !8 %121 = extractvalue { i8, i32 } %116, 1 %122 = icmp eq i32 %121, 0 br i1 %122, label %123, label %113 %124 = phi i32 [ 0, %108 ], [ 0, %120 ], [ %114, %113 ] %125 = add i32 %124, 1 %126 = or i32 %125, %124 %127 = icmp sgt i32 %126, -1 br i1 %127, label %129, label %128, !prof !4, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %109, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 net_grab_current_ns ------------- Path:  Function:net_grab_current_ns %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.754524** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.754524**)) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct.754524* %3 = getelementptr inbounds %struct.task_struct.754524, %struct.task_struct.754524* %2, i64 0, i32 103 %4 = load %struct.nsproxy.754456*, %struct.nsproxy.754456** %3, align 64 %5 = getelementptr inbounds %struct.nsproxy.754456, %struct.nsproxy.754456* %4, i64 0, i32 5 %6 = load %struct.net.754433*, %struct.net.754433** %5, align 8 %7 = icmp eq %struct.net.754433* %6, null br i1 %7, label %19, label %8 %9 = getelementptr inbounds %struct.net.754433, %struct.net.754433* %6, i64 0, i32 0 %10 = getelementptr inbounds %struct.net.754433, %struct.net.754433* %6, i64 0, i32 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 1, i32* %10) #6, !srcloc !5 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %14, !prof !6, !misexpect !7 %15 = add i32 %11, 1 %16 = or i32 %15, %11 %17 = icmp sgt i32 %16, -1 br i1 %17, label %19, label %18, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 net_grab_current_ns ------------- Path:  Function:net_grab_current_ns %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.754524** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.754524**)) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct.754524* %3 = getelementptr inbounds %struct.task_struct.754524, %struct.task_struct.754524* %2, i64 0, i32 103 %4 = load %struct.nsproxy.754456*, %struct.nsproxy.754456** %3, align 64 %5 = getelementptr inbounds %struct.nsproxy.754456, %struct.nsproxy.754456* %4, i64 0, i32 5 %6 = load %struct.net.754433*, %struct.net.754433** %5, align 8 %7 = icmp eq %struct.net.754433* %6, null br i1 %7, label %19, label %8 %9 = getelementptr inbounds %struct.net.754433, %struct.net.754433* %6, i64 0, i32 0 %10 = getelementptr inbounds %struct.net.754433, %struct.net.754433* %6, i64 0, i32 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 1, i32* %10) #6, !srcloc !5 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %14, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 net_drop_ns ------------- Path:  Function:net_drop_ns %2 = icmp eq i8* %0, null br i1 %2, label %19, label %3 %4 = bitcast i8* %0 to %struct.seqcount_spinlock* %5 = bitcast i8* %0 to i32* %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %5, i32 -1, i32* nonnull %5) #6, !srcloc !4 %7 = icmp eq i32 %6, 1 br i1 %7, label %13, label %8 %9 = add i32 %6, -1 %10 = or i32 %9, %6 %11 = icmp sgt i32 %10, -1 br i1 %11, label %19, label %12, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %4, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 netns_get ------------- Path:  Function:netns_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 5 %8 = load %struct.net*, %struct.net** %7, align 8 %9 = getelementptr inbounds %struct.net, %struct.net* %8, i64 0, i32 14, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %14, !prof !5, !misexpect !6 %15 = add i32 %11, 1 %16 = or i32 %15, %11 %17 = icmp sgt i32 %16, -1 br i1 %17, label %19, label %18, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 netns_get ------------- Path:  Function:netns_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 5 %8 = load %struct.net*, %struct.net** %7, align 8 %9 = getelementptr inbounds %struct.net, %struct.net* %8, i64 0, i32 14, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %14, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 netns_put ------------- Path:  Function:netns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 0, i32 3 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 %7 = add i32 %4, -1 %8 = or i32 %7, %4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %18, label %10, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %2, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_ext_put 1 skb_release_head_state 2 __kfree_skb 3 consume_skb 4 do_mq_notify 5 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #83 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %39 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff* nonnull %0) #84 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff* %0) #83 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff*)*, void (%struct.sk_buff*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff*)* %14, null br i1 %15, label %24, label %16 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 5 %26 = load i64, i64* %25, align 8 %27 = and i64 %26, -8 %28 = inttoptr i64 %27 to %struct.seqcount_spinlock* %29 = icmp eq i64 %27, 0 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 13 %38 = load i8, i8* %37, align 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %43, label %40 %41 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 44 %42 = load %struct.skb_ext*, %struct.skb_ext** %41, align 8 tail call void @__skb_ext_put(%struct.skb_ext* %42) #83 Function:__skb_ext_put %2 = getelementptr inbounds %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 0, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 1 br i1 %5, label %15, label %6 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %15 %16 = getelementptr %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 1, i64 0 %17 = load i8, i8* %16, align 1 %18 = icmp eq i8 %17, 0 br i1 %18, label %45, label %19 %20 = zext i8 %17 to i64 %21 = getelementptr %struct.skb_ext, %struct.skb_ext* %0, i64 %20 %22 = bitcast %struct.skb_ext* %21 to %struct.sec_path* %23 = getelementptr %struct.skb_ext, %struct.skb_ext* %21, i64 0, i32 0, i32 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %45, label %26 %27 = phi i64 [ %41, %40 ], [ 0, %19 ] %28 = getelementptr %struct.sec_path, %struct.sec_path* %22, i64 0, i32 2, i64 %27 %29 = load %struct.xfrm_state*, %struct.xfrm_state** %28, align 8 %30 = getelementptr inbounds %struct.xfrm_state, %struct.xfrm_state* %29, i64 0, i32 5 %31 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %30, i64 0, i32 0, i32 0 %32 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 -1, i32* %31) #6, !srcloc !4 %33 = icmp eq i32 %32, 1 br i1 %33, label %39, label %34 %35 = add i32 %32, -1 %36 = or i32 %35, %32 %37 = icmp sgt i32 %36, -1 br i1 %37, label %40, label %38, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %30, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_ext_put 1 skb_release_head_state 2 __kfree_skb 3 consume_skb 4 do_mq_notify 5 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #83 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %39 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff* nonnull %0) #84 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff* %0) #83 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff*)*, void (%struct.sk_buff*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff*)* %14, null br i1 %15, label %24, label %16 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 5 %26 = load i64, i64* %25, align 8 %27 = and i64 %26, -8 %28 = inttoptr i64 %27 to %struct.seqcount_spinlock* %29 = icmp eq i64 %27, 0 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 13 %38 = load i8, i8* %37, align 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %43, label %40 %41 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 44 %42 = load %struct.skb_ext*, %struct.skb_ext** %41, align 8 tail call void @__skb_ext_put(%struct.skb_ext* %42) #83 Function:__skb_ext_put %2 = getelementptr inbounds %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 0, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 1 br i1 %5, label %15, label %6 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %15 %16 = getelementptr %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 1, i64 0 %17 = load i8, i8* %16, align 1 %18 = icmp eq i8 %17, 0 br i1 %18, label %45, label %19 %20 = zext i8 %17 to i64 %21 = getelementptr %struct.skb_ext, %struct.skb_ext* %0, i64 %20 %22 = bitcast %struct.skb_ext* %21 to %struct.sec_path* %23 = getelementptr %struct.skb_ext, %struct.skb_ext* %21, i64 0, i32 0, i32 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %45, label %26 %27 = phi i64 [ %41, %40 ], [ 0, %19 ] %28 = getelementptr %struct.sec_path, %struct.sec_path* %22, i64 0, i32 2, i64 %27 %29 = load %struct.xfrm_state*, %struct.xfrm_state** %28, align 8 %30 = getelementptr inbounds %struct.xfrm_state, %struct.xfrm_state* %29, i64 0, i32 5 %31 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %30, i64 0, i32 0, i32 0 %32 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 -1, i32* %31) #6, !srcloc !4 %33 = icmp eq i32 %32, 1 br i1 %33, label %39, label %34 %35 = add i32 %32, -1 %36 = or i32 %35, %32 %37 = icmp sgt i32 %36, -1 br i1 %37, label %40, label %38, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %30, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_ext_put 1 skb_release_head_state 2 __kfree_skb 3 consume_skb 4 do_mq_notify 5 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %39 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff* nonnull %0) #84 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff* %0) #83 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff*)*, void (%struct.sk_buff*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff*)* %14, null br i1 %15, label %24, label %16 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 5 %26 = load i64, i64* %25, align 8 %27 = and i64 %26, -8 %28 = inttoptr i64 %27 to %struct.seqcount_spinlock* %29 = icmp eq i64 %27, 0 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 13 %38 = load i8, i8* %37, align 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %43, label %40 %41 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 44 %42 = load %struct.skb_ext*, %struct.skb_ext** %41, align 8 tail call void @__skb_ext_put(%struct.skb_ext* %42) #83 Function:__skb_ext_put %2 = getelementptr inbounds %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 0, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 1 br i1 %5, label %15, label %6 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %15 %16 = getelementptr %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 1, i64 0 %17 = load i8, i8* %16, align 1 %18 = icmp eq i8 %17, 0 br i1 %18, label %45, label %19 %20 = zext i8 %17 to i64 %21 = getelementptr %struct.skb_ext, %struct.skb_ext* %0, i64 %20 %22 = bitcast %struct.skb_ext* %21 to %struct.sec_path* %23 = getelementptr %struct.skb_ext, %struct.skb_ext* %21, i64 0, i32 0, i32 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %45, label %26 %27 = phi i64 [ %41, %40 ], [ 0, %19 ] %28 = getelementptr %struct.sec_path, %struct.sec_path* %22, i64 0, i32 2, i64 %27 %29 = load %struct.xfrm_state*, %struct.xfrm_state** %28, align 8 %30 = getelementptr inbounds %struct.xfrm_state, %struct.xfrm_state* %29, i64 0, i32 5 %31 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %30, i64 0, i32 0, i32 0 %32 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 -1, i32* %31) #6, !srcloc !4 %33 = icmp eq i32 %32, 1 br i1 %33, label %39, label %34 %35 = add i32 %32, -1 %36 = or i32 %35, %32 %37 = icmp sgt i32 %36, -1 br i1 %37, label %40, label %38, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %30, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_ext_put 1 skb_release_head_state 2 __kfree_skb 3 consume_skb 4 do_mq_notify 5 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #83 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %39 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff* nonnull %0) #84 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff* %0) #83 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff*)*, void (%struct.sk_buff*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff*)* %14, null br i1 %15, label %24, label %16 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 5 %26 = load i64, i64* %25, align 8 %27 = and i64 %26, -8 %28 = inttoptr i64 %27 to %struct.seqcount_spinlock* %29 = icmp eq i64 %27, 0 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 13 %38 = load i8, i8* %37, align 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %43, label %40 %41 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 44 %42 = load %struct.skb_ext*, %struct.skb_ext** %41, align 8 tail call void @__skb_ext_put(%struct.skb_ext* %42) #83 Function:__skb_ext_put %2 = getelementptr inbounds %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 0, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 1 br i1 %5, label %15, label %6 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 %10 = add i32 %7, -1 %11 = or i32 %10, %7 %12 = icmp sgt i32 %11, -1 br i1 %12, label %48, label %13, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %2, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_ext_put 1 skb_release_head_state 2 __kfree_skb 3 consume_skb 4 do_mq_notify 5 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #83 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %39 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff* nonnull %0) #84 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff* %0) #83 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff*)*, void (%struct.sk_buff*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff*)* %14, null br i1 %15, label %24, label %16 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 5 %26 = load i64, i64* %25, align 8 %27 = and i64 %26, -8 %28 = inttoptr i64 %27 to %struct.seqcount_spinlock* %29 = icmp eq i64 %27, 0 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 13 %38 = load i8, i8* %37, align 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %43, label %40 %41 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 44 %42 = load %struct.skb_ext*, %struct.skb_ext** %41, align 8 tail call void @__skb_ext_put(%struct.skb_ext* %42) #83 Function:__skb_ext_put %2 = getelementptr inbounds %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 0, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 1 br i1 %5, label %15, label %6 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 %10 = add i32 %7, -1 %11 = or i32 %10, %7 %12 = icmp sgt i32 %11, -1 br i1 %12, label %48, label %13, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %2, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __skb_ext_put 1 skb_release_head_state 2 __kfree_skb 3 consume_skb 4 do_mq_notify 5 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %39 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff* nonnull %0) #84 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff* %0) #83 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff*)*, void (%struct.sk_buff*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff*)* %14, null br i1 %15, label %24, label %16 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 5 %26 = load i64, i64* %25, align 8 %27 = and i64 %26, -8 %28 = inttoptr i64 %27 to %struct.seqcount_spinlock* %29 = icmp eq i64 %27, 0 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 13 %38 = load i8, i8* %37, align 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %43, label %40 %41 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 44 %42 = load %struct.skb_ext*, %struct.skb_ext** %41, align 8 tail call void @__skb_ext_put(%struct.skb_ext* %42) #83 Function:__skb_ext_put %2 = getelementptr inbounds %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.skb_ext, %struct.skb_ext* %0, i64 0, i32 0, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 1 br i1 %5, label %15, label %6 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 %10 = add i32 %7, -1 %11 = or i32 %10, %7 %12 = icmp sgt i32 %11, -1 br i1 %12, label %48, label %13, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %2, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 consume_skb 1 do_mq_notify 2 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #83 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 %13 = add i32 %10, -1 %14 = or i32 %13, %10 %15 = icmp sgt i32 %14, -1 br i1 %15, label %40, label %16, !prof !6, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 consume_skb 1 do_mq_notify 2 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #83 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 %13 = add i32 %10, -1 %14 = or i32 %13, %10 %15 = icmp sgt i32 %14, -1 br i1 %15, label %40, label %16, !prof !6, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 consume_skb 1 do_mq_notify 2 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 %13 = add i32 %10, -1 %14 = or i32 %13, %10 %15 = icmp sgt i32 %14, -1 br i1 %15, label %40, label %16, !prof !6, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_stream_group_ref 1 snd_pcm_kernel_ioctl 2 snd_pcm_channel_info 3 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %171 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %172 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %171, align 8 %173 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %172, i64 0, i32 14 %174 = load i8, i8* %173, align 1, !range !4 %175 = icmp eq i8 %174, 0 br i1 %175, label %178, label %176 %179 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %179) #84 br label %180 %181 = tail call fastcc %struct.snd_pcm_group* @snd_pcm_stream_group_ref(%struct.snd_pcm_substream.721187* %0) #84 Function:snd_pcm_stream_group_ref %2 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %3 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %2, align 8 %4 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %3, i64 0, i32 14 %5 = load i8, i8* %4, align 1, !range !4 %6 = icmp eq i8 %5, 0 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 18 %8 = load %struct.snd_pcm_group*, %struct.snd_pcm_group** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17 %10 = icmp eq %struct.snd_pcm_group* %8, %9 br i1 %10, label %85, label %11 %12 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 0, i32 0, i32 0 br label %14 %15 = phi %struct.snd_pcm_group* [ %8, %11 ], [ %83, %82 ] %16 = getelementptr inbounds %struct.snd_pcm_group, %struct.snd_pcm_group* %15, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !5 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !6, !misexpect !7 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !8, !misexpect !7 %25 = phi i32 [ 2, %14 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #83 br label %26 br i1 %6, label %30, label %27 %31 = getelementptr inbounds %struct.snd_pcm_group, %struct.snd_pcm_group* %15, i64 0, i32 0, i32 0, i32 0 %32 = tail call i32 @_raw_spin_trylock(%struct.raw_spinlock* %31) #83 br label %33 %34 = phi i32 [ %29, %27 ], [ %32, %30 ] %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %85 %37 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %2, align 8 %38 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %37, i64 0, i32 14 %39 = load i8, i8* %38, align 1, !range !4 %40 = icmp eq i8 %39, 0 br i1 %40, label %42, label %41 tail call void @mutex_unlock(%struct.mutex* %12) #83 br label %43 br i1 %6, label %46, label %44 %45 = getelementptr inbounds %struct.snd_pcm_group, %struct.snd_pcm_group* %15, i64 0, i32 1 tail call void @mutex_lock(%struct.mutex* %45) #83 br label %48 %49 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %2, align 8 %50 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %49, i64 0, i32 14 %51 = load i8, i8* %50, align 1, !range !4 %52 = icmp eq i8 %51, 0 br i1 %52, label %54, label %53 tail call void @mutex_lock(%struct.mutex* %12) #83 br label %55 %56 = load %struct.snd_pcm_group*, %struct.snd_pcm_group** %7, align 8 %57 = icmp eq %struct.snd_pcm_group* %56, %15 br i1 %57, label %85, label %58 %59 = icmp eq %struct.snd_pcm_group* %15, null br i1 %59, label %82, label %60 %61 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 -1, i32* %17) #6, !srcloc !9 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %64 %65 = add i32 %61, -1 %66 = or i32 %65, %61 %67 = icmp sgt i32 %66, -1 br i1 %67, label %69, label %68, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_stream_group_ref 1 snd_pcm_kernel_ioctl 2 snd_pcm_channel_info 3 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %171 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %172 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %171, align 8 %173 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %172, i64 0, i32 14 %174 = load i8, i8* %173, align 1, !range !4 %175 = icmp eq i8 %174, 0 br i1 %175, label %178, label %176 %179 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %179) #84 br label %180 %181 = tail call fastcc %struct.snd_pcm_group* @snd_pcm_stream_group_ref(%struct.snd_pcm_substream.721187* %0) #84 Function:snd_pcm_stream_group_ref %2 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %3 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %2, align 8 %4 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %3, i64 0, i32 14 %5 = load i8, i8* %4, align 1, !range !4 %6 = icmp eq i8 %5, 0 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 18 %8 = load %struct.snd_pcm_group*, %struct.snd_pcm_group** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17 %10 = icmp eq %struct.snd_pcm_group* %8, %9 br i1 %10, label %85, label %11 %12 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 0, i32 0, i32 0 br label %14 %15 = phi %struct.snd_pcm_group* [ %8, %11 ], [ %83, %82 ] %16 = getelementptr inbounds %struct.snd_pcm_group, %struct.snd_pcm_group* %15, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !5 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !6, !misexpect !7 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !8, !misexpect !7 %25 = phi i32 [ 2, %14 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #83 br label %26 br i1 %6, label %30, label %27 %31 = getelementptr inbounds %struct.snd_pcm_group, %struct.snd_pcm_group* %15, i64 0, i32 0, i32 0, i32 0 %32 = tail call i32 @_raw_spin_trylock(%struct.raw_spinlock* %31) #83 br label %33 %34 = phi i32 [ %29, %27 ], [ %32, %30 ] %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %85 %37 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %2, align 8 %38 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %37, i64 0, i32 14 %39 = load i8, i8* %38, align 1, !range !4 %40 = icmp eq i8 %39, 0 br i1 %40, label %42, label %41 tail call void @mutex_unlock(%struct.mutex* %12) #83 br label %43 br i1 %6, label %46, label %44 %45 = getelementptr inbounds %struct.snd_pcm_group, %struct.snd_pcm_group* %15, i64 0, i32 1 tail call void @mutex_lock(%struct.mutex* %45) #83 br label %48 %49 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %2, align 8 %50 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %49, i64 0, i32 14 %51 = load i8, i8* %50, align 1, !range !4 %52 = icmp eq i8 %51, 0 br i1 %52, label %54, label %53 tail call void @mutex_lock(%struct.mutex* %12) #83 br label %55 %56 = load %struct.snd_pcm_group*, %struct.snd_pcm_group** %7, align 8 %57 = icmp eq %struct.snd_pcm_group* %56, %15 br i1 %57, label %85, label %58 %59 = icmp eq %struct.snd_pcm_group* %15, null br i1 %59, label %82, label %60 %61 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 -1, i32* %17) #6, !srcloc !9 %62 = icmp eq i32 %61, 1 br i1 %62, label %63, label %64 %65 = add i32 %61, -1 %66 = or i32 %65, %61 %67 = icmp sgt i32 %66, -1 br i1 %67, label %69, label %68, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_stream_group_ref 1 snd_pcm_kernel_ioctl 2 snd_pcm_channel_info 3 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %171 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %172 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %171, align 8 %173 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %172, i64 0, i32 14 %174 = load i8, i8* %173, align 1, !range !4 %175 = icmp eq i8 %174, 0 br i1 %175, label %178, label %176 %179 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %179) #84 br label %180 %181 = tail call fastcc %struct.snd_pcm_group* @snd_pcm_stream_group_ref(%struct.snd_pcm_substream.721187* %0) #84 Function:snd_pcm_stream_group_ref %2 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %3 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %2, align 8 %4 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %3, i64 0, i32 14 %5 = load i8, i8* %4, align 1, !range !4 %6 = icmp eq i8 %5, 0 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 18 %8 = load %struct.snd_pcm_group*, %struct.snd_pcm_group** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17 %10 = icmp eq %struct.snd_pcm_group* %8, %9 br i1 %10, label %85, label %11 %12 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 0, i32 0, i32 0 br label %14 %15 = phi %struct.snd_pcm_group* [ %8, %11 ], [ %83, %82 ] %16 = getelementptr inbounds %struct.snd_pcm_group, %struct.snd_pcm_group* %15, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !5 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !6, !misexpect !7 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !8, !misexpect !7 %25 = phi i32 [ 2, %14 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_stream_group_ref 1 snd_pcm_kernel_ioctl 2 snd_pcm_channel_info 3 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %171 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %172 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %171, align 8 %173 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %172, i64 0, i32 14 %174 = load i8, i8* %173, align 1, !range !4 %175 = icmp eq i8 %174, 0 br i1 %175, label %178, label %176 %179 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %179) #84 br label %180 %181 = tail call fastcc %struct.snd_pcm_group* @snd_pcm_stream_group_ref(%struct.snd_pcm_substream.721187* %0) #84 Function:snd_pcm_stream_group_ref %2 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %3 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %2, align 8 %4 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %3, i64 0, i32 14 %5 = load i8, i8* %4, align 1, !range !4 %6 = icmp eq i8 %5, 0 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 18 %8 = load %struct.snd_pcm_group*, %struct.snd_pcm_group** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17 %10 = icmp eq %struct.snd_pcm_group* %8, %9 br i1 %10, label %85, label %11 %12 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 0, i32 0, i32 0 br label %14 %15 = phi %struct.snd_pcm_group* [ %8, %11 ], [ %83, %82 ] %16 = getelementptr inbounds %struct.snd_pcm_group, %struct.snd_pcm_group* %15, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !5 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !6, !misexpect !7 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !8, !misexpect !7 %25 = phi i32 [ 2, %14 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #83 ------------- Use: =BAD PATH= Call Stack: 0 sync_file_release ------------- Path:  Function:sync_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 80 %6 = bitcast i8* %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 1 %9 = icmp eq i64 %8, 0 br i1 %9, label %17, label %10 %18 = getelementptr inbounds i8, i8* %4, i64 88 %19 = bitcast i8* %18 to %struct.dma_fence** %20 = load %struct.dma_fence*, %struct.dma_fence** %19, align 8 %21 = icmp eq %struct.dma_fence* %20, null br i1 %21, label %34, label %22 %23 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %20, i64 0, i32 6 %24 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %23, i64 0, i32 0 %25 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %23, i64 0, i32 0, i32 0, i32 0 %26 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 -1, i32* %25) #6, !srcloc !4 %27 = icmp eq i32 %26, 1 br i1 %27, label %33, label %28 %29 = add i32 %26, -1 %30 = or i32 %29, %26 %31 = icmp sgt i32 %30, -1 br i1 %31, label %34, label %32, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %24, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_iter_walk_unlocked 1 dma_resv_iter_first_unlocked 2 dma_resv_get_fences 3 i915_gem_object_wait 4 i915_gem_wait_ioctl ------------- Path:  Function:i915_gem_wait_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %85 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 8 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file.490674, %struct.drm_file.490674* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.490854* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = tail call i64 @ktime_get() #83 %42 = getelementptr inbounds i8, i8* %1, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %53, label %46 %54 = phi i64 [ %52, %48 ], [ 9223372036854775807, %40 ], [ 0, %46 ] %55 = tail call i32 @i915_gem_object_wait(%struct.drm_i915_gem_object.490854* nonnull %14, i32 7, i64 %54) #84 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %14 = bitcast %struct.dma_fence*** %5 to i8* %15 = bitcast i32* %6 to i8* %16 = call i32 @dma_resv_get_fences(%struct.dma_resv* %9, %struct.dma_fence** nonnull %4, i32* nonnull %6, %struct.dma_fence*** nonnull %5) #83 Function:dma_resv_get_fences %5 = alloca %struct.dma_resv_iter, align 8 %6 = bitcast %struct.dma_resv_iter* %5 to i8* store i32 0, i32* %2, align 4 store %struct.dma_fence** null, %struct.dma_fence*** %3, align 8 %7 = icmp ne %struct.dma_fence** %1, null br i1 %7, label %8, label %9 store %struct.dma_fence* null, %struct.dma_fence** %1, align 8 br label %9 %10 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 0 store %struct.dma_resv* %0, %struct.dma_resv** %10, align 8 %11 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 1 store i8 1, i8* %11, align 8 %12 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 2 store %struct.dma_fence* null, %struct.dma_fence** %12, align 8 %13 = call %struct.dma_fence* @dma_resv_iter_first_unlocked(%struct.dma_resv_iter* nonnull %5) #83 Function:dma_resv_iter_first_unlocked tail call void @__rcu_read_lock() #83 %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 3 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 1 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %8 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 7 br label %9 %10 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %11 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %10, i64 0, i32 1, i32 0, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %17 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %16, i64 0, i32 1, i32 0, i32 0 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 1 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %15 %22 = phi i32 [ %12, %9 ], [ %18, %15 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i32 %22, i32* %3, align 8 store i32 -1, i32* %4, align 4 store i32 0, i32* %5, align 8 %23 = load i8, i8* %6, align 8, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %27 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %26, i64 0, i32 3 %28 = load volatile %struct.dma_resv_list*, %struct.dma_resv_list** %27, align 8 store %struct.dma_resv_list* %28, %struct.dma_resv_list** %7, align 8 %29 = icmp eq %struct.dma_resv_list* %28, null br i1 %29, label %34, label %30 store i8 1, i8* %8, align 4 tail call fastcc void @dma_resv_iter_walk_unlocked(%struct.dma_resv_iter* %0) #84 Function:dma_resv_iter_walk_unlocked %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %3, i64 0, i32 2 br label %9 %10 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 %11 = icmp eq %struct.dma_fence* %10, null br i1 %11, label %24, label %12 %25 = load i32, i32* %5, align 4 %26 = icmp eq i32 %25, -1 br i1 %26, label %27, label %30 %28 = load volatile %struct.dma_fence*, %struct.dma_fence** %8, align 8 store %struct.dma_fence* %28, %struct.dma_fence** %4, align 8 store i32 0, i32* %5, align 4 %29 = icmp eq %struct.dma_fence* %28, null br i1 %29, label %74, label %42 %43 = phi %struct.dma_fence* [ %28, %27 ], [ %41, %37 ] %44 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %43, i64 0, i32 6 %45 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %44, i64 0, i32 0 %46 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %44, i64 0, i32 0, i32 0, i32 0 %47 = load volatile i32, i32* %46, align 4 %48 = icmp eq i32 %47, 0 br i1 %48, label %59, label %49 %50 = phi i32 [ %57, %56 ], [ %47, %42 ] %51 = add i32 %50, 1 %52 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32 %51, i32* %46, i32 %50) #6, !srcloc !8 %53 = extractvalue { i8, i32 } %52, 0 %54 = and i8 %53, 1 %55 = icmp eq i8 %54, 0 br i1 %55, label %56, label %59, !prof !9, !misexpect !6 %57 = extractvalue { i8, i32 } %52, 1 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %49 %60 = phi i32 [ 0, %42 ], [ 0, %56 ], [ %50, %49 ] %61 = add i32 %60, 1 %62 = or i32 %61, %60 %63 = icmp sgt i32 %62, -1 br i1 %63, label %65, label %64, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %45, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_iter_walk_unlocked 1 dma_resv_iter_first_unlocked 2 dma_resv_get_fences 3 i915_gem_object_wait 4 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %396, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %396, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %396, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %385 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %385, label %75 %76 = getelementptr inbounds i8, i8* %36, i64 584 %77 = bitcast i8* %76 to i64* %78 = load i64, i64* %77, align 8 %79 = and i64 %78, 64 %80 = icmp eq i64 %79, 0 br i1 %80, label %81, label %385 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pwrite to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pwrite_ioctl, %82)) #6 to label %102 [label %82], !srcloc !10 %103 = getelementptr inbounds i8, i8* %36, i64 440 %104 = bitcast i8* %103 to %struct.drm_i915_gem_object_ops.436016** %105 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %104, align 8 %106 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %105, i64 0, i32 6 %107 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %106, align 8 %108 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %107, null br i1 %108, label %112, label %109 %113 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 5, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %14 = bitcast %struct.dma_fence*** %5 to i8* %15 = bitcast i32* %6 to i8* %16 = call i32 @dma_resv_get_fences(%struct.dma_resv* %9, %struct.dma_fence** nonnull %4, i32* nonnull %6, %struct.dma_fence*** nonnull %5) #83 Function:dma_resv_get_fences %5 = alloca %struct.dma_resv_iter, align 8 %6 = bitcast %struct.dma_resv_iter* %5 to i8* store i32 0, i32* %2, align 4 store %struct.dma_fence** null, %struct.dma_fence*** %3, align 8 %7 = icmp ne %struct.dma_fence** %1, null br i1 %7, label %8, label %9 store %struct.dma_fence* null, %struct.dma_fence** %1, align 8 br label %9 %10 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 0 store %struct.dma_resv* %0, %struct.dma_resv** %10, align 8 %11 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 1 store i8 1, i8* %11, align 8 %12 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 2 store %struct.dma_fence* null, %struct.dma_fence** %12, align 8 %13 = call %struct.dma_fence* @dma_resv_iter_first_unlocked(%struct.dma_resv_iter* nonnull %5) #83 Function:dma_resv_iter_first_unlocked tail call void @__rcu_read_lock() #83 %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 3 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 1 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %8 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 7 br label %9 %10 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %11 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %10, i64 0, i32 1, i32 0, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %17 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %16, i64 0, i32 1, i32 0, i32 0 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 1 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %15 %22 = phi i32 [ %12, %9 ], [ %18, %15 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i32 %22, i32* %3, align 8 store i32 -1, i32* %4, align 4 store i32 0, i32* %5, align 8 %23 = load i8, i8* %6, align 8, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %27 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %26, i64 0, i32 3 %28 = load volatile %struct.dma_resv_list*, %struct.dma_resv_list** %27, align 8 store %struct.dma_resv_list* %28, %struct.dma_resv_list** %7, align 8 %29 = icmp eq %struct.dma_resv_list* %28, null br i1 %29, label %34, label %30 store i8 1, i8* %8, align 4 tail call fastcc void @dma_resv_iter_walk_unlocked(%struct.dma_resv_iter* %0) #84 Function:dma_resv_iter_walk_unlocked %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %3, i64 0, i32 2 br label %9 %10 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 %11 = icmp eq %struct.dma_fence* %10, null br i1 %11, label %24, label %12 %25 = load i32, i32* %5, align 4 %26 = icmp eq i32 %25, -1 br i1 %26, label %27, label %30 %28 = load volatile %struct.dma_fence*, %struct.dma_fence** %8, align 8 store %struct.dma_fence* %28, %struct.dma_fence** %4, align 8 store i32 0, i32* %5, align 4 %29 = icmp eq %struct.dma_fence* %28, null br i1 %29, label %74, label %42 %43 = phi %struct.dma_fence* [ %28, %27 ], [ %41, %37 ] %44 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %43, i64 0, i32 6 %45 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %44, i64 0, i32 0 %46 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %44, i64 0, i32 0, i32 0, i32 0 %47 = load volatile i32, i32* %46, align 4 %48 = icmp eq i32 %47, 0 br i1 %48, label %59, label %49 %50 = phi i32 [ %57, %56 ], [ %47, %42 ] %51 = add i32 %50, 1 %52 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32 %51, i32* %46, i32 %50) #6, !srcloc !8 %53 = extractvalue { i8, i32 } %52, 0 %54 = and i8 %53, 1 %55 = icmp eq i8 %54, 0 br i1 %55, label %56, label %59, !prof !9, !misexpect !6 %57 = extractvalue { i8, i32 } %52, 1 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %49 %60 = phi i32 [ 0, %42 ], [ 0, %56 ], [ %50, %49 ] %61 = add i32 %60, 1 %62 = or i32 %61, %60 %63 = icmp sgt i32 %62, -1 br i1 %63, label %65, label %64, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %45, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_iter_walk_unlocked 1 dma_resv_iter_first_unlocked 2 dma_resv_get_fences 3 i915_gem_object_wait 4 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %331, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %331, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %331, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %320 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %320, label %75 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pread to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pread_ioctl, %76)) #6 to label %96 [label %76], !srcloc !10 %97 = getelementptr inbounds i8, i8* %36, i64 440 %98 = bitcast i8* %97 to %struct.drm_i915_gem_object_ops.436016** %99 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %98, align 8 %100 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %99, i64 0, i32 5 %101 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %100, align 8 %102 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %101, null br i1 %102, label %106, label %103 %107 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 1, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %14 = bitcast %struct.dma_fence*** %5 to i8* %15 = bitcast i32* %6 to i8* %16 = call i32 @dma_resv_get_fences(%struct.dma_resv* %9, %struct.dma_fence** nonnull %4, i32* nonnull %6, %struct.dma_fence*** nonnull %5) #83 Function:dma_resv_get_fences %5 = alloca %struct.dma_resv_iter, align 8 %6 = bitcast %struct.dma_resv_iter* %5 to i8* store i32 0, i32* %2, align 4 store %struct.dma_fence** null, %struct.dma_fence*** %3, align 8 %7 = icmp ne %struct.dma_fence** %1, null br i1 %7, label %8, label %9 store %struct.dma_fence* null, %struct.dma_fence** %1, align 8 br label %9 %10 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 0 store %struct.dma_resv* %0, %struct.dma_resv** %10, align 8 %11 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 1 store i8 1, i8* %11, align 8 %12 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 2 store %struct.dma_fence* null, %struct.dma_fence** %12, align 8 %13 = call %struct.dma_fence* @dma_resv_iter_first_unlocked(%struct.dma_resv_iter* nonnull %5) #83 Function:dma_resv_iter_first_unlocked tail call void @__rcu_read_lock() #83 %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 3 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 1 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %8 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 7 br label %9 %10 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %11 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %10, i64 0, i32 1, i32 0, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %17 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %16, i64 0, i32 1, i32 0, i32 0 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 1 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %15 %22 = phi i32 [ %12, %9 ], [ %18, %15 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i32 %22, i32* %3, align 8 store i32 -1, i32* %4, align 4 store i32 0, i32* %5, align 8 %23 = load i8, i8* %6, align 8, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %27 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %26, i64 0, i32 3 %28 = load volatile %struct.dma_resv_list*, %struct.dma_resv_list** %27, align 8 store %struct.dma_resv_list* %28, %struct.dma_resv_list** %7, align 8 %29 = icmp eq %struct.dma_resv_list* %28, null br i1 %29, label %34, label %30 store i8 1, i8* %8, align 4 tail call fastcc void @dma_resv_iter_walk_unlocked(%struct.dma_resv_iter* %0) #84 Function:dma_resv_iter_walk_unlocked %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %3, i64 0, i32 2 br label %9 %10 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 %11 = icmp eq %struct.dma_fence* %10, null br i1 %11, label %24, label %12 %25 = load i32, i32* %5, align 4 %26 = icmp eq i32 %25, -1 br i1 %26, label %27, label %30 %28 = load volatile %struct.dma_fence*, %struct.dma_fence** %8, align 8 store %struct.dma_fence* %28, %struct.dma_fence** %4, align 8 store i32 0, i32* %5, align 4 %29 = icmp eq %struct.dma_fence* %28, null br i1 %29, label %74, label %42 %43 = phi %struct.dma_fence* [ %28, %27 ], [ %41, %37 ] %44 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %43, i64 0, i32 6 %45 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %44, i64 0, i32 0 %46 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %44, i64 0, i32 0, i32 0, i32 0 %47 = load volatile i32, i32* %46, align 4 %48 = icmp eq i32 %47, 0 br i1 %48, label %59, label %49 %50 = phi i32 [ %57, %56 ], [ %47, %42 ] %51 = add i32 %50, 1 %52 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32 %51, i32* %46, i32 %50) #6, !srcloc !8 %53 = extractvalue { i8, i32 } %52, 0 %54 = and i8 %53, 1 %55 = icmp eq i8 %54, 0 br i1 %55, label %56, label %59, !prof !9, !misexpect !6 %57 = extractvalue { i8, i32 } %52, 1 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %49 %60 = phi i32 [ 0, %42 ], [ 0, %56 ], [ %50, %49 ] %61 = add i32 %60, 1 %62 = or i32 %61, %60 %63 = icmp sgt i32 %62, -1 br i1 %63, label %65, label %64, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %45, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_iter_walk_unlocked 1 dma_resv_iter_first_unlocked 2 dma_resv_wait_timeout 3 dma_buf_ioctl ------------- Path:  Function:dma_buf_ioctl %4 = alloca %struct.anon.1, align 8 %5 = bitcast %struct.anon.1* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.dma_buf** %8 = load %struct.dma_buf*, %struct.dma_buf** %7, align 8 switch i32 %1, label %82 [ i32 1074291200, label %9 i32 1074029057, label %58 i32 1074291201, label %58 ] %10 = inttoptr i64 %2 to i8* %11 = call i64 @_copy_from_user(i8* nonnull %5, i8* %10, i64 8) #83 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %82 %14 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %4, i64 0, i32 0 %15 = load i64, i64* %14, align 8 %16 = icmp ult i64 %15, 8 br i1 %16, label %17, label %82 %18 = and i64 %15, 3 switch i64 %18, label %82 [ i64 1, label %21 i64 2, label %19 i64 3, label %20 ] %22 = phi i1 [ false, %17 ], [ true, %20 ], [ true, %19 ] %23 = phi i32 [ 2, %17 ], [ 0, %20 ], [ 1, %19 ] %24 = and i64 %15, 4 %25 = icmp eq i64 %24, 0 %26 = icmp eq %struct.dma_buf* %8, null br i1 %25, label %37, label %27 br i1 %26, label %38, label %39, !prof !4, !misexpect !5 %40 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %8, i64 0, i32 3 %41 = load %struct.dma_buf_ops*, %struct.dma_buf_ops** %40, align 8 %42 = getelementptr inbounds %struct.dma_buf_ops, %struct.dma_buf_ops* %41, i64 0, i32 8 %43 = load i32 (%struct.dma_buf*, i32)*, i32 (%struct.dma_buf*, i32)** %42, align 8 %44 = icmp eq i32 (%struct.dma_buf*, i32)* %43, null br i1 %44, label %48, label %45 %46 = call i32 %43(%struct.dma_buf* nonnull %8, i32 %23) #83 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %55 %49 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %8, i64 0, i32 13 %50 = load %struct.dma_resv*, %struct.dma_resv** %49, align 8 %51 = call i64 @dma_resv_wait_timeout(%struct.dma_resv* %50, i1 zeroext %22, i1 zeroext true, i64 9223372036854775807) #83 Function:dma_resv_wait_timeout %5 = alloca %struct.dma_resv_iter, align 8 %6 = icmp eq i64 %3, 0 %7 = select i1 %6, i64 1, i64 %3 %8 = bitcast %struct.dma_resv_iter* %5 to i8* %9 = zext i1 %1 to i8 %10 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 0 store %struct.dma_resv* %0, %struct.dma_resv** %10, align 8 %11 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 1 store i8 %9, i8* %11, align 8 %12 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 2 store %struct.dma_fence* null, %struct.dma_fence** %12, align 8 %13 = call %struct.dma_fence* @dma_resv_iter_first_unlocked(%struct.dma_resv_iter* nonnull %5) #83 Function:dma_resv_iter_first_unlocked tail call void @__rcu_read_lock() #83 %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 3 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 1 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %8 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 7 br label %9 %10 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %11 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %10, i64 0, i32 1, i32 0, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %17 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %16, i64 0, i32 1, i32 0, i32 0 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 1 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %15 %22 = phi i32 [ %12, %9 ], [ %18, %15 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i32 %22, i32* %3, align 8 store i32 -1, i32* %4, align 4 store i32 0, i32* %5, align 8 %23 = load i8, i8* %6, align 8, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %27 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %26, i64 0, i32 3 %28 = load volatile %struct.dma_resv_list*, %struct.dma_resv_list** %27, align 8 store %struct.dma_resv_list* %28, %struct.dma_resv_list** %7, align 8 %29 = icmp eq %struct.dma_resv_list* %28, null br i1 %29, label %34, label %30 store i8 1, i8* %8, align 4 tail call fastcc void @dma_resv_iter_walk_unlocked(%struct.dma_resv_iter* %0) #84 Function:dma_resv_iter_walk_unlocked %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %3, i64 0, i32 2 br label %9 %10 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 %11 = icmp eq %struct.dma_fence* %10, null br i1 %11, label %24, label %12 %25 = load i32, i32* %5, align 4 %26 = icmp eq i32 %25, -1 br i1 %26, label %27, label %30 %28 = load volatile %struct.dma_fence*, %struct.dma_fence** %8, align 8 store %struct.dma_fence* %28, %struct.dma_fence** %4, align 8 store i32 0, i32* %5, align 4 %29 = icmp eq %struct.dma_fence* %28, null br i1 %29, label %74, label %42 %43 = phi %struct.dma_fence* [ %28, %27 ], [ %41, %37 ] %44 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %43, i64 0, i32 6 %45 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %44, i64 0, i32 0 %46 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %44, i64 0, i32 0, i32 0, i32 0 %47 = load volatile i32, i32* %46, align 4 %48 = icmp eq i32 %47, 0 br i1 %48, label %59, label %49 %50 = phi i32 [ %57, %56 ], [ %47, %42 ] %51 = add i32 %50, 1 %52 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32 %51, i32* %46, i32 %50) #6, !srcloc !8 %53 = extractvalue { i8, i32 } %52, 0 %54 = and i8 %53, 1 %55 = icmp eq i8 %54, 0 br i1 %55, label %56, label %59, !prof !9, !misexpect !6 %57 = extractvalue { i8, i32 } %52, 1 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %49 %60 = phi i32 [ 0, %42 ], [ 0, %56 ], [ %50, %49 ] %61 = add i32 %60, 1 %62 = or i32 %61, %60 %63 = icmp sgt i32 %62, -1 br i1 %63, label %65, label %64, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %45, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_iter_walk_unlocked 1 dma_resv_iter_first_unlocked 2 dma_resv_get_fences 3 i915_gem_object_wait 4 i915_gem_wait_ioctl ------------- Path:  Function:i915_gem_wait_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %85 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 8 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file.490674, %struct.drm_file.490674* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.490854* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = tail call i64 @ktime_get() #83 %42 = getelementptr inbounds i8, i8* %1, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %53, label %46 %54 = phi i64 [ %52, %48 ], [ 9223372036854775807, %40 ], [ 0, %46 ] %55 = tail call i32 @i915_gem_object_wait(%struct.drm_i915_gem_object.490854* nonnull %14, i32 7, i64 %54) #84 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %14 = bitcast %struct.dma_fence*** %5 to i8* %15 = bitcast i32* %6 to i8* %16 = call i32 @dma_resv_get_fences(%struct.dma_resv* %9, %struct.dma_fence** nonnull %4, i32* nonnull %6, %struct.dma_fence*** nonnull %5) #83 Function:dma_resv_get_fences %5 = alloca %struct.dma_resv_iter, align 8 %6 = bitcast %struct.dma_resv_iter* %5 to i8* store i32 0, i32* %2, align 4 store %struct.dma_fence** null, %struct.dma_fence*** %3, align 8 %7 = icmp ne %struct.dma_fence** %1, null br i1 %7, label %8, label %9 store %struct.dma_fence* null, %struct.dma_fence** %1, align 8 br label %9 %10 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 0 store %struct.dma_resv* %0, %struct.dma_resv** %10, align 8 %11 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 1 store i8 1, i8* %11, align 8 %12 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 2 store %struct.dma_fence* null, %struct.dma_fence** %12, align 8 %13 = call %struct.dma_fence* @dma_resv_iter_first_unlocked(%struct.dma_resv_iter* nonnull %5) #83 Function:dma_resv_iter_first_unlocked tail call void @__rcu_read_lock() #83 %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 3 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 1 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %8 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 7 br label %9 %10 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %11 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %10, i64 0, i32 1, i32 0, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %17 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %16, i64 0, i32 1, i32 0, i32 0 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 1 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %15 %22 = phi i32 [ %12, %9 ], [ %18, %15 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i32 %22, i32* %3, align 8 store i32 -1, i32* %4, align 4 store i32 0, i32* %5, align 8 %23 = load i8, i8* %6, align 8, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %27 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %26, i64 0, i32 3 %28 = load volatile %struct.dma_resv_list*, %struct.dma_resv_list** %27, align 8 store %struct.dma_resv_list* %28, %struct.dma_resv_list** %7, align 8 %29 = icmp eq %struct.dma_resv_list* %28, null br i1 %29, label %34, label %30 store i8 1, i8* %8, align 4 tail call fastcc void @dma_resv_iter_walk_unlocked(%struct.dma_resv_iter* %0) #84 Function:dma_resv_iter_walk_unlocked %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %3, i64 0, i32 2 br label %9 %10 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 %11 = icmp eq %struct.dma_fence* %10, null br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %10, i64 0, i32 6 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0 %15 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 -1, i32* %15) #6, !srcloc !4 %17 = icmp eq i32 %16, 1 br i1 %17, label %23, label %18 %19 = add i32 %16, -1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_iter_walk_unlocked 1 dma_resv_iter_first_unlocked 2 dma_resv_get_fences 3 i915_gem_object_wait 4 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %396, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %396, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %396, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %385 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %385, label %75 %76 = getelementptr inbounds i8, i8* %36, i64 584 %77 = bitcast i8* %76 to i64* %78 = load i64, i64* %77, align 8 %79 = and i64 %78, 64 %80 = icmp eq i64 %79, 0 br i1 %80, label %81, label %385 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pwrite to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pwrite_ioctl, %82)) #6 to label %102 [label %82], !srcloc !10 %103 = getelementptr inbounds i8, i8* %36, i64 440 %104 = bitcast i8* %103 to %struct.drm_i915_gem_object_ops.436016** %105 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %104, align 8 %106 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %105, i64 0, i32 6 %107 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %106, align 8 %108 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %107, null br i1 %108, label %112, label %109 %113 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 5, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %14 = bitcast %struct.dma_fence*** %5 to i8* %15 = bitcast i32* %6 to i8* %16 = call i32 @dma_resv_get_fences(%struct.dma_resv* %9, %struct.dma_fence** nonnull %4, i32* nonnull %6, %struct.dma_fence*** nonnull %5) #83 Function:dma_resv_get_fences %5 = alloca %struct.dma_resv_iter, align 8 %6 = bitcast %struct.dma_resv_iter* %5 to i8* store i32 0, i32* %2, align 4 store %struct.dma_fence** null, %struct.dma_fence*** %3, align 8 %7 = icmp ne %struct.dma_fence** %1, null br i1 %7, label %8, label %9 store %struct.dma_fence* null, %struct.dma_fence** %1, align 8 br label %9 %10 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 0 store %struct.dma_resv* %0, %struct.dma_resv** %10, align 8 %11 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 1 store i8 1, i8* %11, align 8 %12 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 2 store %struct.dma_fence* null, %struct.dma_fence** %12, align 8 %13 = call %struct.dma_fence* @dma_resv_iter_first_unlocked(%struct.dma_resv_iter* nonnull %5) #83 Function:dma_resv_iter_first_unlocked tail call void @__rcu_read_lock() #83 %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 3 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 1 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %8 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 7 br label %9 %10 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %11 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %10, i64 0, i32 1, i32 0, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %17 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %16, i64 0, i32 1, i32 0, i32 0 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 1 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %15 %22 = phi i32 [ %12, %9 ], [ %18, %15 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i32 %22, i32* %3, align 8 store i32 -1, i32* %4, align 4 store i32 0, i32* %5, align 8 %23 = load i8, i8* %6, align 8, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %27 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %26, i64 0, i32 3 %28 = load volatile %struct.dma_resv_list*, %struct.dma_resv_list** %27, align 8 store %struct.dma_resv_list* %28, %struct.dma_resv_list** %7, align 8 %29 = icmp eq %struct.dma_resv_list* %28, null br i1 %29, label %34, label %30 store i8 1, i8* %8, align 4 tail call fastcc void @dma_resv_iter_walk_unlocked(%struct.dma_resv_iter* %0) #84 Function:dma_resv_iter_walk_unlocked %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %3, i64 0, i32 2 br label %9 %10 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 %11 = icmp eq %struct.dma_fence* %10, null br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %10, i64 0, i32 6 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0 %15 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 -1, i32* %15) #6, !srcloc !4 %17 = icmp eq i32 %16, 1 br i1 %17, label %23, label %18 %19 = add i32 %16, -1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_iter_walk_unlocked 1 dma_resv_iter_first_unlocked 2 dma_resv_get_fences 3 i915_gem_object_wait 4 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %331, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %331, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %331, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %320 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %320, label %75 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pread to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pread_ioctl, %76)) #6 to label %96 [label %76], !srcloc !10 %97 = getelementptr inbounds i8, i8* %36, i64 440 %98 = bitcast i8* %97 to %struct.drm_i915_gem_object_ops.436016** %99 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %98, align 8 %100 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %99, i64 0, i32 5 %101 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %100, align 8 %102 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %101, null br i1 %102, label %106, label %103 %107 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 1, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %14 = bitcast %struct.dma_fence*** %5 to i8* %15 = bitcast i32* %6 to i8* %16 = call i32 @dma_resv_get_fences(%struct.dma_resv* %9, %struct.dma_fence** nonnull %4, i32* nonnull %6, %struct.dma_fence*** nonnull %5) #83 Function:dma_resv_get_fences %5 = alloca %struct.dma_resv_iter, align 8 %6 = bitcast %struct.dma_resv_iter* %5 to i8* store i32 0, i32* %2, align 4 store %struct.dma_fence** null, %struct.dma_fence*** %3, align 8 %7 = icmp ne %struct.dma_fence** %1, null br i1 %7, label %8, label %9 store %struct.dma_fence* null, %struct.dma_fence** %1, align 8 br label %9 %10 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 0 store %struct.dma_resv* %0, %struct.dma_resv** %10, align 8 %11 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 1 store i8 1, i8* %11, align 8 %12 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 2 store %struct.dma_fence* null, %struct.dma_fence** %12, align 8 %13 = call %struct.dma_fence* @dma_resv_iter_first_unlocked(%struct.dma_resv_iter* nonnull %5) #83 Function:dma_resv_iter_first_unlocked tail call void @__rcu_read_lock() #83 %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 3 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 1 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %8 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 7 br label %9 %10 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %11 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %10, i64 0, i32 1, i32 0, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %17 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %16, i64 0, i32 1, i32 0, i32 0 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 1 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %15 %22 = phi i32 [ %12, %9 ], [ %18, %15 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i32 %22, i32* %3, align 8 store i32 -1, i32* %4, align 4 store i32 0, i32* %5, align 8 %23 = load i8, i8* %6, align 8, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %27 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %26, i64 0, i32 3 %28 = load volatile %struct.dma_resv_list*, %struct.dma_resv_list** %27, align 8 store %struct.dma_resv_list* %28, %struct.dma_resv_list** %7, align 8 %29 = icmp eq %struct.dma_resv_list* %28, null br i1 %29, label %34, label %30 store i8 1, i8* %8, align 4 tail call fastcc void @dma_resv_iter_walk_unlocked(%struct.dma_resv_iter* %0) #84 Function:dma_resv_iter_walk_unlocked %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %3, i64 0, i32 2 br label %9 %10 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 %11 = icmp eq %struct.dma_fence* %10, null br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %10, i64 0, i32 6 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0 %15 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 -1, i32* %15) #6, !srcloc !4 %17 = icmp eq i32 %16, 1 br i1 %17, label %23, label %18 %19 = add i32 %16, -1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_iter_walk_unlocked 1 dma_resv_iter_first_unlocked 2 dma_resv_wait_timeout 3 dma_buf_ioctl ------------- Path:  Function:dma_buf_ioctl %4 = alloca %struct.anon.1, align 8 %5 = bitcast %struct.anon.1* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.dma_buf** %8 = load %struct.dma_buf*, %struct.dma_buf** %7, align 8 switch i32 %1, label %82 [ i32 1074291200, label %9 i32 1074029057, label %58 i32 1074291201, label %58 ] %10 = inttoptr i64 %2 to i8* %11 = call i64 @_copy_from_user(i8* nonnull %5, i8* %10, i64 8) #83 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %82 %14 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %4, i64 0, i32 0 %15 = load i64, i64* %14, align 8 %16 = icmp ult i64 %15, 8 br i1 %16, label %17, label %82 %18 = and i64 %15, 3 switch i64 %18, label %82 [ i64 1, label %21 i64 2, label %19 i64 3, label %20 ] %22 = phi i1 [ false, %17 ], [ true, %20 ], [ true, %19 ] %23 = phi i32 [ 2, %17 ], [ 0, %20 ], [ 1, %19 ] %24 = and i64 %15, 4 %25 = icmp eq i64 %24, 0 %26 = icmp eq %struct.dma_buf* %8, null br i1 %25, label %37, label %27 br i1 %26, label %38, label %39, !prof !4, !misexpect !5 %40 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %8, i64 0, i32 3 %41 = load %struct.dma_buf_ops*, %struct.dma_buf_ops** %40, align 8 %42 = getelementptr inbounds %struct.dma_buf_ops, %struct.dma_buf_ops* %41, i64 0, i32 8 %43 = load i32 (%struct.dma_buf*, i32)*, i32 (%struct.dma_buf*, i32)** %42, align 8 %44 = icmp eq i32 (%struct.dma_buf*, i32)* %43, null br i1 %44, label %48, label %45 %46 = call i32 %43(%struct.dma_buf* nonnull %8, i32 %23) #83 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %55 %49 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %8, i64 0, i32 13 %50 = load %struct.dma_resv*, %struct.dma_resv** %49, align 8 %51 = call i64 @dma_resv_wait_timeout(%struct.dma_resv* %50, i1 zeroext %22, i1 zeroext true, i64 9223372036854775807) #83 Function:dma_resv_wait_timeout %5 = alloca %struct.dma_resv_iter, align 8 %6 = icmp eq i64 %3, 0 %7 = select i1 %6, i64 1, i64 %3 %8 = bitcast %struct.dma_resv_iter* %5 to i8* %9 = zext i1 %1 to i8 %10 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 0 store %struct.dma_resv* %0, %struct.dma_resv** %10, align 8 %11 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 1 store i8 %9, i8* %11, align 8 %12 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 2 store %struct.dma_fence* null, %struct.dma_fence** %12, align 8 %13 = call %struct.dma_fence* @dma_resv_iter_first_unlocked(%struct.dma_resv_iter* nonnull %5) #83 Function:dma_resv_iter_first_unlocked tail call void @__rcu_read_lock() #83 %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 3 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 1 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %8 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 7 br label %9 %10 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %11 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %10, i64 0, i32 1, i32 0, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %17 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %16, i64 0, i32 1, i32 0, i32 0 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 1 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %15 %22 = phi i32 [ %12, %9 ], [ %18, %15 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i32 %22, i32* %3, align 8 store i32 -1, i32* %4, align 4 store i32 0, i32* %5, align 8 %23 = load i8, i8* %6, align 8, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %27 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %26, i64 0, i32 3 %28 = load volatile %struct.dma_resv_list*, %struct.dma_resv_list** %27, align 8 store %struct.dma_resv_list* %28, %struct.dma_resv_list** %7, align 8 %29 = icmp eq %struct.dma_resv_list* %28, null br i1 %29, label %34, label %30 store i8 1, i8* %8, align 4 tail call fastcc void @dma_resv_iter_walk_unlocked(%struct.dma_resv_iter* %0) #84 Function:dma_resv_iter_walk_unlocked %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %3, i64 0, i32 2 br label %9 %10 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 %11 = icmp eq %struct.dma_fence* %10, null br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %10, i64 0, i32 6 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0 %15 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 -1, i32* %15) #6, !srcloc !4 %17 = icmp eq i32 %16, 1 br i1 %17, label %23, label %18 %19 = add i32 %16, -1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_fence_chain_find_seqno 1 syncobj_wait_syncobj_func 2 drm_syncobj_replace_fence 3 drm_syncobj_file_release ------------- Path:  Function:drm_syncobj_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_syncobj** %5 = load %struct.drm_syncobj*, %struct.drm_syncobj** %4, align 8 %6 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0 %7 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 -1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %16 = bitcast %struct.drm_syncobj* %5 to i8* tail call void @drm_syncobj_replace_fence(%struct.drm_syncobj* %5, %struct.dma_fence* null) #83 Function:drm_syncobj_replace_fence %3 = icmp eq %struct.dma_fence* %1, null br i1 %3, label %16, label %4 %5 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %1, i64 0, i32 6 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11, !prof !5, !misexpect !6 %12 = add i32 %8, 1 %13 = or i32 %12, %8 %14 = icmp sgt i32 %13, -1 br i1 %14, label %16, label %15, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %6, i32 1) #83 br label %16 %17 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %17) #83 %18 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %19 = load %struct.dma_fence*, %struct.dma_fence** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile %struct.dma_fence* %1, %struct.dma_fence** %18, align 8 %20 = icmp eq %struct.dma_fence* %19, %1 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 2 %23 = bitcast %struct.list_head* %22 to %struct.syncobj_wait_entry** %24 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %23, align 8 %25 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %24, i64 0, i32 0 %26 = icmp eq %struct.list_head* %25, %22 br i1 %26, label %33, label %27 %28 = phi %struct.syncobj_wait_entry* [ %30, %27 ], [ %24, %21 ] %29 = bitcast %struct.syncobj_wait_entry* %28 to %struct.syncobj_wait_entry** %30 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %29, align 8 tail call fastcc void @syncobj_wait_syncobj_func(%struct.drm_syncobj* %0, %struct.syncobj_wait_entry* %28) #84 Function:syncobj_wait_syncobj_func %3 = alloca %struct.dma_fence*, align 8 %4 = bitcast %struct.dma_fence** %3 to i8* %5 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %6 = load %struct.dma_fence*, %struct.dma_fence** %5, align 8 store %struct.dma_fence* %6, %struct.dma_fence** %3, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %56, label %8 %9 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %6, i64 0, i32 6 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !5, !misexpect !6 %15 = add i32 %12, 1 %16 = or i32 %15, %12 %17 = icmp sgt i32 %16, -1 br i1 %17, label %20, label %18, !prof !7, !misexpect !6 %19 = phi i32 [ 2, %8 ], [ 1, %14 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 %19) #83 br label %20 %21 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %1, i64 0, i32 4 %22 = load i64, i64* %21, align 8 %23 = call i32 @dma_fence_chain_find_seqno(%struct.dma_fence** nonnull %3, i64 %22) #83 Function:dma_fence_chain_find_seqno %3 = icmp eq i64 %1, 0 br i1 %3, label %56, label %4 %5 = load %struct.dma_fence*, %struct.dma_fence** %0, align 8 %6 = icmp eq %struct.dma_fence* %5, null br i1 %6, label %56, label %7 %8 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 1 %9 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %8, align 8 %10 = icmp eq %struct.dma_fence_ops* %9, @dma_fence_chain_ops br i1 %10, label %11, label %56 %12 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = icmp ult i64 %13, %1 br i1 %14, label %56, label %15 %16 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 6 %17 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %16, i64 0, i32 0 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %16, i64 0, i32 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !5, !misexpect !6 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !7, !misexpect !6 %26 = phi i32 [ 2, %15 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %26) #83 br label %27 store %struct.dma_fence* %5, %struct.dma_fence** %0, align 8 %28 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 3 br label %29 %30 = phi %struct.dma_fence* [ %5, %27 ], [ %45, %44 ] %31 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %30, i64 0, i32 3 %32 = load i64, i64* %31, align 8 %33 = load i64, i64* %28, align 8 %34 = icmp eq i64 %32, %33 br i1 %34, label %35, label %47 %48 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 -1, i32* %18) #6, !srcloc !8 %49 = icmp eq i32 %48, 1 br i1 %49, label %55, label %50 %51 = add i32 %48, -1 %52 = or i32 %51, %48 %53 = icmp sgt i32 %52, -1 br i1 %53, label %56, label %54, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_fence_chain_find_seqno 1 syncobj_wait_syncobj_func 2 drm_syncobj_replace_fence 3 drm_syncobj_file_release ------------- Path:  Function:drm_syncobj_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_syncobj** %5 = load %struct.drm_syncobj*, %struct.drm_syncobj** %4, align 8 %6 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0 %7 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 -1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %16 = bitcast %struct.drm_syncobj* %5 to i8* tail call void @drm_syncobj_replace_fence(%struct.drm_syncobj* %5, %struct.dma_fence* null) #83 Function:drm_syncobj_replace_fence %3 = icmp eq %struct.dma_fence* %1, null br i1 %3, label %16, label %4 %5 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %1, i64 0, i32 6 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11, !prof !5, !misexpect !6 %12 = add i32 %8, 1 %13 = or i32 %12, %8 %14 = icmp sgt i32 %13, -1 br i1 %14, label %16, label %15, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %6, i32 1) #83 br label %16 %17 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %17) #83 %18 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %19 = load %struct.dma_fence*, %struct.dma_fence** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile %struct.dma_fence* %1, %struct.dma_fence** %18, align 8 %20 = icmp eq %struct.dma_fence* %19, %1 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 2 %23 = bitcast %struct.list_head* %22 to %struct.syncobj_wait_entry** %24 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %23, align 8 %25 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %24, i64 0, i32 0 %26 = icmp eq %struct.list_head* %25, %22 br i1 %26, label %33, label %27 %28 = phi %struct.syncobj_wait_entry* [ %30, %27 ], [ %24, %21 ] %29 = bitcast %struct.syncobj_wait_entry* %28 to %struct.syncobj_wait_entry** %30 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %29, align 8 tail call fastcc void @syncobj_wait_syncobj_func(%struct.drm_syncobj* %0, %struct.syncobj_wait_entry* %28) #84 Function:syncobj_wait_syncobj_func %3 = alloca %struct.dma_fence*, align 8 %4 = bitcast %struct.dma_fence** %3 to i8* %5 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %6 = load %struct.dma_fence*, %struct.dma_fence** %5, align 8 store %struct.dma_fence* %6, %struct.dma_fence** %3, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %56, label %8 %9 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %6, i64 0, i32 6 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !5, !misexpect !6 %15 = add i32 %12, 1 %16 = or i32 %15, %12 %17 = icmp sgt i32 %16, -1 br i1 %17, label %20, label %18, !prof !7, !misexpect !6 %19 = phi i32 [ 2, %8 ], [ 1, %14 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 %19) #83 br label %20 %21 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %1, i64 0, i32 4 %22 = load i64, i64* %21, align 8 %23 = call i32 @dma_fence_chain_find_seqno(%struct.dma_fence** nonnull %3, i64 %22) #83 Function:dma_fence_chain_find_seqno %3 = icmp eq i64 %1, 0 br i1 %3, label %56, label %4 %5 = load %struct.dma_fence*, %struct.dma_fence** %0, align 8 %6 = icmp eq %struct.dma_fence* %5, null br i1 %6, label %56, label %7 %8 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 1 %9 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %8, align 8 %10 = icmp eq %struct.dma_fence_ops* %9, @dma_fence_chain_ops br i1 %10, label %11, label %56 %12 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = icmp ult i64 %13, %1 br i1 %14, label %56, label %15 %16 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 6 %17 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %16, i64 0, i32 0 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %16, i64 0, i32 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !5, !misexpect !6 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !7, !misexpect !6 %26 = phi i32 [ 2, %15 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %26) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_fence_chain_walk 1 dma_fence_chain_find_seqno 2 syncobj_wait_syncobj_func 3 drm_syncobj_replace_fence 4 drm_syncobj_file_release ------------- Path:  Function:drm_syncobj_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_syncobj** %5 = load %struct.drm_syncobj*, %struct.drm_syncobj** %4, align 8 %6 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0 %7 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 -1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %16 = bitcast %struct.drm_syncobj* %5 to i8* tail call void @drm_syncobj_replace_fence(%struct.drm_syncobj* %5, %struct.dma_fence* null) #83 Function:drm_syncobj_replace_fence %3 = icmp eq %struct.dma_fence* %1, null br i1 %3, label %16, label %4 %5 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %1, i64 0, i32 6 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11, !prof !5, !misexpect !6 %12 = add i32 %8, 1 %13 = or i32 %12, %8 %14 = icmp sgt i32 %13, -1 br i1 %14, label %16, label %15, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %6, i32 1) #83 br label %16 %17 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %17) #83 %18 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %19 = load %struct.dma_fence*, %struct.dma_fence** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile %struct.dma_fence* %1, %struct.dma_fence** %18, align 8 %20 = icmp eq %struct.dma_fence* %19, %1 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 2 %23 = bitcast %struct.list_head* %22 to %struct.syncobj_wait_entry** %24 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %23, align 8 %25 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %24, i64 0, i32 0 %26 = icmp eq %struct.list_head* %25, %22 br i1 %26, label %33, label %27 %28 = phi %struct.syncobj_wait_entry* [ %30, %27 ], [ %24, %21 ] %29 = bitcast %struct.syncobj_wait_entry* %28 to %struct.syncobj_wait_entry** %30 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %29, align 8 tail call fastcc void @syncobj_wait_syncobj_func(%struct.drm_syncobj* %0, %struct.syncobj_wait_entry* %28) #84 Function:syncobj_wait_syncobj_func %3 = alloca %struct.dma_fence*, align 8 %4 = bitcast %struct.dma_fence** %3 to i8* %5 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %6 = load %struct.dma_fence*, %struct.dma_fence** %5, align 8 store %struct.dma_fence* %6, %struct.dma_fence** %3, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %56, label %8 %9 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %6, i64 0, i32 6 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !5, !misexpect !6 %15 = add i32 %12, 1 %16 = or i32 %15, %12 %17 = icmp sgt i32 %16, -1 br i1 %17, label %20, label %18, !prof !7, !misexpect !6 %19 = phi i32 [ 2, %8 ], [ 1, %14 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 %19) #83 br label %20 %21 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %1, i64 0, i32 4 %22 = load i64, i64* %21, align 8 %23 = call i32 @dma_fence_chain_find_seqno(%struct.dma_fence** nonnull %3, i64 %22) #83 Function:dma_fence_chain_find_seqno %3 = icmp eq i64 %1, 0 br i1 %3, label %56, label %4 %5 = load %struct.dma_fence*, %struct.dma_fence** %0, align 8 %6 = icmp eq %struct.dma_fence* %5, null br i1 %6, label %56, label %7 %8 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 1 %9 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %8, align 8 %10 = icmp eq %struct.dma_fence_ops* %9, @dma_fence_chain_ops br i1 %10, label %11, label %56 %12 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = icmp ult i64 %13, %1 br i1 %14, label %56, label %15 %16 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 6 %17 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %16, i64 0, i32 0 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %16, i64 0, i32 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !5, !misexpect !6 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !7, !misexpect !6 %26 = phi i32 [ 2, %15 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %26) #83 br label %27 store %struct.dma_fence* %5, %struct.dma_fence** %0, align 8 %28 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 3 br label %29 %30 = phi %struct.dma_fence* [ %5, %27 ], [ %45, %44 ] %31 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %30, i64 0, i32 3 %32 = load i64, i64* %31, align 8 %33 = load i64, i64* %28, align 8 %34 = icmp eq i64 %32, %33 br i1 %34, label %35, label %47 %36 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %30, i64 0, i32 1 %37 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %36, align 8 %38 = icmp eq %struct.dma_fence_ops* %37, @dma_fence_chain_ops %39 = bitcast %struct.dma_fence* %30 to %struct.dma_fence_chain* %40 = select i1 %38, %struct.dma_fence_chain* %39, %struct.dma_fence_chain* null %41 = getelementptr inbounds %struct.dma_fence_chain, %struct.dma_fence_chain* %40, i64 0, i32 2 %42 = load i64, i64* %41, align 8 %43 = icmp ult i64 %42, %1 br i1 %43, label %47, label %44 %45 = tail call %struct.dma_fence* @dma_fence_chain_walk(%struct.dma_fence* nonnull %30) #84 Function:dma_fence_chain_walk %2 = icmp eq %struct.dma_fence* %0, null br i1 %2, label %123, label %3 %4 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %0, i64 0, i32 1 %5 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %4, align 8 %6 = icmp eq %struct.dma_fence_ops* %5, @dma_fence_chain_ops %7 = bitcast %struct.dma_fence* %0 to %struct.dma_fence_chain* br i1 %6, label %8, label %14 %15 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %0, i64 0, i32 6 %16 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %15, i64 0, i32 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 -1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 1 br i1 %19, label %25, label %20 %21 = add i32 %18, -1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %123, label %24, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 3) #84 ------------- Use: =BAD PATH= Call Stack: 0 cn_rx_skb ------------- Path:  Function:cn_rx_skb %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %3 = load i32, i32* %2, align 8 %4 = icmp ugt i32 %3, 15 br i1 %4, label %5, label %87 %6 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.nlmsghdr** %8 = load %struct.nlmsghdr*, %struct.nlmsghdr** %7, align 8 %9 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 4 %11 = add i32 %10, -16 %12 = icmp slt i32 %11, 20 br i1 %12, label %87, label %13 %14 = icmp ult i32 %3, %10 %15 = icmp sgt i32 %11, 16384 %16 = or i1 %14, %15 br i1 %16, label %87, label %17 %18 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %19 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %18, i64 0, i32 0, i32 0 %20 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 1, i32* %19) #6, !srcloc !4 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22, !prof !5, !misexpect !6 %23 = add i32 %20, 1 %24 = or i32 %23, %20 %25 = icmp sgt i32 %24, -1 br i1 %25, label %28, label %26, !prof !7, !misexpect !6 %27 = phi i32 [ 2, %17 ], [ 1, %22 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %18, i32 %27) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_madvise_ioctl ------------- Path:  Function:i915_gem_madvise_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp ult i32 %6, 2 br i1 %7, label %8, label %177 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.436033* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_sw_finish_ioctl ------------- Path:  Function:i915_gem_sw_finish_ioctl %4 = bitcast i8* %1 to i32* %5 = load i32, i32* %4, align 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %7 = zext i32 %5 to i64 %8 = tail call i8* @idr_find(%struct.idr* %6, i64 %7) #83 %9 = bitcast i8* %8 to %struct.drm_i915_gem_object.436033* %10 = icmp eq i8* %8, null br i1 %10, label %34, label %11 %12 = bitcast i8* %8 to %struct.seqcount_spinlock* %13 = bitcast i8* %8 to i32* %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %26, label %16 %17 = phi i32 [ %24, %23 ], [ %14, %11 ] %18 = add i32 %17, 1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %13, i32 %18, i32* nonnull %13, i32 %17) #6, !srcloc !4 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %26, !prof !5, !misexpect !6 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %16 %27 = phi i32 [ 0, %11 ], [ %17, %16 ], [ 0, %23 ] %28 = add i32 %27, 1 %29 = or i32 %28, %27 %30 = icmp sgt i32 %29, -1 br i1 %30, label %32, label %31, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %12, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %396, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %396, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %396, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %385 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %385, label %75 %76 = getelementptr inbounds i8, i8* %36, i64 584 %77 = bitcast i8* %76 to i64* %78 = load i64, i64* %77, align 8 %79 = and i64 %78, 64 %80 = icmp eq i64 %79, 0 br i1 %80, label %81, label %385 %386 = phi i32 [ %110, %109 ], [ %113, %112 ], [ %384, %383 ], [ %255, %254 ], [ %253, %252 ], [ -22, %71 ], [ -22, %75 ], [ -22, %63 ] %387 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 -1, i32* nonnull %41) #6, !srcloc !29 %388 = icmp eq i32 %387, 1 br i1 %388, label %394, label %389 %390 = add i32 %387, -1 %391 = or i32 %390, %387 %392 = icmp sgt i32 %391, -1 br i1 %392, label %396, label %393, !prof !9, !misexpect !8 call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %396, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %396, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %396, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %331, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %331, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %331, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %320 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %320, label %75 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pread to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pread_ioctl, %76)) #6 to label %96 [label %76], !srcloc !10 %97 = getelementptr inbounds i8, i8* %36, i64 440 %98 = bitcast i8* %97 to %struct.drm_i915_gem_object_ops.436016** %99 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %98, align 8 %100 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %99, i64 0, i32 5 %101 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %100, align 8 %102 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %101, null br i1 %102, label %106, label %103 %107 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 1, i64 9223372036854775807) #83 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %320 %110 = bitcast i32* %5 to i8* %111 = getelementptr inbounds i8, i8* %36, i64 248 %112 = bitcast i8* %111 to %struct.dma_resv** %113 = load %struct.dma_resv*, %struct.dma_resv** %112, align 8 %114 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %113, i64 0, i32 0 %115 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %114, %struct.ww_acquire_ctx* null) #83 %116 = icmp eq i32 %115, -114 %117 = select i1 %116, i32 0, i32 %115 switch i32 %117, label %213 [ i32 -35, label %118 i32 0, label %128 ] %119 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 1, i32* nonnull %41) #6, !srcloc !18 %120 = icmp eq i32 %119, 0 br i1 %120, label %125, label %121, !prof !5, !misexpect !8 %122 = add i32 %119, 1 %123 = or i32 %122, %119 %124 = icmp sgt i32 %123, -1 br i1 %124, label %127, label %125, !prof !9, !misexpect !8 %126 = phi i32 [ 2, %118 ], [ 1, %121 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 %126) #83 br label %127 store i8* %36, i8** inttoptr (i64 40 to i8**), align 8 br label %320 %321 = phi i32 [ %104, %103 ], [ %107, %106 ], [ %319, %318 ], [ %214, %213 ], [ -22, %71 ], [ -22, %63 ], [ -35, %127 ] %322 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 -1, i32* nonnull %41) #6, !srcloc !28 %323 = icmp eq i32 %322, 1 br i1 %323, label %329, label %324 %325 = add i32 %322, -1 %326 = or i32 %325, %322 %327 = icmp sgt i32 %326, -1 br i1 %327, label %331, label %328, !prof !9, !misexpect !8 call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %331, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %331, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %331, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_wait_ioctl ------------- Path:  Function:i915_gem_wait_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %85 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 8 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file.490674, %struct.drm_file.490674* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.490854* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_object_wait 1 i915_gem_wait_ioctl ------------- Path:  Function:i915_gem_wait_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %85 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 8 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file.490674, %struct.drm_file.490674* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.490854* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = tail call i64 @ktime_get() #83 %42 = getelementptr inbounds i8, i8* %1, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %53, label %46 %54 = phi i64 [ %52, %48 ], [ 9223372036854775807, %40 ], [ 0, %46 ] %55 = tail call i32 @i915_gem_object_wait(%struct.drm_i915_gem_object.490854* nonnull %14, i32 7, i64 %54) #84 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 store %struct.dma_fence* %118, %struct.dma_fence** %4, align 8 br label %119 %120 = phi %struct.dma_fence* [ %118, %117 ], [ %114, %106 ] %121 = phi i64 [ %2, %117 ], [ %107, %106 ] %122 = phi i1 [ false, %117 ], [ %113, %106 ] %123 = icmp ne %struct.dma_fence* %120, null %124 = icmp sgt i64 %121, -1 %125 = and i1 %123, %124 br i1 %125, label %126, label %145 %127 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %120, i64 0, i32 5 %128 = load volatile i64, i64* %127, align 8 %129 = and i64 %128, 1 %130 = icmp eq i64 %129, 0 br i1 %130, label %131, label %142 %132 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %120, i64 0, i32 1 %133 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %132, align 8 %134 = icmp eq %struct.dma_fence_ops* %133, bitcast ({ i8, i8* (%struct.dma_fence.497773*)*, i8* (%struct.dma_fence.497773*)*, i1 (%struct.dma_fence.497773*)*, i1 (%struct.dma_fence.497773*)*, i64 (%struct.dma_fence.497773*, i1, i64)*, void (%struct.dma_fence.497773*)*, void (%struct.dma_fence.497773*, i8*, i32)*, void (%struct.dma_fence.497773*, i8*, i32)* }* @i915_fence_ops to %struct.dma_fence_ops*) br i1 %134, label %135, label %138 %139 = and i32 %1, 1 %140 = icmp ne i32 %139, 0 %141 = call i64 @dma_fence_wait_timeout(%struct.dma_fence* nonnull %120, i1 zeroext %140, i64 %121) #83 br label %142 %143 = phi i64 [ %121, %126 ], [ %141, %138 ], [ %137, %135 ] %144 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 br label %145 %146 = phi %struct.dma_fence* [ %144, %142 ], [ %120, %119 ] %147 = phi i64 [ %143, %142 ], [ %121, %119 ] %148 = icmp eq %struct.dma_fence* %146, null br i1 %148, label %161, label %149 %150 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %146, i64 0, i32 6 %151 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %150, i64 0, i32 0 %152 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %150, i64 0, i32 0, i32 0, i32 0 %153 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %152, i32 -1, i32* %152) #6, !srcloc !4 %154 = icmp eq i32 %153, 1 br i1 %154, label %160, label %155 %156 = add i32 %153, -1 %157 = or i32 %156, %153 %158 = icmp sgt i32 %157, -1 br i1 %158, label %161, label %159, !prof !5, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %151, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_object_wait 1 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %396, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %396, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %396, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %385 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %385, label %75 %76 = getelementptr inbounds i8, i8* %36, i64 584 %77 = bitcast i8* %76 to i64* %78 = load i64, i64* %77, align 8 %79 = and i64 %78, 64 %80 = icmp eq i64 %79, 0 br i1 %80, label %81, label %385 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pwrite to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pwrite_ioctl, %82)) #6 to label %102 [label %82], !srcloc !10 %103 = getelementptr inbounds i8, i8* %36, i64 440 %104 = bitcast i8* %103 to %struct.drm_i915_gem_object_ops.436016** %105 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %104, align 8 %106 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %105, i64 0, i32 6 %107 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %106, align 8 %108 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %107, null br i1 %108, label %112, label %109 %113 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 5, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 store %struct.dma_fence* %118, %struct.dma_fence** %4, align 8 br label %119 %120 = phi %struct.dma_fence* [ %118, %117 ], [ %114, %106 ] %121 = phi i64 [ %2, %117 ], [ %107, %106 ] %122 = phi i1 [ false, %117 ], [ %113, %106 ] %123 = icmp ne %struct.dma_fence* %120, null %124 = icmp sgt i64 %121, -1 %125 = and i1 %123, %124 br i1 %125, label %126, label %145 %127 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %120, i64 0, i32 5 %128 = load volatile i64, i64* %127, align 8 %129 = and i64 %128, 1 %130 = icmp eq i64 %129, 0 br i1 %130, label %131, label %142 %132 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %120, i64 0, i32 1 %133 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %132, align 8 %134 = icmp eq %struct.dma_fence_ops* %133, bitcast ({ i8, i8* (%struct.dma_fence.497773*)*, i8* (%struct.dma_fence.497773*)*, i1 (%struct.dma_fence.497773*)*, i1 (%struct.dma_fence.497773*)*, i64 (%struct.dma_fence.497773*, i1, i64)*, void (%struct.dma_fence.497773*)*, void (%struct.dma_fence.497773*, i8*, i32)*, void (%struct.dma_fence.497773*, i8*, i32)* }* @i915_fence_ops to %struct.dma_fence_ops*) br i1 %134, label %135, label %138 %139 = and i32 %1, 1 %140 = icmp ne i32 %139, 0 %141 = call i64 @dma_fence_wait_timeout(%struct.dma_fence* nonnull %120, i1 zeroext %140, i64 %121) #83 br label %142 %143 = phi i64 [ %121, %126 ], [ %141, %138 ], [ %137, %135 ] %144 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 br label %145 %146 = phi %struct.dma_fence* [ %144, %142 ], [ %120, %119 ] %147 = phi i64 [ %143, %142 ], [ %121, %119 ] %148 = icmp eq %struct.dma_fence* %146, null br i1 %148, label %161, label %149 %150 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %146, i64 0, i32 6 %151 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %150, i64 0, i32 0 %152 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %150, i64 0, i32 0, i32 0, i32 0 %153 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %152, i32 -1, i32* %152) #6, !srcloc !4 %154 = icmp eq i32 %153, 1 br i1 %154, label %160, label %155 %156 = add i32 %153, -1 %157 = or i32 %156, %153 %158 = icmp sgt i32 %157, -1 br i1 %158, label %161, label %159, !prof !5, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %151, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_object_wait 1 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %331, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %331, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %331, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %320 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %320, label %75 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pread to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pread_ioctl, %76)) #6 to label %96 [label %76], !srcloc !10 %97 = getelementptr inbounds i8, i8* %36, i64 440 %98 = bitcast i8* %97 to %struct.drm_i915_gem_object_ops.436016** %99 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %98, align 8 %100 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %99, i64 0, i32 5 %101 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %100, align 8 %102 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %101, null br i1 %102, label %106, label %103 %107 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 1, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 store %struct.dma_fence* %118, %struct.dma_fence** %4, align 8 br label %119 %120 = phi %struct.dma_fence* [ %118, %117 ], [ %114, %106 ] %121 = phi i64 [ %2, %117 ], [ %107, %106 ] %122 = phi i1 [ false, %117 ], [ %113, %106 ] %123 = icmp ne %struct.dma_fence* %120, null %124 = icmp sgt i64 %121, -1 %125 = and i1 %123, %124 br i1 %125, label %126, label %145 %127 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %120, i64 0, i32 5 %128 = load volatile i64, i64* %127, align 8 %129 = and i64 %128, 1 %130 = icmp eq i64 %129, 0 br i1 %130, label %131, label %142 %132 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %120, i64 0, i32 1 %133 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %132, align 8 %134 = icmp eq %struct.dma_fence_ops* %133, bitcast ({ i8, i8* (%struct.dma_fence.497773*)*, i8* (%struct.dma_fence.497773*)*, i1 (%struct.dma_fence.497773*)*, i1 (%struct.dma_fence.497773*)*, i64 (%struct.dma_fence.497773*, i1, i64)*, void (%struct.dma_fence.497773*)*, void (%struct.dma_fence.497773*, i8*, i32)*, void (%struct.dma_fence.497773*, i8*, i32)* }* @i915_fence_ops to %struct.dma_fence_ops*) br i1 %134, label %135, label %138 %139 = and i32 %1, 1 %140 = icmp ne i32 %139, 0 %141 = call i64 @dma_fence_wait_timeout(%struct.dma_fence* nonnull %120, i1 zeroext %140, i64 %121) #83 br label %142 %143 = phi i64 [ %121, %126 ], [ %141, %138 ], [ %137, %135 ] %144 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 br label %145 %146 = phi %struct.dma_fence* [ %144, %142 ], [ %120, %119 ] %147 = phi i64 [ %143, %142 ], [ %121, %119 ] %148 = icmp eq %struct.dma_fence* %146, null br i1 %148, label %161, label %149 %150 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %146, i64 0, i32 6 %151 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %150, i64 0, i32 0 %152 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %150, i64 0, i32 0, i32 0, i32 0 %153 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %152, i32 -1, i32* %152) #6, !srcloc !4 %154 = icmp eq i32 %153, 1 br i1 %154, label %160, label %155 %156 = add i32 %153, -1 %157 = or i32 %156, %153 %158 = icmp sgt i32 %157, -1 br i1 %158, label %161, label %159, !prof !5, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %151, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_get_excl_unlocked 1 i915_gem_object_wait 2 i915_gem_wait_ioctl ------------- Path:  Function:i915_gem_wait_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %85 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 8 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file.490674, %struct.drm_file.490674* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.490854* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = tail call i64 @ktime_get() #83 %42 = getelementptr inbounds i8, i8* %1, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %53, label %46 %54 = phi i64 [ %52, %48 ], [ 9223372036854775807, %40 ], [ 0, %46 ] %55 = tail call i32 @i915_gem_object_wait(%struct.drm_i915_gem_object.490854* nonnull %14, i32 7, i64 %54) #84 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %45, label %33 %34 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %35 = icmp eq %struct.dma_fence* %9, %34 br i1 %35, label %48, label %36 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !8 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 %40 = add i32 %37, -1 %41 = or i32 %40, %37 %42 = icmp sgt i32 %41, -1 br i1 %42, label %45, label %43, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_get_excl_unlocked 1 i915_gem_object_wait 2 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %396, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %396, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %396, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %385 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %385, label %75 %76 = getelementptr inbounds i8, i8* %36, i64 584 %77 = bitcast i8* %76 to i64* %78 = load i64, i64* %77, align 8 %79 = and i64 %78, 64 %80 = icmp eq i64 %79, 0 br i1 %80, label %81, label %385 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pwrite to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pwrite_ioctl, %82)) #6 to label %102 [label %82], !srcloc !10 %103 = getelementptr inbounds i8, i8* %36, i64 440 %104 = bitcast i8* %103 to %struct.drm_i915_gem_object_ops.436016** %105 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %104, align 8 %106 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %105, i64 0, i32 6 %107 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %106, align 8 %108 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %107, null br i1 %108, label %112, label %109 %113 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 5, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %45, label %33 %34 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %35 = icmp eq %struct.dma_fence* %9, %34 br i1 %35, label %48, label %36 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !8 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 %40 = add i32 %37, -1 %41 = or i32 %40, %37 %42 = icmp sgt i32 %41, -1 br i1 %42, label %45, label %43, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_get_excl_unlocked 1 i915_gem_object_wait 2 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %331, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %331, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %331, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %320 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %320, label %75 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pread to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pread_ioctl, %76)) #6 to label %96 [label %76], !srcloc !10 %97 = getelementptr inbounds i8, i8* %36, i64 440 %98 = bitcast i8* %97 to %struct.drm_i915_gem_object_ops.436016** %99 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %98, align 8 %100 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %99, i64 0, i32 5 %101 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %100, align 8 %102 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %101, null br i1 %102, label %106, label %103 %107 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 1, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %45, label %33 %34 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %35 = icmp eq %struct.dma_fence* %9, %34 br i1 %35, label %48, label %36 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !8 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 %40 = add i32 %37, -1 %41 = or i32 %40, %37 %42 = icmp sgt i32 %41, -1 br i1 %42, label %45, label %43, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_get_excl_unlocked 1 i915_gem_object_wait 2 i915_gem_wait_ioctl ------------- Path:  Function:i915_gem_wait_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %85 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 8 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file.490674, %struct.drm_file.490674* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.490854* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = tail call i64 @ktime_get() #83 %42 = getelementptr inbounds i8, i8* %1, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %53, label %46 %54 = phi i64 [ %52, %48 ], [ 9223372036854775807, %40 ], [ 0, %46 ] %55 = tail call i32 @i915_gem_object_wait(%struct.drm_i915_gem_object.490854* nonnull %14, i32 7, i64 %54) #84 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_get_excl_unlocked 1 i915_gem_object_wait 2 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %396, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %396, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %396, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %385 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %385, label %75 %76 = getelementptr inbounds i8, i8* %36, i64 584 %77 = bitcast i8* %76 to i64* %78 = load i64, i64* %77, align 8 %79 = and i64 %78, 64 %80 = icmp eq i64 %79, 0 br i1 %80, label %81, label %385 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pwrite to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pwrite_ioctl, %82)) #6 to label %102 [label %82], !srcloc !10 %103 = getelementptr inbounds i8, i8* %36, i64 440 %104 = bitcast i8* %103 to %struct.drm_i915_gem_object_ops.436016** %105 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %104, align 8 %106 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %105, i64 0, i32 6 %107 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %106, align 8 %108 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %107, null br i1 %108, label %112, label %109 %113 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 5, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_resv_get_excl_unlocked 1 i915_gem_object_wait 2 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %331, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %331, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %331, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %320 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %320, label %75 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pread to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pread_ioctl, %76)) #6 to label %96 [label %76], !srcloc !10 %97 = getelementptr inbounds i8, i8* %36, i64 440 %98 = bitcast i8* %97 to %struct.drm_i915_gem_object_ops.436016** %99 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %98, align 8 %100 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %99, i64 0, i32 5 %101 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %100, align 8 %102 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %101, null br i1 %102, label %106, label %103 %107 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 1, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_tiling_ioctl ------------- Path:  Function:i915_gem_set_tiling_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.426623* %5 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %4, i64 0, i32 67, i32 12 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %149, label %8 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.426638* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = getelementptr inbounds i8, i8* %13, i64 440 %42 = bitcast i8* %41 to %struct.drm_i915_gem_object_ops.426626** %43 = load %struct.drm_i915_gem_object_ops.426626*, %struct.drm_i915_gem_object_ops.426626** %42, align 8 %44 = getelementptr inbounds %struct.drm_i915_gem_object_ops.426626, %struct.drm_i915_gem_object_ops.426626* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %138 %139 = phi i32 [ %131, %128 ], [ -6, %40 ], [ -22, %87 ], [ -22, %101 ], [ -22, %59 ], [ -22, %65 ], [ -22, %69 ], [ -22, %71 ], [ -22, %73 ], [ -22, %97 ], [ -22, %92 ] %140 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 -1, i32* nonnull %18) #6, !srcloc !9 %141 = icmp eq i32 %140, 1 br i1 %141, label %147, label %142 %143 = add i32 %140, -1 %144 = or i32 %143, %140 %145 = icmp sgt i32 %144, -1 br i1 %145, label %149, label %146, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_tiling_ioctl ------------- Path:  Function:i915_gem_set_tiling_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.426623* %5 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %4, i64 0, i32 67, i32 12 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %149, label %8 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.426638* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __assign_mmap_offset_handle 1 i915_gem_mmap_offset_ioctl ------------- Path:  Function:i915_gem_mmap_offset_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 24 %5 = bitcast i8* %4 to %struct.i915_user_extension** %6 = load %struct.i915_user_extension*, %struct.i915_user_extension** %5, align 8 %7 = tail call i32 @i915_user_extensions(%struct.i915_user_extension* %6, i32 (%struct.i915_user_extension*, i8*)** null, i32 0, i8* null) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %35 %10 = getelementptr inbounds i8, i8* %1, i64 16 %11 = bitcast i8* %10 to i64* %12 = load i64, i64* %11, align 8 switch i64 %12, label %35 [ i64 0, label %13 i64 1, label %19 i64 2, label %28 i64 3, label %23 i64 4, label %27 ] %14 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 30, i32 16 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 43 %16 = bitcast %struct.list_head* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %35, label %28 %29 = phi i32 [ 4, %27 ], [ 0, %13 ], [ 1, %19 ], [ 2, %9 ], [ 3, %23 ] %30 = bitcast i8* %1 to i32* %31 = load i32, i32* %30, align 8 %32 = getelementptr inbounds i8, i8* %1, i64 8 %33 = bitcast i8* %32 to i64* %34 = tail call fastcc i32 @__assign_mmap_offset_handle(%struct.drm_file* %2, i32 %31, i32 %29, i64* %33) #84 Function:__assign_mmap_offset_handle tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %0, i64 0, i32 14 %6 = zext i32 %1 to i64 %7 = tail call i8* @idr_find(%struct.idr* %5, i64 %6) #83 %8 = bitcast i8* %7 to %struct.drm_i915_gem_object.436033* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = bitcast i8* %7 to %struct.seqcount_spinlock* %12 = bitcast i8* %7 to i32* %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %10 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %12, i32 %17, i32* nonnull %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %10 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %11, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %153 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %11 = bitcast %struct.mutex* %10 to i8* %12 = load i8, i8* %11, align 8 %13 = icmp ugt i8 %12, 12 br i1 %13, label %153, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 32 %16 = bitcast i8* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ult i64 %17, 2 br i1 %18, label %19, label %153 %20 = icmp eq i64 %17, 0 br i1 %20, label %25, label %21 %22 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %23 = and i64 %22, 65536 %24 = icmp eq i64 %23, 0 br i1 %24, label %153, label %25 %26 = bitcast i8* %1 to i32* %27 = load i32, i32* %26, align 8 tail call void @__rcu_read_lock() #83 %28 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %29 = zext i32 %27 to i64 %30 = tail call i8* @idr_find(%struct.idr* %28, i64 %29) #83 %31 = icmp eq i8* %30, null br i1 %31, label %55, label %32 %33 = bitcast i8* %30 to %struct.seqcount_spinlock* %34 = bitcast i8* %30 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %34, i32 %39, i32* nonnull %34, i32 %38) #6, !srcloc !4 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %45 = extractvalue { i8, i32 } %40, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %37 %48 = phi i32 [ 0, %32 ], [ %38, %37 ], [ 0, %44 ] %49 = add i32 %48, 1 %50 = or i32 %49, %48 %51 = icmp sgt i32 %50, -1 br i1 %51, label %53, label %52, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %33, i32 0) #83 br label %53 %54 = icmp eq i32 %48, 0 br i1 %54, label %55, label %56 tail call void @__rcu_read_unlock() #83 %57 = getelementptr inbounds i8, i8* %30, i64 16 %58 = bitcast i8* %57 to %struct.file** %59 = load %struct.file*, %struct.file** %58, align 8 %60 = icmp eq %struct.file* %59, null br i1 %60, label %140, label %61 %62 = getelementptr inbounds i8, i8* %1, i64 8 %63 = bitcast i8* %62 to i64* %64 = load i64, i64* %63, align 8 %65 = getelementptr inbounds i8, i8* %1, i64 16 %66 = bitcast i8* %65 to i64* %67 = getelementptr inbounds i8, i8* %30, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %64 br i1 %70, label %71, label %140 %72 = load i64, i64* %66, align 8 %73 = sub i64 %69, %64 %74 = icmp ugt i64 %72, %73 br i1 %74, label %140, label %75 %76 = tail call i64 @vm_mmap(%struct.file* nonnull %59, i64 0, i64 %72, i64 3, i64 1, i64 %64) #83 %77 = icmp ugt i64 %76, -4096 br i1 %77, label %140, label %78, !prof !5, !misexpect !6 %79 = load i64, i64* %16, align 8 %80 = and i64 %79, 1 %81 = icmp eq i64 %80, 0 br i1 %81, label %126, label %82 %83 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %84 = inttoptr i64 %83 to %struct.task_struct* %85 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %84, i64 0, i32 47 %86 = load %struct.mm_struct*, %struct.mm_struct** %85, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_mmap_ioctl, %87)) #6 to label %88 [label %87], !srcloc !9 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %86, i1 zeroext true) #83 br label %88 %89 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %86, i64 0, i32 0, i32 17 %90 = tail call i32 @down_write_killable(%struct.rw_semaphore* %89) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_mmap_ioctl, %91)) #6 to label %93 [label %91], !srcloc !9 %94 = icmp eq i32 %90, 0 br i1 %94, label %95, label %140 %96 = tail call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %86, i64 %76) #83 %97 = icmp eq %struct.vm_area_struct* %96, null br i1 %97, label %121, label %98 %99 = load %struct.file*, %struct.file** %58, align 8 %100 = load i64, i64* %66, align 8 %101 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %96, i64 0, i32 14 %102 = load %struct.file*, %struct.file** %101, align 8 %103 = icmp eq %struct.file* %102, %99 br i1 %103, label %104, label %121 %105 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %96, i64 0, i32 0 %106 = load i64, i64* %105, align 8 %107 = icmp eq i64 %106, %76 br i1 %107, label %108, label %121 %122 = phi i64 [ %76, %115 ], [ -12, %95 ], [ -12, %108 ], [ -12, %98 ], [ -12, %104 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_mmap_ioctl, %123)) #6 to label %124 [label %123], !srcloc !9 tail call void @up_write(%struct.rw_semaphore* %89) #83 %125 = icmp ugt i64 %122, -4096 br i1 %125, label %140, label %126 %141 = phi i64 [ %76, %75 ], [ -6, %56 ], [ -22, %71 ], [ -22, %61 ], [ -4, %93 ], [ %122, %124 ] %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %34, i32 -1, i32* nonnull %34) #6, !srcloc !10 %143 = icmp eq i32 %142, 1 br i1 %143, label %149, label %144 %145 = add i32 %142, -1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %151, label %148, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %33, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %153 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %11 = bitcast %struct.mutex* %10 to i8* %12 = load i8, i8* %11, align 8 %13 = icmp ugt i8 %12, 12 br i1 %13, label %153, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 32 %16 = bitcast i8* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ult i64 %17, 2 br i1 %18, label %19, label %153 %20 = icmp eq i64 %17, 0 br i1 %20, label %25, label %21 %22 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %23 = and i64 %22, 65536 %24 = icmp eq i64 %23, 0 br i1 %24, label %153, label %25 %26 = bitcast i8* %1 to i32* %27 = load i32, i32* %26, align 8 tail call void @__rcu_read_lock() #83 %28 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %29 = zext i32 %27 to i64 %30 = tail call i8* @idr_find(%struct.idr* %28, i64 %29) #83 %31 = icmp eq i8* %30, null br i1 %31, label %55, label %32 %33 = bitcast i8* %30 to %struct.seqcount_spinlock* %34 = bitcast i8* %30 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %34, i32 %39, i32* nonnull %34, i32 %38) #6, !srcloc !4 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %45 = extractvalue { i8, i32 } %40, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %37 %48 = phi i32 [ 0, %32 ], [ %38, %37 ], [ 0, %44 ] %49 = add i32 %48, 1 %50 = or i32 %49, %48 %51 = icmp sgt i32 %50, -1 br i1 %51, label %53, label %52, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %33, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __i915_gem_object_pages_fini 1 i915_gem_flush_free_objects 2 __i915_gem_object_create_user_ext 3 i915_gem_create_ext_ioctl ------------- Path:  Function:i915_gem_create_ext_ioctl %4 = alloca %struct.create_ext.473307, align 8 %5 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.473291* %6 = bitcast %struct.create_ext.473307* %4 to i8* %7 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 1 %8 = bitcast [4 x %struct.intel_memory_region.473294*]* %7 to i8* %9 = bitcast %struct.create_ext.473307* %4 to %struct.drm_device.373290** store %struct.drm_device.373290* %0, %struct.drm_device.373290** %9, align 8 %10 = getelementptr inbounds i8, i8* %1, i64 12 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %61 %15 = getelementptr inbounds i8, i8* %1, i64 16 %16 = bitcast i8* %15 to %struct.i915_user_extension** %17 = load %struct.i915_user_extension*, %struct.i915_user_extension** %16, align 8 %18 = call i32 @i915_user_extensions(%struct.i915_user_extension* %17, i32 (%struct.i915_user_extension*, i8*)** getelementptr inbounds ([2 x i32 (%struct.i915_user_extension*, i8*)*], [2 x i32 (%struct.i915_user_extension*, i8*)*]* @create_extensions.42261, i64 0, i64 0), i32 2, i8* nonnull %6) #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %61 %21 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %27 %28 = phi i32 [ %22, %20 ], [ 1, %24 ] %29 = bitcast i8* %1 to i64* %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 1, i64 0 %32 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 3 %33 = load i64, i64* %32, align 8 %34 = trunc i64 %33 to i32 %35 = call fastcc %struct.drm_i915_gem_object.473306* @__i915_gem_object_create_user_ext(%struct.drm_i915_private.473291* %5, i64 %30, %struct.intel_memory_region.473294** %31, i32 %28, i32 %34) #84 Function:__i915_gem_object_create_user_ext %6 = bitcast %struct.intel_memory_region.473294** %2 to i8* %7 = load %struct.intel_memory_region.473294*, %struct.intel_memory_region.473294** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.436298*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.473291*)*)(%struct.drm_i915_private.473291* %0) #83 Function:i915_gem_flush_free_objects %2 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %0, i64 0, i32 68, i32 6, i32 0 %3 = tail call %struct.llist_node* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.llist_node** %2, %struct.llist_node* null, %struct.llist_node** %2) #6, !srcloc !4 %4 = icmp eq %struct.llist_node* %3, null br i1 %4, label %29, label %5, !prof !5, !misexpect !6 %6 = getelementptr %struct.llist_node, %struct.llist_node* %3, i64 -66 %7 = icmp eq %struct.llist_node* %6, inttoptr (i64 -528 to %struct.llist_node*) br i1 %7, label %29, label %8 %9 = bitcast %struct.llist_node* %6 to %struct.drm_i915_gem_object.436033* br label %10 %11 = phi %struct.drm_i915_gem_object.436033* [ %16, %27 ], [ %9, %8 ] %12 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 7 %13 = bitcast %union.anon.26* %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 -528 %16 = bitcast i8* %15 to %struct.drm_i915_gem_object.436033* %17 = tail call i32 @__SCT__might_resched() #83 %18 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 1 %19 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %18, align 8 %20 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %19, i64 0, i32 10 %21 = load void (%struct.drm_i915_gem_object.436033*)*, void (%struct.drm_i915_gem_object.436033*)** %20, align 8 %22 = icmp eq void (%struct.drm_i915_gem_object.436033*)* %21, null br i1 %22, label %24, label %23 tail call void @__i915_gem_object_pages_fini(%struct.drm_i915_gem_object.436033* %11) #83 Function:__i915_gem_object_pages_fini %2 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 2, i32 1 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %4 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %5 = icmp eq %struct.list_head* %4, %2 br i1 %5, label %34, label %6 %7 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 2, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #83 %8 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %9 = icmp eq %struct.list_head* %8, %2 %10 = getelementptr %struct.list_head, %struct.list_head* %8, i64 -36, i32 1 %11 = icmp eq %struct.list_head** %10, null %12 = or i1 %9, %11 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %7) #83 br i1 %12, label %34, label %13 %14 = phi %struct.list_head* [ %29, %28 ], [ %8, %6 ] %15 = getelementptr %struct.list_head, %struct.list_head* %14, i64 -36, i32 1 %16 = getelementptr inbounds %struct.list_head*, %struct.list_head** %15, i64 35 %17 = bitcast %struct.list_head** %16 to %struct.seqcount_spinlock* %18 = bitcast %struct.list_head** %16 to i32* %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 -1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 1 br i1 %20, label %26, label %21 %22 = add i32 %19, -1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %25, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __i915_gem_object_pages_fini 1 i915_gem_flush_free_objects 2 __i915_gem_object_create_user_ext 3 i915_gem_create_ioctl ------------- Path:  Function:i915_gem_create_ioctl %4 = alloca %struct.intel_memory_region.473294*, align 8 %5 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.473291* %6 = bitcast %struct.intel_memory_region.473294** %4 to i8* %7 = tail call %struct.intel_memory_region.473294* bitcast (%struct.intel_memory_region.415924* (%struct.drm_i915_private.415921*, i32)* @intel_memory_region_by_type to %struct.intel_memory_region.473294* (%struct.drm_i915_private.473291*, i32)*)(%struct.drm_i915_private.473291* %5, i32 0) #83 store %struct.intel_memory_region.473294* %7, %struct.intel_memory_region.473294** %4, align 8 %8 = bitcast i8* %1 to i64* %9 = load i64, i64* %8, align 8 %10 = call fastcc %struct.drm_i915_gem_object.473306* @__i915_gem_object_create_user_ext(%struct.drm_i915_private.473291* %5, i64 %9, %struct.intel_memory_region.473294** nonnull %4, i32 1, i32 0) #83 Function:__i915_gem_object_create_user_ext %6 = bitcast %struct.intel_memory_region.473294** %2 to i8* %7 = load %struct.intel_memory_region.473294*, %struct.intel_memory_region.473294** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.436298*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.473291*)*)(%struct.drm_i915_private.473291* %0) #83 Function:i915_gem_flush_free_objects %2 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %0, i64 0, i32 68, i32 6, i32 0 %3 = tail call %struct.llist_node* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.llist_node** %2, %struct.llist_node* null, %struct.llist_node** %2) #6, !srcloc !4 %4 = icmp eq %struct.llist_node* %3, null br i1 %4, label %29, label %5, !prof !5, !misexpect !6 %6 = getelementptr %struct.llist_node, %struct.llist_node* %3, i64 -66 %7 = icmp eq %struct.llist_node* %6, inttoptr (i64 -528 to %struct.llist_node*) br i1 %7, label %29, label %8 %9 = bitcast %struct.llist_node* %6 to %struct.drm_i915_gem_object.436033* br label %10 %11 = phi %struct.drm_i915_gem_object.436033* [ %16, %27 ], [ %9, %8 ] %12 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 7 %13 = bitcast %union.anon.26* %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 -528 %16 = bitcast i8* %15 to %struct.drm_i915_gem_object.436033* %17 = tail call i32 @__SCT__might_resched() #83 %18 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 1 %19 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %18, align 8 %20 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %19, i64 0, i32 10 %21 = load void (%struct.drm_i915_gem_object.436033*)*, void (%struct.drm_i915_gem_object.436033*)** %20, align 8 %22 = icmp eq void (%struct.drm_i915_gem_object.436033*)* %21, null br i1 %22, label %24, label %23 tail call void @__i915_gem_object_pages_fini(%struct.drm_i915_gem_object.436033* %11) #83 Function:__i915_gem_object_pages_fini %2 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 2, i32 1 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %4 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %5 = icmp eq %struct.list_head* %4, %2 br i1 %5, label %34, label %6 %7 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 2, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #83 %8 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %9 = icmp eq %struct.list_head* %8, %2 %10 = getelementptr %struct.list_head, %struct.list_head* %8, i64 -36, i32 1 %11 = icmp eq %struct.list_head** %10, null %12 = or i1 %9, %11 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %7) #83 br i1 %12, label %34, label %13 %14 = phi %struct.list_head* [ %29, %28 ], [ %8, %6 ] %15 = getelementptr %struct.list_head, %struct.list_head* %14, i64 -36, i32 1 %16 = getelementptr inbounds %struct.list_head*, %struct.list_head** %15, i64 35 %17 = bitcast %struct.list_head** %16 to %struct.seqcount_spinlock* %18 = bitcast %struct.list_head** %16 to i32* %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 -1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 1 br i1 %20, label %26, label %21 %22 = add i32 %19, -1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %25, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_domain_ioctl ------------- Path:  Function:i915_gem_set_domain_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds i8, i8* %1, i64 8 %8 = bitcast i8* %7 to i32* %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %11 = bitcast %struct.mutex* %10 to i24* %12 = load i24, i24* %11, align 8 %13 = and i24 %12, 8 %14 = icmp eq i24 %13, 0 br i1 %14, label %15, label %194 %16 = or i32 %9, %6 %17 = and i32 %16, 62 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %194 %20 = icmp ne i32 %9, 0 %21 = xor i1 %20, true %22 = icmp eq i32 %6, %9 %23 = or i1 %22, %21 br i1 %23, label %24, label %194 %25 = icmp eq i32 %6, 0 br i1 %25, label %194, label %26 %27 = bitcast i8* %1 to i32* %28 = load i32, i32* %27, align 4 tail call void @__rcu_read_lock() #83 %29 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %30 = zext i32 %28 to i64 %31 = tail call i8* @idr_find(%struct.idr* %29, i64 %30) #83 %32 = bitcast i8* %31 to %struct.drm_i915_gem_object.474999* %33 = icmp eq i8* %31, null br i1 %33, label %57, label %34 %35 = bitcast i8* %31 to %struct.seqcount_spinlock* %36 = bitcast i8* %31 to i32* %37 = load volatile i32, i32* %36, align 4 %38 = icmp eq i32 %37, 0 br i1 %38, label %49, label %39 %40 = phi i32 [ %47, %46 ], [ %37, %34 ] %41 = add i32 %40, 1 %42 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %36, i32 %41, i32* nonnull %36, i32 %40) #6, !srcloc !4 %43 = extractvalue { i8, i32 } %42, 0 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %46, label %49, !prof !5, !misexpect !6 %47 = extractvalue { i8, i32 } %42, 1 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %39 %50 = phi i32 [ 0, %34 ], [ %40, %39 ], [ 0, %46 ] %51 = add i32 %50, 1 %52 = or i32 %51, %50 %53 = icmp sgt i32 %52, -1 br i1 %53, label %55, label %54, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %35, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_caching_ioctl ------------- Path:  Function:i915_gem_set_caching_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.474981* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %6 = bitcast %struct.mutex* %5 to i24* %7 = load i24, i24* %6, align 8 %8 = and i24 %7, 8 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %131 %11 = getelementptr inbounds i8, i8* %1, i64 4 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 4 switch i32 %13, label %131 [ i32 0, label %22 i32 1, label %14 i32 2, label %17 ] %15 = and i24 %7, 1049600 %16 = icmp eq i24 %15, 0 br i1 %16, label %131, label %22 %23 = phi i32 [ %21, %17 ], [ %13, %10 ], [ 1, %14 ] %24 = bitcast i8* %1 to i32* %25 = load i32, i32* %24, align 4 tail call void @__rcu_read_lock() #83 %26 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %27 = zext i32 %25 to i64 %28 = tail call i8* @idr_find(%struct.idr* %26, i64 %27) #83 %29 = bitcast i8* %28 to %struct.drm_i915_gem_object.474999* %30 = icmp eq i8* %28, null br i1 %30, label %54, label %31 %32 = bitcast i8* %28 to %struct.seqcount_spinlock* %33 = bitcast i8* %28 to i32* %34 = load volatile i32, i32* %33, align 4 %35 = icmp eq i32 %34, 0 br i1 %35, label %46, label %36 %37 = phi i32 [ %44, %43 ], [ %34, %31 ] %38 = add i32 %37, 1 %39 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %33, i32 %38, i32* nonnull %33, i32 %37) #6, !srcloc !4 %40 = extractvalue { i8, i32 } %39, 0 %41 = and i8 %40, 1 %42 = icmp eq i8 %41, 0 br i1 %42, label %43, label %46, !prof !5, !misexpect !6 %44 = extractvalue { i8, i32 } %39, 1 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %36 %47 = phi i32 [ 0, %31 ], [ %37, %36 ], [ 0, %43 ] %48 = add i32 %47, 1 %49 = or i32 %48, %47 %50 = icmp sgt i32 %49, -1 br i1 %50, label %52, label %51, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %32, i32 0) #83 br label %52 %53 = icmp eq i32 %47, 0 br i1 %53, label %54, label %55 tail call void @__rcu_read_unlock() #83 %56 = getelementptr inbounds i8, i8* %28, i64 440 %57 = bitcast i8* %56 to %struct.drm_i915_gem_object_ops.474985** %58 = load %struct.drm_i915_gem_object_ops.474985*, %struct.drm_i915_gem_object_ops.474985** %57, align 8 %59 = getelementptr inbounds %struct.drm_i915_gem_object_ops.474985, %struct.drm_i915_gem_object_ops.474985* %58, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 4 %62 = icmp eq i32 %61, 0 br i1 %62, label %72, label %63 %73 = getelementptr inbounds i8, i8* %28, i64 248 %74 = bitcast i8* %73 to %struct.dma_resv** %75 = load %struct.dma_resv*, %struct.dma_resv** %74, align 8 %76 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %75, i64 0, i32 0 %77 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %76, %struct.ww_acquire_ctx* null) #83 %78 = icmp eq i32 %77, -114 %79 = select i1 %78, i32 0, i32 %77 switch i32 %79, label %120 [ i32 -35, label %80 i32 0, label %90 ] %121 = phi i32 [ -6, %71 ], [ 0, %68 ], [ %110, %117 ], [ -35, %89 ], [ %79, %72 ] %122 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %33, i32 -1, i32* nonnull %33) #6, !srcloc !9 %123 = icmp eq i32 %122, 1 br i1 %123, label %129, label %124 %125 = add i32 %122, -1 %126 = or i32 %125, %122 %127 = icmp sgt i32 %126, -1 br i1 %127, label %131, label %128, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %32, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_caching_ioctl ------------- Path:  Function:i915_gem_set_caching_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.474981* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %6 = bitcast %struct.mutex* %5 to i24* %7 = load i24, i24* %6, align 8 %8 = and i24 %7, 8 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %131 %11 = getelementptr inbounds i8, i8* %1, i64 4 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 4 switch i32 %13, label %131 [ i32 0, label %22 i32 1, label %14 i32 2, label %17 ] %15 = and i24 %7, 1049600 %16 = icmp eq i24 %15, 0 br i1 %16, label %131, label %22 %23 = phi i32 [ %21, %17 ], [ %13, %10 ], [ 1, %14 ] %24 = bitcast i8* %1 to i32* %25 = load i32, i32* %24, align 4 tail call void @__rcu_read_lock() #83 %26 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %27 = zext i32 %25 to i64 %28 = tail call i8* @idr_find(%struct.idr* %26, i64 %27) #83 %29 = bitcast i8* %28 to %struct.drm_i915_gem_object.474999* %30 = icmp eq i8* %28, null br i1 %30, label %54, label %31 %32 = bitcast i8* %28 to %struct.seqcount_spinlock* %33 = bitcast i8* %28 to i32* %34 = load volatile i32, i32* %33, align 4 %35 = icmp eq i32 %34, 0 br i1 %35, label %46, label %36 %37 = phi i32 [ %44, %43 ], [ %34, %31 ] %38 = add i32 %37, 1 %39 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %33, i32 %38, i32* nonnull %33, i32 %37) #6, !srcloc !4 %40 = extractvalue { i8, i32 } %39, 0 %41 = and i8 %40, 1 %42 = icmp eq i8 %41, 0 br i1 %42, label %43, label %46, !prof !5, !misexpect !6 %44 = extractvalue { i8, i32 } %39, 1 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %36 %47 = phi i32 [ 0, %31 ], [ %37, %36 ], [ 0, %43 ] %48 = add i32 %47, 1 %49 = or i32 %48, %47 %50 = icmp sgt i32 %49, -1 br i1 %50, label %52, label %51, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %32, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_context_lookup 1 i915_gem_context_reset_stats_ioctl ------------- Path:  Function:i915_gem_context_reset_stats_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %62 %9 = getelementptr inbounds i8, i8* %1, i64 20 %10 = bitcast i8* %9 to i32* %11 = load i32, i32* %10, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %62 %14 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 19 %15 = bitcast i8** %14 to %struct.drm_i915_file_private.436064** %16 = load %struct.drm_i915_file_private.436064*, %struct.drm_i915_file_private.436064** %15, align 8 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 4 %19 = tail call %struct.i915_gem_context.436070* @i915_gem_context_lookup(%struct.drm_i915_file_private.436064* %16, i32 %18) #83 Function:i915_gem_context_lookup tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.drm_i915_file_private.436064, %struct.drm_i915_file_private.436064* %0, i64 0, i32 4 %4 = zext i32 %1 to i64 %5 = tail call i8* @xa_load(%struct.xarray* %3, i64 %4) #83 %6 = icmp eq i8* %5, null br i1 %6, label %32, label %7 %8 = bitcast i8* %5 to %struct.i915_gem_context.436070* %9 = getelementptr inbounds i8, i8* %5, i64 96 %10 = bitcast i8* %9 to %struct.seqcount_spinlock* %11 = bitcast i8* %9 to i32* %12 = load volatile i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %24, label %14 %15 = phi i32 [ %22, %21 ], [ %12, %7 ] %16 = add i32 %15, 1 %17 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 %16, i32* %11, i32 %15) #6, !srcloc !4 %18 = extractvalue { i8, i32 } %17, 0 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %21, label %24, !prof !5, !misexpect !6 %22 = extractvalue { i8, i32 } %17, 1 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %14 %25 = phi i32 [ 0, %7 ], [ 0, %21 ], [ %15, %14 ] %26 = add i32 %25, 1 %27 = or i32 %26, %25 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_context_lookup 1 i915_gem_context_getparam_ioctl ------------- Path:  Function:i915_gem_context_getparam_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %6 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 19 %7 = bitcast i8** %6 to %struct.drm_i915_file_private.436064** %8 = load %struct.drm_i915_file_private.436064*, %struct.drm_i915_file_private.436064** %7, align 8 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 8 %11 = tail call %struct.i915_gem_context.436070* @i915_gem_context_lookup(%struct.drm_i915_file_private.436064* %8, i32 %10) #83 Function:i915_gem_context_lookup tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.drm_i915_file_private.436064, %struct.drm_i915_file_private.436064* %0, i64 0, i32 4 %4 = zext i32 %1 to i64 %5 = tail call i8* @xa_load(%struct.xarray* %3, i64 %4) #83 %6 = icmp eq i8* %5, null br i1 %6, label %32, label %7 %8 = bitcast i8* %5 to %struct.i915_gem_context.436070* %9 = getelementptr inbounds i8, i8* %5, i64 96 %10 = bitcast i8* %9 to %struct.seqcount_spinlock* %11 = bitcast i8* %9 to i32* %12 = load volatile i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %24, label %14 %15 = phi i32 [ %22, %21 ], [ %12, %7 ] %16 = add i32 %15, 1 %17 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 %16, i32* %11, i32 %15) #6, !srcloc !4 %18 = extractvalue { i8, i32 } %17, 0 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %21, label %24, !prof !5, !misexpect !6 %22 = extractvalue { i8, i32 } %17, 1 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %14 %25 = phi i32 [ 0, %7 ], [ 0, %21 ], [ %15, %14 ] %26 = add i32 %25, 1 %27 = or i32 %26, %25 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 gpu_state_release ------------- Path:  Function:gpu_state_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.i915_gpu_coredump.426591** %5 = load %struct.i915_gpu_coredump.426591*, %struct.i915_gpu_coredump.426591** %4, align 8 %6 = icmp eq %struct.i915_gpu_coredump.426591* %5, null br i1 %6, label %19, label %7 %8 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %5, i64 0, i32 0, i32 0 %9 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32 -1, i32* %9) #6, !srcloc !4 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12 %13 = add i32 %10, -1 %14 = or i32 %13, %10 %15 = icmp sgt i32 %14, -1 br i1 %15, label %19, label %16, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %8, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 gpu_state_release ------------- Path:  Function:gpu_state_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.i915_gpu_coredump.426591** %5 = load %struct.i915_gpu_coredump.426591*, %struct.i915_gpu_coredump.426591** %4, align 8 %6 = icmp eq %struct.i915_gpu_coredump.426591* %5, null br i1 %6, label %19, label %7 %8 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %5, i64 0, i32 0, i32 0 %9 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32 -1, i32* %9) #6, !srcloc !4 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12 %13 = add i32 %10, -1 %14 = or i32 %13, %10 %15 = icmp sgt i32 %14, -1 br i1 %15, label %19, label %16, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %8, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_syncobj_file_release ------------- Path:  Function:drm_syncobj_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_syncobj** %5 = load %struct.drm_syncobj*, %struct.drm_syncobj** %4, align 8 %6 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0 %7 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 -1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = add i32 %8, -1 %12 = or i32 %11, %8 %13 = icmp sgt i32 %12, -1 br i1 %13, label %17, label %14, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %6, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 syncobj_wait_syncobj_func 1 drm_syncobj_replace_fence 2 drm_syncobj_file_release ------------- Path:  Function:drm_syncobj_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_syncobj** %5 = load %struct.drm_syncobj*, %struct.drm_syncobj** %4, align 8 %6 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0 %7 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 -1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %16 = bitcast %struct.drm_syncobj* %5 to i8* tail call void @drm_syncobj_replace_fence(%struct.drm_syncobj* %5, %struct.dma_fence* null) #83 Function:drm_syncobj_replace_fence %3 = icmp eq %struct.dma_fence* %1, null br i1 %3, label %16, label %4 %5 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %1, i64 0, i32 6 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11, !prof !5, !misexpect !6 %12 = add i32 %8, 1 %13 = or i32 %12, %8 %14 = icmp sgt i32 %13, -1 br i1 %14, label %16, label %15, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %6, i32 1) #83 br label %16 %17 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %17) #83 %18 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %19 = load %struct.dma_fence*, %struct.dma_fence** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile %struct.dma_fence* %1, %struct.dma_fence** %18, align 8 %20 = icmp eq %struct.dma_fence* %19, %1 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 2 %23 = bitcast %struct.list_head* %22 to %struct.syncobj_wait_entry** %24 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %23, align 8 %25 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %24, i64 0, i32 0 %26 = icmp eq %struct.list_head* %25, %22 br i1 %26, label %33, label %27 %28 = phi %struct.syncobj_wait_entry* [ %30, %27 ], [ %24, %21 ] %29 = bitcast %struct.syncobj_wait_entry* %28 to %struct.syncobj_wait_entry** %30 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %29, align 8 tail call fastcc void @syncobj_wait_syncobj_func(%struct.drm_syncobj* %0, %struct.syncobj_wait_entry* %28) #84 Function:syncobj_wait_syncobj_func %3 = alloca %struct.dma_fence*, align 8 %4 = bitcast %struct.dma_fence** %3 to i8* %5 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %6 = load %struct.dma_fence*, %struct.dma_fence** %5, align 8 store %struct.dma_fence* %6, %struct.dma_fence** %3, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %56, label %8 %9 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %6, i64 0, i32 6 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !5, !misexpect !6 %15 = add i32 %12, 1 %16 = or i32 %15, %12 %17 = icmp sgt i32 %16, -1 br i1 %17, label %20, label %18, !prof !7, !misexpect !6 %19 = phi i32 [ 2, %8 ], [ 1, %14 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 %19) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_syncobj_replace_fence 1 drm_syncobj_file_release ------------- Path:  Function:drm_syncobj_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_syncobj** %5 = load %struct.drm_syncobj*, %struct.drm_syncobj** %4, align 8 %6 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0 %7 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 -1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %16 = bitcast %struct.drm_syncobj* %5 to i8* tail call void @drm_syncobj_replace_fence(%struct.drm_syncobj* %5, %struct.dma_fence* null) #83 Function:drm_syncobj_replace_fence %3 = icmp eq %struct.dma_fence* %1, null br i1 %3, label %16, label %4 %5 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %1, i64 0, i32 6 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11, !prof !5, !misexpect !6 %12 = add i32 %8, 1 %13 = or i32 %12, %8 %14 = icmp sgt i32 %13, -1 br i1 %14, label %16, label %15, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %6, i32 1) #83 br label %16 %17 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %17) #83 %18 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %19 = load %struct.dma_fence*, %struct.dma_fence** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile %struct.dma_fence* %1, %struct.dma_fence** %18, align 8 %20 = icmp eq %struct.dma_fence* %19, %1 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 2 %23 = bitcast %struct.list_head* %22 to %struct.syncobj_wait_entry** %24 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %23, align 8 %25 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %24, i64 0, i32 0 %26 = icmp eq %struct.list_head* %25, %22 br i1 %26, label %33, label %27 %28 = phi %struct.syncobj_wait_entry* [ %30, %27 ], [ %24, %21 ] %29 = bitcast %struct.syncobj_wait_entry* %28 to %struct.syncobj_wait_entry** %30 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %29, align 8 tail call fastcc void @syncobj_wait_syncobj_func(%struct.drm_syncobj* %0, %struct.syncobj_wait_entry* %28) #84 %31 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %22 br i1 %32, label %33, label %27 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %17) #83 %34 = icmp eq %struct.dma_fence* %19, null br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %19, i64 0, i32 6 %37 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %36, i64 0, i32 0 %38 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %36, i64 0, i32 0, i32 0, i32 0 %39 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 -1, i32* %38) #6, !srcloc !9 %40 = icmp eq i32 %39, 1 br i1 %40, label %46, label %41 %42 = add i32 %39, -1 %43 = or i32 %42, %39 %44 = icmp sgt i32 %43, -1 br i1 %44, label %47, label %45, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_syncobj_replace_fence 1 drm_syncobj_file_release ------------- Path:  Function:drm_syncobj_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_syncobj** %5 = load %struct.drm_syncobj*, %struct.drm_syncobj** %4, align 8 %6 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0 %7 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 -1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %16 = bitcast %struct.drm_syncobj* %5 to i8* tail call void @drm_syncobj_replace_fence(%struct.drm_syncobj* %5, %struct.dma_fence* null) #83 Function:drm_syncobj_replace_fence %3 = icmp eq %struct.dma_fence* %1, null br i1 %3, label %16, label %4 %5 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %1, i64 0, i32 6 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11, !prof !5, !misexpect !6 %12 = add i32 %8, 1 %13 = or i32 %12, %8 %14 = icmp sgt i32 %13, -1 br i1 %14, label %16, label %15, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %6, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_syncobj_replace_fence 1 drm_syncobj_file_release ------------- Path:  Function:drm_syncobj_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_syncobj** %5 = load %struct.drm_syncobj*, %struct.drm_syncobj** %4, align 8 %6 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0 %7 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 -1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %16 = bitcast %struct.drm_syncobj* %5 to i8* tail call void @drm_syncobj_replace_fence(%struct.drm_syncobj* %5, %struct.dma_fence* null) #83 Function:drm_syncobj_replace_fence %3 = icmp eq %struct.dma_fence* %1, null br i1 %3, label %16, label %4 %5 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %1, i64 0, i32 6 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %6, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_put 1 singleton_release ------------- Path:  Function:singleton_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_i915_private.436298** %5 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %5, i64 0, i32 109, i32 1 %7 = bitcast %struct.file** %6 to i64* %8 = tail call %struct.file* asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, %struct.file* null, %struct.file* %1, i64* %7) #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %5, i64 0, i32 0 tail call void @drm_dev_put(%struct.drm_device.373290* %9) #83 Function:drm_dev_put %2 = icmp eq %struct.drm_device.373290* %0, null br i1 %2, label %28, label %3 %4 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 %10 = add i32 %7, -1 %11 = or i32 %10, %7 %12 = icmp sgt i32 %11, -1 br i1 %12, label %28, label %13, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %5, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 Function:tty_jobctrl_ioctl switch i32 %3, label %233 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %95 i32 21520, label %132 i32 21545, label %206 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct.353794*)*)(%struct.tty_struct.353794* %1) #83 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 %16 = add i32 %12, 1 %17 = or i32 %16, %12 %18 = icmp sgt i32 %17, -1 br i1 %18, label %20, label %19, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #83 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 Function:tty_jobctrl_ioctl switch i32 %3, label %233 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %95 i32 21520, label %132 i32 21545, label %206 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct.353794*)*)(%struct.tty_struct.353794* %1) #83 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 %16 = add i32 %12, 1 %17 = or i32 %16, %12 %18 = icmp sgt i32 %17, -1 br i1 %18, label %20, label %19, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #83 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 Function:tty_jobctrl_ioctl switch i32 %3, label %233 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %95 i32 21520, label %132 i32 21545, label %206 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct.353794*)*)(%struct.tty_struct.353794* %1) #83 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 %16 = add i32 %12, 1 %17 = or i32 %16, %12 %18 = icmp sgt i32 %17, -1 br i1 %18, label %20, label %19, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 Function:tty_jobctrl_ioctl switch i32 %3, label %233 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %95 i32 21520, label %132 i32 21545, label %206 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct.353794*)*)(%struct.tty_struct.353794* %1) #83 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 %16 = add i32 %12, 1 %17 = or i32 %16, %12 %18 = icmp sgt i32 %17, -1 br i1 %18, label %20, label %19, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct*, %struct.tty_struct** %7, align 8 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* %8) #83 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 %16 = add i32 %12, 1 %17 = or i32 %16, %12 %18 = icmp sgt i32 %17, -1 br i1 %18, label %20, label %19, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct*, %struct.tty_struct** %7, align 8 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* %8) #83 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 %16 = add i32 %12, 1 %17 = or i32 %16, %12 %18 = icmp sgt i32 %17, -1 br i1 %18, label %20, label %19, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #84 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 %16 = add i32 %12, 1 %17 = or i32 %16, %12 %18 = icmp sgt i32 %17, -1 br i1 %18, label %20, label %19, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #84 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 %16 = add i32 %12, 1 %17 = or i32 %16, %12 %18 = icmp sgt i32 %17, -1 br i1 %18, label %20, label %19, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #84 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 %16 = add i32 %12, 1 %17 = or i32 %16, %12 %18 = icmp sgt i32 %17, -1 br i1 %18, label %20, label %19, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 Function:tty_jobctrl_ioctl switch i32 %3, label %233 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %95 i32 21520, label %132 i32 21545, label %206 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct.353794*)*)(%struct.tty_struct.353794* %1) #83 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #83 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 Function:tty_jobctrl_ioctl switch i32 %3, label %233 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %95 i32 21520, label %132 i32 21545, label %206 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct.353794*)*)(%struct.tty_struct.353794* %1) #83 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #83 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 Function:tty_jobctrl_ioctl switch i32 %3, label %233 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %95 i32 21520, label %132 i32 21545, label %206 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct.353794*)*)(%struct.tty_struct.353794* %1) #83 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 Function:tty_jobctrl_ioctl switch i32 %3, label %233 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %95 i32 21520, label %132 i32 21545, label %206 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct.353794*)*)(%struct.tty_struct.353794* %1) #83 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct*, %struct.tty_struct** %7, align 8 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* %8) #83 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct*, %struct.tty_struct** %7, align 8 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* %8) #83 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #84 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #84 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_lock 1 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #84 Function:tty_lock %2 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 0 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 21505 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = icmp eq %struct.tty_struct.352793* %0, null br i1 %7, label %20, label %8 %9 = getelementptr inbounds %struct.tty_struct.352793, %struct.tty_struct.352793* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !9, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_put 1 con_cleanup ------------- Path:  Function:con_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %3 = bitcast i8** %2 to %struct.vc_data.357703** %4 = load %struct.vc_data.357703*, %struct.vc_data.357703** %3, align 8 %5 = getelementptr inbounds %struct.vc_data.357703, %struct.vc_data.357703* %4, i64 0, i32 0 tail call void bitcast (void (%struct.tty_port.352437*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %5) #83 Function:tty_port_put %2 = icmp eq %struct.tty_port.352437* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.352437, %struct.tty_port.352437* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 %10 = add i32 %7, -1 %11 = or i32 %10, %7 %12 = icmp sgt i32 %11, -1 br i1 %12, label %42, label %13, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %5, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_put 1 pty_cleanup ------------- Path:  Function:pty_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %3 = load %struct.tty_port*, %struct.tty_port** %2, align 8 tail call void bitcast (void (%struct.tty_port.352437*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %3) #83 Function:tty_port_put %2 = icmp eq %struct.tty_port.352437* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.352437, %struct.tty_port.352437* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 %10 = add i32 %7, -1 %11 = or i32 %10, %7 %12 = icmp sgt i32 %11, -1 br i1 %12, label %42, label %13, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %5, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_put 1 pty_cleanup ------------- Path:  Function:pty_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %3 = load %struct.tty_port*, %struct.tty_port** %2, align 8 tail call void bitcast (void (%struct.tty_port.352437*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %3) #83 Function:tty_port_put %2 = icmp eq %struct.tty_port.352437* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.352437, %struct.tty_port.352437* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 %10 = add i32 %7, -1 %11 = or i32 %10, %7 %12 = icmp sgt i32 %11, -1 br i1 %12, label %42, label %13, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %5, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_standard_install 1 uart_install ------------- Path:  Function:uart_install %3 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %0, i64 0, i32 19 %4 = bitcast i8** %3 to %struct.uart_driver** %5 = load %struct.uart_driver*, %struct.uart_driver** %4, align 8 %6 = getelementptr inbounds %struct.uart_driver, %struct.uart_driver* %5, i64 0, i32 7 %7 = load %struct.uart_state*, %struct.uart_state** %6, align 8 %8 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %9 = load i32, i32* %8, align 8 %10 = sext i32 %9 to i64 %11 = getelementptr %struct.uart_state, %struct.uart_state* %7, i64 %10 %12 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 30 %13 = bitcast i8** %12 to %struct.uart_state** store %struct.uart_state* %11, %struct.uart_state** %13, align 8 %14 = tail call i32 @tty_standard_install(%struct.tty_driver* %0, %struct.tty_struct* %1) #83 Function:tty_standard_install %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %14, label %9 %10 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 13 %11 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 12 %12 = bitcast %struct.ktermios* %10 to i8* %13 = bitcast %struct.ktermios* %11 to i8* br label %34 %35 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 13 %36 = tail call i32 @tty_termios_input_baud_rate(%struct.ktermios* %35) #83 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 13, i32 6 store i32 %36, i32* %37, align 4 %38 = tail call i32 @tty_termios_baud_rate(%struct.ktermios* %35) #83 %39 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 13, i32 7 store i32 %38, i32* %39, align 8 %40 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %0, i64 0, i32 1 %41 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %40, i64 0, i32 0 %42 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %40, i64 0, i32 0, i32 0, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 1, i32* %42) #6, !srcloc !4 %44 = icmp eq i32 %43, 0 br i1 %44, label %49, label %45, !prof !5, !misexpect !6 %46 = add i32 %43, 1 %47 = or i32 %46, %43 %48 = icmp sgt i32 %47, -1 br i1 %48, label %51, label %49, !prof !7, !misexpect !6 %50 = phi i32 [ 2, %34 ], [ 1, %45 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %41, i32 %50) #83 ------------- Use: =BAD PATH= Call Stack: 0 kobject_get 1 bind_store ------------- Path:  Function:bind_store %4 = alloca %struct.klist_iter, align 8 %5 = getelementptr inbounds %struct.device_driver, %struct.device_driver* %0, i64 0, i32 1 %6 = load %struct.bus_type*, %struct.bus_type** %5, align 8 %7 = icmp eq %struct.bus_type* %6, null br i1 %7, label %14, label %8 %9 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %6, i64 0, i32 20 %10 = load %struct.subsys_private*, %struct.subsys_private** %9, align 8 %11 = icmp eq %struct.subsys_private* %10, null br i1 %11, label %12, label %16 %17 = getelementptr inbounds %struct.subsys_private, %struct.subsys_private* %10, i64 0, i32 0, i32 2 %18 = tail call %struct.kobject* bitcast (%struct.kobject.310319* (%struct.kobject.310319*)* @kobject_get to %struct.kobject* (%struct.kobject*)*)(%struct.kobject* %17) #83 Function:kobject_get %2 = icmp eq %struct.kobject.310319* %0, null br i1 %2, label %23, label %3 %4 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 7 %5 = load i8, i8* %4, align 4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %8, label %11 %12 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0, i32 0, i32 0 %15 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %14, i32 1, i32* %14) #6, !srcloc !6 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %18, !prof !7, !misexpect !8 %19 = add i32 %15, 1 %20 = or i32 %19, %15 %21 = icmp sgt i32 %20, -1 br i1 %21, label %23, label %22, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %13, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 kobject_get 1 pps_cdev_open ------------- Path:  Function:pps_cdev_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 43 %4 = bitcast %union.anon.97* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = getelementptr i8, i8* %5, i64 -224 %7 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 store i8* %6, i8** %7, align 8 %8 = getelementptr i8, i8* %5, i64 104 %9 = bitcast i8* %8 to %struct.device** %10 = load %struct.device*, %struct.device** %9, align 8 %11 = getelementptr inbounds %struct.device, %struct.device* %10, i64 0, i32 0 %12 = tail call %struct.kobject* bitcast (%struct.kobject.310319* (%struct.kobject.310319*)* @kobject_get to %struct.kobject* (%struct.kobject*)*)(%struct.kobject* %11) #83 Function:kobject_get %2 = icmp eq %struct.kobject.310319* %0, null br i1 %2, label %23, label %3 %4 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 7 %5 = load i8, i8* %4, align 4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %8, label %11 %12 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0, i32 0, i32 0 %15 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %14, i32 1, i32* %14) #6, !srcloc !6 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %18, !prof !7, !misexpect !8 %19 = add i32 %15, 1 %20 = or i32 %19, %15 %21 = icmp sgt i32 %20, -1 br i1 %21, label %23, label %22, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %13, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 kobject_get 1 get_device 2 pci_dev_get 3 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.48040, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* %300 = bitcast i32* %9 to i8* %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.48041, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %305 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** @vga_default, align 8 %306 = call %struct.pci_dev.313800* @pci_dev_get(%struct.pci_dev.313800* %305) #83 Function:pci_dev_get %2 = icmp eq %struct.pci_dev.313800* %0, null br i1 %2, label %6, label %3 %4 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 46 %5 = tail call %struct.device* @get_device(%struct.device* %4) #83 Function:get_device %2 = icmp eq %struct.device* %0, null br i1 %2, label %7, label %3 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 0 %5 = tail call %struct.kobject* bitcast (%struct.kobject.310319* (%struct.kobject.310319*)* @kobject_get to %struct.kobject* (%struct.kobject*)*)(%struct.kobject* %4) #83 Function:kobject_get %2 = icmp eq %struct.kobject.310319* %0, null br i1 %2, label %23, label %3 %4 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 7 %5 = load i8, i8* %4, align 4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %8, label %11 %12 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0, i32 0, i32 0 %15 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %14, i32 1, i32* %14) #6, !srcloc !6 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %18, !prof !7, !misexpect !8 %19 = add i32 %15, 1 %20 = or i32 %19, %15 %21 = icmp sgt i32 %20, -1 br i1 %21, label %23, label %22, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %13, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 kobject_get 1 get_device 2 xps_cpus_show ------------- Path:  Function:xps_cpus_show %3 = getelementptr inbounds %struct.netdev_queue.754308, %struct.netdev_queue.754308* %0, i64 0, i32 0 %4 = load %struct.net_device.754351*, %struct.net_device.754351** %3, align 64 %5 = getelementptr inbounds %struct.net_device.754351, %struct.net_device.754351* %4, i64 0, i32 88 %6 = load i32, i32* %5, align 8 %7 = icmp ugt i32 %6, 1 br i1 %7, label %8, label %40 %9 = getelementptr inbounds %struct.net_device.754351, %struct.net_device.754351* %4, i64 0, i32 87 %10 = bitcast %struct.netdev_queue.754308** %9 to i64* %11 = load i64, i64* %10, align 64 %12 = ptrtoint %struct.netdev_queue.754308* %0 to i64 %13 = sub i64 %12, %11 %14 = sdiv exact i64 %13, 320 %15 = trunc i64 %14 to i32 %16 = icmp ugt i32 %6, %15 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = tail call i32 @rtnl_trylock() #83 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %24 %25 = load %struct.netdev_queue.754308*, %struct.netdev_queue.754308** %9, align 64 %26 = and i64 %14, 4294967295 %27 = getelementptr %struct.netdev_queue.754308, %struct.netdev_queue.754308* %25, i64 %26, i32 7 %28 = load %struct.net_device.754351*, %struct.net_device.754351** %27, align 16 %29 = icmp eq %struct.net_device.754351* %28, null %30 = select i1 %29, %struct.net_device.754351* %4, %struct.net_device.754351* %28 %31 = tail call i32 bitcast (i32 (%struct.net_device.744736*, i32)* @netdev_txq_to_tc to i32 (%struct.net_device.754351*, i32)*)(%struct.net_device.754351* %30, i32 %15) #83 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %34 %35 = getelementptr inbounds %struct.net_device.754351, %struct.net_device.754351* %30, i64 0, i32 114 %36 = tail call %struct.device.754070* bitcast (%struct.device* (%struct.device*)* @get_device to %struct.device.754070* (%struct.device.754070*)*)(%struct.device.754070* %35) #83 Function:get_device %2 = icmp eq %struct.device* %0, null br i1 %2, label %7, label %3 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 0 %5 = tail call %struct.kobject* bitcast (%struct.kobject.310319* (%struct.kobject.310319*)* @kobject_get to %struct.kobject* (%struct.kobject*)*)(%struct.kobject* %4) #83 Function:kobject_get %2 = icmp eq %struct.kobject.310319* %0, null br i1 %2, label %23, label %3 %4 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 7 %5 = load i8, i8* %4, align 4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %8, label %11 %12 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0, i32 0, i32 0 %15 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %14, i32 1, i32* %14) #6, !srcloc !6 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %18, !prof !7, !misexpect !8 %19 = add i32 %15, 1 %20 = or i32 %19, %15 %21 = icmp sgt i32 %20, -1 br i1 %21, label %23, label %22, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %13, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 kobject_get 1 get_device 2 scsi_device_get 3 sdev_store_delete ------------- Path:  Function:sdev_store_delete %5 = getelementptr %struct.device.609954, %struct.device.609954* %0, i64 -1, i32 11, i32 8, i32 0, i32 1 %6 = bitcast i64* %5 to %struct.scsi_device.610229* %7 = tail call i32 bitcast (i32 (%struct.scsi_device*)* @scsi_device_get to i32 (%struct.scsi_device.610229*)*)(%struct.scsi_device.610229* %6) #83 Function:scsi_device_get %2 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 68 %3 = load i32, i32* %2, align 8 %4 = add i32 %3, -3 %5 = icmp ult i32 %4, 2 br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 54 %8 = tail call %struct.device.606559* bitcast (%struct.device* (%struct.device*)* @get_device to %struct.device.606559* (%struct.device.606559*)*)(%struct.device.606559* %7) #83 Function:get_device %2 = icmp eq %struct.device* %0, null br i1 %2, label %7, label %3 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 0 %5 = tail call %struct.kobject* bitcast (%struct.kobject.310319* (%struct.kobject.310319*)* @kobject_get to %struct.kobject* (%struct.kobject*)*)(%struct.kobject* %4) #83 Function:kobject_get %2 = icmp eq %struct.kobject.310319* %0, null br i1 %2, label %23, label %3 %4 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 7 %5 = load i8, i8* %4, align 4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %8, label %11 %12 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0, i32 0, i32 0 %15 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %14, i32 1, i32* %14) #6, !srcloc !6 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %18, !prof !7, !misexpect !8 %19 = add i32 %15, 1 %20 = or i32 %19, %15 %21 = icmp sgt i32 %20, -1 br i1 %21, label %23, label %22, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %13, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 kobject_get 1 blk_get_queue 2 bsg_open ------------- Path:  Function:bsg_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 43 %4 = bitcast %union.anon.97* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = getelementptr i8, i8* %5, i64 -736 %7 = bitcast i8* %6 to %struct.request_queue** %8 = load %struct.request_queue*, %struct.request_queue** %7, align 8 %9 = tail call zeroext i1 bitcast (i1 (%struct.request_queue.290802*)* @blk_get_queue to i1 (%struct.request_queue*)*)(%struct.request_queue* %8) #83 Function:blk_get_queue %2 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %3 = load volatile i64, i64* %2, align 8 %4 = and i64 %3, 2 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %9, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 16 %8 = tail call %struct.kobject.290884* bitcast (%struct.kobject.310319* (%struct.kobject.310319*)* @kobject_get to %struct.kobject.290884* (%struct.kobject.290884*)*)(%struct.kobject.290884* %7) #83 Function:kobject_get %2 = icmp eq %struct.kobject.310319* %0, null br i1 %2, label %23, label %3 %4 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 7 %5 = load i8, i8* %4, align 4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %8, label %11 %12 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0, i32 0, i32 0 %15 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %14, i32 1, i32* %14) #6, !srcloc !6 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %18, !prof !7, !misexpect !8 %19 = add i32 %15, 1 %20 = or i32 %19, %15 %21 = icmp sgt i32 %20, -1 br i1 %21, label %23, label %22, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %13, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 kobject_get 1 bind_store ------------- Path:  Function:bind_store %4 = alloca %struct.klist_iter, align 8 %5 = getelementptr inbounds %struct.device_driver, %struct.device_driver* %0, i64 0, i32 1 %6 = load %struct.bus_type*, %struct.bus_type** %5, align 8 %7 = icmp eq %struct.bus_type* %6, null br i1 %7, label %14, label %8 %9 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %6, i64 0, i32 20 %10 = load %struct.subsys_private*, %struct.subsys_private** %9, align 8 %11 = icmp eq %struct.subsys_private* %10, null br i1 %11, label %12, label %16 %17 = getelementptr inbounds %struct.subsys_private, %struct.subsys_private* %10, i64 0, i32 0, i32 2 %18 = tail call %struct.kobject* bitcast (%struct.kobject.310319* (%struct.kobject.310319*)* @kobject_get to %struct.kobject* (%struct.kobject*)*)(%struct.kobject* %17) #83 Function:kobject_get %2 = icmp eq %struct.kobject.310319* %0, null br i1 %2, label %23, label %3 %4 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 7 %5 = load i8, i8* %4, align 4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %8, label %11 %12 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0, i32 0, i32 0 %15 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %14, i32 1, i32* %14) #6, !srcloc !6 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %18, !prof !7, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %13, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kobject_get 1 pps_cdev_open ------------- Path:  Function:pps_cdev_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 43 %4 = bitcast %union.anon.97* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = getelementptr i8, i8* %5, i64 -224 %7 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 store i8* %6, i8** %7, align 8 %8 = getelementptr i8, i8* %5, i64 104 %9 = bitcast i8* %8 to %struct.device** %10 = load %struct.device*, %struct.device** %9, align 8 %11 = getelementptr inbounds %struct.device, %struct.device* %10, i64 0, i32 0 %12 = tail call %struct.kobject* bitcast (%struct.kobject.310319* (%struct.kobject.310319*)* @kobject_get to %struct.kobject* (%struct.kobject*)*)(%struct.kobject* %11) #83 Function:kobject_get %2 = icmp eq %struct.kobject.310319* %0, null br i1 %2, label %23, label %3 %4 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 7 %5 = load i8, i8* %4, align 4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %8, label %11 %12 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0, i32 0, i32 0 %15 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %14, i32 1, i32* %14) #6, !srcloc !6 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %18, !prof !7, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %13, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kobject_get 1 get_device 2 pci_dev_get 3 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.48040, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* %300 = bitcast i32* %9 to i8* %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.48041, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %305 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** @vga_default, align 8 %306 = call %struct.pci_dev.313800* @pci_dev_get(%struct.pci_dev.313800* %305) #83 Function:pci_dev_get %2 = icmp eq %struct.pci_dev.313800* %0, null br i1 %2, label %6, label %3 %4 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 46 %5 = tail call %struct.device* @get_device(%struct.device* %4) #83 Function:get_device %2 = icmp eq %struct.device* %0, null br i1 %2, label %7, label %3 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 0 %5 = tail call %struct.kobject* bitcast (%struct.kobject.310319* (%struct.kobject.310319*)* @kobject_get to %struct.kobject* (%struct.kobject*)*)(%struct.kobject* %4) #83 Function:kobject_get %2 = icmp eq %struct.kobject.310319* %0, null br i1 %2, label %23, label %3 %4 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 7 %5 = load i8, i8* %4, align 4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %8, label %11 %12 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0, i32 0, i32 0 %15 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %14, i32 1, i32* %14) #6, !srcloc !6 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %18, !prof !7, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %13, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kobject_get 1 get_device 2 xps_cpus_show ------------- Path:  Function:xps_cpus_show %3 = getelementptr inbounds %struct.netdev_queue.754308, %struct.netdev_queue.754308* %0, i64 0, i32 0 %4 = load %struct.net_device.754351*, %struct.net_device.754351** %3, align 64 %5 = getelementptr inbounds %struct.net_device.754351, %struct.net_device.754351* %4, i64 0, i32 88 %6 = load i32, i32* %5, align 8 %7 = icmp ugt i32 %6, 1 br i1 %7, label %8, label %40 %9 = getelementptr inbounds %struct.net_device.754351, %struct.net_device.754351* %4, i64 0, i32 87 %10 = bitcast %struct.netdev_queue.754308** %9 to i64* %11 = load i64, i64* %10, align 64 %12 = ptrtoint %struct.netdev_queue.754308* %0 to i64 %13 = sub i64 %12, %11 %14 = sdiv exact i64 %13, 320 %15 = trunc i64 %14 to i32 %16 = icmp ugt i32 %6, %15 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = tail call i32 @rtnl_trylock() #83 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %24 %25 = load %struct.netdev_queue.754308*, %struct.netdev_queue.754308** %9, align 64 %26 = and i64 %14, 4294967295 %27 = getelementptr %struct.netdev_queue.754308, %struct.netdev_queue.754308* %25, i64 %26, i32 7 %28 = load %struct.net_device.754351*, %struct.net_device.754351** %27, align 16 %29 = icmp eq %struct.net_device.754351* %28, null %30 = select i1 %29, %struct.net_device.754351* %4, %struct.net_device.754351* %28 %31 = tail call i32 bitcast (i32 (%struct.net_device.744736*, i32)* @netdev_txq_to_tc to i32 (%struct.net_device.754351*, i32)*)(%struct.net_device.754351* %30, i32 %15) #83 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %34 %35 = getelementptr inbounds %struct.net_device.754351, %struct.net_device.754351* %30, i64 0, i32 114 %36 = tail call %struct.device.754070* bitcast (%struct.device* (%struct.device*)* @get_device to %struct.device.754070* (%struct.device.754070*)*)(%struct.device.754070* %35) #83 Function:get_device %2 = icmp eq %struct.device* %0, null br i1 %2, label %7, label %3 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 0 %5 = tail call %struct.kobject* bitcast (%struct.kobject.310319* (%struct.kobject.310319*)* @kobject_get to %struct.kobject* (%struct.kobject*)*)(%struct.kobject* %4) #83 Function:kobject_get %2 = icmp eq %struct.kobject.310319* %0, null br i1 %2, label %23, label %3 %4 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 7 %5 = load i8, i8* %4, align 4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %8, label %11 %12 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0, i32 0, i32 0 %15 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %14, i32 1, i32* %14) #6, !srcloc !6 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %18, !prof !7, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %13, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kobject_get 1 get_device 2 scsi_device_get 3 sdev_store_delete ------------- Path:  Function:sdev_store_delete %5 = getelementptr %struct.device.609954, %struct.device.609954* %0, i64 -1, i32 11, i32 8, i32 0, i32 1 %6 = bitcast i64* %5 to %struct.scsi_device.610229* %7 = tail call i32 bitcast (i32 (%struct.scsi_device*)* @scsi_device_get to i32 (%struct.scsi_device.610229*)*)(%struct.scsi_device.610229* %6) #83 Function:scsi_device_get %2 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 68 %3 = load i32, i32* %2, align 8 %4 = add i32 %3, -3 %5 = icmp ult i32 %4, 2 br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 54 %8 = tail call %struct.device.606559* bitcast (%struct.device* (%struct.device*)* @get_device to %struct.device.606559* (%struct.device.606559*)*)(%struct.device.606559* %7) #83 Function:get_device %2 = icmp eq %struct.device* %0, null br i1 %2, label %7, label %3 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 0 %5 = tail call %struct.kobject* bitcast (%struct.kobject.310319* (%struct.kobject.310319*)* @kobject_get to %struct.kobject* (%struct.kobject*)*)(%struct.kobject* %4) #83 Function:kobject_get %2 = icmp eq %struct.kobject.310319* %0, null br i1 %2, label %23, label %3 %4 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 7 %5 = load i8, i8* %4, align 4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %8, label %11 %12 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0, i32 0, i32 0 %15 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %14, i32 1, i32* %14) #6, !srcloc !6 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %18, !prof !7, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %13, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kobject_get 1 blk_get_queue 2 bsg_open ------------- Path:  Function:bsg_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 43 %4 = bitcast %union.anon.97* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = getelementptr i8, i8* %5, i64 -736 %7 = bitcast i8* %6 to %struct.request_queue** %8 = load %struct.request_queue*, %struct.request_queue** %7, align 8 %9 = tail call zeroext i1 bitcast (i1 (%struct.request_queue.290802*)* @blk_get_queue to i1 (%struct.request_queue*)*)(%struct.request_queue* %8) #83 Function:blk_get_queue %2 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %3 = load volatile i64, i64* %2, align 8 %4 = and i64 %3, 2 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %9, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 16 %8 = tail call %struct.kobject.290884* bitcast (%struct.kobject.310319* (%struct.kobject.310319*)* @kobject_get to %struct.kobject.290884* (%struct.kobject.290884*)*)(%struct.kobject.290884* %7) #83 Function:kobject_get %2 = icmp eq %struct.kobject.310319* %0, null br i1 %2, label %23, label %3 %4 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 7 %5 = load i8, i8* %4, align 4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %8, label %11 %12 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %12, i64 0, i32 0, i32 0, i32 0 %15 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %14, i32 1, i32* %14) #6, !srcloc !6 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %18, !prof !7, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %13, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kobject_get_unless_zero 1 chrdev_open ------------- Path:  Function:chrdev_open %3 = alloca i32, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @cdev_lock, i64 0, i32 0, i32 0)) #83 %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 43 %5 = bitcast %union.anon.97* %4 to %struct.cdev** %6 = load %struct.cdev*, %struct.cdev** %5, align 8 %7 = icmp eq %struct.cdev* %6, null br i1 %7, label %8, label %44 %45 = getelementptr inbounds %struct.cdev, %struct.cdev* %6, i64 0, i32 1 %46 = load %struct.module*, %struct.module** %45, align 8 %47 = icmp eq %struct.module* %46, null br i1 %47, label %50, label %48 %49 = tail call zeroext i1 @try_module_get(%struct.module* nonnull %46) #83 br i1 %49, label %50, label %65 %51 = getelementptr inbounds %struct.cdev, %struct.cdev* %6, i64 0, i32 0 %52 = tail call %struct.kobject* bitcast (%struct.kobject.310319* (%struct.kobject.310319*)* @kobject_get_unless_zero to %struct.kobject* (%struct.kobject*)*)(%struct.kobject* %51) #83 Function:kobject_get_unless_zero %2 = icmp eq %struct.kobject.310319* %0, null br i1 %2, label %28, label %3 %4 = getelementptr inbounds %struct.kobject.310319, %struct.kobject.310319* %0, i64 0, i32 6 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %19, label %9 %10 = phi i32 [ %17, %16 ], [ %7, %3 ] %11 = add i32 %10, 1 %12 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %11, i32* %6, i32 %10) #6, !srcloc !4 %13 = extractvalue { i8, i32 } %12, 0 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %16, label %19, !prof !5, !misexpect !6 %17 = extractvalue { i8, i32 } %12, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %9 %20 = phi i32 [ 0, %3 ], [ %10, %9 ], [ 0, %16 ] %21 = add i32 %20, 1 %22 = or i32 %21, %20 %23 = icmp sgt i32 %22, -1 br i1 %23, label %25, label %24, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %5, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 klist_iter_init_node 1 bus_find_device 2 usb_find_interface 3 usbhid_find_interface 4 hiddev_open ------------- Path:  Function:hiddev_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 13 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 1048575 %6 = tail call %struct.usb_interface* @usbhid_find_interface(i32 %5) #83 Function:usbhid_find_interface %2 = tail call %struct.usb_interface* @usb_find_interface(%struct.usb_driver* nonnull @hid_driver, i32 %0) #83 Function:usb_find_interface %3 = alloca %struct.find_interface_arg, align 8 %4 = bitcast %struct.find_interface_arg* %3 to i8* %5 = getelementptr inbounds %struct.find_interface_arg, %struct.find_interface_arg* %3, i64 0, i32 0 store i32 %1, i32* %5, align 8 %6 = getelementptr inbounds %struct.usb_driver, %struct.usb_driver* %0, i64 0, i32 12, i32 0 %7 = getelementptr inbounds %struct.find_interface_arg, %struct.find_interface_arg* %3, i64 0, i32 1 store %struct.device_driver* %6, %struct.device_driver** %7, align 8 %8 = call %struct.device* @bus_find_device(%struct.bus_type* nonnull @usb_bus_type, %struct.device* null, i8* nonnull %4, i32 (%struct.device*, i8*)* nonnull @__find_interface) #83 Function:bus_find_device %5 = alloca %struct.klist_iter, align 8 %6 = bitcast %struct.klist_iter* %5 to i8* %7 = icmp eq %struct.bus_type* %0, null br i1 %7, label %41, label %8 %9 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %0, i64 0, i32 20 %10 = load %struct.subsys_private*, %struct.subsys_private** %9, align 8 %11 = icmp eq %struct.subsys_private* %10, null br i1 %11, label %41, label %12 %13 = getelementptr inbounds %struct.subsys_private, %struct.subsys_private* %10, i64 0, i32 5 %14 = icmp eq %struct.device* %1, null br i1 %14, label %19, label %15 %20 = phi %struct.klist_node* [ %18, %15 ], [ null, %12 ] call void @klist_iter_init_node(%struct.klist* %13, %struct.klist_iter* nonnull %5, %struct.klist_node* %20) #83 Function:klist_iter_init_node %4 = getelementptr inbounds %struct.klist_iter, %struct.klist_iter* %1, i64 0, i32 0 store %struct.klist* %0, %struct.klist** %4, align 8 %5 = getelementptr inbounds %struct.klist_iter, %struct.klist_iter* %1, i64 0, i32 1 store %struct.klist_node* null, %struct.klist_node** %5, align 8 %6 = icmp eq %struct.klist_node* %2, null br i1 %6, label %32, label %7 %8 = getelementptr inbounds %struct.klist_node, %struct.klist_node* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 0, i32 0 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 0, i32 0, i32 0, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %23, label %13 %14 = phi i32 [ %21, %20 ], [ %11, %7 ] %15 = add i32 %14, 1 %16 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 %15, i32* %10, i32 %14) #6, !srcloc !4 %17 = extractvalue { i8, i32 } %16, 0 %18 = and i8 %17, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %23, !prof !5, !misexpect !6 %21 = extractvalue { i8, i32 } %16, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %13 %24 = phi i32 [ 0, %7 ], [ %14, %13 ], [ 0, %20 ] %25 = add i32 %24, 1 %26 = or i32 %25, %24 %27 = icmp sgt i32 %26, -1 br i1 %27, label %29, label %28, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 klist_iter_init_node 1 bus_find_device 2 pci_get_domain_bus_and_slot 3 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.48040, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* %300 = bitcast i32* %9 to i8* %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.48041, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %308 = bitcast i32* %5 to i8* %309 = bitcast i32* %6 to i8* %310 = call i32 (i8*, i8*, ...) @sscanf(i8* %301, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.23.48042, i64 0, i64 0), i32* nonnull %8, i32* nonnull %9, i32* nonnull %5, i32* nonnull %6) #83 %311 = icmp eq i32 %310, 4 br i1 %311, label %313, label %312 %314 = load i32, i32* %5, align 4 %315 = shl i32 %314, 3 %316 = and i32 %315, 248 %317 = load i32, i32* %6, align 4 %318 = and i32 %317, 7 %319 = or i32 %316, %318 %320 = load i32, i32* %8, align 4 %321 = load i32, i32* %9, align 4 %322 = call %struct.pci_dev.313800* @pci_get_domain_bus_and_slot(i32 %320, i32 %321, i32 %319) #83 Function:pci_get_domain_bus_and_slot %4 = alloca %struct.pci_device_id, align 8 %5 = bitcast %struct.pci_device_id* %4 to i8* %6 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %4, i64 0, i32 4 %7 = bitcast i32* %6 to i8* %8 = bitcast %struct.pci_device_id* %4 to i8* %9 = call %struct.device* @bus_find_device(%struct.bus_type* nonnull @pci_bus_type, %struct.device* null, i8* nonnull %5, i32 (%struct.device*, i8*)* nonnull @match_pci_dev_by_id) #83 Function:bus_find_device %5 = alloca %struct.klist_iter, align 8 %6 = bitcast %struct.klist_iter* %5 to i8* %7 = icmp eq %struct.bus_type* %0, null br i1 %7, label %41, label %8 %9 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %0, i64 0, i32 20 %10 = load %struct.subsys_private*, %struct.subsys_private** %9, align 8 %11 = icmp eq %struct.subsys_private* %10, null br i1 %11, label %41, label %12 %13 = getelementptr inbounds %struct.subsys_private, %struct.subsys_private* %10, i64 0, i32 5 %14 = icmp eq %struct.device* %1, null br i1 %14, label %19, label %15 %20 = phi %struct.klist_node* [ %18, %15 ], [ null, %12 ] call void @klist_iter_init_node(%struct.klist* %13, %struct.klist_iter* nonnull %5, %struct.klist_node* %20) #83 Function:klist_iter_init_node %4 = getelementptr inbounds %struct.klist_iter, %struct.klist_iter* %1, i64 0, i32 0 store %struct.klist* %0, %struct.klist** %4, align 8 %5 = getelementptr inbounds %struct.klist_iter, %struct.klist_iter* %1, i64 0, i32 1 store %struct.klist_node* null, %struct.klist_node** %5, align 8 %6 = icmp eq %struct.klist_node* %2, null br i1 %6, label %32, label %7 %8 = getelementptr inbounds %struct.klist_node, %struct.klist_node* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 0, i32 0 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 0, i32 0, i32 0, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %23, label %13 %14 = phi i32 [ %21, %20 ], [ %11, %7 ] %15 = add i32 %14, 1 %16 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 %15, i32* %10, i32 %14) #6, !srcloc !4 %17 = extractvalue { i8, i32 } %16, 0 %18 = and i8 %17, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %23, !prof !5, !misexpect !6 %21 = extractvalue { i8, i32 } %16, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %13 %24 = phi i32 [ 0, %7 ], [ %14, %13 ], [ 0, %20 ] %25 = add i32 %24, 1 %26 = or i32 %25, %24 %27 = icmp sgt i32 %26, -1 br i1 %27, label %29, label %28, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 klist_iter_init_node 1 bus_find_device 2 pci_get_class 3 mtrr_add_page 4 mtrr_write ------------- Path:  Function:mtrr_write %5 = alloca i8*, align 8 %6 = alloca [80 x i8], align 16 %7 = bitcast i8** %5 to i8* %8 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %9 = icmp ult i64 %2, 79 %10 = select i1 %9, i64 %2, i64 79 %11 = call i64 @strncpy_from_user(i8* nonnull %8, i8* %1, i64 %10) #83 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %14, label %17 %18 = call i64 @strlen(i8* nonnull %8) #84 %19 = getelementptr [80 x i8], [80 x i8]* %6, i64 0, i64 %18 %20 = getelementptr i8, i8* %19, i64 -1 store i8* %20, i8** %5, align 8 %21 = icmp eq i64 %18, 0 br i1 %21, label %26, label %22 %27 = bitcast [80 x i8]* %6 to i64* %28 = load i64, i64* %27, align 16 %29 = icmp eq i64 %28, 4424061378758928740 br i1 %29, label %30, label %38 %39 = call i32 @bcmp(i8* nonnull dereferenceable(5) %8, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.9.3197, i64 0, i64 0), i64 5) %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %73 %42 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 5 %43 = call i64 @simple_strtoull(i8* %42, i8** nonnull %5, i32 0) #83 %44 = load i8*, i8** %5, align 8 %45 = call i8* @skip_spaces(i8* %44) #83 store i8* %45, i8** %5, align 8 %46 = call i32 @strncmp(i8* %45, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.10.3198, i64 0, i64 0), i64 5) #84 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %73 %49 = getelementptr i8, i8* %45, i64 5 %50 = call i64 @simple_strtoull(i8* %49, i8** nonnull %5, i32 0) #83 %51 = or i64 %50, %43 %52 = and i64 %51, 4095 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %73 %55 = load i8*, i8** %5, align 8 %56 = call i8* @skip_spaces(i8* %55) #83 store i8* %56, i8** %5, align 8 %57 = call i32 @strncmp(i8* %56, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.11.3199, i64 0, i64 0), i64 5) #84 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %73 %60 = getelementptr i8, i8* %56, i64 5 %61 = call i8* @skip_spaces(i8* %60) #83 store i8* %61, i8** %5, align 8 %62 = call i32 @match_string(i8** getelementptr inbounds ([7 x i8*], [7 x i8*]* @mtrr_strings, i64 0, i64 0), i64 7, i8* %61) #83 %63 = icmp slt i32 %62, 0 br i1 %63, label %64, label %66 %67 = lshr i64 %43, 12 %68 = lshr i64 %50, 12 %69 = call i32 @mtrr_add_page(i64 %67, i64 %68, i32 %62, i1 zeroext true) #83 Function:mtrr_add_page %5 = alloca %struct.set_mtrr_data, align 8 %6 = alloca %struct.set_mtrr_data, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i8, align 1 %10 = bitcast i64* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %13 = icmp eq i8 %12, 0 br i1 %13, label %195, label %14 %15 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %16 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %15, i64 0, i32 6 %17 = load i32 (i64, i64, i32)*, i32 (i64, i64, i32)** %16, align 8 %18 = tail call i32 %17(i64 %0, i64 %1, i32 %2) #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %195 %21 = icmp ugt i32 %2, 6 br i1 %21, label %22, label %24 %25 = icmp eq i32 %2, 1 br i1 %25, label %26, label %59 %27 = tail call %struct.pci_dev* bitcast (%struct.pci_dev.313800* (i32, %struct.pci_dev.313800*)* @pci_get_class to %struct.pci_dev* (i32, %struct.pci_dev*)*)(i32 393216, %struct.pci_dev* null) #83 Function:pci_get_class %3 = alloca %struct.pci_device_id, align 8 %4 = bitcast %struct.pci_device_id* %3 to i8* %5 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %3, i64 0, i32 4 %6 = bitcast %struct.pci_device_id* %3 to i8* store i32 %0, i32* %5, align 8 %7 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %3, i64 0, i32 5 store i32 -1, i32* %7, align 4 %8 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %3, i64 0, i32 6 store i64 0, i64* %8, align 8 %9 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %3, i64 0, i32 7 store i32 0, i32* %9, align 8 %10 = icmp eq %struct.pci_dev.313800* %1, null %11 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %1, i64 0, i32 46 %12 = select i1 %10, %struct.device* null, %struct.device* %11 %13 = call %struct.device* @bus_find_device(%struct.bus_type* nonnull @pci_bus_type, %struct.device* %12, i8* nonnull %4, i32 (%struct.device*, i8*)* nonnull @match_pci_dev_by_id) #83 Function:bus_find_device %5 = alloca %struct.klist_iter, align 8 %6 = bitcast %struct.klist_iter* %5 to i8* %7 = icmp eq %struct.bus_type* %0, null br i1 %7, label %41, label %8 %9 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %0, i64 0, i32 20 %10 = load %struct.subsys_private*, %struct.subsys_private** %9, align 8 %11 = icmp eq %struct.subsys_private* %10, null br i1 %11, label %41, label %12 %13 = getelementptr inbounds %struct.subsys_private, %struct.subsys_private* %10, i64 0, i32 5 %14 = icmp eq %struct.device* %1, null br i1 %14, label %19, label %15 %20 = phi %struct.klist_node* [ %18, %15 ], [ null, %12 ] call void @klist_iter_init_node(%struct.klist* %13, %struct.klist_iter* nonnull %5, %struct.klist_node* %20) #83 Function:klist_iter_init_node %4 = getelementptr inbounds %struct.klist_iter, %struct.klist_iter* %1, i64 0, i32 0 store %struct.klist* %0, %struct.klist** %4, align 8 %5 = getelementptr inbounds %struct.klist_iter, %struct.klist_iter* %1, i64 0, i32 1 store %struct.klist_node* null, %struct.klist_node** %5, align 8 %6 = icmp eq %struct.klist_node* %2, null br i1 %6, label %32, label %7 %8 = getelementptr inbounds %struct.klist_node, %struct.klist_node* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 0, i32 0 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 0, i32 0, i32 0, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %23, label %13 %14 = phi i32 [ %21, %20 ], [ %11, %7 ] %15 = add i32 %14, 1 %16 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 %15, i32* %10, i32 %14) #6, !srcloc !4 %17 = extractvalue { i8, i32 } %16, 0 %18 = and i8 %17, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %23, !prof !5, !misexpect !6 %21 = extractvalue { i8, i32 } %16, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %13 %24 = phi i32 [ 0, %7 ], [ %14, %13 ], [ 0, %20 ] %25 = add i32 %24, 1 %26 = or i32 %25, %24 %27 = icmp sgt i32 %26, -1 br i1 %27, label %29, label %28, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 klist_iter_init_node 1 bus_find_device 2 pci_get_class 3 mtrr_add_page 4 mtrr_file_add 5 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* switch i32 %1, label %302 [ i32 1074810112, label %14 i32 1074810113, label %14 i32 1074810114, label %14 i32 1074810116, label %14 i32 1074810117, label %14 i32 1074810118, label %14 i32 1074810119, label %14 i32 1074810121, label %14 i32 -1072149245, label %17 i32 -1072149240, label %17 i32 1074547968, label %20 i32 1074547969, label %20 i32 1074547970, label %20 i32 1074547972, label %20 i32 1074547973, label %20 i32 1074547974, label %20 i32 1074547975, label %20 i32 1074547977, label %20 i32 -1072673533, label %53 i32 -1072673528, label %53 ] %15 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %95, label %302 switch i32 %1, label %302 [ i32 1074810112, label %96 i32 1074547968, label %96 i32 1074810113, label %105 i32 1074547969, label %105 i32 1074810114, label %114 i32 1074547970, label %114 i32 1074810116, label %143 i32 1074547972, label %143 i32 -1072149245, label %150 i32 -1072673533, label %150 i32 1074810117, label %178 i32 1074547973, label %178 i32 1074810118, label %187 i32 1074547974, label %187 i32 1074810119, label %196 i32 1074547975, label %196 i32 1074810121, label %219 i32 1074547977, label %219 i32 -1072149240, label %226 i32 -1072673528, label %226 ] %179 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %180 = load i64, i64* %179, align 8 %181 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %182 = load i32, i32* %181, align 8 %183 = zext i32 %182 to i64 %184 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 2 %185 = load i32, i32* %184, align 4 %186 = call fastcc i32 @mtrr_file_add(i64 %180, i64 %183, i32 %185, %struct.file.29905* %0, i32 1) #84 Function:mtrr_file_add %6 = getelementptr inbounds %struct.file.29905, %struct.file.29905* %3, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.29906** %8 = load %struct.seq_file.29906*, %struct.seq_file.29906** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.29906, %struct.seq_file.29906* %8, i64 0, i32 11 %10 = bitcast i8** %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = icmp eq i32* %11, null br i1 %12, label %13, label %26 %14 = load i32, i32* @num_var_ranges, align 4 %15 = sext i32 %14 to i64 %17 = extractvalue { i64, i1 } %16, 1 br i1 %17, label %46, label %18, !prof !4, !misexpect !5 %19 = extractvalue { i64, i1 } %16, 0 %20 = tail call noalias align 8 i8* @__kmalloc(i64 %19, i32 3520) #83 %21 = icmp eq i8* %20, null br i1 %21, label %46, label %22 %23 = load %struct.seq_file.29906*, %struct.seq_file.29906** %7, align 8 %24 = bitcast i8* %20 to i32* %25 = getelementptr inbounds %struct.seq_file.29906, %struct.seq_file.29906* %23, i64 0, i32 11 store i8* %20, i8** %25, align 8 br label %26 %27 = phi i32* [ %24, %22 ], [ %11, %5 ] %28 = icmp eq i32 %4, 0 br i1 %28, label %29, label %36 %37 = phi i64 [ %1, %26 ], [ %35, %33 ] %38 = phi i64 [ %0, %26 ], [ %34, %33 ] %39 = tail call i32 @mtrr_add_page(i64 %38, i64 %37, i32 %2, i1 zeroext true) #84 Function:mtrr_add_page %5 = alloca %struct.set_mtrr_data, align 8 %6 = alloca %struct.set_mtrr_data, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i8, align 1 %10 = bitcast i64* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %13 = icmp eq i8 %12, 0 br i1 %13, label %195, label %14 %15 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %16 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %15, i64 0, i32 6 %17 = load i32 (i64, i64, i32)*, i32 (i64, i64, i32)** %16, align 8 %18 = tail call i32 %17(i64 %0, i64 %1, i32 %2) #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %195 %21 = icmp ugt i32 %2, 6 br i1 %21, label %22, label %24 %25 = icmp eq i32 %2, 1 br i1 %25, label %26, label %59 %27 = tail call %struct.pci_dev* bitcast (%struct.pci_dev.313800* (i32, %struct.pci_dev.313800*)* @pci_get_class to %struct.pci_dev* (i32, %struct.pci_dev*)*)(i32 393216, %struct.pci_dev* null) #83 Function:pci_get_class %3 = alloca %struct.pci_device_id, align 8 %4 = bitcast %struct.pci_device_id* %3 to i8* %5 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %3, i64 0, i32 4 %6 = bitcast %struct.pci_device_id* %3 to i8* store i32 %0, i32* %5, align 8 %7 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %3, i64 0, i32 5 store i32 -1, i32* %7, align 4 %8 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %3, i64 0, i32 6 store i64 0, i64* %8, align 8 %9 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %3, i64 0, i32 7 store i32 0, i32* %9, align 8 %10 = icmp eq %struct.pci_dev.313800* %1, null %11 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %1, i64 0, i32 46 %12 = select i1 %10, %struct.device* null, %struct.device* %11 %13 = call %struct.device* @bus_find_device(%struct.bus_type* nonnull @pci_bus_type, %struct.device* %12, i8* nonnull %4, i32 (%struct.device*, i8*)* nonnull @match_pci_dev_by_id) #83 Function:bus_find_device %5 = alloca %struct.klist_iter, align 8 %6 = bitcast %struct.klist_iter* %5 to i8* %7 = icmp eq %struct.bus_type* %0, null br i1 %7, label %41, label %8 %9 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %0, i64 0, i32 20 %10 = load %struct.subsys_private*, %struct.subsys_private** %9, align 8 %11 = icmp eq %struct.subsys_private* %10, null br i1 %11, label %41, label %12 %13 = getelementptr inbounds %struct.subsys_private, %struct.subsys_private* %10, i64 0, i32 5 %14 = icmp eq %struct.device* %1, null br i1 %14, label %19, label %15 %20 = phi %struct.klist_node* [ %18, %15 ], [ null, %12 ] call void @klist_iter_init_node(%struct.klist* %13, %struct.klist_iter* nonnull %5, %struct.klist_node* %20) #83 Function:klist_iter_init_node %4 = getelementptr inbounds %struct.klist_iter, %struct.klist_iter* %1, i64 0, i32 0 store %struct.klist* %0, %struct.klist** %4, align 8 %5 = getelementptr inbounds %struct.klist_iter, %struct.klist_iter* %1, i64 0, i32 1 store %struct.klist_node* null, %struct.klist_node** %5, align 8 %6 = icmp eq %struct.klist_node* %2, null br i1 %6, label %32, label %7 %8 = getelementptr inbounds %struct.klist_node, %struct.klist_node* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 0, i32 0 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 0, i32 0, i32 0, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %23, label %13 %14 = phi i32 [ %21, %20 ], [ %11, %7 ] %15 = add i32 %14, 1 %16 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 %15, i32* %10, i32 %14) #6, !srcloc !4 %17 = extractvalue { i8, i32 } %16, 0 %18 = and i8 %17, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %23, !prof !5, !misexpect !6 %21 = extractvalue { i8, i32 } %16, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %13 %24 = phi i32 [ 0, %7 ], [ %14, %13 ], [ 0, %20 ] %25 = add i32 %24, 1 %26 = or i32 %25, %24 %27 = icmp sgt i32 %26, -1 br i1 %27, label %29, label %28, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 klist_iter_init_node 1 bus_find_device 2 pci_get_class 3 mtrr_add_page 4 mtrr_file_add 5 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* switch i32 %1, label %302 [ i32 1074810112, label %14 i32 1074810113, label %14 i32 1074810114, label %14 i32 1074810116, label %14 i32 1074810117, label %14 i32 1074810118, label %14 i32 1074810119, label %14 i32 1074810121, label %14 i32 -1072149245, label %17 i32 -1072149240, label %17 i32 1074547968, label %20 i32 1074547969, label %20 i32 1074547970, label %20 i32 1074547972, label %20 i32 1074547973, label %20 i32 1074547974, label %20 i32 1074547975, label %20 i32 1074547977, label %20 i32 -1072673533, label %53 i32 -1072673528, label %53 ] %15 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %95, label %302 switch i32 %1, label %302 [ i32 1074810112, label %96 i32 1074547968, label %96 i32 1074810113, label %105 i32 1074547969, label %105 i32 1074810114, label %114 i32 1074547970, label %114 i32 1074810116, label %143 i32 1074547972, label %143 i32 -1072149245, label %150 i32 -1072673533, label %150 i32 1074810117, label %178 i32 1074547973, label %178 i32 1074810118, label %187 i32 1074547974, label %187 i32 1074810119, label %196 i32 1074547975, label %196 i32 1074810121, label %219 i32 1074547977, label %219 i32 -1072149240, label %226 i32 -1072673528, label %226 ] %179 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %180 = load i64, i64* %179, align 8 %181 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %182 = load i32, i32* %181, align 8 %183 = zext i32 %182 to i64 %184 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 2 %185 = load i32, i32* %184, align 4 %186 = call fastcc i32 @mtrr_file_add(i64 %180, i64 %183, i32 %185, %struct.file.29905* %0, i32 1) #84 Function:mtrr_file_add %6 = getelementptr inbounds %struct.file.29905, %struct.file.29905* %3, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.29906** %8 = load %struct.seq_file.29906*, %struct.seq_file.29906** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.29906, %struct.seq_file.29906* %8, i64 0, i32 11 %10 = bitcast i8** %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = icmp eq i32* %11, null br i1 %12, label %13, label %26 %14 = load i32, i32* @num_var_ranges, align 4 %15 = sext i32 %14 to i64 %17 = extractvalue { i64, i1 } %16, 1 br i1 %17, label %46, label %18, !prof !4, !misexpect !5 %19 = extractvalue { i64, i1 } %16, 0 %20 = tail call noalias align 8 i8* @__kmalloc(i64 %19, i32 3520) #83 %21 = icmp eq i8* %20, null br i1 %21, label %46, label %22 %23 = load %struct.seq_file.29906*, %struct.seq_file.29906** %7, align 8 %24 = bitcast i8* %20 to i32* %25 = getelementptr inbounds %struct.seq_file.29906, %struct.seq_file.29906* %23, i64 0, i32 11 store i8* %20, i8** %25, align 8 br label %26 %27 = phi i32* [ %24, %22 ], [ %11, %5 ] %28 = icmp eq i32 %4, 0 br i1 %28, label %29, label %36 %37 = phi i64 [ %1, %26 ], [ %35, %33 ] %38 = phi i64 [ %0, %26 ], [ %34, %33 ] %39 = tail call i32 @mtrr_add_page(i64 %38, i64 %37, i32 %2, i1 zeroext true) #84 Function:mtrr_add_page %5 = alloca %struct.set_mtrr_data, align 8 %6 = alloca %struct.set_mtrr_data, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i8, align 1 %10 = bitcast i64* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %13 = icmp eq i8 %12, 0 br i1 %13, label %195, label %14 %15 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %16 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %15, i64 0, i32 6 %17 = load i32 (i64, i64, i32)*, i32 (i64, i64, i32)** %16, align 8 %18 = tail call i32 %17(i64 %0, i64 %1, i32 %2) #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %195 %21 = icmp ugt i32 %2, 6 br i1 %21, label %22, label %24 %25 = icmp eq i32 %2, 1 br i1 %25, label %26, label %59 %27 = tail call %struct.pci_dev* bitcast (%struct.pci_dev.313800* (i32, %struct.pci_dev.313800*)* @pci_get_class to %struct.pci_dev* (i32, %struct.pci_dev*)*)(i32 393216, %struct.pci_dev* null) #83 Function:pci_get_class %3 = alloca %struct.pci_device_id, align 8 %4 = bitcast %struct.pci_device_id* %3 to i8* %5 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %3, i64 0, i32 4 %6 = bitcast %struct.pci_device_id* %3 to i8* store i32 %0, i32* %5, align 8 %7 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %3, i64 0, i32 5 store i32 -1, i32* %7, align 4 %8 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %3, i64 0, i32 6 store i64 0, i64* %8, align 8 %9 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %3, i64 0, i32 7 store i32 0, i32* %9, align 8 %10 = icmp eq %struct.pci_dev.313800* %1, null %11 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %1, i64 0, i32 46 %12 = select i1 %10, %struct.device* null, %struct.device* %11 %13 = call %struct.device* @bus_find_device(%struct.bus_type* nonnull @pci_bus_type, %struct.device* %12, i8* nonnull %4, i32 (%struct.device*, i8*)* nonnull @match_pci_dev_by_id) #83 Function:bus_find_device %5 = alloca %struct.klist_iter, align 8 %6 = bitcast %struct.klist_iter* %5 to i8* %7 = icmp eq %struct.bus_type* %0, null br i1 %7, label %41, label %8 %9 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %0, i64 0, i32 20 %10 = load %struct.subsys_private*, %struct.subsys_private** %9, align 8 %11 = icmp eq %struct.subsys_private* %10, null br i1 %11, label %41, label %12 %13 = getelementptr inbounds %struct.subsys_private, %struct.subsys_private* %10, i64 0, i32 5 %14 = icmp eq %struct.device* %1, null br i1 %14, label %19, label %15 %20 = phi %struct.klist_node* [ %18, %15 ], [ null, %12 ] call void @klist_iter_init_node(%struct.klist* %13, %struct.klist_iter* nonnull %5, %struct.klist_node* %20) #83 Function:klist_iter_init_node %4 = getelementptr inbounds %struct.klist_iter, %struct.klist_iter* %1, i64 0, i32 0 store %struct.klist* %0, %struct.klist** %4, align 8 %5 = getelementptr inbounds %struct.klist_iter, %struct.klist_iter* %1, i64 0, i32 1 store %struct.klist_node* null, %struct.klist_node** %5, align 8 %6 = icmp eq %struct.klist_node* %2, null br i1 %6, label %32, label %7 %8 = getelementptr inbounds %struct.klist_node, %struct.klist_node* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 0, i32 0 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 0, i32 0, i32 0, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %23, label %13 %14 = phi i32 [ %21, %20 ], [ %11, %7 ] %15 = add i32 %14, 1 %16 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 %15, i32* %10, i32 %14) #6, !srcloc !4 %17 = extractvalue { i8, i32 } %16, 0 %18 = and i8 %17, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %23, !prof !5, !misexpect !6 %21 = extractvalue { i8, i32 } %16, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %13 %24 = phi i32 [ 0, %7 ], [ %14, %13 ], [ 0, %20 ] %25 = add i32 %24, 1 %26 = or i32 %25, %24 %27 = icmp sgt i32 %26, -1 br i1 %27, label %29, label %28, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 klist_iter_init_node 1 drivers_probe_store ------------- Path:  Function:drivers_probe_store %4 = alloca %struct.klist_iter, align 8 %5 = bitcast %struct.klist_iter* %4 to i8* %6 = icmp eq %struct.bus_type* %0, null br i1 %6, label %31, label %7 %8 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %0, i64 0, i32 20 %9 = load %struct.subsys_private*, %struct.subsys_private** %8, align 8 %10 = icmp eq %struct.subsys_private* %9, null br i1 %10, label %31, label %11 %12 = getelementptr inbounds %struct.subsys_private, %struct.subsys_private* %9, i64 0, i32 5 call void @klist_iter_init_node(%struct.klist* %12, %struct.klist_iter* nonnull %4, %struct.klist_node* null) #83 Function:klist_iter_init_node %4 = getelementptr inbounds %struct.klist_iter, %struct.klist_iter* %1, i64 0, i32 0 store %struct.klist* %0, %struct.klist** %4, align 8 %5 = getelementptr inbounds %struct.klist_iter, %struct.klist_iter* %1, i64 0, i32 1 store %struct.klist_node* null, %struct.klist_node** %5, align 8 %6 = icmp eq %struct.klist_node* %2, null br i1 %6, label %32, label %7 %8 = getelementptr inbounds %struct.klist_node, %struct.klist_node* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 0, i32 0 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 0, i32 0, i32 0, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %23, label %13 %14 = phi i32 [ %21, %20 ], [ %11, %7 ] %15 = add i32 %14, 1 %16 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 %15, i32* %10, i32 %14) #6, !srcloc !4 %17 = extractvalue { i8, i32 } %16, 0 %18 = and i8 %17, 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %23, !prof !5, !misexpect !6 %21 = extractvalue { i8, i32 } %16, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %13 %24 = phi i32 [ 0, %7 ], [ %14, %13 ], [ 0, %20 ] %25 = add i32 %24, 1 %26 = or i32 %25, %24 %27 = icmp sgt i32 %26, -1 br i1 %27, label %29, label %28, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 io_bitmap_exit 1 ksys_ioperm 2 vt_ioctl ------------- Path:  Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.355841*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.static_call_site, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.355841** %15 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.355747* %19 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %18, i64 0, i32 104 %20 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %19, align 8 %21 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %20, i64 0, i32 25 %22 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %21, align 8 %23 = icmp eq %struct.tty_struct.355831* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #83 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.355841, %struct.vc_data.355841* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] %74 = icmp eq i32 %1, 19254 %75 = zext i1 %74 to i32 %76 = tail call i64 @ksys_ioperm(i64 948, i64 44, i32 %75) #83 Function:ksys_ioperm %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.15086** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.15086**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.15086* %6 = add i64 %1, %0 %7 = icmp ule i64 %6, %0 %8 = icmp ugt i64 %6, 65536 %9 = or i1 %7, %8 br i1 %9, label %95, label %10 %11 = icmp eq i32 %2, 0 br i1 %11, label %17, label %12 %13 = tail call zeroext i1 @capable(i32 17) #83 br i1 %13, label %14, label %95 %15 = tail call i32 @security_locked_down(i32 7) #83 %16 = icmp eq i32 %15, 0 br i1 %16, label %21, label %95 %22 = getelementptr inbounds %struct.task_struct.15086, %struct.task_struct.15086* %5, i64 0, i32 190, i32 14 %23 = load %struct.io_bitmap*, %struct.io_bitmap** %22, align 64 %24 = icmp eq %struct.io_bitmap* %23, null br i1 %24, label %25, label %33 %34 = phi %struct.io_bitmap** [ %18, %17 ], [ %22, %28 ], [ %22, %21 ] %35 = phi %struct.io_bitmap* [ %19, %17 ], [ %29, %28 ], [ %23, %21 ] %36 = getelementptr inbounds %struct.io_bitmap, %struct.io_bitmap* %35, i64 0, i32 1, i32 0, i32 0 %37 = load volatile i32, i32* %36, align 4 %38 = icmp ugt i32 %37, 1 br i1 %38, label %39, label %47 %40 = bitcast %struct.io_bitmap* %35 to i8* %41 = tail call i8* @kmemdup(i8* %40, i64 8208, i32 3264) #83 %42 = icmp eq i8* %41, null br i1 %42, label %95, label %43 %44 = bitcast i8* %41 to %struct.io_bitmap* %45 = getelementptr inbounds i8, i8* %41, i64 8 %46 = bitcast i8* %45 to i32* store volatile i32 1, i32* %46, align 4 tail call void @io_bitmap_exit(%struct.task_struct.15086* %5) #85 br label %47 %48 = phi %struct.io_bitmap* [ %44, %43 ], [ %35, %33 ] store %struct.io_bitmap* %48, %struct.io_bitmap** %34, align 64 %49 = inttoptr i64 %4 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 64, i8* %50) #6, !srcloc !5 %51 = getelementptr inbounds %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 0 %52 = trunc i64 %0 to i32 %53 = trunc i64 %1 to i32 br i1 %11, label %55, label %54 tail call void @__bitmap_set(i64* %51, i32 %52, i32 %53) #83 br label %56 br label %57 %58 = phi i64 [ 0, %56 ], [ %83, %57 ] %59 = phi i32 [ -1, %56 ], [ %82, %57 ] %60 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %58 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, -1 %63 = trunc i64 %58 to i32 %64 = select i1 %62, i32 %59, i32 %63 %65 = or i64 %58, 1 %66 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %65 %67 = load i64, i64* %66, align 8 %68 = icmp eq i64 %67, -1 %69 = trunc i64 %65 to i32 %70 = select i1 %68, i32 %64, i32 %69 %71 = or i64 %58, 2 %72 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %71 %73 = load i64, i64* %72, align 8 %74 = icmp eq i64 %73, -1 %75 = trunc i64 %71 to i32 %76 = select i1 %74, i32 %70, i32 %75 %77 = or i64 %58, 3 %78 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %77 %79 = load i64, i64* %78, align 8 %80 = icmp eq i64 %79, -1 %81 = trunc i64 %77 to i32 %82 = select i1 %80, i32 %76, i32 %81 %83 = add nuw nsw i64 %58, 4 %84 = icmp eq i64 %83, 1024 br i1 %84, label %85, label %57 %86 = icmp eq i32 %82, -1 br i1 %86, label %87, label %88 tail call void @io_bitmap_exit(%struct.task_struct.15086* %5) #85 Function:io_bitmap_exit %2 = getelementptr inbounds %struct.task_struct.15086, %struct.task_struct.15086* %0, i64 0, i32 190, i32 14 %3 = load %struct.io_bitmap*, %struct.io_bitmap** %2, align 64 store %struct.io_bitmap* null, %struct.io_bitmap** %2, align 64 %4 = getelementptr inbounds %struct.task_struct.15086, %struct.task_struct.15086* %0, i64 0, i32 190, i32 15 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 3 %7 = bitcast %struct.task_struct.15086* %0 to i8* %8 = getelementptr i8, i8* %7, i64 2 br i1 %6, label %9, label %10 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 64, i8* %8) #6, !srcloc !4 br label %16 %17 = icmp eq %struct.io_bitmap* %3, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.io_bitmap, %struct.io_bitmap* %3, i64 0, i32 1 %20 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %19, i64 0, i32 0, i32 0 %21 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 -1, i32* %20) #6, !srcloc !12 %22 = icmp eq i32 %21, 1 br i1 %22, label %28, label %23 %24 = add i32 %21, -1 %25 = or i32 %24, %21 %26 = icmp sgt i32 %25, -1 br i1 %26, label %30, label %27, !prof !13, !misexpect !10 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 io_bitmap_exit 1 ksys_ioperm 2 vt_ioctl 3 vt_compat_ioctl ------------- Path:  Function:vt_compat_ioctl %4 = alloca %struct.compat_sock_fprog, align 4 %5 = alloca %struct.console_font_op, align 8 %6 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %7 = bitcast i8** %6 to %struct.vc_data.355841** %8 = load %struct.vc_data.355841*, %struct.vc_data.355841** %7, align 8 %9 = bitcast %struct.console_font_op* %5 to i8* %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.355747* %14 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %13, i64 0, i32 104 %15 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %14, align 8 %16 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %15, i64 0, i32 25 %17 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %16, align 8 %18 = icmp eq %struct.tty_struct.355831* %17, %0 br i1 %18, label %21, label %19 %20 = tail call zeroext i1 @capable(i32 26) #83 br i1 %20, label %21, label %22 br label %22 %23 = phi i1 [ false, %21 ], [ true, %19 ] switch i32 %1, label %79 [ i32 19314, label %24 i32 19303, label %48 i32 19302, label %48 i32 19247, label %77 i32 19248, label %77 i32 19252, label %77 i32 19253, label %77 i32 19258, label %77 i32 19260, label %77 i32 19261, label %77 i32 19269, label %77 i32 19299, label %77 i32 19301, label %77 i32 19250, label %77 i32 19278, label %77 i32 22022, label %77 i32 22023, label %77 i32 22021, label %77 i32 22024, label %77 i32 22025, label %77 i32 22026, label %77 ] %80 = tail call i32 @vt_ioctl(%struct.tty_struct.355831* %0, i32 %1, i64 %10) #84 Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.355841*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.static_call_site, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.355841** %15 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.355747* %19 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %18, i64 0, i32 104 %20 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %19, align 8 %21 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %20, i64 0, i32 25 %22 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %21, align 8 %23 = icmp eq %struct.tty_struct.355831* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #83 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.355841, %struct.vc_data.355841* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] %74 = icmp eq i32 %1, 19254 %75 = zext i1 %74 to i32 %76 = tail call i64 @ksys_ioperm(i64 948, i64 44, i32 %75) #83 Function:ksys_ioperm %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.15086** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.15086**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.15086* %6 = add i64 %1, %0 %7 = icmp ule i64 %6, %0 %8 = icmp ugt i64 %6, 65536 %9 = or i1 %7, %8 br i1 %9, label %95, label %10 %11 = icmp eq i32 %2, 0 br i1 %11, label %17, label %12 %13 = tail call zeroext i1 @capable(i32 17) #83 br i1 %13, label %14, label %95 %15 = tail call i32 @security_locked_down(i32 7) #83 %16 = icmp eq i32 %15, 0 br i1 %16, label %21, label %95 %22 = getelementptr inbounds %struct.task_struct.15086, %struct.task_struct.15086* %5, i64 0, i32 190, i32 14 %23 = load %struct.io_bitmap*, %struct.io_bitmap** %22, align 64 %24 = icmp eq %struct.io_bitmap* %23, null br i1 %24, label %25, label %33 %34 = phi %struct.io_bitmap** [ %18, %17 ], [ %22, %28 ], [ %22, %21 ] %35 = phi %struct.io_bitmap* [ %19, %17 ], [ %29, %28 ], [ %23, %21 ] %36 = getelementptr inbounds %struct.io_bitmap, %struct.io_bitmap* %35, i64 0, i32 1, i32 0, i32 0 %37 = load volatile i32, i32* %36, align 4 %38 = icmp ugt i32 %37, 1 br i1 %38, label %39, label %47 %40 = bitcast %struct.io_bitmap* %35 to i8* %41 = tail call i8* @kmemdup(i8* %40, i64 8208, i32 3264) #83 %42 = icmp eq i8* %41, null br i1 %42, label %95, label %43 %44 = bitcast i8* %41 to %struct.io_bitmap* %45 = getelementptr inbounds i8, i8* %41, i64 8 %46 = bitcast i8* %45 to i32* store volatile i32 1, i32* %46, align 4 tail call void @io_bitmap_exit(%struct.task_struct.15086* %5) #85 br label %47 %48 = phi %struct.io_bitmap* [ %44, %43 ], [ %35, %33 ] store %struct.io_bitmap* %48, %struct.io_bitmap** %34, align 64 %49 = inttoptr i64 %4 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 64, i8* %50) #6, !srcloc !5 %51 = getelementptr inbounds %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 0 %52 = trunc i64 %0 to i32 %53 = trunc i64 %1 to i32 br i1 %11, label %55, label %54 tail call void @__bitmap_set(i64* %51, i32 %52, i32 %53) #83 br label %56 br label %57 %58 = phi i64 [ 0, %56 ], [ %83, %57 ] %59 = phi i32 [ -1, %56 ], [ %82, %57 ] %60 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %58 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, -1 %63 = trunc i64 %58 to i32 %64 = select i1 %62, i32 %59, i32 %63 %65 = or i64 %58, 1 %66 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %65 %67 = load i64, i64* %66, align 8 %68 = icmp eq i64 %67, -1 %69 = trunc i64 %65 to i32 %70 = select i1 %68, i32 %64, i32 %69 %71 = or i64 %58, 2 %72 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %71 %73 = load i64, i64* %72, align 8 %74 = icmp eq i64 %73, -1 %75 = trunc i64 %71 to i32 %76 = select i1 %74, i32 %70, i32 %75 %77 = or i64 %58, 3 %78 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %77 %79 = load i64, i64* %78, align 8 %80 = icmp eq i64 %79, -1 %81 = trunc i64 %77 to i32 %82 = select i1 %80, i32 %76, i32 %81 %83 = add nuw nsw i64 %58, 4 %84 = icmp eq i64 %83, 1024 br i1 %84, label %85, label %57 %86 = icmp eq i32 %82, -1 br i1 %86, label %87, label %88 tail call void @io_bitmap_exit(%struct.task_struct.15086* %5) #85 Function:io_bitmap_exit %2 = getelementptr inbounds %struct.task_struct.15086, %struct.task_struct.15086* %0, i64 0, i32 190, i32 14 %3 = load %struct.io_bitmap*, %struct.io_bitmap** %2, align 64 store %struct.io_bitmap* null, %struct.io_bitmap** %2, align 64 %4 = getelementptr inbounds %struct.task_struct.15086, %struct.task_struct.15086* %0, i64 0, i32 190, i32 15 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 3 %7 = bitcast %struct.task_struct.15086* %0 to i8* %8 = getelementptr i8, i8* %7, i64 2 br i1 %6, label %9, label %10 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 64, i8* %8) #6, !srcloc !4 br label %16 %17 = icmp eq %struct.io_bitmap* %3, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.io_bitmap, %struct.io_bitmap* %3, i64 0, i32 1 %20 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %19, i64 0, i32 0, i32 0 %21 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 -1, i32* %20) #6, !srcloc !12 %22 = icmp eq i32 %21, 1 br i1 %22, label %28, label %23 %24 = add i32 %21, -1 %25 = or i32 %24, %21 %26 = icmp sgt i32 %25, -1 br i1 %26, label %30, label %27, !prof !13, !misexpect !10 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 io_bitmap_exit 1 ksys_ioperm 2 __ia32_sys_ioperm ------------- Path:  Function:__ia32_sys_ioperm %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 @ksys_ioperm(i64 %4, i64 %7, i32 %10) #83 Function:ksys_ioperm %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.15086** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.15086**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.15086* %6 = add i64 %1, %0 %7 = icmp ule i64 %6, %0 %8 = icmp ugt i64 %6, 65536 %9 = or i1 %7, %8 br i1 %9, label %95, label %10 %11 = icmp eq i32 %2, 0 br i1 %11, label %17, label %12 %13 = tail call zeroext i1 @capable(i32 17) #83 br i1 %13, label %14, label %95 %15 = tail call i32 @security_locked_down(i32 7) #83 %16 = icmp eq i32 %15, 0 br i1 %16, label %21, label %95 %22 = getelementptr inbounds %struct.task_struct.15086, %struct.task_struct.15086* %5, i64 0, i32 190, i32 14 %23 = load %struct.io_bitmap*, %struct.io_bitmap** %22, align 64 %24 = icmp eq %struct.io_bitmap* %23, null br i1 %24, label %25, label %33 %34 = phi %struct.io_bitmap** [ %18, %17 ], [ %22, %28 ], [ %22, %21 ] %35 = phi %struct.io_bitmap* [ %19, %17 ], [ %29, %28 ], [ %23, %21 ] %36 = getelementptr inbounds %struct.io_bitmap, %struct.io_bitmap* %35, i64 0, i32 1, i32 0, i32 0 %37 = load volatile i32, i32* %36, align 4 %38 = icmp ugt i32 %37, 1 br i1 %38, label %39, label %47 %40 = bitcast %struct.io_bitmap* %35 to i8* %41 = tail call i8* @kmemdup(i8* %40, i64 8208, i32 3264) #83 %42 = icmp eq i8* %41, null br i1 %42, label %95, label %43 %44 = bitcast i8* %41 to %struct.io_bitmap* %45 = getelementptr inbounds i8, i8* %41, i64 8 %46 = bitcast i8* %45 to i32* store volatile i32 1, i32* %46, align 4 tail call void @io_bitmap_exit(%struct.task_struct.15086* %5) #85 br label %47 %48 = phi %struct.io_bitmap* [ %44, %43 ], [ %35, %33 ] store %struct.io_bitmap* %48, %struct.io_bitmap** %34, align 64 %49 = inttoptr i64 %4 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 64, i8* %50) #6, !srcloc !5 %51 = getelementptr inbounds %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 0 %52 = trunc i64 %0 to i32 %53 = trunc i64 %1 to i32 br i1 %11, label %55, label %54 tail call void @__bitmap_set(i64* %51, i32 %52, i32 %53) #83 br label %56 br label %57 %58 = phi i64 [ 0, %56 ], [ %83, %57 ] %59 = phi i32 [ -1, %56 ], [ %82, %57 ] %60 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %58 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, -1 %63 = trunc i64 %58 to i32 %64 = select i1 %62, i32 %59, i32 %63 %65 = or i64 %58, 1 %66 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %65 %67 = load i64, i64* %66, align 8 %68 = icmp eq i64 %67, -1 %69 = trunc i64 %65 to i32 %70 = select i1 %68, i32 %64, i32 %69 %71 = or i64 %58, 2 %72 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %71 %73 = load i64, i64* %72, align 8 %74 = icmp eq i64 %73, -1 %75 = trunc i64 %71 to i32 %76 = select i1 %74, i32 %70, i32 %75 %77 = or i64 %58, 3 %78 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %77 %79 = load i64, i64* %78, align 8 %80 = icmp eq i64 %79, -1 %81 = trunc i64 %77 to i32 %82 = select i1 %80, i32 %76, i32 %81 %83 = add nuw nsw i64 %58, 4 %84 = icmp eq i64 %83, 1024 br i1 %84, label %85, label %57 %86 = icmp eq i32 %82, -1 br i1 %86, label %87, label %88 tail call void @io_bitmap_exit(%struct.task_struct.15086* %5) #85 Function:io_bitmap_exit %2 = getelementptr inbounds %struct.task_struct.15086, %struct.task_struct.15086* %0, i64 0, i32 190, i32 14 %3 = load %struct.io_bitmap*, %struct.io_bitmap** %2, align 64 store %struct.io_bitmap* null, %struct.io_bitmap** %2, align 64 %4 = getelementptr inbounds %struct.task_struct.15086, %struct.task_struct.15086* %0, i64 0, i32 190, i32 15 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 3 %7 = bitcast %struct.task_struct.15086* %0 to i8* %8 = getelementptr i8, i8* %7, i64 2 br i1 %6, label %9, label %10 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 64, i8* %8) #6, !srcloc !4 br label %16 %17 = icmp eq %struct.io_bitmap* %3, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.io_bitmap, %struct.io_bitmap* %3, i64 0, i32 1 %20 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %19, i64 0, i32 0, i32 0 %21 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 -1, i32* %20) #6, !srcloc !12 %22 = icmp eq i32 %21, 1 br i1 %22, label %28, label %23 %24 = add i32 %21, -1 %25 = or i32 %24, %21 %26 = icmp sgt i32 %25, -1 br i1 %26, label %30, label %27, !prof !13, !misexpect !10 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 io_bitmap_exit 1 ksys_ioperm 2 __x64_sys_ioperm ------------- Path:  Function:__x64_sys_ioperm %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 @ksys_ioperm(i64 %3, i64 %5, i32 %8) #83 Function:ksys_ioperm %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.15086** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.15086**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.15086* %6 = add i64 %1, %0 %7 = icmp ule i64 %6, %0 %8 = icmp ugt i64 %6, 65536 %9 = or i1 %7, %8 br i1 %9, label %95, label %10 %11 = icmp eq i32 %2, 0 br i1 %11, label %17, label %12 %13 = tail call zeroext i1 @capable(i32 17) #83 br i1 %13, label %14, label %95 %15 = tail call i32 @security_locked_down(i32 7) #83 %16 = icmp eq i32 %15, 0 br i1 %16, label %21, label %95 %22 = getelementptr inbounds %struct.task_struct.15086, %struct.task_struct.15086* %5, i64 0, i32 190, i32 14 %23 = load %struct.io_bitmap*, %struct.io_bitmap** %22, align 64 %24 = icmp eq %struct.io_bitmap* %23, null br i1 %24, label %25, label %33 %34 = phi %struct.io_bitmap** [ %18, %17 ], [ %22, %28 ], [ %22, %21 ] %35 = phi %struct.io_bitmap* [ %19, %17 ], [ %29, %28 ], [ %23, %21 ] %36 = getelementptr inbounds %struct.io_bitmap, %struct.io_bitmap* %35, i64 0, i32 1, i32 0, i32 0 %37 = load volatile i32, i32* %36, align 4 %38 = icmp ugt i32 %37, 1 br i1 %38, label %39, label %47 %40 = bitcast %struct.io_bitmap* %35 to i8* %41 = tail call i8* @kmemdup(i8* %40, i64 8208, i32 3264) #83 %42 = icmp eq i8* %41, null br i1 %42, label %95, label %43 %44 = bitcast i8* %41 to %struct.io_bitmap* %45 = getelementptr inbounds i8, i8* %41, i64 8 %46 = bitcast i8* %45 to i32* store volatile i32 1, i32* %46, align 4 tail call void @io_bitmap_exit(%struct.task_struct.15086* %5) #85 br label %47 %48 = phi %struct.io_bitmap* [ %44, %43 ], [ %35, %33 ] store %struct.io_bitmap* %48, %struct.io_bitmap** %34, align 64 %49 = inttoptr i64 %4 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 64, i8* %50) #6, !srcloc !5 %51 = getelementptr inbounds %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 0 %52 = trunc i64 %0 to i32 %53 = trunc i64 %1 to i32 br i1 %11, label %55, label %54 tail call void @__bitmap_set(i64* %51, i32 %52, i32 %53) #83 br label %56 br label %57 %58 = phi i64 [ 0, %56 ], [ %83, %57 ] %59 = phi i32 [ -1, %56 ], [ %82, %57 ] %60 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %58 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, -1 %63 = trunc i64 %58 to i32 %64 = select i1 %62, i32 %59, i32 %63 %65 = or i64 %58, 1 %66 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %65 %67 = load i64, i64* %66, align 8 %68 = icmp eq i64 %67, -1 %69 = trunc i64 %65 to i32 %70 = select i1 %68, i32 %64, i32 %69 %71 = or i64 %58, 2 %72 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %71 %73 = load i64, i64* %72, align 8 %74 = icmp eq i64 %73, -1 %75 = trunc i64 %71 to i32 %76 = select i1 %74, i32 %70, i32 %75 %77 = or i64 %58, 3 %78 = getelementptr %struct.io_bitmap, %struct.io_bitmap* %48, i64 0, i32 3, i64 %77 %79 = load i64, i64* %78, align 8 %80 = icmp eq i64 %79, -1 %81 = trunc i64 %77 to i32 %82 = select i1 %80, i32 %76, i32 %81 %83 = add nuw nsw i64 %58, 4 %84 = icmp eq i64 %83, 1024 br i1 %84, label %85, label %57 %86 = icmp eq i32 %82, -1 br i1 %86, label %87, label %88 tail call void @io_bitmap_exit(%struct.task_struct.15086* %5) #85 Function:io_bitmap_exit %2 = getelementptr inbounds %struct.task_struct.15086, %struct.task_struct.15086* %0, i64 0, i32 190, i32 14 %3 = load %struct.io_bitmap*, %struct.io_bitmap** %2, align 64 store %struct.io_bitmap* null, %struct.io_bitmap** %2, align 64 %4 = getelementptr inbounds %struct.task_struct.15086, %struct.task_struct.15086* %0, i64 0, i32 190, i32 15 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 3 %7 = bitcast %struct.task_struct.15086* %0 to i8* %8 = getelementptr i8, i8* %7, i64 2 br i1 %6, label %9, label %10 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 64, i8* %8) #6, !srcloc !4 br label %16 %17 = icmp eq %struct.io_bitmap* %3, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.io_bitmap, %struct.io_bitmap* %3, i64 0, i32 1 %20 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %19, i64 0, i32 0, i32 0 %21 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 -1, i32* %20) #6, !srcloc !12 %22 = icmp eq i32 %21, 1 br i1 %22, label %28, label %23 %24 = add i32 %21, -1 %25 = or i32 %24, %21 %26 = icmp sgt i32 %25, -1 br i1 %26, label %30, label %27, !prof !13, !misexpect !10 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_prlimit64 1 __ia32_sys_prlimit64 ------------- Path:  Function:__ia32_sys_prlimit64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_prlimit64(i64 %4, i64 %7, i64 %10, i64 %13) #83 Function:__se_sys_prlimit64 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %1 to i32 %11 = bitcast %struct.cpu_itimer* %5 to i8* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = bitcast %struct.cpu_itimer* %8 to i8* %15 = icmp ne i64 %3, 0 %16 = zext i1 %15 to i32 %17 = icmp eq i64 %2, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %2 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %19, i64 16) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %128 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 store i64 %24, i64* %25, align 8 %26 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 store i64 %27, i64* %28, align 8 %29 = or i32 %16, 2 br label %30 %31 = phi i32 [ %29, %22 ], [ %16, %4 ] call void @__rcu_read_lock() #83 %32 = icmp eq i32 %9, 0 br i1 %32, label %35, label %33 %36 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %37 = inttoptr i64 %36 to %struct.task_struct* br label %38 %39 = phi %struct.task_struct* [ %34, %33 ], [ %37, %35 ] %40 = icmp eq %struct.task_struct* %39, null br i1 %40, label %41, label %42 %43 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %44 = inttoptr i64 %43 to %struct.task_struct* %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %44, i64 0, i32 94 %46 = load %struct.cred*, %struct.cred** %45, align 8 %47 = icmp eq %struct.task_struct* %39, %44 br i1 %47, label %88, label %48 %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %39, i64 0, i32 93 %50 = load volatile %struct.cred*, %struct.cred** %49, align 32 %51 = getelementptr inbounds %struct.cred, %struct.cred* %46, i64 0, i32 1, i32 0 %52 = load i32, i32* %51, align 4 %53 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 5, i32 0 %54 = load i32, i32* %53, align 4 %55 = icmp eq i32 %52, %54 br i1 %55, label %56, label %78 %57 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 3, i32 0 %58 = load i32, i32* %57, align 4 %59 = icmp eq i32 %52, %58 br i1 %59, label %60, label %78 %61 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 1, i32 0 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %52, %62 br i1 %63, label %64, label %78 %65 = getelementptr inbounds %struct.cred, %struct.cred* %46, i64 0, i32 2, i32 0 %66 = load i32, i32* %65, align 8 %67 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 6, i32 0 %68 = load i32, i32* %67, align 8 %69 = icmp eq i32 %66, %68 br i1 %69, label %70, label %78 %71 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 4, i32 0 %72 = load i32, i32* %71, align 8 %73 = icmp eq i32 %66, %72 br i1 %73, label %74, label %78 %75 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 2, i32 0 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %66, %76 br i1 %77, label %82, label %78 %79 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 22 %80 = load %struct.user_namespace*, %struct.user_namespace** %79, align 8 %81 = call zeroext i1 @ns_capable(%struct.user_namespace* %80, i32 24) #83 br i1 %81, label %82, label %85 %83 = call i32 @security_task_prlimit(%struct.cred* %46, %struct.cred* %50, i32 %31) #83 %84 = icmp eq i32 %83, 0 br i1 %84, label %88, label %85 %89 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %39, i64 0, i32 3 %90 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %89, i64 0, i32 0, i32 0 %91 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %90, i32 1, i32* %90) #6, !srcloc !5 %92 = icmp eq i32 %91, 0 br i1 %92, label %97, label %93, !prof !6, !misexpect !7 %94 = add i32 %91, 1 %95 = or i32 %94, %91 %96 = icmp sgt i32 %95, -1 br i1 %96, label %99, label %97, !prof !8, !misexpect !7 %98 = phi i32 [ 2, %88 ], [ 1, %93 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %89, i32 %98) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_prlimit64 1 __x64_sys_prlimit64 ------------- Path:  Function:__x64_sys_prlimit64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_prlimit64(i64 %3, i64 %5, i64 %7, i64 %9) #83 Function:__se_sys_prlimit64 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %1 to i32 %11 = bitcast %struct.cpu_itimer* %5 to i8* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = bitcast %struct.cpu_itimer* %8 to i8* %15 = icmp ne i64 %3, 0 %16 = zext i1 %15 to i32 %17 = icmp eq i64 %2, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %2 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %19, i64 16) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %128 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 store i64 %24, i64* %25, align 8 %26 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 store i64 %27, i64* %28, align 8 %29 = or i32 %16, 2 br label %30 %31 = phi i32 [ %29, %22 ], [ %16, %4 ] call void @__rcu_read_lock() #83 %32 = icmp eq i32 %9, 0 br i1 %32, label %35, label %33 %36 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %37 = inttoptr i64 %36 to %struct.task_struct* br label %38 %39 = phi %struct.task_struct* [ %34, %33 ], [ %37, %35 ] %40 = icmp eq %struct.task_struct* %39, null br i1 %40, label %41, label %42 %43 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %44 = inttoptr i64 %43 to %struct.task_struct* %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %44, i64 0, i32 94 %46 = load %struct.cred*, %struct.cred** %45, align 8 %47 = icmp eq %struct.task_struct* %39, %44 br i1 %47, label %88, label %48 %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %39, i64 0, i32 93 %50 = load volatile %struct.cred*, %struct.cred** %49, align 32 %51 = getelementptr inbounds %struct.cred, %struct.cred* %46, i64 0, i32 1, i32 0 %52 = load i32, i32* %51, align 4 %53 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 5, i32 0 %54 = load i32, i32* %53, align 4 %55 = icmp eq i32 %52, %54 br i1 %55, label %56, label %78 %57 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 3, i32 0 %58 = load i32, i32* %57, align 4 %59 = icmp eq i32 %52, %58 br i1 %59, label %60, label %78 %61 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 1, i32 0 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %52, %62 br i1 %63, label %64, label %78 %65 = getelementptr inbounds %struct.cred, %struct.cred* %46, i64 0, i32 2, i32 0 %66 = load i32, i32* %65, align 8 %67 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 6, i32 0 %68 = load i32, i32* %67, align 8 %69 = icmp eq i32 %66, %68 br i1 %69, label %70, label %78 %71 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 4, i32 0 %72 = load i32, i32* %71, align 8 %73 = icmp eq i32 %66, %72 br i1 %73, label %74, label %78 %75 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 2, i32 0 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %66, %76 br i1 %77, label %82, label %78 %79 = getelementptr inbounds %struct.cred, %struct.cred* %50, i64 0, i32 22 %80 = load %struct.user_namespace*, %struct.user_namespace** %79, align 8 %81 = call zeroext i1 @ns_capable(%struct.user_namespace* %80, i32 24) #83 br i1 %81, label %82, label %85 %83 = call i32 @security_task_prlimit(%struct.cred* %46, %struct.cred* %50, i32 %31) #83 %84 = icmp eq i32 %83, 0 br i1 %84, label %88, label %85 %89 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %39, i64 0, i32 3 %90 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %89, i64 0, i32 0, i32 0 %91 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %90, i32 1, i32* %90) #6, !srcloc !5 %92 = icmp eq i32 %91, 0 br i1 %92, label %97, label %93, !prof !6, !misexpect !7 %94 = add i32 %91, 1 %95 = or i32 %94, %91 %96 = icmp sgt i32 %95, -1 br i1 %96, label %99, label %97, !prof !8, !misexpect !7 %98 = phi i32 [ 2, %88 ], [ 1, %93 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %89, i32 %98) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 __scm_send 2 netlink_sendmsg ------------- Path:  Function:netlink_sendmsg %4 = alloca %struct.scm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.sock* %6 to %struct.netlink_sock* %8 = bitcast %struct.msghdr* %1 to %struct.sctphdr** %9 = load %struct.sctphdr*, %struct.sctphdr** %8, align 8 %10 = bitcast %struct.scm_cookie* %4 to i8* %11 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %194 %16 = icmp eq i64 %2, 0 br i1 %16, label %17, label %21 %22 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 1, i32 0 store i32 -1, i32* %22, align 4 %23 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 2, i32 0 store i32 -1, i32* %23, align 8 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 104 %27 = load %struct.signal_struct*, %struct.signal_struct** %26, align 8 %28 = getelementptr %struct.signal_struct, %struct.signal_struct* %27, i64 0, i32 22, i64 1 %29 = load %struct.pid*, %struct.pid** %28, align 8 %30 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 94 %31 = load %struct.cred*, %struct.cred** %30, align 8 %32 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 1, i32 0 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 2, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq %struct.pid* %29, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0 %39 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0, i32 0, i32 0 %40 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 1, i32* %39) #6, !srcloc !7 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43, !prof !8, !misexpect !5 %44 = add i32 %40, 1 %45 = or i32 %44, %40 %46 = icmp sgt i32 %45, -1 br i1 %46, label %48, label %47, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %38, i32 1) #84 br label %48 %49 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 0 store %struct.pid* %29, %struct.pid** %49, align 8 %50 = tail call i32 @pid_vnr(%struct.pid* %29) #84 %51 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 0 store i32 %50, i32* %51, align 8 store i32 %33, i32* %22, align 4 store i32 %35, i32* %23, align 8 %52 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 3 %53 = call i32 @security_socket_getpeersec_dgram(%struct.socket* %0, %struct.sk_buff* null, i32* %52) #84 %54 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %60, label %57 %58 = call i32 @__scm_send(%struct.socket* %0, %struct.msghdr* %1, %struct.scm_cookie* nonnull %4) #84 Function:__scm_send %4 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 15 br i1 %6, label %7, label %209 %8 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %9 = bitcast i8** %8 to %struct.arch_uprobe_task** %10 = load %struct.arch_uprobe_task*, %struct.arch_uprobe_task** %9, align 8 %11 = icmp eq %struct.arch_uprobe_task* %10, null br i1 %11, label %209, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %14 = bitcast i8** %13 to i64* %15 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 0 %16 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 0 %17 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 1, i32 0 %18 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 2, i32 0 %19 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 5 %20 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 1 %21 = bitcast %struct.scm_fp_list** %20 to i8** br label %22 %23 = phi i64 [ %5, %12 ], [ %196, %194 ] %24 = phi %struct.arch_uprobe_task* [ %10, %12 ], [ %207, %194 ] %25 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %26, 15 br i1 %27, label %28, label %221 %29 = load i64, i64* %14, align 8 %30 = ptrtoint %struct.arch_uprobe_task* %24 to i64 %31 = sub i64 %23, %30 %32 = add i64 %31, %29 %33 = icmp ugt i64 %26, %32 br i1 %33, label %221, label %34 %35 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = icmp eq i32 %36, 1 br i1 %37, label %38, label %194 %39 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 2 %40 = load i32, i32* %39, align 4 switch i32 %40, label %221 [ i32 1, label %41 i32 2, label %124 ] %125 = icmp eq i64 %26, 28 br i1 %125, label %126, label %221 %127 = getelementptr %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 1 %128 = bitcast %struct.arch_uprobe_task* %127 to i8* %129 = bitcast %struct.arch_uprobe_task* %127 to i32* %130 = load i32, i32* %129, align 1 %131 = getelementptr inbounds i8, i8* %128, i64 4 %132 = bitcast i8* %131 to i32* %133 = load i32, i32* %132, align 1 %134 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 1, i32 1 %135 = load i32, i32* %134, align 1 %136 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %137 = inttoptr i64 %136 to %struct.task_struct* %138 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %137, i64 0, i32 94 %139 = load %struct.cred*, %struct.cred** %138, align 8 %140 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 22 %141 = icmp ne i32 %133, -1 %142 = icmp ne i32 %135, -1 %143 = and i1 %141, %142 br i1 %143, label %144, label %221 %145 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %137, i32 1, %struct.pid_namespace* null) #84 %146 = icmp eq i32 %130, %145 br i1 %146, label %152, label %147 %148 = tail call %struct.pid_namespace* @task_active_pid_ns(%struct.task_struct* %137) #84 %149 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %148, i64 0, i32 8 %150 = load %struct.user_namespace*, %struct.user_namespace** %149, align 8 %151 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %150, i32 21) #84 br i1 %151, label %152, label %221 %153 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 1, i32 0 %154 = load i32, i32* %153, align 4 %155 = icmp eq i32 %133, %154 br i1 %155, label %167, label %156 %157 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 5, i32 0 %158 = load i32, i32* %157, align 4 %159 = icmp eq i32 %133, %158 br i1 %159, label %167, label %160 %161 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 3, i32 0 %162 = load i32, i32* %161, align 4 %163 = icmp eq i32 %133, %162 br i1 %163, label %167, label %164 %165 = load %struct.user_namespace*, %struct.user_namespace** %140, align 8 %166 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %165, i32 7) #84 br i1 %166, label %167, label %221 %168 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 2, i32 0 %169 = load i32, i32* %168, align 8 %170 = icmp eq i32 %135, %169 br i1 %170, label %182, label %171 %172 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 6, i32 0 %173 = load i32, i32* %172, align 8 %174 = icmp eq i32 %135, %173 br i1 %174, label %182, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 4, i32 0 %177 = load i32, i32* %176, align 8 %178 = icmp eq i32 %135, %177 br i1 %178, label %182, label %179 %180 = load %struct.user_namespace*, %struct.user_namespace** %140, align 8 %181 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %180, i32 6) #84 br i1 %181, label %182, label %221 store i32 %130, i32* %15, align 8 %183 = load %struct.pid*, %struct.pid** %16, align 8 %184 = icmp eq %struct.pid* %183, null br i1 %184, label %188, label %185 %186 = tail call i32 @pid_vnr(%struct.pid* nonnull %183) #84 %187 = icmp eq i32 %186, %130 br i1 %187, label %193, label %188 %189 = tail call %struct.pid* @find_get_pid(i32 %130) #84 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 __se_sys_pidfd_open 2 __ia32_sys_pidfd_open ------------- Path:  Function:__ia32_sys_pidfd_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_pidfd_open(i64 %4, i64 %7) #83 Function:__se_sys_pidfd_open %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = and i32 %4, -2049 %6 = icmp ne i32 %5, 0 %7 = icmp slt i32 %3, 1 %8 = or i1 %7, %6 br i1 %8, label %34, label %9 %10 = tail call %struct.pid* @find_get_pid(i32 %3) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 __se_sys_pidfd_open 2 __x64_sys_pidfd_open ------------- Path:  Function:__x64_sys_pidfd_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_pidfd_open(i64 %3, i64 %5) #83 Function:__se_sys_pidfd_open %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = and i32 %4, -2049 %6 = icmp ne i32 %5, 0 %7 = icmp slt i32 %3, 1 %8 = or i1 %7, %6 br i1 %8, label %34, label %9 %10 = tail call %struct.pid* @find_get_pid(i32 %3) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_waitid 2 __se_compat_sys_waitid 3 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #83 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %21 = icmp slt i32 %1, 0 br i1 %21, label %65, label %22 %23 = icmp eq i32 %1, 0 br i1 %23, label %26, label %24 %25 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %1) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_waitid 2 __se_sys_waitid 3 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #83 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %21 = icmp slt i32 %1, 0 br i1 %21, label %65, label %22 %23 = icmp eq i32 %1, 0 br i1 %23, label %26, label %24 %25 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %1) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_waitid 2 __se_sys_waitid 3 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #83 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %21 = icmp slt i32 %1, 0 br i1 %21, label %65, label %22 %23 = icmp eq i32 %1, 0 br i1 %23, label %26, label %24 %25 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %1) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_wait4 2 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #83 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %11 = icmp slt i32 %0, 0 br i1 %11, label %12, label %15 %16 = icmp eq i32 %0, 0 br i1 %16, label %17, label %21 %22 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %0) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_wait4 2 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #83 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %11 = icmp slt i32 %0, 0 br i1 %11, label %12, label %15 %16 = icmp eq i32 %0, 0 br i1 %16, label %17, label %21 %22 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %0) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_wait4 2 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #83 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %11 = icmp slt i32 %0, 0 br i1 %11, label %12, label %15 %16 = icmp eq i32 %0, 0 br i1 %16, label %17, label %21 %22 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %0) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_wait4 2 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #83 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %11 = icmp slt i32 %0, 0 br i1 %11, label %12, label %15 %16 = icmp eq i32 %0, 0 br i1 %16, label %17, label %21 %22 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %0) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_wait4 2 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #83 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %11 = icmp slt i32 %0, 0 br i1 %11, label %12, label %15 %16 = icmp eq i32 %0, 0 br i1 %16, label %17, label %21 %22 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %0) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 __scm_send 2 netlink_sendmsg ------------- Path:  Function:netlink_sendmsg %4 = alloca %struct.scm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.sock* %6 to %struct.netlink_sock* %8 = bitcast %struct.msghdr* %1 to %struct.sctphdr** %9 = load %struct.sctphdr*, %struct.sctphdr** %8, align 8 %10 = bitcast %struct.scm_cookie* %4 to i8* %11 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %194 %16 = icmp eq i64 %2, 0 br i1 %16, label %17, label %21 %22 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 1, i32 0 store i32 -1, i32* %22, align 4 %23 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 2, i32 0 store i32 -1, i32* %23, align 8 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 104 %27 = load %struct.signal_struct*, %struct.signal_struct** %26, align 8 %28 = getelementptr %struct.signal_struct, %struct.signal_struct* %27, i64 0, i32 22, i64 1 %29 = load %struct.pid*, %struct.pid** %28, align 8 %30 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 94 %31 = load %struct.cred*, %struct.cred** %30, align 8 %32 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 1, i32 0 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 2, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq %struct.pid* %29, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0 %39 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0, i32 0, i32 0 %40 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 1, i32* %39) #6, !srcloc !7 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43, !prof !8, !misexpect !5 %44 = add i32 %40, 1 %45 = or i32 %44, %40 %46 = icmp sgt i32 %45, -1 br i1 %46, label %48, label %47, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %38, i32 1) #84 br label %48 %49 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 0 store %struct.pid* %29, %struct.pid** %49, align 8 %50 = tail call i32 @pid_vnr(%struct.pid* %29) #84 %51 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 0 store i32 %50, i32* %51, align 8 store i32 %33, i32* %22, align 4 store i32 %35, i32* %23, align 8 %52 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 3 %53 = call i32 @security_socket_getpeersec_dgram(%struct.socket* %0, %struct.sk_buff* null, i32* %52) #84 %54 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %60, label %57 %58 = call i32 @__scm_send(%struct.socket* %0, %struct.msghdr* %1, %struct.scm_cookie* nonnull %4) #84 Function:__scm_send %4 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 15 br i1 %6, label %7, label %209 %8 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %9 = bitcast i8** %8 to %struct.arch_uprobe_task** %10 = load %struct.arch_uprobe_task*, %struct.arch_uprobe_task** %9, align 8 %11 = icmp eq %struct.arch_uprobe_task* %10, null br i1 %11, label %209, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %14 = bitcast i8** %13 to i64* %15 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 0 %16 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 0 %17 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 1, i32 0 %18 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 2, i32 0 %19 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 5 %20 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 1 %21 = bitcast %struct.scm_fp_list** %20 to i8** br label %22 %23 = phi i64 [ %5, %12 ], [ %196, %194 ] %24 = phi %struct.arch_uprobe_task* [ %10, %12 ], [ %207, %194 ] %25 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %26, 15 br i1 %27, label %28, label %221 %29 = load i64, i64* %14, align 8 %30 = ptrtoint %struct.arch_uprobe_task* %24 to i64 %31 = sub i64 %23, %30 %32 = add i64 %31, %29 %33 = icmp ugt i64 %26, %32 br i1 %33, label %221, label %34 %35 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = icmp eq i32 %36, 1 br i1 %37, label %38, label %194 %39 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 2 %40 = load i32, i32* %39, align 4 switch i32 %40, label %221 [ i32 1, label %41 i32 2, label %124 ] %125 = icmp eq i64 %26, 28 br i1 %125, label %126, label %221 %127 = getelementptr %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 1 %128 = bitcast %struct.arch_uprobe_task* %127 to i8* %129 = bitcast %struct.arch_uprobe_task* %127 to i32* %130 = load i32, i32* %129, align 1 %131 = getelementptr inbounds i8, i8* %128, i64 4 %132 = bitcast i8* %131 to i32* %133 = load i32, i32* %132, align 1 %134 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 1, i32 1 %135 = load i32, i32* %134, align 1 %136 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %137 = inttoptr i64 %136 to %struct.task_struct* %138 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %137, i64 0, i32 94 %139 = load %struct.cred*, %struct.cred** %138, align 8 %140 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 22 %141 = icmp ne i32 %133, -1 %142 = icmp ne i32 %135, -1 %143 = and i1 %141, %142 br i1 %143, label %144, label %221 %145 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %137, i32 1, %struct.pid_namespace* null) #84 %146 = icmp eq i32 %130, %145 br i1 %146, label %152, label %147 %148 = tail call %struct.pid_namespace* @task_active_pid_ns(%struct.task_struct* %137) #84 %149 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %148, i64 0, i32 8 %150 = load %struct.user_namespace*, %struct.user_namespace** %149, align 8 %151 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %150, i32 21) #84 br i1 %151, label %152, label %221 %153 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 1, i32 0 %154 = load i32, i32* %153, align 4 %155 = icmp eq i32 %133, %154 br i1 %155, label %167, label %156 %157 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 5, i32 0 %158 = load i32, i32* %157, align 4 %159 = icmp eq i32 %133, %158 br i1 %159, label %167, label %160 %161 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 3, i32 0 %162 = load i32, i32* %161, align 4 %163 = icmp eq i32 %133, %162 br i1 %163, label %167, label %164 %165 = load %struct.user_namespace*, %struct.user_namespace** %140, align 8 %166 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %165, i32 7) #84 br i1 %166, label %167, label %221 %168 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 2, i32 0 %169 = load i32, i32* %168, align 8 %170 = icmp eq i32 %135, %169 br i1 %170, label %182, label %171 %172 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 6, i32 0 %173 = load i32, i32* %172, align 8 %174 = icmp eq i32 %135, %173 br i1 %174, label %182, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %139, i64 0, i32 4, i32 0 %177 = load i32, i32* %176, align 8 %178 = icmp eq i32 %135, %177 br i1 %178, label %182, label %179 %180 = load %struct.user_namespace*, %struct.user_namespace** %140, align 8 %181 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %180, i32 6) #84 br i1 %181, label %182, label %221 store i32 %130, i32* %15, align 8 %183 = load %struct.pid*, %struct.pid** %16, align 8 %184 = icmp eq %struct.pid* %183, null br i1 %184, label %188, label %185 %186 = tail call i32 @pid_vnr(%struct.pid* nonnull %183) #84 %187 = icmp eq i32 %186, %130 br i1 %187, label %193, label %188 %189 = tail call %struct.pid* @find_get_pid(i32 %130) #84 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 %26 = add i32 %22, 1 %27 = or i32 %26, %22 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 __se_sys_pidfd_open 2 __ia32_sys_pidfd_open ------------- Path:  Function:__ia32_sys_pidfd_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_pidfd_open(i64 %4, i64 %7) #83 Function:__se_sys_pidfd_open %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = and i32 %4, -2049 %6 = icmp ne i32 %5, 0 %7 = icmp slt i32 %3, 1 %8 = or i1 %7, %6 br i1 %8, label %34, label %9 %10 = tail call %struct.pid* @find_get_pid(i32 %3) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 %26 = add i32 %22, 1 %27 = or i32 %26, %22 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 __se_sys_pidfd_open 2 __x64_sys_pidfd_open ------------- Path:  Function:__x64_sys_pidfd_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_pidfd_open(i64 %3, i64 %5) #83 Function:__se_sys_pidfd_open %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = and i32 %4, -2049 %6 = icmp ne i32 %5, 0 %7 = icmp slt i32 %3, 1 %8 = or i1 %7, %6 br i1 %8, label %34, label %9 %10 = tail call %struct.pid* @find_get_pid(i32 %3) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 %26 = add i32 %22, 1 %27 = or i32 %26, %22 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_waitid 2 __se_compat_sys_waitid 3 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #83 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %21 = icmp slt i32 %1, 0 br i1 %21, label %65, label %22 %23 = icmp eq i32 %1, 0 br i1 %23, label %26, label %24 %25 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %1) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 %26 = add i32 %22, 1 %27 = or i32 %26, %22 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_waitid 2 __se_sys_waitid 3 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #83 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %21 = icmp slt i32 %1, 0 br i1 %21, label %65, label %22 %23 = icmp eq i32 %1, 0 br i1 %23, label %26, label %24 %25 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %1) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 %26 = add i32 %22, 1 %27 = or i32 %26, %22 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_waitid 2 __se_sys_waitid 3 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #83 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %21 = icmp slt i32 %1, 0 br i1 %21, label %65, label %22 %23 = icmp eq i32 %1, 0 br i1 %23, label %26, label %24 %25 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %1) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 %26 = add i32 %22, 1 %27 = or i32 %26, %22 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_wait4 2 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #83 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %11 = icmp slt i32 %0, 0 br i1 %11, label %12, label %15 %16 = icmp eq i32 %0, 0 br i1 %16, label %17, label %21 %22 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %0) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 %26 = add i32 %22, 1 %27 = or i32 %26, %22 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_wait4 2 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #83 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %11 = icmp slt i32 %0, 0 br i1 %11, label %12, label %15 %16 = icmp eq i32 %0, 0 br i1 %16, label %17, label %21 %22 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %0) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 %26 = add i32 %22, 1 %27 = or i32 %26, %22 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_wait4 2 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #83 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %11 = icmp slt i32 %0, 0 br i1 %11, label %12, label %15 %16 = icmp eq i32 %0, 0 br i1 %16, label %17, label %21 %22 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %0) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 %26 = add i32 %22, 1 %27 = or i32 %26, %22 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_wait4 2 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #83 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %11 = icmp slt i32 %0, 0 br i1 %11, label %12, label %15 %16 = icmp eq i32 %0, 0 br i1 %16, label %17, label %21 %22 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %0) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 %26 = add i32 %22, 1 %27 = or i32 %26, %22 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_pid 1 kernel_wait4 2 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #83 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %11 = icmp slt i32 %0, 0 br i1 %11, label %12, label %15 %16 = icmp eq i32 %0, 0 br i1 %16, label %17, label %21 %22 = tail call %struct.pid.48871* bitcast (%struct.pid* (i32)* @find_get_pid to %struct.pid.48871* (i32)*)(i32 %0) #83 Function:find_get_pid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %30, label %19 %20 = bitcast i8* %17 to %struct.seqcount_spinlock* %21 = bitcast i8* %17 to i32* %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %21, i32 1, i32* nonnull %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 %26 = add i32 %22, 1 %27 = or i32 %26, %22 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %20, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_task_by_vpid 1 __se_sys_ptrace 2 __ia32_sys_ptrace ------------- Path:  Function:__ia32_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_ptrace(i64 %4, i64 %7, i64 %10, i64 %13) #83 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct* @find_get_task_by_vpid(i32 %10) #83 Function:find_get_task_by_vpid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %8 = getelementptr inbounds %struct.pid, %struct.pid* %5, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = zext i32 %9 to i64 %11 = getelementptr %struct.pid, %struct.pid* %5, i64 0, i32 7, i64 %10, i32 1 %12 = load %struct.pid_namespace*, %struct.pid_namespace** %11, align 8 br label %13 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %40, label %19 %20 = getelementptr i8, i8* %17, i64 16 %21 = bitcast i8* %20 to %struct.hlist_node** %22 = load volatile %struct.hlist_node*, %struct.hlist_node** %21, align 8 %23 = icmp eq %struct.hlist_node* %22, null %24 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -93 %25 = bitcast %struct.hlist_node* %24 to %struct.task_struct* %26 = icmp eq %struct.hlist_node* %24, null %27 = or i1 %23, %26 br i1 %27, label %40, label %28 %29 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -91, i32 1 %30 = bitcast %struct.hlist_node*** %29 to %struct.seqcount_spinlock* %31 = bitcast %struct.hlist_node*** %29 to i32* %32 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !5 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %35, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %30, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_task_by_vpid 1 __se_sys_ptrace 2 __x64_sys_ptrace ------------- Path:  Function:__x64_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_ptrace(i64 %3, i64 %5, i64 %7, i64 %9) #83 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct* @find_get_task_by_vpid(i32 %10) #83 Function:find_get_task_by_vpid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %8 = getelementptr inbounds %struct.pid, %struct.pid* %5, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = zext i32 %9 to i64 %11 = getelementptr %struct.pid, %struct.pid* %5, i64 0, i32 7, i64 %10, i32 1 %12 = load %struct.pid_namespace*, %struct.pid_namespace** %11, align 8 br label %13 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %40, label %19 %20 = getelementptr i8, i8* %17, i64 16 %21 = bitcast i8* %20 to %struct.hlist_node** %22 = load volatile %struct.hlist_node*, %struct.hlist_node** %21, align 8 %23 = icmp eq %struct.hlist_node* %22, null %24 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -93 %25 = bitcast %struct.hlist_node* %24 to %struct.task_struct* %26 = icmp eq %struct.hlist_node* %24, null %27 = or i1 %23, %26 br i1 %27, label %40, label %28 %29 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -91, i32 1 %30 = bitcast %struct.hlist_node*** %29 to %struct.seqcount_spinlock* %31 = bitcast %struct.hlist_node*** %29 to i32* %32 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !5 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %35, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %30, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_task_by_vpid 1 __ia32_compat_sys_ptrace ------------- Path:  Function:__ia32_compat_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp eq i32 %9, 0 br i1 %12, label %13, label %16 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %18 to i32 %20 = tail call %struct.task_struct* @find_get_task_by_vpid(i32 %19) #83 Function:find_get_task_by_vpid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %8 = getelementptr inbounds %struct.pid, %struct.pid* %5, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = zext i32 %9 to i64 %11 = getelementptr %struct.pid, %struct.pid* %5, i64 0, i32 7, i64 %10, i32 1 %12 = load %struct.pid_namespace*, %struct.pid_namespace** %11, align 8 br label %13 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %40, label %19 %20 = getelementptr i8, i8* %17, i64 16 %21 = bitcast i8* %20 to %struct.hlist_node** %22 = load volatile %struct.hlist_node*, %struct.hlist_node** %21, align 8 %23 = icmp eq %struct.hlist_node* %22, null %24 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -93 %25 = bitcast %struct.hlist_node* %24 to %struct.task_struct* %26 = icmp eq %struct.hlist_node* %24, null %27 = or i1 %23, %26 br i1 %27, label %40, label %28 %29 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -91, i32 1 %30 = bitcast %struct.hlist_node*** %29 to %struct.seqcount_spinlock* %31 = bitcast %struct.hlist_node*** %29 to i32* %32 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !5 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %35, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %30, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_task_by_vpid 1 __se_sys_ptrace 2 __ia32_sys_ptrace ------------- Path:  Function:__ia32_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_ptrace(i64 %4, i64 %7, i64 %10, i64 %13) #83 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct* @find_get_task_by_vpid(i32 %10) #83 Function:find_get_task_by_vpid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %8 = getelementptr inbounds %struct.pid, %struct.pid* %5, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = zext i32 %9 to i64 %11 = getelementptr %struct.pid, %struct.pid* %5, i64 0, i32 7, i64 %10, i32 1 %12 = load %struct.pid_namespace*, %struct.pid_namespace** %11, align 8 br label %13 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %40, label %19 %20 = getelementptr i8, i8* %17, i64 16 %21 = bitcast i8* %20 to %struct.hlist_node** %22 = load volatile %struct.hlist_node*, %struct.hlist_node** %21, align 8 %23 = icmp eq %struct.hlist_node* %22, null %24 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -93 %25 = bitcast %struct.hlist_node* %24 to %struct.task_struct* %26 = icmp eq %struct.hlist_node* %24, null %27 = or i1 %23, %26 br i1 %27, label %40, label %28 %29 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -91, i32 1 %30 = bitcast %struct.hlist_node*** %29 to %struct.seqcount_spinlock* %31 = bitcast %struct.hlist_node*** %29 to i32* %32 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !5 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %35, !prof !6, !misexpect !7 %36 = add i32 %32, 1 %37 = or i32 %36, %32 %38 = icmp sgt i32 %37, -1 br i1 %38, label %40, label %39, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %30, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_task_by_vpid 1 __se_sys_ptrace 2 __x64_sys_ptrace ------------- Path:  Function:__x64_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_ptrace(i64 %3, i64 %5, i64 %7, i64 %9) #83 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct* @find_get_task_by_vpid(i32 %10) #83 Function:find_get_task_by_vpid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %8 = getelementptr inbounds %struct.pid, %struct.pid* %5, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = zext i32 %9 to i64 %11 = getelementptr %struct.pid, %struct.pid* %5, i64 0, i32 7, i64 %10, i32 1 %12 = load %struct.pid_namespace*, %struct.pid_namespace** %11, align 8 br label %13 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %40, label %19 %20 = getelementptr i8, i8* %17, i64 16 %21 = bitcast i8* %20 to %struct.hlist_node** %22 = load volatile %struct.hlist_node*, %struct.hlist_node** %21, align 8 %23 = icmp eq %struct.hlist_node* %22, null %24 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -93 %25 = bitcast %struct.hlist_node* %24 to %struct.task_struct* %26 = icmp eq %struct.hlist_node* %24, null %27 = or i1 %23, %26 br i1 %27, label %40, label %28 %29 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -91, i32 1 %30 = bitcast %struct.hlist_node*** %29 to %struct.seqcount_spinlock* %31 = bitcast %struct.hlist_node*** %29 to i32* %32 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !5 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %35, !prof !6, !misexpect !7 %36 = add i32 %32, 1 %37 = or i32 %36, %32 %38 = icmp sgt i32 %37, -1 br i1 %38, label %40, label %39, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %30, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 find_get_task_by_vpid 1 __ia32_compat_sys_ptrace ------------- Path:  Function:__ia32_compat_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp eq i32 %9, 0 br i1 %12, label %13, label %16 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %18 to i32 %20 = tail call %struct.task_struct* @find_get_task_by_vpid(i32 %19) #83 Function:find_get_task_by_vpid tail call void @__rcu_read_lock() #83 %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 72 %5 = load %struct.pid*, %struct.pid** %4, align 8 %6 = icmp eq %struct.pid* %5, null br i1 %6, label %13, label %7 %8 = getelementptr inbounds %struct.pid, %struct.pid* %5, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = zext i32 %9 to i64 %11 = getelementptr %struct.pid, %struct.pid* %5, i64 0, i32 7, i64 %10, i32 1 %12 = load %struct.pid_namespace*, %struct.pid_namespace** %11, align 8 br label %13 %14 = phi %struct.pid_namespace* [ %12, %7 ], [ null, %1 ] %15 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %14, i64 0, i32 0 %16 = sext i32 %0 to i64 %17 = tail call i8* @idr_find(%struct.idr* %15, i64 %16) #83 %18 = icmp eq i8* %17, null br i1 %18, label %40, label %19 %20 = getelementptr i8, i8* %17, i64 16 %21 = bitcast i8* %20 to %struct.hlist_node** %22 = load volatile %struct.hlist_node*, %struct.hlist_node** %21, align 8 %23 = icmp eq %struct.hlist_node* %22, null %24 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -93 %25 = bitcast %struct.hlist_node* %24 to %struct.task_struct* %26 = icmp eq %struct.hlist_node* %24, null %27 = or i1 %23, %26 br i1 %27, label %40, label %28 %29 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -91, i32 1 %30 = bitcast %struct.hlist_node*** %29 to %struct.seqcount_spinlock* %31 = bitcast %struct.hlist_node*** %29 to i32* %32 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !5 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %35, !prof !6, !misexpect !7 %36 = add i32 %32, 1 %37 = or i32 %36, %32 %38 = icmp sgt i32 %37, -1 br i1 %38, label %40, label %39, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %30, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __ia32_sys_sched_setparam ------------- Path:  Function:__ia32_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = inttoptr i64 %6 to %struct.kuid_t* %9 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %8) #83 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void @__rcu_read_lock() #83 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %21 %22 = phi %struct.task_struct* [ %17, %16 ], [ %20, %18 ] %23 = icmp eq %struct.task_struct* %22, null br i1 %23, label %62, label %24, !prof !5, !misexpect !6 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 3 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 0, i32 0, i32 0 %27 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %26, i32 1, i32* %26) #6, !srcloc !7 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !5, !misexpect !8 %30 = add i32 %27, 1 %31 = or i32 %30, %27 %32 = icmp sgt i32 %31, -1 br i1 %32, label %35, label %33, !prof !9, !misexpect !8 %34 = phi i32 [ 2, %24 ], [ 1, %29 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %25, i32 %34) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __ia32_sys_sched_setscheduler ------------- Path:  Function:__ia32_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %16, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %9 to %struct.kuid_t* %13 = trunc i64 %11 to i32 %14 = tail call fastcc i32 @do_sched_setscheduler(i32 %13, i32 %4, %struct.kuid_t* %12) #83 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void @__rcu_read_lock() #83 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %21 %22 = phi %struct.task_struct* [ %17, %16 ], [ %20, %18 ] %23 = icmp eq %struct.task_struct* %22, null br i1 %23, label %62, label %24, !prof !5, !misexpect !6 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 3 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 0, i32 0, i32 0 %27 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %26, i32 1, i32* %26) #6, !srcloc !7 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !5, !misexpect !8 %30 = add i32 %27, 1 %31 = or i32 %30, %27 %32 = icmp sgt i32 %31, -1 br i1 %32, label %35, label %33, !prof !9, !misexpect !8 %34 = phi i32 [ 2, %24 ], [ 1, %29 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %25, i32 %34) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __x64_sys_sched_setparam ------------- Path:  Function:__x64_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.kuid_t** %6 = load %struct.kuid_t*, %struct.kuid_t** %5, align 8 %7 = trunc i64 %3 to i32 %8 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %6) #83 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void @__rcu_read_lock() #83 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %21 %22 = phi %struct.task_struct* [ %17, %16 ], [ %20, %18 ] %23 = icmp eq %struct.task_struct* %22, null br i1 %23, label %62, label %24, !prof !5, !misexpect !6 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 3 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 0, i32 0, i32 0 %27 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %26, i32 1, i32* %26) #6, !srcloc !7 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !5, !misexpect !8 %30 = add i32 %27, 1 %31 = or i32 %30, %27 %32 = icmp sgt i32 %31, -1 br i1 %32, label %35, label %33, !prof !9, !misexpect !8 %34 = phi i32 [ 2, %24 ], [ 1, %29 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %25, i32 %34) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __x64_sys_sched_setscheduler ------------- Path:  Function:__x64_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %15, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to %struct.kuid_t** %9 = load %struct.kuid_t*, %struct.kuid_t** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %11 to i32 %13 = tail call fastcc i32 @do_sched_setscheduler(i32 %12, i32 %4, %struct.kuid_t* %9) #83 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void @__rcu_read_lock() #83 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %21 %22 = phi %struct.task_struct* [ %17, %16 ], [ %20, %18 ] %23 = icmp eq %struct.task_struct* %22, null br i1 %23, label %62, label %24, !prof !5, !misexpect !6 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 3 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 0, i32 0, i32 0 %27 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %26, i32 1, i32* %26) #6, !srcloc !7 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !5, !misexpect !8 %30 = add i32 %27, 1 %31 = or i32 %30, %27 %32 = icmp sgt i32 %31, -1 br i1 %32, label %35, label %33, !prof !9, !misexpect !8 %34 = phi i32 [ 2, %24 ], [ 1, %29 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %25, i32 %34) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #83 %44 = icmp sgt i32 %43, 0 %45 = icmp eq i32 %43, 0 %46 = select i1 %45, i32 -7, i32 %43 br i1 %44, label %47, label %50 %48 = call i64 @_copy_from_user(i8* nonnull %7, i8* %29, i64 %33) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %54, label %64 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %31, %58 br i1 %59, label %64, label %67 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %69 = load i32, i32* %68, align 8 %70 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %71 = load i32, i32* %70, align 4 %72 = icmp slt i32 %71, 0 %73 = and i64 %56, 8 %74 = icmp sgt i32 %69, -20 br i1 %74, label %75, label %77 %76 = icmp slt i32 %69, 19 br i1 %76, label %77, label %79 store i32 19, i32* %68, align 8 br i1 %72, label %139, label %80 %81 = icmp eq i64 %73, 0 br i1 %81, label %83, label %82 store i32 -1, i32* %70, align 4 br label %83 %84 = phi i64* [ %53, %51 ], [ %55, %80 ], [ %55, %82 ] %85 = phi i32* [ %52, %51 ], [ %68, %80 ], [ %68, %82 ] call void @__rcu_read_lock() #83 %86 = icmp eq i32 %5, 0 br i1 %86, label %89, label %87 %90 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %91 = inttoptr i64 %90 to %struct.task_struct* br label %92 %93 = phi %struct.task_struct* [ %88, %87 ], [ %91, %89 ] %94 = icmp eq %struct.task_struct* %93, null br i1 %94, label %138, label %95, !prof !7, !misexpect !8 %96 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %93, i64 0, i32 3 %97 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %96, i64 0, i32 0, i32 0 %98 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %97, i32 1, i32* %97) #6, !srcloc !9 %99 = icmp eq i32 %98, 0 br i1 %99, label %104, label %100, !prof !7, !misexpect !10 %101 = add i32 %98, 1 %102 = or i32 %101, %98 %103 = icmp sgt i32 %102, -1 br i1 %103, label %106, label %104, !prof !11, !misexpect !10 %105 = phi i32 [ 2, %95 ], [ 1, %100 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %96, i32 %105) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #83 %44 = icmp sgt i32 %43, 0 %45 = icmp eq i32 %43, 0 %46 = select i1 %45, i32 -7, i32 %43 br i1 %44, label %47, label %50 %48 = call i64 @_copy_from_user(i8* nonnull %7, i8* %29, i64 %33) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %54, label %64 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %31, %58 br i1 %59, label %64, label %67 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %69 = load i32, i32* %68, align 8 %70 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %71 = load i32, i32* %70, align 4 %72 = icmp slt i32 %71, 0 %73 = and i64 %56, 8 %74 = icmp sgt i32 %69, -20 br i1 %74, label %75, label %77 %76 = icmp slt i32 %69, 19 br i1 %76, label %77, label %79 store i32 19, i32* %68, align 8 br i1 %72, label %139, label %80 %81 = icmp eq i64 %73, 0 br i1 %81, label %83, label %82 store i32 -1, i32* %70, align 4 br label %83 %84 = phi i64* [ %53, %51 ], [ %55, %80 ], [ %55, %82 ] %85 = phi i32* [ %52, %51 ], [ %68, %80 ], [ %68, %82 ] call void @__rcu_read_lock() #83 %86 = icmp eq i32 %5, 0 br i1 %86, label %89, label %87 %90 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %91 = inttoptr i64 %90 to %struct.task_struct* br label %92 %93 = phi %struct.task_struct* [ %88, %87 ], [ %91, %89 ] %94 = icmp eq %struct.task_struct* %93, null br i1 %94, label %138, label %95, !prof !7, !misexpect !8 %96 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %93, i64 0, i32 3 %97 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %96, i64 0, i32 0, i32 0 %98 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %97, i32 1, i32* %97) #6, !srcloc !9 %99 = icmp eq i32 %98, 0 br i1 %99, label %104, label %100, !prof !7, !misexpect !10 %101 = add i32 %98, 1 %102 = or i32 %101, %98 %103 = icmp sgt i32 %102, -1 br i1 %103, label %106, label %104, !prof !11, !misexpect !10 %105 = phi i32 [ 2, %95 ], [ 1, %100 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %96, i32 %105) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __se_compat_sys_sched_setaffinity 2 __ia32_compat_sys_sched_setaffinity ------------- Path:  Function:__ia32_compat_sys_sched_setaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_setaffinity(i64 %4, i64 %7, i64 %10) #83 Function:__se_compat_sys_sched_setaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = inttoptr i64 %2 to i32* %8 = bitcast [1 x %struct.cpumask]* %4 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %10 = icmp ult i32 %6, 8 br i1 %10, label %11, label %16 %12 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = shl i64 %1, 3 %14 = and i64 %13, 4294967288 %15 = add nuw nsw i64 %14, 31 br label %16 %17 = phi i64 [ %15, %11 ], [ 95, %3 ] %18 = lshr i64 %17, 3 %19 = and i64 %18, 2305843009213693948 %20 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %21 = add i64 %19, %2 %22 = icmp ult i64 %21, %19 %23 = icmp ugt i64 %21, %20 %24 = or i1 %22, %23 br i1 %24, label %60, label %25, !prof !5, !misexpect !6 %26 = lshr i64 %17, 5 %27 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %28 %29 = phi i64 [ %26, %25 ], [ %47, %40 ] %30 = phi i32* [ %7, %25 ], [ %41, %40 ] %31 = phi i64* [ %27, %25 ], [ %46, %40 ] %32 = icmp ugt i64 %29, 1 br i1 %32, label %33, label %48 %49 = icmp eq i64 %29, 0 br i1 %49, label %56, label %50 %51 = bitcast i32* %30 to %struct.__large_struct* %52 = callbr i32 asm "\0A1:\09movl $1,$0\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long 3 \0A .popsection\0A", "=r,*m,X,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %51, i8* blockaddress(@__se_compat_sys_sched_setaffinity, %55)) #4 to label %53 [label %55], !srcloc !11 %54 = zext i32 %52 to i64 store i64 %54, i64* %31, align 8 br label %56 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %57 = call i64 @sched_setaffinity(i32 %5, %struct.cpumask* nonnull %9) #83 Function:sched_setaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !5 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !6, !misexpect !7 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !8, !misexpect !7 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_sys_sched_setaffinity ------------- Path:  Function:__ia32_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = and i64 %6, 4294967295 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 br label %18 %19 = phi i64 [ %16, %15 ], [ 8, %1 ] %20 = inttoptr i64 %9 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %12, i8* %20, i64 %19) #83 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %27 %24 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #83 Function:sched_setaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !5 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !6, !misexpect !7 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !8, !misexpect !7 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __x64_sys_sched_setaffinity ------------- Path:  Function:__x64_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %16, align 8 %17 = and i64 %6, 4294967295 br label %18 %19 = phi i64 [ %17, %15 ], [ 8, %1 ] %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* %9, i64 %19) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 %23 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #83 Function:sched_setaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !5 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !6, !misexpect !7 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !8, !misexpect !7 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __se_compat_sys_sched_setaffinity 2 __ia32_compat_sys_sched_setaffinity ------------- Path:  Function:__ia32_compat_sys_sched_setaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_setaffinity(i64 %4, i64 %7, i64 %10) #83 Function:__se_compat_sys_sched_setaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = inttoptr i64 %2 to i32* %8 = bitcast [1 x %struct.cpumask]* %4 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %10 = icmp ult i32 %6, 8 br i1 %10, label %11, label %16 %12 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = shl i64 %1, 3 %14 = and i64 %13, 4294967288 %15 = add nuw nsw i64 %14, 31 br label %16 %17 = phi i64 [ %15, %11 ], [ 95, %3 ] %18 = lshr i64 %17, 3 %19 = and i64 %18, 2305843009213693948 %20 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %21 = add i64 %19, %2 %22 = icmp ult i64 %21, %19 %23 = icmp ugt i64 %21, %20 %24 = or i1 %22, %23 br i1 %24, label %60, label %25, !prof !5, !misexpect !6 %26 = lshr i64 %17, 5 %27 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %28 %29 = phi i64 [ %26, %25 ], [ %47, %40 ] %30 = phi i32* [ %7, %25 ], [ %41, %40 ] %31 = phi i64* [ %27, %25 ], [ %46, %40 ] %32 = icmp ugt i64 %29, 1 br i1 %32, label %33, label %48 %49 = icmp eq i64 %29, 0 br i1 %49, label %56, label %50 %51 = bitcast i32* %30 to %struct.__large_struct* %52 = callbr i32 asm "\0A1:\09movl $1,$0\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long 3 \0A .popsection\0A", "=r,*m,X,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %51, i8* blockaddress(@__se_compat_sys_sched_setaffinity, %55)) #4 to label %53 [label %55], !srcloc !11 %54 = zext i32 %52 to i64 store i64 %54, i64* %31, align 8 br label %56 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %57 = call i64 @sched_setaffinity(i32 %5, %struct.cpumask* nonnull %9) #83 Function:sched_setaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !5 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !6, !misexpect !7 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !8, !misexpect !7 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #83 br label %24 tail call void @__rcu_read_unlock() #83 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 67108864 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %56 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 94 %33 = load %struct.cred*, %struct.cred** %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 93 %35 = load volatile %struct.cred*, %struct.cred** %34, align 32 %36 = getelementptr inbounds %struct.cred, %struct.cred* %33, i64 0, i32 5, i32 0 %37 = load i32, i32* %36, align 4 %38 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %37, %39 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 1, i32 0 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %37, %44 tail call void @__rcu_read_unlock() #83 br i1 %45, label %51, label %46 tail call void @__rcu_read_lock() #83 %47 = load volatile %struct.cred*, %struct.cred** %34, align 32 %48 = getelementptr inbounds %struct.cred, %struct.cred* %47, i64 0, i32 22 %49 = load %struct.user_namespace*, %struct.user_namespace** %48, align 8 %50 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %49, i32 23) #83 tail call void @__rcu_read_unlock() #83 br i1 %50, label %51, label %56 %57 = phi i32 [ %52, %51 ], [ %55, %54 ], [ -22, %24 ], [ -1, %46 ] %58 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 -1, i32* %15) #6, !srcloc !9 %59 = icmp eq i32 %58, 1 br i1 %59, label %65, label %60 %61 = add i32 %58, -1 %62 = or i32 %61, %58 %63 = icmp sgt i32 %62, -1 br i1 %63, label %66, label %64, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_sys_sched_setaffinity ------------- Path:  Function:__ia32_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = and i64 %6, 4294967295 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 br label %18 %19 = phi i64 [ %16, %15 ], [ 8, %1 ] %20 = inttoptr i64 %9 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %12, i8* %20, i64 %19) #83 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %27 %24 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #83 Function:sched_setaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !5 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !6, !misexpect !7 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !8, !misexpect !7 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #83 br label %24 tail call void @__rcu_read_unlock() #83 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 67108864 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %56 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 94 %33 = load %struct.cred*, %struct.cred** %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 93 %35 = load volatile %struct.cred*, %struct.cred** %34, align 32 %36 = getelementptr inbounds %struct.cred, %struct.cred* %33, i64 0, i32 5, i32 0 %37 = load i32, i32* %36, align 4 %38 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %37, %39 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 1, i32 0 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %37, %44 tail call void @__rcu_read_unlock() #83 br i1 %45, label %51, label %46 tail call void @__rcu_read_lock() #83 %47 = load volatile %struct.cred*, %struct.cred** %34, align 32 %48 = getelementptr inbounds %struct.cred, %struct.cred* %47, i64 0, i32 22 %49 = load %struct.user_namespace*, %struct.user_namespace** %48, align 8 %50 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %49, i32 23) #83 tail call void @__rcu_read_unlock() #83 br i1 %50, label %51, label %56 %57 = phi i32 [ %52, %51 ], [ %55, %54 ], [ -22, %24 ], [ -1, %46 ] %58 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 -1, i32* %15) #6, !srcloc !9 %59 = icmp eq i32 %58, 1 br i1 %59, label %65, label %60 %61 = add i32 %58, -1 %62 = or i32 %61, %58 %63 = icmp sgt i32 %62, -1 br i1 %63, label %66, label %64, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __x64_sys_sched_setaffinity ------------- Path:  Function:__x64_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %16, align 8 %17 = and i64 %6, 4294967295 br label %18 %19 = phi i64 [ %17, %15 ], [ 8, %1 ] %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* %9, i64 %19) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 %23 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #83 Function:sched_setaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !5 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !6, !misexpect !7 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !8, !misexpect !7 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #83 br label %24 tail call void @__rcu_read_unlock() #83 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 67108864 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %56 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 94 %33 = load %struct.cred*, %struct.cred** %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 93 %35 = load volatile %struct.cred*, %struct.cred** %34, align 32 %36 = getelementptr inbounds %struct.cred, %struct.cred* %33, i64 0, i32 5, i32 0 %37 = load i32, i32* %36, align 4 %38 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %37, %39 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 1, i32 0 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %37, %44 tail call void @__rcu_read_unlock() #83 br i1 %45, label %51, label %46 tail call void @__rcu_read_lock() #83 %47 = load volatile %struct.cred*, %struct.cred** %34, align 32 %48 = getelementptr inbounds %struct.cred, %struct.cred* %47, i64 0, i32 22 %49 = load %struct.user_namespace*, %struct.user_namespace** %48, align 8 %50 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %49, i32 23) #83 tail call void @__rcu_read_unlock() #83 br i1 %50, label %51, label %56 %57 = phi i32 [ %52, %51 ], [ %55, %54 ], [ -22, %24 ], [ -1, %46 ] %58 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 -1, i32* %15) #6, !srcloc !9 %59 = icmp eq i32 %58, 1 br i1 %59, label %65, label %60 %61 = add i32 %58, -1 %62 = or i32 %61, %58 %63 = icmp sgt i32 %62, -1 br i1 %63, label %66, label %64, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __ia32_sys_kcmp ------------- Path:  Function:__ia32_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_kcmp(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_kcmp %6 = alloca %struct.kernel_symbol, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void @__rcu_read_lock() #83 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #83 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #83 %12 = icmp ne %struct.task_struct* %10, null %13 = icmp ne %struct.task_struct* %11, null %14 = and i1 %12, %13 br i1 %14, label %15, label %261 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __x64_sys_kcmp ------------- Path:  Function:__x64_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_kcmp(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_kcmp %6 = alloca %struct.kernel_symbol, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void @__rcu_read_lock() #83 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #83 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #83 %12 = icmp ne %struct.task_struct* %10, null %13 = icmp ne %struct.task_struct* %11, null %14 = and i1 %12, %13 br i1 %14, label %15, label %261 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __ia32_sys_kcmp ------------- Path:  Function:__ia32_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_kcmp(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_kcmp %6 = alloca %struct.kernel_symbol, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void @__rcu_read_lock() #83 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #83 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #83 %12 = icmp ne %struct.task_struct* %10, null %13 = icmp ne %struct.task_struct* %11, null %14 = and i1 %12, %13 br i1 %14, label %15, label %261 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #83 br label %26 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 0 br i1 %30, label %35, label %31, !prof !5, !misexpect !6 %32 = add i32 %29, 1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !7, !misexpect !6 %36 = phi i32 [ 2, %26 ], [ 1, %31 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %27, i32 %36) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __x64_sys_kcmp ------------- Path:  Function:__x64_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_kcmp(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_kcmp %6 = alloca %struct.kernel_symbol, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void @__rcu_read_lock() #83 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #83 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #83 %12 = icmp ne %struct.task_struct* %10, null %13 = icmp ne %struct.task_struct* %11, null %14 = and i1 %12, %13 br i1 %14, label %15, label %261 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #83 br label %26 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 0 br i1 %30, label %35, label %31, !prof !5, !misexpect !6 %32 = add i32 %29, 1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !7, !misexpect !6 %36 = phi i32 [ 2, %26 ], [ 1, %31 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %27, i32 %36) #83 ------------- Use: =BAD PATH= Call Stack: 0 timens_put ------------- Path:  Function:timens_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -1, i32 1 %3 = bitcast %struct.proc_ns_operations** %2 to %struct.time_namespace* %4 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %3, i64 0, i32 2, i32 3 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !4 %7 = icmp eq i32 %6, 1 br i1 %7, label %13, label %8 %9 = add i32 %6, -1 %10 = or i32 %9, %6 %11 = icmp sgt i32 %10, -1 br i1 %11, label %24, label %12, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 timens_put ------------- Path:  Function:timens_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -1, i32 1 %3 = bitcast %struct.proc_ns_operations** %2 to %struct.time_namespace* %4 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %3, i64 0, i32 2, i32 3 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !4 %7 = icmp eq i32 %6, 1 br i1 %7, label %13, label %8 %9 = add i32 %6, -1 %10 = or i32 %9, %6 %11 = icmp sgt i32 %10, -1 br i1 %11, label %24, label %12, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 timens_get ------------- Path:  Function:timens_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 6 %8 = load %struct.time_namespace*, %struct.time_namespace** %7, align 8 %9 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %8, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %14, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 timens_get ------------- Path:  Function:timens_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 6 %8 = load %struct.time_namespace*, %struct.time_namespace** %7, align 8 %9 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %8, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %14, !prof !5, !misexpect !6 %15 = add i32 %11, 1 %16 = or i32 %15, %11 %17 = icmp sgt i32 %16, -1 br i1 %17, label %19, label %18, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 timens_for_children_get ------------- Path:  Function:timens_for_children_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 7 %8 = load %struct.time_namespace*, %struct.time_namespace** %7, align 8 %9 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %8, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %14, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 timens_for_children_get ------------- Path:  Function:timens_for_children_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 7 %8 = load %struct.time_namespace*, %struct.time_namespace** %7, align 8 %9 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %8, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %14, !prof !5, !misexpect !6 %15 = add i32 %11, 1 %16 = or i32 %15, %11 %17 = icmp sgt i32 %16, -1 br i1 %17, label %19, label %18, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = bitcast %struct.ns_common* %0 to %struct.cgroup_namespace* %3 = icmp eq %struct.ns_common* %0, null br i1 %3, label %15, label %4 %5 = getelementptr inbounds %struct.ns_common, %struct.ns_common* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 %10 = add i32 %7, -1 %11 = or i32 %10, %7 %12 = icmp sgt i32 %11, -1 br i1 %12, label %15, label %13, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %5, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 cgroupns_get ------------- Path:  Function:cgroupns_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %21, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 8 %8 = load %struct.cgroup_namespace*, %struct.cgroup_namespace** %7, align 8 %9 = icmp eq %struct.cgroup_namespace* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.cgroup_namespace, %struct.cgroup_namespace* %8, i64 0, i32 0, i32 3 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %16, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 cgroupns_get ------------- Path:  Function:cgroupns_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %21, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 8 %8 = load %struct.cgroup_namespace*, %struct.cgroup_namespace** %7, align 8 %9 = icmp eq %struct.cgroup_namespace* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.cgroup_namespace, %struct.cgroup_namespace* %8, i64 0, i32 0, i32 3 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %16, !prof !5, !misexpect !6 %17 = add i32 %13, 1 %18 = or i32 %17, %13 %19 = icmp sgt i32 %18, -1 br i1 %19, label %21, label %20, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 utsns_put ------------- Path:  Function:utsns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 0, i32 3 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 %7 = add i32 %4, -1 %8 = or i32 %7, %4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %20, label %10, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %2, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 utsns_get ------------- Path:  Function:utsns_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 1 %8 = load %struct.uts_namespace*, %struct.uts_namespace** %7, align 8 %9 = getelementptr inbounds %struct.uts_namespace, %struct.uts_namespace* %8, i64 0, i32 3, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %14, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 utsns_get ------------- Path:  Function:utsns_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 1 %8 = load %struct.uts_namespace*, %struct.uts_namespace** %7, align 8 %9 = getelementptr inbounds %struct.uts_namespace, %struct.uts_namespace* %8, i64 0, i32 3, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %14, !prof !5, !misexpect !6 %15 = add i32 %11, 1 %16 = or i32 %15, %11 %17 = icmp sgt i32 %16, -1 br i1 %17, label %19, label %18, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 pidns_get_parent ------------- Path:  Function:pidns_get_parent %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = tail call %struct.pid_namespace* @task_active_pid_ns(%struct.task_struct* %3) #83 %5 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -5, i32 1 %6 = getelementptr inbounds %struct.proc_ns_operations*, %struct.proc_ns_operations** %5, i64 9 %7 = bitcast %struct.proc_ns_operations** %6 to %struct.pid_namespace** %8 = load %struct.pid_namespace*, %struct.pid_namespace** %7, align 8 %9 = icmp eq %struct.pid_namespace* %8, null br i1 %9, label %32, label %10 %11 = phi %struct.pid_namespace* [ %15, %13 ], [ %8, %1 ] %12 = icmp eq %struct.pid_namespace* %11, %4 br i1 %12, label %17, label %13 %18 = icmp eq %struct.pid_namespace* %8, @init_pid_ns br i1 %18, label %30, label %19 %20 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 11, i32 3 %21 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %20, i64 0, i32 0, i32 0 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %21, i32 1, i32* %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %20, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 pidns_get_parent ------------- Path:  Function:pidns_get_parent %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = tail call %struct.pid_namespace* @task_active_pid_ns(%struct.task_struct* %3) #83 %5 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -5, i32 1 %6 = getelementptr inbounds %struct.proc_ns_operations*, %struct.proc_ns_operations** %5, i64 9 %7 = bitcast %struct.proc_ns_operations** %6 to %struct.pid_namespace** %8 = load %struct.pid_namespace*, %struct.pid_namespace** %7, align 8 %9 = icmp eq %struct.pid_namespace* %8, null br i1 %9, label %32, label %10 %11 = phi %struct.pid_namespace* [ %15, %13 ], [ %8, %1 ] %12 = icmp eq %struct.pid_namespace* %11, %4 br i1 %12, label %17, label %13 %18 = icmp eq %struct.pid_namespace* %8, @init_pid_ns br i1 %18, label %30, label %19 %20 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 11, i32 3 %21 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %20, i64 0, i32 0, i32 0 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %21, i32 1, i32* %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %20, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 pidns_get_parent ------------- Path:  Function:pidns_get_parent %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = tail call %struct.pid_namespace* @task_active_pid_ns(%struct.task_struct* %3) #83 %5 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -5, i32 1 %6 = getelementptr inbounds %struct.proc_ns_operations*, %struct.proc_ns_operations** %5, i64 9 %7 = bitcast %struct.proc_ns_operations** %6 to %struct.pid_namespace** %8 = load %struct.pid_namespace*, %struct.pid_namespace** %7, align 8 %9 = icmp eq %struct.pid_namespace* %8, null br i1 %9, label %32, label %10 %11 = phi %struct.pid_namespace* [ %15, %13 ], [ %8, %1 ] %12 = icmp eq %struct.pid_namespace* %11, %4 br i1 %12, label %17, label %13 %18 = icmp eq %struct.pid_namespace* %8, @init_pid_ns br i1 %18, label %30, label %19 %20 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 11, i32 3 %21 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %20, i64 0, i32 0, i32 0 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %21, i32 1, i32* %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 %26 = add i32 %22, 1 %27 = or i32 %26, %22 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %20, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 pidns_get_parent ------------- Path:  Function:pidns_get_parent %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = tail call %struct.pid_namespace* @task_active_pid_ns(%struct.task_struct* %3) #83 %5 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -5, i32 1 %6 = getelementptr inbounds %struct.proc_ns_operations*, %struct.proc_ns_operations** %5, i64 9 %7 = bitcast %struct.proc_ns_operations** %6 to %struct.pid_namespace** %8 = load %struct.pid_namespace*, %struct.pid_namespace** %7, align 8 %9 = icmp eq %struct.pid_namespace* %8, null br i1 %9, label %32, label %10 %11 = phi %struct.pid_namespace* [ %15, %13 ], [ %8, %1 ] %12 = icmp eq %struct.pid_namespace* %11, %4 br i1 %12, label %17, label %13 %18 = icmp eq %struct.pid_namespace* %8, @init_pid_ns br i1 %18, label %30, label %19 %20 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 11, i32 3 %21 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %20, i64 0, i32 0, i32 0 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %21, i32 1, i32* %21) #6, !srcloc !5 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %25, !prof !6, !misexpect !7 %26 = add i32 %22, 1 %27 = or i32 %26, %22 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %20, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 pidns_put ------------- Path:  Function:pidns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -5, i32 1 %3 = icmp eq %struct.proc_ns_operations** %2, bitcast (%struct.pid_namespace* @init_pid_ns to %struct.proc_ns_operations**) br i1 %3, label %25, label %4 %5 = bitcast %struct.proc_ns_operations** %2 to %struct.pid_namespace* br label %6 %7 = phi %struct.pid_namespace* [ %9, %19 ], [ %5, %4 ] %8 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %7, i64 0, i32 6 %9 = load %struct.pid_namespace*, %struct.pid_namespace** %8, align 8 %10 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %7, i64 0, i32 11, i32 3 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 -1, i32* %11) #6, !srcloc !4 %13 = icmp eq i32 %12, 1 br i1 %13, label %19, label %14 %15 = add i32 %12, -1 %16 = or i32 %15, %12 %17 = icmp sgt i32 %16, -1 br i1 %17, label %25, label %18, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 pidns_put ------------- Path:  Function:pidns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -5, i32 1 %3 = icmp eq %struct.proc_ns_operations** %2, bitcast (%struct.pid_namespace* @init_pid_ns to %struct.proc_ns_operations**) br i1 %3, label %25, label %4 %5 = bitcast %struct.proc_ns_operations** %2 to %struct.pid_namespace* br label %6 %7 = phi %struct.pid_namespace* [ %9, %19 ], [ %5, %4 ] %8 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %7, i64 0, i32 6 %9 = load %struct.pid_namespace*, %struct.pid_namespace** %8, align 8 %10 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %7, i64 0, i32 11, i32 3 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 -1, i32* %11) #6, !srcloc !4 %13 = icmp eq i32 %12, 1 br i1 %13, label %19, label %14 %15 = add i32 %12, -1 %16 = or i32 %15, %12 %17 = icmp sgt i32 %16, -1 br i1 %17, label %25, label %18, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 pidns_get ------------- Path:  Function:pidns_get tail call void @__rcu_read_lock() #83 %2 = tail call %struct.pid_namespace* @task_active_pid_ns(%struct.task_struct* %0) #83 %3 = icmp eq %struct.pid_namespace* %2, null %4 = icmp eq %struct.pid_namespace* %2, @init_pid_ns %5 = or i1 %3, %4 br i1 %5, label %17, label %6 %7 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %2, i64 0, i32 11, i32 3 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %7, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 pidns_get ------------- Path:  Function:pidns_get tail call void @__rcu_read_lock() #83 %2 = tail call %struct.pid_namespace* @task_active_pid_ns(%struct.task_struct* %0) #83 %3 = icmp eq %struct.pid_namespace* %2, null %4 = icmp eq %struct.pid_namespace* %2, @init_pid_ns %5 = or i1 %3, %4 br i1 %5, label %17, label %6 %7 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %2, i64 0, i32 11, i32 3 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 %13 = add i32 %9, 1 %14 = or i32 %13, %9 %15 = icmp sgt i32 %14, -1 br i1 %15, label %17, label %16, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %7, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 pidns_for_children_get ------------- Path:  Function:pidns_for_children_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %6, label %7 %8 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 4 %9 = load %struct.pid_namespace*, %struct.pid_namespace** %8, align 8 %10 = icmp eq %struct.pid_namespace* %9, @init_pid_ns br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %9, i64 0, i32 11, i32 3 %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %13, i64 0, i32 0, i32 0 %15 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %14, i32 1, i32* %14) #6, !srcloc !4 %16 = icmp eq i32 %15, 0 br i1 %16, label %21, label %17, !prof !5, !misexpect !6 %18 = add i32 %15, 1 %19 = or i32 %18, %15 %20 = icmp sgt i32 %19, -1 br i1 %20, label %23, label %21, !prof !7, !misexpect !6 %22 = phi i32 [ 2, %12 ], [ 1, %17 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %13, i32 %22) #83 ------------- Use: =BAD PATH= Call Stack: 0 relay_file_release ------------- Path:  Function:relay_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.rchan_buf** %5 = load %struct.rchan_buf*, %struct.rchan_buf** %4, align 8 %6 = getelementptr inbounds %struct.rchan_buf, %struct.rchan_buf* %5, i64 0, i32 9 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %6, i64 0, i32 0 %8 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %6, i64 0, i32 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 %12 = add i32 %9, -1 %13 = or i32 %12, %9 %14 = icmp sgt i32 %13, -1 br i1 %14, label %19, label %15, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %7, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 relay_file_open ------------- Path:  Function:relay_file_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 112 %6 = bitcast i8* %5 to %struct.seqcount_spinlock* %7 = bitcast i8* %5 to i32* %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 0 br i1 %9, label %14, label %10, !prof !5, !misexpect !6 %11 = add i32 %8, 1 %12 = or i32 %11, %8 %13 = icmp sgt i32 %12, -1 br i1 %13, label %16, label %14, !prof !7, !misexpect !6 %15 = phi i32 [ 2, %2 ], [ 1, %10 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %6, i32 %15) #83 ------------- Use: =BAD PATH= Call Stack: 0 perf_event_release_kernel 1 perf_release ------------- Path:  Function:perf_release %3 = getelementptr inbounds %struct.file.114997, %struct.file.114997* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.perf_event.115065** %5 = load %struct.perf_event.115065*, %struct.perf_event.115065** %4, align 8 %6 = tail call i32 @perf_event_release_kernel(%struct.perf_event.115065* %5) #83 Function:perf_event_release_kernel %2 = alloca %struct.list_head, align 8 %3 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 27 %4 = load %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %3, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = icmp eq %struct.perf_event_context.115041* %4, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 37 %17 = load volatile %struct.task_struct.115211*, %struct.task_struct.115211** %16, align 8 %18 = icmp eq %struct.task_struct.115211* %17, inttoptr (i64 -1 to %struct.task_struct.115211*) br i1 %18, label %20, label %19 call fastcc void @perf_remove_from_owner(%struct.perf_event.115065* %0) #83 br label %20 br label %21 call void @__rcu_read_lock() #84 %22 = load volatile %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %3, align 8 %23 = getelementptr inbounds %struct.perf_event_context.115041, %struct.perf_event_context.115041* %22, i64 0, i32 16 %24 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %23, i64 0, i32 0, i32 0 %25 = load volatile i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %37, label %27 %28 = phi i32 [ %35, %34 ], [ %25, %21 ] %29 = add i32 %28, 1 %30 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %24, i32 %29, i32* %24, i32 %28) #6, !srcloc !8 %31 = extractvalue { i8, i32 } %30, 0 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %34, label %37, !prof !9, !misexpect !5 %35 = extractvalue { i8, i32 } %30, 1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %27 %38 = phi i32 [ 0, %21 ], [ %28, %27 ], [ 0, %34 ] %39 = add i32 %38, 1 %40 = or i32 %39, %38 %41 = icmp sgt i32 %40, -1 br i1 %41, label %43, label %42, !prof !4, !misexpect !5 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %23, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 perf_remove_from_owner 1 perf_event_release_kernel 2 perf_release ------------- Path:  Function:perf_release %3 = getelementptr inbounds %struct.file.114997, %struct.file.114997* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.perf_event.115065** %5 = load %struct.perf_event.115065*, %struct.perf_event.115065** %4, align 8 %6 = tail call i32 @perf_event_release_kernel(%struct.perf_event.115065* %5) #83 Function:perf_event_release_kernel %2 = alloca %struct.list_head, align 8 %3 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 27 %4 = load %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %3, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = icmp eq %struct.perf_event_context.115041* %4, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 37 %17 = load volatile %struct.task_struct.115211*, %struct.task_struct.115211** %16, align 8 %18 = icmp eq %struct.task_struct.115211* %17, inttoptr (i64 -1 to %struct.task_struct.115211*) br i1 %18, label %20, label %19 call fastcc void @perf_remove_from_owner(%struct.perf_event.115065* %0) #83 Function:perf_remove_from_owner tail call void @__rcu_read_lock() #83 %2 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 37 %3 = load volatile %struct.task_struct.115211*, %struct.task_struct.115211** %2, align 8 %4 = icmp eq %struct.task_struct.115211* %3, null br i1 %4, label %37, label %5 %6 = getelementptr inbounds %struct.task_struct.115211, %struct.task_struct.115211* %3, i64 0, i32 3 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 0 br i1 %9, label %14, label %10, !prof !5, !misexpect !6 %11 = add i32 %8, 1 %12 = or i32 %11, %8 %13 = icmp sgt i32 %12, -1 br i1 %13, label %16, label %14, !prof !7, !misexpect !6 %15 = phi i32 [ 2, %5 ], [ 1, %10 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %6, i32 %15) #83 ------------- Use: =BAD PATH= Call Stack: 0 perf_ioctl 1 perf_compat_ioctl ------------- Path:  Function:perf_compat_ioctl %4 = trunc i32 %1 to i8 switch i8 %4, label %11 [ i8 6, label %5 i8 7, label %5 i8 10, label %5 i8 11, label %5 ] %6 = and i32 %1, 1073676288 %7 = icmp eq i32 %6, 262144 br i1 %7, label %8, label %11 %12 = phi i32 [ %1, %3 ], [ %10, %8 ], [ %1, %5 ] %13 = tail call i64 @perf_ioctl(%struct.file.114997* %0, i32 %12, i64 %2) #83 Function:perf_ioctl %4 = alloca %struct.list_head, align 8 %5 = alloca i8*, align 8 %6 = alloca [3 x %struct.smca_bank_name], align 16 %7 = alloca %struct.list_head, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca i64, align 8 %11 = alloca %struct.perf_event_attr, align 8 %12 = getelementptr inbounds %struct.file.114997, %struct.file.114997* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.perf_event.115065** %14 = load %struct.perf_event.115065*, %struct.perf_event.115065** %13, align 8 %15 = tail call i32 bitcast (i32 (%struct.perf_event*)* @security_perf_event_write to i32 (%struct.perf_event.115065*)*)(%struct.perf_event.115065* %14) #83 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %20 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %14, i64 0, i32 27 br label %21 tail call void @__rcu_read_lock() #83 %22 = load volatile %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %20, align 8 %23 = getelementptr inbounds %struct.perf_event_context.115041, %struct.perf_event_context.115041* %22, i64 0, i32 16 %24 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %23, i64 0, i32 0, i32 0 %25 = load volatile i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %37, label %27 %28 = phi i32 [ %35, %34 ], [ %25, %21 ] %29 = add i32 %28, 1 %30 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %24, i32 %29, i32* %24, i32 %28) #6, !srcloc !4 %31 = extractvalue { i8, i32 } %30, 0 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %34, label %37, !prof !5, !misexpect !6 %35 = extractvalue { i8, i32 } %30, 1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %27 %38 = phi i32 [ 0, %21 ], [ %28, %27 ], [ 0, %34 ] %39 = add i32 %38, 1 %40 = or i32 %39, %38 %41 = icmp sgt i32 %40, -1 br i1 %41, label %43, label %42, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %23, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 perf_ioctl ------------- Path:  Function:perf_ioctl %4 = alloca %struct.list_head, align 8 %5 = alloca i8*, align 8 %6 = alloca [3 x %struct.smca_bank_name], align 16 %7 = alloca %struct.list_head, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca i64, align 8 %11 = alloca %struct.perf_event_attr, align 8 %12 = getelementptr inbounds %struct.file.114997, %struct.file.114997* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.perf_event.115065** %14 = load %struct.perf_event.115065*, %struct.perf_event.115065** %13, align 8 %15 = tail call i32 bitcast (i32 (%struct.perf_event*)* @security_perf_event_write to i32 (%struct.perf_event.115065*)*)(%struct.perf_event.115065* %14) #83 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %20 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %14, i64 0, i32 27 br label %21 tail call void @__rcu_read_lock() #83 %22 = load volatile %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %20, align 8 %23 = getelementptr inbounds %struct.perf_event_context.115041, %struct.perf_event_context.115041* %22, i64 0, i32 16 %24 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %23, i64 0, i32 0, i32 0 %25 = load volatile i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %37, label %27 %28 = phi i32 [ %35, %34 ], [ %25, %21 ] %29 = add i32 %28, 1 %30 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %24, i32 %29, i32* %24, i32 %28) #6, !srcloc !4 %31 = extractvalue { i8, i32 } %30, 0 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %34, label %37, !prof !5, !misexpect !6 %35 = extractvalue { i8, i32 } %30, 1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %27 %38 = phi i32 [ 0, %21 ], [ %28, %27 ], [ 0, %34 ] %39 = add i32 %38, 1 %40 = or i32 %39, %38 %41 = icmp sgt i32 %40, -1 br i1 %41, label %43, label %42, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %23, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 perf_read ------------- Path:  Function:perf_read %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca [4 x i64], align 16 %8 = getelementptr inbounds %struct.file.114997, %struct.file.114997* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.perf_event.115065** %10 = load %struct.perf_event.115065*, %struct.perf_event.115065** %9, align 8 %11 = tail call i32 bitcast (i32 (%struct.perf_event*)* @security_perf_event_read to i32 (%struct.perf_event.115065*)*)(%struct.perf_event.115065* %10) #83 %12 = icmp eq i32 %11, 0 br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %10, i64 0, i32 27 br label %17 tail call void @__rcu_read_lock() #83 %18 = load volatile %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %16, align 8 %19 = getelementptr inbounds %struct.perf_event_context.115041, %struct.perf_event_context.115041* %18, i64 0, i32 16 %20 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %19, i64 0, i32 0, i32 0 %21 = load volatile i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %33, label %23 %24 = phi i32 [ %31, %30 ], [ %21, %17 ] %25 = add i32 %24, 1 %26 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32 %25, i32* %20, i32 %24) #6, !srcloc !4 %27 = extractvalue { i8, i32 } %26, 0 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %33, !prof !5, !misexpect !6 %31 = extractvalue { i8, i32 } %26, 1 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %23 %34 = phi i32 [ 0, %17 ], [ %24, %23 ], [ 0, %30 ] %35 = add i32 %34, 1 %36 = or i32 %35, %34 %37 = icmp sgt i32 %36, -1 br i1 %37, label %39, label %38, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %19, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_migrate_pages 1 __ia32_sys_migrate_pages ------------- Path:  Function:__ia32_sys_migrate_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_migrate_pages(i64 %4, i64 %7, i64 %10, i64 %13) #83 Function:__se_sys_migrate_pages %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.nodemask_scratch, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %2 to i64* %10 = inttoptr i64 %3 to i64* %11 = bitcast %struct.nodemask_scratch* %7 to i8* %12 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 1 %14 = add i64 %1, -1 %15 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0, i32 0, i64 0 store i64 0, i64* %15, align 8 %16 = icmp ne i64 %14, 0 %17 = icmp ne i64 %2, 0 %18 = and i1 %17, %16 br i1 %18, label %19, label %77 %20 = icmp ugt i64 %14, 32768 br i1 %20, label %208, label %21 %22 = bitcast i64* %6 to i8* br label %23 %24 = phi i64 [ %49, %46 ], [ %14, %21 ] %25 = icmp ugt i64 %24, 64 br i1 %25, label %26, label %52 %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 0, i32 2 %56 = load i32, i32* %55, align 8 %57 = and i32 %56, 2 %58 = icmp eq i32 %57, 0 br i1 %58, label %62, label %59 %63 = inttoptr i64 %2 to i8* %64 = call i64 @_copy_from_user(i8* nonnull %11, i8* nonnull %63, i64 8) #83 br label %65 %66 = phi i64 [ %61, %59 ], [ %64, %62 ] %67 = trunc i64 %66 to i32 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %208 %70 = and i64 %24, 63 %71 = icmp eq i64 %70, 0 br i1 %71, label %77, label %72 %73 = shl nsw i64 -1, %70 %74 = xor i64 %73, -1 %75 = load i64, i64* %15, align 8 %76 = and i64 %75, %74 store i64 %76, i64* %15, align 8 br label %77 %78 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %13, i64 0, i32 0, i64 0 store i64 0, i64* %78, align 8 %79 = icmp ne i64 %3, 0 %80 = and i1 %16, %79 br i1 %80, label %81, label %140 %82 = icmp ugt i64 %14, 32768 br i1 %82, label %208, label %83 %84 = bitcast i64* %5 to i8* br label %85 %86 = phi i64 [ %111, %108 ], [ %14, %83 ] %87 = icmp ugt i64 %86, 64 br i1 %87, label %88, label %114 %115 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %116 = inttoptr i64 %115 to %struct.task_struct* %117 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %116, i64 0, i32 0, i32 2 %118 = load i32, i32* %117, align 8 %119 = and i32 %118, 2 %120 = icmp eq i32 %119, 0 br i1 %120, label %124, label %121 %125 = bitcast %struct.cpumask* %13 to i8* %126 = inttoptr i64 %3 to i8* %127 = call i64 @_copy_from_user(i8* %125, i8* nonnull %126, i64 8) #83 br label %128 %129 = phi i64 [ %123, %121 ], [ %127, %124 ] %130 = trunc i64 %129 to i32 %131 = icmp eq i32 %130, 0 br i1 %131, label %132, label %208 %133 = and i64 %86, 63 %134 = icmp eq i64 %133, 0 br i1 %134, label %140, label %135 %136 = shl nsw i64 -1, %133 %137 = xor i64 %136, -1 %138 = load i64, i64* %78, align 8 %139 = and i64 %138, %137 store i64 %139, i64* %78, align 8 br label %140 call void @__rcu_read_lock() #83 %141 = icmp eq i32 %8, 0 br i1 %141, label %144, label %142 %145 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %146 = inttoptr i64 %145 to %struct.task_struct* br label %147 %148 = phi %struct.task_struct* [ %143, %142 ], [ %146, %144 ] %149 = icmp eq %struct.task_struct* %148, null br i1 %149, label %150, label %151 %152 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %148, i64 0, i32 3 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 1, i32* %153) #6, !srcloc !5 %155 = icmp eq i32 %154, 0 br i1 %155, label %160, label %156, !prof !6, !misexpect !7 %157 = add i32 %154, 1 %158 = or i32 %157, %154 %159 = icmp sgt i32 %158, -1 br i1 %159, label %162, label %160, !prof !8, !misexpect !7 %161 = phi i32 [ 2, %151 ], [ 1, %156 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 %161) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_migrate_pages 1 __x64_sys_migrate_pages ------------- Path:  Function:__x64_sys_migrate_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_migrate_pages(i64 %3, i64 %5, i64 %7, i64 %9) #83 Function:__se_sys_migrate_pages %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.nodemask_scratch, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %2 to i64* %10 = inttoptr i64 %3 to i64* %11 = bitcast %struct.nodemask_scratch* %7 to i8* %12 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 1 %14 = add i64 %1, -1 %15 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0, i32 0, i64 0 store i64 0, i64* %15, align 8 %16 = icmp ne i64 %14, 0 %17 = icmp ne i64 %2, 0 %18 = and i1 %17, %16 br i1 %18, label %19, label %77 %20 = icmp ugt i64 %14, 32768 br i1 %20, label %208, label %21 %22 = bitcast i64* %6 to i8* br label %23 %24 = phi i64 [ %49, %46 ], [ %14, %21 ] %25 = icmp ugt i64 %24, 64 br i1 %25, label %26, label %52 %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 0, i32 2 %56 = load i32, i32* %55, align 8 %57 = and i32 %56, 2 %58 = icmp eq i32 %57, 0 br i1 %58, label %62, label %59 %63 = inttoptr i64 %2 to i8* %64 = call i64 @_copy_from_user(i8* nonnull %11, i8* nonnull %63, i64 8) #83 br label %65 %66 = phi i64 [ %61, %59 ], [ %64, %62 ] %67 = trunc i64 %66 to i32 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %208 %70 = and i64 %24, 63 %71 = icmp eq i64 %70, 0 br i1 %71, label %77, label %72 %73 = shl nsw i64 -1, %70 %74 = xor i64 %73, -1 %75 = load i64, i64* %15, align 8 %76 = and i64 %75, %74 store i64 %76, i64* %15, align 8 br label %77 %78 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %13, i64 0, i32 0, i64 0 store i64 0, i64* %78, align 8 %79 = icmp ne i64 %3, 0 %80 = and i1 %16, %79 br i1 %80, label %81, label %140 %82 = icmp ugt i64 %14, 32768 br i1 %82, label %208, label %83 %84 = bitcast i64* %5 to i8* br label %85 %86 = phi i64 [ %111, %108 ], [ %14, %83 ] %87 = icmp ugt i64 %86, 64 br i1 %87, label %88, label %114 %115 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %116 = inttoptr i64 %115 to %struct.task_struct* %117 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %116, i64 0, i32 0, i32 2 %118 = load i32, i32* %117, align 8 %119 = and i32 %118, 2 %120 = icmp eq i32 %119, 0 br i1 %120, label %124, label %121 %125 = bitcast %struct.cpumask* %13 to i8* %126 = inttoptr i64 %3 to i8* %127 = call i64 @_copy_from_user(i8* %125, i8* nonnull %126, i64 8) #83 br label %128 %129 = phi i64 [ %123, %121 ], [ %127, %124 ] %130 = trunc i64 %129 to i32 %131 = icmp eq i32 %130, 0 br i1 %131, label %132, label %208 %133 = and i64 %86, 63 %134 = icmp eq i64 %133, 0 br i1 %134, label %140, label %135 %136 = shl nsw i64 -1, %133 %137 = xor i64 %136, -1 %138 = load i64, i64* %78, align 8 %139 = and i64 %138, %137 store i64 %139, i64* %78, align 8 br label %140 call void @__rcu_read_lock() #83 %141 = icmp eq i32 %8, 0 br i1 %141, label %144, label %142 %145 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %146 = inttoptr i64 %145 to %struct.task_struct* br label %147 %148 = phi %struct.task_struct* [ %143, %142 ], [ %146, %144 ] %149 = icmp eq %struct.task_struct* %148, null br i1 %149, label %150, label %151 %152 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %148, i64 0, i32 3 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 1, i32* %153) #6, !srcloc !5 %155 = icmp eq i32 %154, 0 br i1 %155, label %160, label %156, !prof !6, !misexpect !7 %157 = add i32 %154, 1 %158 = or i32 %157, %154 %159 = icmp sgt i32 %158, -1 br i1 %159, label %162, label %160, !prof !8, !misexpect !7 %161 = phi i32 [ 2, %151 ], [ 1, %156 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 %161) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_move_pages 1 __ia32_sys_move_pages ------------- Path:  Function:__ia32_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_move_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #83 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void @__rcu_read_lock() #83 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #83 %38 = icmp eq %struct.task_struct* %37, null br i1 %38, label %39, label %40 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %37, i64 0, i32 3 %42 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %41, i64 0, i32 0, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 1, i32* %42) #6, !srcloc !6 %44 = icmp eq i32 %43, 0 br i1 %44, label %49, label %45, !prof !7, !misexpect !8 %46 = add i32 %43, 1 %47 = or i32 %46, %43 %48 = icmp sgt i32 %47, -1 br i1 %48, label %51, label %49, !prof !9, !misexpect !8 %50 = phi i32 [ 2, %40 ], [ 1, %45 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %41, i32 %50) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_move_pages 1 __x64_sys_move_pages ------------- Path:  Function:__x64_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_move_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #83 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void @__rcu_read_lock() #83 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #83 %38 = icmp eq %struct.task_struct* %37, null br i1 %38, label %39, label %40 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %37, i64 0, i32 3 %42 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %41, i64 0, i32 0, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 1, i32* %42) #6, !srcloc !6 %44 = icmp eq i32 %43, 0 br i1 %44, label %49, label %45, !prof !7, !misexpect !8 %46 = add i32 %43, 1 %47 = or i32 %46, %43 %48 = icmp sgt i32 %47, -1 br i1 %48, label %51, label %49, !prof !9, !misexpect !8 %50 = phi i32 [ 2, %40 ], [ 1, %45 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %41, i32 %50) #83 ------------- Use: =BAD PATH= Call Stack: 0 alloc_pipe_info 1 fifo_open ------------- Path:  Function:fifo_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 12 %6 = load i64, i64* %5, align 32 %7 = icmp eq i64 %6, 1346981957 %8 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 14 store i64 0, i64* %8, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 43, i32 0 %11 = load %struct.pipe_inode_info*, %struct.pipe_inode_info** %10, align 8 %12 = icmp eq %struct.pipe_inode_info* %11, null br i1 %12, label %17, label %13 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %18 = tail call %struct.pipe_inode_info* @alloc_pipe_info() #84 Function:alloc_pipe_info %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 94 %4 = load %struct.cred*, %struct.cred** %3, align 8 %5 = getelementptr inbounds %struct.cred, %struct.cred* %4, i64 0, i32 21 %6 = load %struct.user_struct*, %struct.user_struct** %5, align 8 %7 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %6, i64 0, i32 0 %8 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %6, i64 0, i32 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !5 %10 = icmp eq i32 %9, 0 br i1 %10, label %15, label %11, !prof !6, !misexpect !7 %12 = add i32 %9, 1 %13 = or i32 %12, %9 %14 = icmp sgt i32 %13, -1 br i1 %14, label %17, label %15, !prof !8, !misexpect !7 %16 = phi i32 [ 2, %0 ], [ 1, %11 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %7, i32 %16) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_mnt_ns 1 mntns_put ------------- Path:  Function:mntns_put %2 = bitcast %struct.ns_common* %0 to %struct.mnt_namespace* tail call void @put_mnt_ns(%struct.mnt_namespace* %2) #83 Function:put_mnt_ns %2 = getelementptr inbounds %struct.mnt_namespace, %struct.mnt_namespace* %0, i64 0, i32 0, i32 3 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 %7 = add i32 %4, -1 %8 = or i32 %7, %4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %31, label %10, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %2, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 mntns_get ------------- Path:  Function:mntns_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 3 %8 = load %struct.mnt_namespace*, %struct.mnt_namespace** %7, align 8 %9 = getelementptr inbounds %struct.mnt_namespace, %struct.mnt_namespace* %8, i64 0, i32 0 %10 = getelementptr inbounds %struct.mnt_namespace, %struct.mnt_namespace* %8, i64 0, i32 0, i32 3 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !4 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 mntns_get ------------- Path:  Function:mntns_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 3 %8 = load %struct.mnt_namespace*, %struct.mnt_namespace** %7, align 8 %9 = getelementptr inbounds %struct.mnt_namespace, %struct.mnt_namespace* %8, i64 0, i32 0 %10 = getelementptr inbounds %struct.mnt_namespace, %struct.mnt_namespace* %8, i64 0, i32 0, i32 3 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !4 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %15, !prof !5, !misexpect !6 %16 = add i32 %12, 1 %17 = or i32 %16, %12 %18 = icmp sgt i32 %17, -1 br i1 %18, label %20, label %19, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_fs_context 1 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.156180*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #83 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 5 %3 = load %struct.dentry.156117*, %struct.dentry.156117** %2, align 8 %4 = icmp eq %struct.dentry.156117* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.155755*, %struct.fs_context_operations.155755** %15, align 8 %17 = icmp eq %struct.fs_context_operations.155755* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.155755, %struct.fs_context_operations.155755* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.156180*)*, void (%struct.fs_context.156180*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.156180*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #83 %25 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 %32 = add i32 %29, -1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %27, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_fs_context 1 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.156180*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #83 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 5 %3 = load %struct.dentry.156117*, %struct.dentry.156117** %2, align 8 %4 = icmp eq %struct.dentry.156117* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.155755*, %struct.fs_context_operations.155755** %15, align 8 %17 = icmp eq %struct.fs_context_operations.155755* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.155755, %struct.fs_context_operations.155755* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.156180*)*, void (%struct.fs_context.156180*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.156180*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #83 %25 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 %32 = add i32 %29, -1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !5, !misexpect !6 %38 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 8 %39 = load %struct.cred*, %struct.cred** %38, align 8 %40 = icmp eq %struct.cred* %39, null br i1 %40, label %47, label %41 %48 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 9, i32 1 %49 = load %struct.fc_log.156172*, %struct.fc_log.156172** %48, align 8 %50 = icmp eq %struct.fc_log.156172* %49, null br i1 %50, label %135, label %51 %52 = getelementptr inbounds %struct.fc_log.156172, %struct.fc_log.156172* %49, i64 0, i32 0 %53 = getelementptr inbounds %struct.fc_log.156172, %struct.fc_log.156172* %49, i64 0, i32 0, i32 0, i32 0 %54 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %53, i32 -1, i32* %53) #6, !srcloc !4 %55 = icmp eq i32 %54, 1 br i1 %55, label %61, label %56 %57 = add i32 %54, -1 %58 = or i32 %57, %54 %59 = icmp sgt i32 %58, -1 br i1 %59, label %135, label %60, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %52, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_epoll_create 1 __ia32_sys_epoll_create ------------- Path:  Function:__ia32_sys_epoll_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 1 br i1 %5, label %9, label %6 %7 = tail call fastcc i32 @do_epoll_create(i32 0) #83 Function:do_epoll_create %2 = and i32 %0, -524289 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %62 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.162711** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.162711**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.162711* %7 = getelementptr inbounds %struct.task_struct.162711, %struct.task_struct.162711* %6, i64 0, i32 94 %8 = load %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 21 %10 = load %struct.user_struct*, %struct.user_struct** %9, align 8 %11 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !5 %14 = icmp eq i32 %13, 0 br i1 %14, label %19, label %15, !prof !6, !misexpect !7 %16 = add i32 %13, 1 %17 = or i32 %16, %13 %18 = icmp sgt i32 %17, -1 br i1 %18, label %21, label %19, !prof !8, !misexpect !7 %20 = phi i32 [ 2, %4 ], [ 1, %15 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 %20) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_epoll_create 1 __ia32_sys_epoll_create1 ------------- Path:  Function:__ia32_sys_epoll_create1 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i32 @do_epoll_create(i32 %4) #83 Function:do_epoll_create %2 = and i32 %0, -524289 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %62 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.162711** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.162711**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.162711* %7 = getelementptr inbounds %struct.task_struct.162711, %struct.task_struct.162711* %6, i64 0, i32 94 %8 = load %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 21 %10 = load %struct.user_struct*, %struct.user_struct** %9, align 8 %11 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !5 %14 = icmp eq i32 %13, 0 br i1 %14, label %19, label %15, !prof !6, !misexpect !7 %16 = add i32 %13, 1 %17 = or i32 %16, %13 %18 = icmp sgt i32 %17, -1 br i1 %18, label %21, label %19, !prof !8, !misexpect !7 %20 = phi i32 [ 2, %4 ], [ 1, %15 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 %20) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_epoll_create 1 __x64_sys_epoll_create ------------- Path:  Function:__x64_sys_epoll_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 1 br i1 %5, label %9, label %6 %7 = tail call fastcc i32 @do_epoll_create(i32 0) #83 Function:do_epoll_create %2 = and i32 %0, -524289 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %62 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.162711** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.162711**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.162711* %7 = getelementptr inbounds %struct.task_struct.162711, %struct.task_struct.162711* %6, i64 0, i32 94 %8 = load %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 21 %10 = load %struct.user_struct*, %struct.user_struct** %9, align 8 %11 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !5 %14 = icmp eq i32 %13, 0 br i1 %14, label %19, label %15, !prof !6, !misexpect !7 %16 = add i32 %13, 1 %17 = or i32 %16, %13 %18 = icmp sgt i32 %17, -1 br i1 %18, label %21, label %19, !prof !8, !misexpect !7 %20 = phi i32 [ 2, %4 ], [ 1, %15 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 %20) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_epoll_create 1 __x64_sys_epoll_create1 ------------- Path:  Function:__x64_sys_epoll_create1 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i32 @do_epoll_create(i32 %4) #83 Function:do_epoll_create %2 = and i32 %0, -524289 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %62 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.162711** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.162711**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.162711* %7 = getelementptr inbounds %struct.task_struct.162711, %struct.task_struct.162711* %6, i64 0, i32 94 %8 = load %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 21 %10 = load %struct.user_struct*, %struct.user_struct** %9, align 8 %11 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !5 %14 = icmp eq i32 %13, 0 br i1 %14, label %19, label %15, !prof !6, !misexpect !7 %16 = add i32 %13, 1 %17 = or i32 %16, %13 %18 = icmp sgt i32 %17, -1 br i1 %18, label %21, label %19, !prof !8, !misexpect !7 %20 = phi i32 [ 2, %4 ], [ 1, %15 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 %20) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_cached_acl 1 get_acl 2 posix_acl_xattr_get ------------- Path:  Function:posix_acl_xattr_get %7 = getelementptr inbounds %struct.inode, %struct.inode* %2, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 10 %10 = load i64, i64* %9, align 16 %11 = and i64 %10, 65536 %12 = icmp eq i64 %11, 0 br i1 %12, label %82, label %13 %14 = getelementptr inbounds %struct.inode, %struct.inode* %2, i64 0, i32 0 %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -24576 br i1 %17, label %82, label %18 %19 = getelementptr inbounds %struct.xattr_handler, %struct.xattr_handler* %0, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = tail call %struct.posix_acl* @get_acl(%struct.inode* %2, i32 %20) #83 Function:get_acl %3 = tail call %struct.posix_acl* @get_cached_acl(%struct.inode* %0, i32 %1) #83 Function:get_cached_acl switch i32 %1, label %7 [ i32 32768, label %3 i32 16384, label %5 ] %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 5 br label %8 %9 = phi %struct.posix_acl** [ %6, %5 ], [ %4, %3 ] tail call void @__rcu_read_lock() #83 %10 = load volatile %struct.posix_acl*, %struct.posix_acl** %9, align 8 %11 = icmp eq %struct.posix_acl* %10, null br i1 %11, label %43, label %12 %13 = phi %struct.posix_acl* [ %41, %40 ], [ %10, %8 ] %14 = ptrtoint %struct.posix_acl* %13 to i64 %15 = and i64 %14, 1 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %43 %18 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %13, i64 0, i32 0 %19 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %13, i64 0, i32 0, i32 0, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %32, label %22 %23 = phi i32 [ %30, %29 ], [ %20, %17 ] %24 = add i32 %23, 1 %25 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 %24, i32* %19, i32 %23) #6, !srcloc !6 %26 = extractvalue { i8, i32 } %25, 0 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %29, label %32, !prof !7, !misexpect !8 %30 = extractvalue { i8, i32 } %25, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %22 %33 = phi i32 [ 0, %17 ], [ 0, %29 ], [ %23, %22 ] %34 = add i32 %33, 1 %35 = or i32 %34, %33 %36 = icmp sgt i32 %35, -1 br i1 %36, label %38, label %37, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %18, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_cached_acl 1 get_acl 2 posix_acl_xattr_get ------------- Path:  Function:posix_acl_xattr_get %7 = getelementptr inbounds %struct.inode, %struct.inode* %2, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 10 %10 = load i64, i64* %9, align 16 %11 = and i64 %10, 65536 %12 = icmp eq i64 %11, 0 br i1 %12, label %82, label %13 %14 = getelementptr inbounds %struct.inode, %struct.inode* %2, i64 0, i32 0 %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -24576 br i1 %17, label %82, label %18 %19 = getelementptr inbounds %struct.xattr_handler, %struct.xattr_handler* %0, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = tail call %struct.posix_acl* @get_acl(%struct.inode* %2, i32 %20) #83 Function:get_acl %3 = tail call %struct.posix_acl* @get_cached_acl(%struct.inode* %0, i32 %1) #83 Function:get_cached_acl switch i32 %1, label %7 [ i32 32768, label %3 i32 16384, label %5 ] %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 5 br label %8 %9 = phi %struct.posix_acl** [ %6, %5 ], [ %4, %3 ] tail call void @__rcu_read_lock() #83 %10 = load volatile %struct.posix_acl*, %struct.posix_acl** %9, align 8 %11 = icmp eq %struct.posix_acl* %10, null br i1 %11, label %43, label %12 %13 = phi %struct.posix_acl* [ %41, %40 ], [ %10, %8 ] %14 = ptrtoint %struct.posix_acl* %13 to i64 %15 = and i64 %14, 1 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %43 %18 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %13, i64 0, i32 0 %19 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %13, i64 0, i32 0, i32 0, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %32, label %22 %23 = phi i32 [ %30, %29 ], [ %20, %17 ] %24 = add i32 %23, 1 %25 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 %24, i32* %19, i32 %23) #6, !srcloc !6 %26 = extractvalue { i8, i32 } %25, 0 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %29, label %32, !prof !7, !misexpect !8 %30 = extractvalue { i8, i32 } %25, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %22 %33 = phi i32 [ 0, %17 ], [ 0, %29 ], [ %23, %22 ] %34 = add i32 %33, 1 %35 = or i32 %34, %33 %36 = icmp sgt i32 %35, -1 br i1 %36, label %38, label %37, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %18, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_cached_acl 1 get_acl 2 nfs3_set_acl ------------- Path:  Function:nfs3_set_acl %5 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %1, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, -4096 %8 = icmp eq i16 %7, 16384 br i1 %8, label %9, label %16 switch i32 %3, label %16 [ i32 32768, label %10 i32 16384, label %13 ] %14 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.232196*, i32)*)(%struct.inode.232196* %1, i32 32768) #83 Function:get_acl %3 = tail call %struct.posix_acl* @get_cached_acl(%struct.inode* %0, i32 %1) #83 Function:get_cached_acl switch i32 %1, label %7 [ i32 32768, label %3 i32 16384, label %5 ] %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 5 br label %8 %9 = phi %struct.posix_acl** [ %6, %5 ], [ %4, %3 ] tail call void @__rcu_read_lock() #83 %10 = load volatile %struct.posix_acl*, %struct.posix_acl** %9, align 8 %11 = icmp eq %struct.posix_acl* %10, null br i1 %11, label %43, label %12 %13 = phi %struct.posix_acl* [ %41, %40 ], [ %10, %8 ] %14 = ptrtoint %struct.posix_acl* %13 to i64 %15 = and i64 %14, 1 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %43 %18 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %13, i64 0, i32 0 %19 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %13, i64 0, i32 0, i32 0, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %32, label %22 %23 = phi i32 [ %30, %29 ], [ %20, %17 ] %24 = add i32 %23, 1 %25 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 %24, i32* %19, i32 %23) #6, !srcloc !6 %26 = extractvalue { i8, i32 } %25, 0 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %29, label %32, !prof !7, !misexpect !8 %30 = extractvalue { i8, i32 } %25, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %22 %33 = phi i32 [ 0, %17 ], [ 0, %29 ], [ %23, %22 ] %34 = add i32 %33, 1 %35 = or i32 %34, %33 %36 = icmp sgt i32 %35, -1 br i1 %36, label %38, label %37, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %18, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_cached_acl 1 get_acl 2 generic_permission 3 proc_fd_permission ------------- Path:  Function:proc_fd_permission %4 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.145925*, i32)* @generic_permission to i32 ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }*, %struct.inode.177245*, i32)*)({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* nonnull @init_user_ns, %struct.inode.177245* %1, i32 %2) #83 Function:generic_permission %4 = getelementptr inbounds %struct.inode.145925, %struct.inode.145925* %1, i64 0, i32 0 %5 = load i16, i16* %4, align 8 %6 = zext i16 %5 to i32 %7 = getelementptr inbounds %struct.inode.145925, %struct.inode.145925* %1, i64 0, i32 2, i32 0 %8 = load i32, i32* %7, align 4 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.145834** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.145834**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.145834* %11 = getelementptr inbounds %struct.task_struct.145834, %struct.task_struct.145834* %10, i64 0, i32 94 %12 = load %struct.cred*, %struct.cred** %11, align 8 %13 = getelementptr inbounds %struct.cred, %struct.cred* %12, i64 0, i32 7, i32 0 %14 = load i32, i32* %13, align 4 %15 = icmp eq i32 %14, %8 br i1 %15, label %16, label %22, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.inode.145925, %struct.inode.145925* %1, i64 0, i32 8 %24 = load %struct.super_block.145903*, %struct.super_block.145903** %23, align 8 %25 = getelementptr inbounds %struct.super_block.145903, %struct.super_block.145903* %24, i64 0, i32 10 %26 = load i64, i64* %25, align 16 %27 = and i64 %26, 65536 %28 = icmp eq i64 %27, 0 %29 = and i32 %6, 56 %30 = icmp eq i32 %29, 0 %31 = or i1 %30, %28 br i1 %31, label %67, label %32 %33 = trunc i32 %2 to i8 %34 = icmp sgt i8 %33, -1 br i1 %34, label %44, label %35 %45 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.145925*, i32)*)(%struct.inode.145925* %1, i32 32768) #83 Function:get_acl %3 = tail call %struct.posix_acl* @get_cached_acl(%struct.inode* %0, i32 %1) #83 Function:get_cached_acl switch i32 %1, label %7 [ i32 32768, label %3 i32 16384, label %5 ] %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 5 br label %8 %9 = phi %struct.posix_acl** [ %6, %5 ], [ %4, %3 ] tail call void @__rcu_read_lock() #83 %10 = load volatile %struct.posix_acl*, %struct.posix_acl** %9, align 8 %11 = icmp eq %struct.posix_acl* %10, null br i1 %11, label %43, label %12 %13 = phi %struct.posix_acl* [ %41, %40 ], [ %10, %8 ] %14 = ptrtoint %struct.posix_acl* %13 to i64 %15 = and i64 %14, 1 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %43 %18 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %13, i64 0, i32 0 %19 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %13, i64 0, i32 0, i32 0, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %32, label %22 %23 = phi i32 [ %30, %29 ], [ %20, %17 ] %24 = add i32 %23, 1 %25 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 %24, i32* %19, i32 %23) #6, !srcloc !6 %26 = extractvalue { i8, i32 } %25, 0 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %29, label %32, !prof !7, !misexpect !8 %30 = extractvalue { i8, i32 } %25, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %22 %33 = phi i32 [ 0, %17 ], [ 0, %29 ], [ %23, %22 ] %34 = add i32 %33, 1 %35 = or i32 %34, %33 %36 = icmp sgt i32 %35, -1 br i1 %36, label %38, label %37, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %18, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_task_readdir ------------- Path:  Function:proc_task_readdir %3 = alloca [11 x i8], align 1 %4 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 2 %5 = load %struct.inode.176051*, %struct.inode.176051** %4, align 8 %6 = getelementptr %struct.inode.176051, %struct.inode.176051* %5, i64 -1, i32 41, i32 13 %7 = bitcast %struct.list_head* %6 to %struct.pid.175867** %8 = load %struct.pid.175867*, %struct.pid.175867** %7, align 8 %9 = getelementptr inbounds %struct.pid.175867, %struct.pid.175867* %8, i64 0, i32 3, i64 0, i32 0 %10 = load %struct.hlist_node*, %struct.hlist_node** %9, align 8 %11 = icmp eq %struct.hlist_node* %10, null br i1 %11, label %170, label %12 %13 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %14 = load i64, i64* %13, align 8 switch i64 %14, label %43 [ i64 0, label %15 i64 1, label %27 ] %16 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %17 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %16, align 8 %18 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 1, i32 1 %19 = load %struct.dentry.176040*, %struct.dentry.176040** %18, align 8 %20 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %19, i64 0, i32 5 %21 = load %struct.inode.176051*, %struct.inode.176051** %20, align 8 %22 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %21, i64 0, i32 11 %23 = load i64, i64* %22, align 8 %24 = tail call i32 %17(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.7.18905, i64 0, i64 0), i32 1, i64 0, i64 %23, i32 4) #83 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %170 store i64 1, i64* %13, align 8 br label %27 %28 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %29 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %28, align 8 %30 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 1, i32 1 %31 = load %struct.dentry.176040*, %struct.dentry.176040** %30, align 8 %32 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %31, i64 0, i32 7, i32 0 %33 = bitcast %struct.anon.1* %32 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #83 %34 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %31, i64 0, i32 3 %35 = load %struct.dentry.176040*, %struct.dentry.176040** %34, align 8 %36 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %35, i64 0, i32 5 %37 = load %struct.inode.176051*, %struct.inode.176051** %36, align 8 %38 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %37, i64 0, i32 11 %39 = load i64, i64* %38, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %33) #83 %40 = tail call i32 %29(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.8.18906, i64 0, i64 0), i32 2, i64 1, i64 %39, i32 4) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %170 store i64 2, i64* %13, align 8 br label %43 %44 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %5, i64 0, i32 8 %45 = load %struct.super_block.176036*, %struct.super_block.176036** %44, align 8 %46 = getelementptr inbounds %struct.super_block.176036, %struct.super_block.176036* %45, i64 0, i32 28 %47 = bitcast i8** %46 to %struct.proc_fs_info.176208** %48 = load %struct.proc_fs_info.176208*, %struct.proc_fs_info.176208** %47, align 16 %49 = getelementptr inbounds %struct.proc_fs_info.176208, %struct.proc_fs_info.176208* %48, i64 0, i32 0 %50 = load %struct.pid_namespace.175865*, %struct.pid_namespace.175865** %49, align 8 %51 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 14 %52 = load i64, i64* %51, align 8 %53 = trunc i64 %52 to i32 store i64 0, i64* %51, align 8 %54 = load %struct.pid.175867*, %struct.pid.175867** %7, align 8 %55 = load i64, i64* %13, align 8 %56 = add i64 %55, -2 tail call void @__rcu_read_lock() #83 %57 = tail call %struct.task_struct.176180* bitcast (%struct.task_struct* (%struct.pid*, i32)* @pid_task to %struct.task_struct.176180* (%struct.pid.175867*, i32)*)(%struct.pid.175867* %54, i32 0) #83 %58 = icmp eq %struct.task_struct.176180* %57, null br i1 %58, label %103, label %59 %60 = icmp ne i32 %53, 0 %61 = icmp ne i64 %56, 0 %62 = and i1 %60, %61 br i1 %62, label %63, label %72 %64 = tail call %struct.task_struct.176180* bitcast (%struct.task_struct* (i32, %struct.pid_namespace*)* @find_task_by_pid_ns to %struct.task_struct.176180* (i32, %struct.pid_namespace.175865*)*)(i32 %53, %struct.pid_namespace.175865* %50) #83 %65 = icmp eq %struct.task_struct.176180* %64, null br i1 %65, label %72, label %66 %67 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %64, i64 0, i32 104 %68 = load %struct.signal_struct.176134*, %struct.signal_struct.176134** %67, align 8 %69 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %57, i64 0, i32 104 %70 = load %struct.signal_struct.176134*, %struct.signal_struct.176134** %69, align 8 %71 = icmp eq %struct.signal_struct.176134* %68, %70 br i1 %71, label %93, label %72 %73 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %57, i64 0, i32 104 %74 = load %struct.signal_struct.176134*, %struct.signal_struct.176134** %73, align 8 %75 = getelementptr inbounds %struct.signal_struct.176134, %struct.signal_struct.176134* %74, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = sext i32 %76 to i64 %78 = icmp ult i64 %56, %77 br i1 %78, label %79, label %103 %80 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %57, i64 0, i32 69 %81 = load %struct.task_struct.176180*, %struct.task_struct.176180** %80, align 32 br label %82 %83 = phi %struct.task_struct.176180* [ %81, %79 ], [ %91, %86 ] %84 = phi i64 [ %56, %79 ], [ %87, %86 ] %85 = icmp eq i64 %84, 0 br i1 %85, label %93, label %86 %94 = phi %struct.task_struct.176180* [ %64, %66 ], [ %83, %82 ] %95 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %94, i64 0, i32 3 %96 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %95, i64 0, i32 0, i32 0 %97 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %96, i32 1, i32* %96) #6, !srcloc !4 %98 = icmp eq i32 %97, 0 br i1 %98, label %104, label %99, !prof !5, !misexpect !6 %100 = add i32 %97, 1 %101 = or i32 %100, %97 %102 = icmp sgt i32 %101, -1 br i1 %102, label %106, label %104, !prof !7, !misexpect !6 %105 = phi i32 [ 2, %93 ], [ 1, %99 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %95, i32 %105) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_task_readdir ------------- Path:  Function:proc_task_readdir %3 = alloca [11 x i8], align 1 %4 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 2 %5 = load %struct.inode.176051*, %struct.inode.176051** %4, align 8 %6 = getelementptr %struct.inode.176051, %struct.inode.176051* %5, i64 -1, i32 41, i32 13 %7 = bitcast %struct.list_head* %6 to %struct.pid.175867** %8 = load %struct.pid.175867*, %struct.pid.175867** %7, align 8 %9 = getelementptr inbounds %struct.pid.175867, %struct.pid.175867* %8, i64 0, i32 3, i64 0, i32 0 %10 = load %struct.hlist_node*, %struct.hlist_node** %9, align 8 %11 = icmp eq %struct.hlist_node* %10, null br i1 %11, label %170, label %12 %13 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %14 = load i64, i64* %13, align 8 switch i64 %14, label %43 [ i64 0, label %15 i64 1, label %27 ] %16 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %17 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %16, align 8 %18 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 1, i32 1 %19 = load %struct.dentry.176040*, %struct.dentry.176040** %18, align 8 %20 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %19, i64 0, i32 5 %21 = load %struct.inode.176051*, %struct.inode.176051** %20, align 8 %22 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %21, i64 0, i32 11 %23 = load i64, i64* %22, align 8 %24 = tail call i32 %17(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.7.18905, i64 0, i64 0), i32 1, i64 0, i64 %23, i32 4) #83 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %170 store i64 1, i64* %13, align 8 br label %27 %28 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %29 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %28, align 8 %30 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 1, i32 1 %31 = load %struct.dentry.176040*, %struct.dentry.176040** %30, align 8 %32 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %31, i64 0, i32 7, i32 0 %33 = bitcast %struct.anon.1* %32 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #83 %34 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %31, i64 0, i32 3 %35 = load %struct.dentry.176040*, %struct.dentry.176040** %34, align 8 %36 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %35, i64 0, i32 5 %37 = load %struct.inode.176051*, %struct.inode.176051** %36, align 8 %38 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %37, i64 0, i32 11 %39 = load i64, i64* %38, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %33) #83 %40 = tail call i32 %29(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.8.18906, i64 0, i64 0), i32 2, i64 1, i64 %39, i32 4) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %170 store i64 2, i64* %13, align 8 br label %43 %44 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %5, i64 0, i32 8 %45 = load %struct.super_block.176036*, %struct.super_block.176036** %44, align 8 %46 = getelementptr inbounds %struct.super_block.176036, %struct.super_block.176036* %45, i64 0, i32 28 %47 = bitcast i8** %46 to %struct.proc_fs_info.176208** %48 = load %struct.proc_fs_info.176208*, %struct.proc_fs_info.176208** %47, align 16 %49 = getelementptr inbounds %struct.proc_fs_info.176208, %struct.proc_fs_info.176208* %48, i64 0, i32 0 %50 = load %struct.pid_namespace.175865*, %struct.pid_namespace.175865** %49, align 8 %51 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 14 %52 = load i64, i64* %51, align 8 %53 = trunc i64 %52 to i32 store i64 0, i64* %51, align 8 %54 = load %struct.pid.175867*, %struct.pid.175867** %7, align 8 %55 = load i64, i64* %13, align 8 %56 = add i64 %55, -2 tail call void @__rcu_read_lock() #83 %57 = tail call %struct.task_struct.176180* bitcast (%struct.task_struct* (%struct.pid*, i32)* @pid_task to %struct.task_struct.176180* (%struct.pid.175867*, i32)*)(%struct.pid.175867* %54, i32 0) #83 %58 = icmp eq %struct.task_struct.176180* %57, null br i1 %58, label %103, label %59 %60 = icmp ne i32 %53, 0 %61 = icmp ne i64 %56, 0 %62 = and i1 %60, %61 br i1 %62, label %63, label %72 %64 = tail call %struct.task_struct.176180* bitcast (%struct.task_struct* (i32, %struct.pid_namespace*)* @find_task_by_pid_ns to %struct.task_struct.176180* (i32, %struct.pid_namespace.175865*)*)(i32 %53, %struct.pid_namespace.175865* %50) #83 %65 = icmp eq %struct.task_struct.176180* %64, null br i1 %65, label %72, label %66 %67 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %64, i64 0, i32 104 %68 = load %struct.signal_struct.176134*, %struct.signal_struct.176134** %67, align 8 %69 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %57, i64 0, i32 104 %70 = load %struct.signal_struct.176134*, %struct.signal_struct.176134** %69, align 8 %71 = icmp eq %struct.signal_struct.176134* %68, %70 br i1 %71, label %93, label %72 %73 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %57, i64 0, i32 104 %74 = load %struct.signal_struct.176134*, %struct.signal_struct.176134** %73, align 8 %75 = getelementptr inbounds %struct.signal_struct.176134, %struct.signal_struct.176134* %74, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = sext i32 %76 to i64 %78 = icmp ult i64 %56, %77 br i1 %78, label %79, label %103 %80 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %57, i64 0, i32 69 %81 = load %struct.task_struct.176180*, %struct.task_struct.176180** %80, align 32 br label %82 %83 = phi %struct.task_struct.176180* [ %81, %79 ], [ %91, %86 ] %84 = phi i64 [ %56, %79 ], [ %87, %86 ] %85 = icmp eq i64 %84, 0 br i1 %85, label %93, label %86 %94 = phi %struct.task_struct.176180* [ %64, %66 ], [ %83, %82 ] %95 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %94, i64 0, i32 3 %96 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %95, i64 0, i32 0, i32 0 %97 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %96, i32 1, i32* %96) #6, !srcloc !4 %98 = icmp eq i32 %97, 0 br i1 %98, label %104, label %99, !prof !5, !misexpect !6 %100 = add i32 %97, 1 %101 = or i32 %100, %97 %102 = icmp sgt i32 %101, -1 br i1 %102, label %106, label %104, !prof !7, !misexpect !6 %105 = phi i32 [ 2, %93 ], [ 1, %99 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %95, i32 %105) #83 br label %106 tail call void @__rcu_read_unlock() #83 %107 = icmp eq %struct.task_struct.176180* %94, null br i1 %107, label %170, label %108 %109 = getelementptr inbounds [11 x i8], [11 x i8]* %3, i64 0, i64 0 br label %110 %111 = phi %struct.task_struct.176180* [ %94, %108 ], [ %155, %166 ] %112 = call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.176180*, i32, %struct.pid_namespace.175865*)*)(%struct.task_struct.176180* nonnull %111, i32 0, %struct.pid_namespace.175865* %50) #83 %113 = icmp eq i32 %112, 0 br i1 %113, label %130, label %114 %115 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* nonnull %109, i64 11, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.18955, i64 0, i64 0), i32 %112) #84 %116 = call zeroext i1 @proc_fill_cache(%struct.file.175888* %0, %struct.dir_context* %1, i8* nonnull %109, i32 %115, %struct.dentry.176040* (%struct.dentry.176040*, %struct.task_struct.176180*, i8*)* nonnull @proc_task_instantiate, %struct.task_struct.176180* nonnull %111, i8* null) #84 br i1 %116, label %130, label %117 call void @__rcu_read_lock() #83 %131 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %111, i64 0, i32 72 %132 = load %struct.pid.175867*, %struct.pid.175867** %131, align 8 %133 = icmp eq %struct.pid.175867* %132, null br i1 %133, label %154, label %134 %135 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %111, i64 0, i32 74, i32 0 %136 = load volatile %struct.list_head*, %struct.list_head** %135, align 16 %137 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -97 %138 = bitcast %struct.list_head* %137 to %struct.task_struct.176180* %139 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %138, i64 0, i32 53 %140 = load i32, i32* %139, align 4 %141 = icmp sgt i32 %140, -1 br i1 %141, label %154, label %142 %143 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -95, i32 1 %144 = bitcast %struct.list_head** %143 to %struct.seqcount_spinlock* %145 = bitcast %struct.list_head** %143 to i32* %146 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %145, i32 1, i32* %145) #6, !srcloc !4 %147 = icmp eq i32 %146, 0 br i1 %147, label %148, label %149, !prof !5, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %144, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_task_readdir ------------- Path:  Function:proc_task_readdir %3 = alloca [11 x i8], align 1 %4 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 2 %5 = load %struct.inode.176051*, %struct.inode.176051** %4, align 8 %6 = getelementptr %struct.inode.176051, %struct.inode.176051* %5, i64 -1, i32 41, i32 13 %7 = bitcast %struct.list_head* %6 to %struct.pid.175867** %8 = load %struct.pid.175867*, %struct.pid.175867** %7, align 8 %9 = getelementptr inbounds %struct.pid.175867, %struct.pid.175867* %8, i64 0, i32 3, i64 0, i32 0 %10 = load %struct.hlist_node*, %struct.hlist_node** %9, align 8 %11 = icmp eq %struct.hlist_node* %10, null br i1 %11, label %170, label %12 %13 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %14 = load i64, i64* %13, align 8 switch i64 %14, label %43 [ i64 0, label %15 i64 1, label %27 ] %16 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %17 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %16, align 8 %18 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 1, i32 1 %19 = load %struct.dentry.176040*, %struct.dentry.176040** %18, align 8 %20 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %19, i64 0, i32 5 %21 = load %struct.inode.176051*, %struct.inode.176051** %20, align 8 %22 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %21, i64 0, i32 11 %23 = load i64, i64* %22, align 8 %24 = tail call i32 %17(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.7.18905, i64 0, i64 0), i32 1, i64 0, i64 %23, i32 4) #83 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %170 store i64 1, i64* %13, align 8 br label %27 %28 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %29 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %28, align 8 %30 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 1, i32 1 %31 = load %struct.dentry.176040*, %struct.dentry.176040** %30, align 8 %32 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %31, i64 0, i32 7, i32 0 %33 = bitcast %struct.anon.1* %32 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #83 %34 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %31, i64 0, i32 3 %35 = load %struct.dentry.176040*, %struct.dentry.176040** %34, align 8 %36 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %35, i64 0, i32 5 %37 = load %struct.inode.176051*, %struct.inode.176051** %36, align 8 %38 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %37, i64 0, i32 11 %39 = load i64, i64* %38, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %33) #83 %40 = tail call i32 %29(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.8.18906, i64 0, i64 0), i32 2, i64 1, i64 %39, i32 4) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %170 store i64 2, i64* %13, align 8 br label %43 %44 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %5, i64 0, i32 8 %45 = load %struct.super_block.176036*, %struct.super_block.176036** %44, align 8 %46 = getelementptr inbounds %struct.super_block.176036, %struct.super_block.176036* %45, i64 0, i32 28 %47 = bitcast i8** %46 to %struct.proc_fs_info.176208** %48 = load %struct.proc_fs_info.176208*, %struct.proc_fs_info.176208** %47, align 16 %49 = getelementptr inbounds %struct.proc_fs_info.176208, %struct.proc_fs_info.176208* %48, i64 0, i32 0 %50 = load %struct.pid_namespace.175865*, %struct.pid_namespace.175865** %49, align 8 %51 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 14 %52 = load i64, i64* %51, align 8 %53 = trunc i64 %52 to i32 store i64 0, i64* %51, align 8 %54 = load %struct.pid.175867*, %struct.pid.175867** %7, align 8 %55 = load i64, i64* %13, align 8 %56 = add i64 %55, -2 tail call void @__rcu_read_lock() #83 %57 = tail call %struct.task_struct.176180* bitcast (%struct.task_struct* (%struct.pid*, i32)* @pid_task to %struct.task_struct.176180* (%struct.pid.175867*, i32)*)(%struct.pid.175867* %54, i32 0) #83 %58 = icmp eq %struct.task_struct.176180* %57, null br i1 %58, label %103, label %59 %60 = icmp ne i32 %53, 0 %61 = icmp ne i64 %56, 0 %62 = and i1 %60, %61 br i1 %62, label %63, label %72 %64 = tail call %struct.task_struct.176180* bitcast (%struct.task_struct* (i32, %struct.pid_namespace*)* @find_task_by_pid_ns to %struct.task_struct.176180* (i32, %struct.pid_namespace.175865*)*)(i32 %53, %struct.pid_namespace.175865* %50) #83 %65 = icmp eq %struct.task_struct.176180* %64, null br i1 %65, label %72, label %66 %67 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %64, i64 0, i32 104 %68 = load %struct.signal_struct.176134*, %struct.signal_struct.176134** %67, align 8 %69 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %57, i64 0, i32 104 %70 = load %struct.signal_struct.176134*, %struct.signal_struct.176134** %69, align 8 %71 = icmp eq %struct.signal_struct.176134* %68, %70 br i1 %71, label %93, label %72 %73 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %57, i64 0, i32 104 %74 = load %struct.signal_struct.176134*, %struct.signal_struct.176134** %73, align 8 %75 = getelementptr inbounds %struct.signal_struct.176134, %struct.signal_struct.176134* %74, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = sext i32 %76 to i64 %78 = icmp ult i64 %56, %77 br i1 %78, label %79, label %103 %80 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %57, i64 0, i32 69 %81 = load %struct.task_struct.176180*, %struct.task_struct.176180** %80, align 32 br label %82 %83 = phi %struct.task_struct.176180* [ %81, %79 ], [ %91, %86 ] %84 = phi i64 [ %56, %79 ], [ %87, %86 ] %85 = icmp eq i64 %84, 0 br i1 %85, label %93, label %86 %94 = phi %struct.task_struct.176180* [ %64, %66 ], [ %83, %82 ] %95 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %94, i64 0, i32 3 %96 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %95, i64 0, i32 0, i32 0 %97 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %96, i32 1, i32* %96) #6, !srcloc !4 %98 = icmp eq i32 %97, 0 br i1 %98, label %104, label %99, !prof !5, !misexpect !6 %100 = add i32 %97, 1 %101 = or i32 %100, %97 %102 = icmp sgt i32 %101, -1 br i1 %102, label %106, label %104, !prof !7, !misexpect !6 %105 = phi i32 [ 2, %93 ], [ 1, %99 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %95, i32 %105) #83 br label %106 tail call void @__rcu_read_unlock() #83 %107 = icmp eq %struct.task_struct.176180* %94, null br i1 %107, label %170, label %108 %109 = getelementptr inbounds [11 x i8], [11 x i8]* %3, i64 0, i64 0 br label %110 %111 = phi %struct.task_struct.176180* [ %94, %108 ], [ %155, %166 ] %112 = call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.176180*, i32, %struct.pid_namespace.175865*)*)(%struct.task_struct.176180* nonnull %111, i32 0, %struct.pid_namespace.175865* %50) #83 %113 = icmp eq i32 %112, 0 br i1 %113, label %130, label %114 %115 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* nonnull %109, i64 11, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.18955, i64 0, i64 0), i32 %112) #84 %116 = call zeroext i1 @proc_fill_cache(%struct.file.175888* %0, %struct.dir_context* %1, i8* nonnull %109, i32 %115, %struct.dentry.176040* (%struct.dentry.176040*, %struct.task_struct.176180*, i8*)* nonnull @proc_task_instantiate, %struct.task_struct.176180* nonnull %111, i8* null) #84 br i1 %116, label %130, label %117 call void @__rcu_read_lock() #83 %131 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %111, i64 0, i32 72 %132 = load %struct.pid.175867*, %struct.pid.175867** %131, align 8 %133 = icmp eq %struct.pid.175867* %132, null br i1 %133, label %154, label %134 %135 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %111, i64 0, i32 74, i32 0 %136 = load volatile %struct.list_head*, %struct.list_head** %135, align 16 %137 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -97 %138 = bitcast %struct.list_head* %137 to %struct.task_struct.176180* %139 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %138, i64 0, i32 53 %140 = load i32, i32* %139, align 4 %141 = icmp sgt i32 %140, -1 br i1 %141, label %154, label %142 %143 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -95, i32 1 %144 = bitcast %struct.list_head** %143 to %struct.seqcount_spinlock* %145 = bitcast %struct.list_head** %143 to i32* %146 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %145, i32 1, i32* %145) #6, !srcloc !4 %147 = icmp eq i32 %146, 0 br i1 %147, label %148, label %149, !prof !5, !misexpect !6 %150 = add i32 %146, 1 %151 = or i32 %150, %146 %152 = icmp sgt i32 %151, -1 br i1 %152, label %154, label %153, !prof !7, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %144, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_task_readdir ------------- Path:  Function:proc_task_readdir %3 = alloca [11 x i8], align 1 %4 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 2 %5 = load %struct.inode.176051*, %struct.inode.176051** %4, align 8 %6 = getelementptr %struct.inode.176051, %struct.inode.176051* %5, i64 -1, i32 41, i32 13 %7 = bitcast %struct.list_head* %6 to %struct.pid.175867** %8 = load %struct.pid.175867*, %struct.pid.175867** %7, align 8 %9 = getelementptr inbounds %struct.pid.175867, %struct.pid.175867* %8, i64 0, i32 3, i64 0, i32 0 %10 = load %struct.hlist_node*, %struct.hlist_node** %9, align 8 %11 = icmp eq %struct.hlist_node* %10, null br i1 %11, label %170, label %12 %13 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %14 = load i64, i64* %13, align 8 switch i64 %14, label %43 [ i64 0, label %15 i64 1, label %27 ] %16 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %17 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %16, align 8 %18 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 1, i32 1 %19 = load %struct.dentry.176040*, %struct.dentry.176040** %18, align 8 %20 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %19, i64 0, i32 5 %21 = load %struct.inode.176051*, %struct.inode.176051** %20, align 8 %22 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %21, i64 0, i32 11 %23 = load i64, i64* %22, align 8 %24 = tail call i32 %17(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.7.18905, i64 0, i64 0), i32 1, i64 0, i64 %23, i32 4) #83 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %170 store i64 1, i64* %13, align 8 br label %27 %28 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %29 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %28, align 8 %30 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 1, i32 1 %31 = load %struct.dentry.176040*, %struct.dentry.176040** %30, align 8 %32 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %31, i64 0, i32 7, i32 0 %33 = bitcast %struct.anon.1* %32 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #83 %34 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %31, i64 0, i32 3 %35 = load %struct.dentry.176040*, %struct.dentry.176040** %34, align 8 %36 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %35, i64 0, i32 5 %37 = load %struct.inode.176051*, %struct.inode.176051** %36, align 8 %38 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %37, i64 0, i32 11 %39 = load i64, i64* %38, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %33) #83 %40 = tail call i32 %29(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.8.18906, i64 0, i64 0), i32 2, i64 1, i64 %39, i32 4) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %170 store i64 2, i64* %13, align 8 br label %43 %44 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %5, i64 0, i32 8 %45 = load %struct.super_block.176036*, %struct.super_block.176036** %44, align 8 %46 = getelementptr inbounds %struct.super_block.176036, %struct.super_block.176036* %45, i64 0, i32 28 %47 = bitcast i8** %46 to %struct.proc_fs_info.176208** %48 = load %struct.proc_fs_info.176208*, %struct.proc_fs_info.176208** %47, align 16 %49 = getelementptr inbounds %struct.proc_fs_info.176208, %struct.proc_fs_info.176208* %48, i64 0, i32 0 %50 = load %struct.pid_namespace.175865*, %struct.pid_namespace.175865** %49, align 8 %51 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 14 %52 = load i64, i64* %51, align 8 %53 = trunc i64 %52 to i32 store i64 0, i64* %51, align 8 %54 = load %struct.pid.175867*, %struct.pid.175867** %7, align 8 %55 = load i64, i64* %13, align 8 %56 = add i64 %55, -2 tail call void @__rcu_read_lock() #83 %57 = tail call %struct.task_struct.176180* bitcast (%struct.task_struct* (%struct.pid*, i32)* @pid_task to %struct.task_struct.176180* (%struct.pid.175867*, i32)*)(%struct.pid.175867* %54, i32 0) #83 %58 = icmp eq %struct.task_struct.176180* %57, null br i1 %58, label %103, label %59 %60 = icmp ne i32 %53, 0 %61 = icmp ne i64 %56, 0 %62 = and i1 %60, %61 br i1 %62, label %63, label %72 %64 = tail call %struct.task_struct.176180* bitcast (%struct.task_struct* (i32, %struct.pid_namespace*)* @find_task_by_pid_ns to %struct.task_struct.176180* (i32, %struct.pid_namespace.175865*)*)(i32 %53, %struct.pid_namespace.175865* %50) #83 %65 = icmp eq %struct.task_struct.176180* %64, null br i1 %65, label %72, label %66 %67 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %64, i64 0, i32 104 %68 = load %struct.signal_struct.176134*, %struct.signal_struct.176134** %67, align 8 %69 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %57, i64 0, i32 104 %70 = load %struct.signal_struct.176134*, %struct.signal_struct.176134** %69, align 8 %71 = icmp eq %struct.signal_struct.176134* %68, %70 br i1 %71, label %93, label %72 %73 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %57, i64 0, i32 104 %74 = load %struct.signal_struct.176134*, %struct.signal_struct.176134** %73, align 8 %75 = getelementptr inbounds %struct.signal_struct.176134, %struct.signal_struct.176134* %74, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = sext i32 %76 to i64 %78 = icmp ult i64 %56, %77 br i1 %78, label %79, label %103 %80 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %57, i64 0, i32 69 %81 = load %struct.task_struct.176180*, %struct.task_struct.176180** %80, align 32 br label %82 %83 = phi %struct.task_struct.176180* [ %81, %79 ], [ %91, %86 ] %84 = phi i64 [ %56, %79 ], [ %87, %86 ] %85 = icmp eq i64 %84, 0 br i1 %85, label %93, label %86 %94 = phi %struct.task_struct.176180* [ %64, %66 ], [ %83, %82 ] %95 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %94, i64 0, i32 3 %96 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %95, i64 0, i32 0, i32 0 %97 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %96, i32 1, i32* %96) #6, !srcloc !4 %98 = icmp eq i32 %97, 0 br i1 %98, label %104, label %99, !prof !5, !misexpect !6 %100 = add i32 %97, 1 %101 = or i32 %100, %97 %102 = icmp sgt i32 %101, -1 br i1 %102, label %106, label %104, !prof !7, !misexpect !6 %105 = phi i32 [ 2, %93 ], [ 1, %99 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %95, i32 %105) #83 br label %106 tail call void @__rcu_read_unlock() #83 %107 = icmp eq %struct.task_struct.176180* %94, null br i1 %107, label %170, label %108 %109 = getelementptr inbounds [11 x i8], [11 x i8]* %3, i64 0, i64 0 br label %110 %111 = phi %struct.task_struct.176180* [ %94, %108 ], [ %155, %166 ] %112 = call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.176180*, i32, %struct.pid_namespace.175865*)*)(%struct.task_struct.176180* nonnull %111, i32 0, %struct.pid_namespace.175865* %50) #83 %113 = icmp eq i32 %112, 0 br i1 %113, label %130, label %114 %115 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* nonnull %109, i64 11, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.18955, i64 0, i64 0), i32 %112) #84 %116 = call zeroext i1 @proc_fill_cache(%struct.file.175888* %0, %struct.dir_context* %1, i8* nonnull %109, i32 %115, %struct.dentry.176040* (%struct.dentry.176040*, %struct.task_struct.176180*, i8*)* nonnull @proc_task_instantiate, %struct.task_struct.176180* nonnull %111, i8* null) #84 br i1 %116, label %130, label %117 call void @__rcu_read_lock() #83 %131 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %111, i64 0, i32 72 %132 = load %struct.pid.175867*, %struct.pid.175867** %131, align 8 %133 = icmp eq %struct.pid.175867* %132, null br i1 %133, label %154, label %134 %135 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %111, i64 0, i32 74, i32 0 %136 = load volatile %struct.list_head*, %struct.list_head** %135, align 16 %137 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -97 %138 = bitcast %struct.list_head* %137 to %struct.task_struct.176180* %139 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %138, i64 0, i32 53 %140 = load i32, i32* %139, align 4 %141 = icmp sgt i32 %140, -1 br i1 %141, label %154, label %142 %143 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -95, i32 1 %144 = bitcast %struct.list_head** %143 to %struct.seqcount_spinlock* %145 = bitcast %struct.list_head** %143 to i32* %146 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %145, i32 1, i32* %145) #6, !srcloc !4 %147 = icmp eq i32 %146, 0 br i1 %147, label %148, label %149, !prof !5, !misexpect !6 %150 = add i32 %146, 1 %151 = or i32 %150, %146 %152 = icmp sgt i32 %151, -1 br i1 %152, label %154, label %153, !prof !7, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %144, i32 1) #83 br label %154 %155 = phi %struct.task_struct.176180* [ null, %130 ], [ null, %134 ], [ %138, %148 ], [ %138, %149 ], [ %138, %153 ] call void @__rcu_read_unlock() #83 %156 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %111, i64 0, i32 3 %157 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %156, i64 0, i32 0, i32 0 %158 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %157, i32 -1, i32* %157) #6, !srcloc !8 %159 = icmp eq i32 %158, 1 br i1 %159, label %165, label %160 %161 = add i32 %158, -1 %162 = or i32 %161, %158 %163 = icmp sgt i32 %162, -1 br i1 %163, label %166, label %164, !prof !7, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %156, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_pid_lookup 1 proc_root_lookup ------------- Path:  Function:proc_root_lookup %4 = tail call %struct.dentry* bitcast (%struct.dentry.176040* (%struct.dentry.176040*, i32)* @proc_pid_lookup to %struct.dentry* (%struct.dentry*, i32)*)(%struct.dentry* %1, i32 %2) #83 Function:proc_pid_lookup %3 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %0, i64 0, i32 4 %4 = tail call i32 @name_to_int(%struct.qstr* %3) #83 %5 = icmp eq i32 %4, -1 br i1 %5, label %57, label %6 %7 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %0, i64 0, i32 9 %8 = load %struct.super_block.176036*, %struct.super_block.176036** %7, align 8 %9 = getelementptr inbounds %struct.super_block.176036, %struct.super_block.176036* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.proc_fs_info.176208** %11 = load %struct.proc_fs_info.176208*, %struct.proc_fs_info.176208** %10, align 16 %12 = getelementptr inbounds %struct.proc_fs_info.176208, %struct.proc_fs_info.176208* %11, i64 0, i32 0 %13 = load %struct.pid_namespace.175865*, %struct.pid_namespace.175865** %12, align 8 tail call void @__rcu_read_lock() #83 %14 = tail call %struct.task_struct.176180* bitcast (%struct.task_struct* (i32, %struct.pid_namespace*)* @find_task_by_pid_ns to %struct.task_struct.176180* (i32, %struct.pid_namespace.175865*)*)(i32 %4, %struct.pid_namespace.175865* %13) #83 %15 = icmp eq %struct.task_struct.176180* %14, null br i1 %15, label %56, label %16 %17 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %14, i64 0, i32 3 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !5, !misexpect !6 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !7, !misexpect !6 %26 = phi i32 [ 2, %16 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %26) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_pid_lookup 1 proc_root_lookup ------------- Path:  Function:proc_root_lookup %4 = tail call %struct.dentry* bitcast (%struct.dentry.176040* (%struct.dentry.176040*, i32)* @proc_pid_lookup to %struct.dentry* (%struct.dentry*, i32)*)(%struct.dentry* %1, i32 %2) #83 Function:proc_pid_lookup %3 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %0, i64 0, i32 4 %4 = tail call i32 @name_to_int(%struct.qstr* %3) #83 %5 = icmp eq i32 %4, -1 br i1 %5, label %57, label %6 %7 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %0, i64 0, i32 9 %8 = load %struct.super_block.176036*, %struct.super_block.176036** %7, align 8 %9 = getelementptr inbounds %struct.super_block.176036, %struct.super_block.176036* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.proc_fs_info.176208** %11 = load %struct.proc_fs_info.176208*, %struct.proc_fs_info.176208** %10, align 16 %12 = getelementptr inbounds %struct.proc_fs_info.176208, %struct.proc_fs_info.176208* %11, i64 0, i32 0 %13 = load %struct.pid_namespace.175865*, %struct.pid_namespace.175865** %12, align 8 tail call void @__rcu_read_lock() #83 %14 = tail call %struct.task_struct.176180* bitcast (%struct.task_struct* (i32, %struct.pid_namespace*)* @find_task_by_pid_ns to %struct.task_struct.176180* (i32, %struct.pid_namespace.175865*)*)(i32 %4, %struct.pid_namespace.175865* %13) #83 %15 = icmp eq %struct.task_struct.176180* %14, null br i1 %15, label %56, label %16 %17 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %14, i64 0, i32 3 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !5, !misexpect !6 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !7, !misexpect !6 %26 = phi i32 [ 2, %16 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %26) #83 br label %27 tail call void @__rcu_read_unlock() #83 %28 = getelementptr inbounds %struct.proc_fs_info.176208, %struct.proc_fs_info.176208* %11, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 4 br i1 %30, label %31, label %33 %32 = tail call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @ptrace_may_access to i1 (%struct.task_struct.176180*, i32)*)(%struct.task_struct.176180* nonnull %14, i32 9) #83 br i1 %32, label %33, label %46 %34 = load %struct.super_block.176036*, %struct.super_block.176036** %7, align 8 %35 = tail call %struct.inode.176051* @proc_pid_make_inode(%struct.super_block.176036* %34, %struct.task_struct.176180* nonnull %14, i16 zeroext 16749) #83 %36 = icmp eq %struct.inode.176051* %35, null br i1 %36, label %46, label %37 %38 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %35, i64 0, i32 7 store %struct.inode_operations.176045* bitcast ({ %struct.dentry.176040* (%struct.inode.176051*, %struct.dentry.176040*, i32)*, i8* (%struct.dentry.176040*, %struct.inode.176051*, %struct.delayed_call*)*, i32 (%struct.user_namespace.176192*, %struct.inode.176051*, i32)*, %struct.posix_acl* (%struct.inode.176051*, i32, i1)*, i32 (%struct.dentry.176040*, i8*, i32)*, i32 (%struct.user_namespace.176192*, %struct.inode.176051*, %struct.dentry.176040*, i16, i1)*, i32 (%struct.dentry.176040*, %struct.inode.176051*, %struct.dentry.176040*)*, i32 (%struct.inode.176051*, %struct.dentry.176040*)*, i32 (%struct.user_namespace.176192*, %struct.inode.176051*, %struct.dentry.176040*, i8*)*, i32 (%struct.user_namespace.176192*, %struct.inode.176051*, %struct.dentry.176040*, i16)*, i32 (%struct.inode.176051*, %struct.dentry.176040*)*, i32 (%struct.user_namespace.176192*, %struct.inode.176051*, %struct.dentry.176040*, i16, i32)*, i32 (%struct.user_namespace.176192*, %struct.inode.176051*, %struct.dentry.176040*, %struct.inode.176051*, %struct.dentry.176040*, i32)*, i32 (%struct.user_namespace.176192*, %struct.dentry.176040*, %struct.iattr.176193*)*, i32 (%struct.user_namespace.176192*, %struct.path.175829*, %struct.kstat*, i32, i32)*, i64 (%struct.dentry.176040*, i8*, i64)*, i32 (%struct.inode.176051*, %struct.fiemap_extent_info*, i64, i64)*, i32 (%struct.inode.176051*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.176051*, %struct.dentry.176040*, %struct.file.175888*, i32, i16)*, i32 (%struct.user_namespace.176192*, %struct.inode.176051*, %struct.dentry.176040*, i16)*, i32 (%struct.user_namespace.176192*, %struct.inode.176051*, %struct.posix_acl*, i32)*, i32 (%struct.user_namespace.176192*, %struct.dentry.176040*, %struct.fileattr*)*, i32 (%struct.dentry.176040*, %struct.fileattr*)*, [8 x i8] }* @proc_tgid_base_inode_operations to %struct.inode_operations.176045*), %struct.inode_operations.176045** %38, align 8 %39 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %35, i64 0, i32 39, i32 0 store %struct.file_operations.175858* @proc_tgid_base_operations, %struct.file_operations.175858** %39, align 8 %40 = getelementptr inbounds %struct.inode.176051, %struct.inode.176051* %35, i64 0, i32 4 %41 = load i32, i32* %40, align 4 %42 = or i32 %41, 8 store i32 %42, i32* %40, align 4 %43 = load i1, i1* @nlink_tgid, align 1 %44 = select i1 %43, i32 9, i32 0 tail call void bitcast (void (%struct.inode.148552*, i32)* @set_nlink to void (%struct.inode.176051*, i32)*)(%struct.inode.176051* nonnull %35, i32 %44) #83 tail call void @pid_update_inode(%struct.task_struct.176180* nonnull %14, %struct.inode.176051* nonnull %35) #83 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry_operations.148046*)* @d_set_d_op to void (%struct.dentry.176040*, %struct.dentry_operations.176038*)*)(%struct.dentry.176040* %0, %struct.dentry_operations.176038* nonnull @pid_dentry_operations) #83 %45 = tail call %struct.dentry.176040* bitcast (%struct.dentry.148048* (%struct.inode.148060*, %struct.dentry.148048*)* @d_splice_alias to %struct.dentry.176040* (%struct.inode.176051*, %struct.dentry.176040*)*)(%struct.inode.176051* nonnull %35, %struct.dentry.176040* %0) #83 br label %46 %47 = phi %struct.dentry.176040* [ inttoptr (i64 -2 to %struct.dentry.176040*), %31 ], [ %45, %37 ], [ inttoptr (i64 -2 to %struct.dentry.176040*), %33 ] %48 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 -1, i32* %18) #6, !srcloc !8 %49 = icmp eq i32 %48, 1 br i1 %49, label %55, label %50 %51 = add i32 %48, -1 %52 = or i32 %51, %48 %53 = icmp sgt i32 %52, -1 br i1 %53, label %57, label %54, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_proc_task_net 1 proc_tgid_net_readdir ------------- Path:  Function:proc_tgid_net_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %4) #83 Function:get_proc_task_net tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %3 = bitcast %struct.list_head* %2 to %struct.pid** %4 = load %struct.pid*, %struct.pid** %3, align 8 %5 = tail call %struct.task_struct* @pid_task(%struct.pid* %4, i32 0) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %27, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 103 %10 = load %struct.nsproxy*, %struct.nsproxy** %9, align 64 %11 = icmp eq %struct.nsproxy* %10, null br i1 %11, label %25, label %12 %13 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %10, i64 0, i32 5 %14 = load %struct.net*, %struct.net** %13, align 8 %15 = getelementptr inbounds %struct.net, %struct.net* %14, i64 0, i32 14, i32 3 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 0, i32 0, i32 0 %17 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 1, i32* %16) #6, !srcloc !4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_proc_task_net 1 proc_tgid_net_lookup ------------- Path:  Function:proc_tgid_net_lookup %4 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %0) #83 Function:get_proc_task_net tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %3 = bitcast %struct.list_head* %2 to %struct.pid** %4 = load %struct.pid*, %struct.pid** %3, align 8 %5 = tail call %struct.task_struct* @pid_task(%struct.pid* %4, i32 0) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %27, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 103 %10 = load %struct.nsproxy*, %struct.nsproxy** %9, align 64 %11 = icmp eq %struct.nsproxy* %10, null br i1 %11, label %25, label %12 %13 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %10, i64 0, i32 5 %14 = load %struct.net*, %struct.net** %13, align 8 %15 = getelementptr inbounds %struct.net, %struct.net* %14, i64 0, i32 14, i32 3 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 0, i32 0, i32 0 %17 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 1, i32* %16) #6, !srcloc !4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_proc_task_net 1 proc_tgid_net_getattr ------------- Path:  Function:proc_tgid_net_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %9) #83 Function:get_proc_task_net tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %3 = bitcast %struct.list_head* %2 to %struct.pid** %4 = load %struct.pid*, %struct.pid** %3, align 8 %5 = tail call %struct.task_struct* @pid_task(%struct.pid* %4, i32 0) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %27, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 103 %10 = load %struct.nsproxy*, %struct.nsproxy** %9, align 64 %11 = icmp eq %struct.nsproxy* %10, null br i1 %11, label %25, label %12 %13 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %10, i64 0, i32 5 %14 = load %struct.net*, %struct.net** %13, align 8 %15 = getelementptr inbounds %struct.net, %struct.net* %14, i64 0, i32 14, i32 3 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 0, i32 0, i32 0 %17 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 1, i32* %16) #6, !srcloc !4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_proc_task_net 1 proc_tgid_net_readdir ------------- Path:  Function:proc_tgid_net_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %4) #83 Function:get_proc_task_net tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %3 = bitcast %struct.list_head* %2 to %struct.pid** %4 = load %struct.pid*, %struct.pid** %3, align 8 %5 = tail call %struct.task_struct* @pid_task(%struct.pid* %4, i32 0) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %27, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 103 %10 = load %struct.nsproxy*, %struct.nsproxy** %9, align 64 %11 = icmp eq %struct.nsproxy* %10, null br i1 %11, label %25, label %12 %13 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %10, i64 0, i32 5 %14 = load %struct.net*, %struct.net** %13, align 8 %15 = getelementptr inbounds %struct.net, %struct.net* %14, i64 0, i32 14, i32 3 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 0, i32 0, i32 0 %17 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 1, i32* %16) #6, !srcloc !4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !5, !misexpect !6 %21 = add i32 %17, 1 %22 = or i32 %21, %17 %23 = icmp sgt i32 %22, -1 br i1 %23, label %25, label %24, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_proc_task_net 1 proc_tgid_net_lookup ------------- Path:  Function:proc_tgid_net_lookup %4 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %0) #83 Function:get_proc_task_net tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %3 = bitcast %struct.list_head* %2 to %struct.pid** %4 = load %struct.pid*, %struct.pid** %3, align 8 %5 = tail call %struct.task_struct* @pid_task(%struct.pid* %4, i32 0) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %27, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 103 %10 = load %struct.nsproxy*, %struct.nsproxy** %9, align 64 %11 = icmp eq %struct.nsproxy* %10, null br i1 %11, label %25, label %12 %13 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %10, i64 0, i32 5 %14 = load %struct.net*, %struct.net** %13, align 8 %15 = getelementptr inbounds %struct.net, %struct.net* %14, i64 0, i32 14, i32 3 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 0, i32 0, i32 0 %17 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 1, i32* %16) #6, !srcloc !4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !5, !misexpect !6 %21 = add i32 %17, 1 %22 = or i32 %21, %17 %23 = icmp sgt i32 %22, -1 br i1 %23, label %25, label %24, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_proc_task_net 1 proc_tgid_net_getattr ------------- Path:  Function:proc_tgid_net_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %9) #83 Function:get_proc_task_net tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %3 = bitcast %struct.list_head* %2 to %struct.pid** %4 = load %struct.pid*, %struct.pid** %3, align 8 %5 = tail call %struct.task_struct* @pid_task(%struct.pid* %4, i32 0) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %27, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 103 %10 = load %struct.nsproxy*, %struct.nsproxy** %9, align 64 %11 = icmp eq %struct.nsproxy* %10, null br i1 %11, label %25, label %12 %13 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %10, i64 0, i32 5 %14 = load %struct.net*, %struct.net** %13, align 8 %15 = getelementptr inbounds %struct.net, %struct.net* %14, i64 0, i32 14, i32 3 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 0, i32 0, i32 0 %17 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 1, i32* %16) #6, !srcloc !4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !5, !misexpect !6 %21 = add i32 %17, 1 %22 = or i32 %21, %17 %23 = icmp sgt i32 %22, -1 br i1 %23, label %25, label %24, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %15, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_release_net ------------- Path:  Function:single_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.net** %8 = load %struct.net*, %struct.net** %7, align 8 %9 = getelementptr inbounds %struct.net, %struct.net* %8, i64 0, i32 14, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 %14 = add i32 %11, -1 %15 = or i32 %14, %11 %16 = icmp sgt i32 %15, -1 br i1 %16, label %19, label %17, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open_net ------------- Path:  Function:single_open_net %3 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.proc_dir_entry** %6 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %5, align 8 %7 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 17 %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.net** %11 = load %struct.net*, %struct.net** %10, align 8 %12 = getelementptr inbounds %struct.net, %struct.net* %11, i64 0, i32 14, i32 3 %13 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %12, i64 0, i32 0, i32 0 %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %26, label %16 %17 = phi i32 [ %24, %23 ], [ %14, %2 ] %18 = add i32 %17, 1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %13, i32 %18, i32* %13, i32 %17) #6, !srcloc !4 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %26, !prof !5, !misexpect !6 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %16 %27 = phi i32 [ 0, %2 ], [ 0, %23 ], [ %17, %16 ] %28 = add i32 %27, 1 %29 = or i32 %28, %27 %30 = icmp sgt i32 %29, -1 br i1 %30, label %32, label %31, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %12, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 seq_release_net ------------- Path:  Function:seq_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.possible_net_t** %8 = load %struct.possible_net_t*, %struct.possible_net_t** %7, align 8 %9 = getelementptr inbounds %struct.possible_net_t, %struct.possible_net_t* %8, i64 0, i32 0 %10 = load %struct.net*, %struct.net** %9, align 8 %11 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 14, i32 3 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 %16 = add i32 %13, -1 %17 = or i32 %16, %13 %18 = icmp sgt i32 %17, -1 br i1 %18, label %21, label %19, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 seq_open_net ------------- Path:  Function:seq_open_net %3 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.proc_dir_entry** %6 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %5, align 8 %7 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 11 %8 = load i32, i32* %7, align 8 %9 = icmp ult i32 %8, 8 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.2.19385, i64 0, i64 0), i32 48, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "335:\0A\09.pushsection .discard.reachable\0A\09.long 335b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %11 %12 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 8 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 %16 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %5, align 8 br i1 %15, label %21, label %17 %22 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %16, i64 0, i32 17 %23 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %22, align 8 %24 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %23, i64 0, i32 10 %25 = bitcast i8** %24 to %struct.net** %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = load volatile i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %41, label %31 %32 = phi i32 [ %39, %38 ], [ %29, %21 ] %33 = add i32 %32, 1 %34 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 %33, i32* %28, i32 %32) #6, !srcloc !8 %35 = extractvalue { i8, i32 } %34, 0 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %41, !prof !4, !misexpect !5 %39 = extractvalue { i8, i32 } %34, 1 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %31 %42 = phi i32 [ 0, %21 ], [ 0, %38 ], [ %32, %31 ] %43 = add i32 %42, 1 %44 = or i32 %43, %42 %45 = icmp sgt i32 %44, -1 br i1 %45, label %47, label %46, !prof !9, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %27, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __put_nfs_open_context 1 nfs_file_clear_open_context 2 nfs_file_release ------------- Path:  Function:nfs_file_release %3 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %0, i64 0, i32 8 %4 = load %struct.super_block.213267*, %struct.super_block.213267** %3, align 8 %5 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.213423** %7 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %7, i64 0, i32 6 %9 = load %struct.nfs_iostats*, %struct.nfs_iostats** %8, align 8 %10 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %9, i64 0, i32 1, i64 17 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %10, i64* %10) #6, !srcloc !4 tail call void bitcast (void (%struct.file.214359*)* @nfs_file_clear_open_context to void (%struct.file.213286*)*)(%struct.file.213286* %1) #83 Function:nfs_file_clear_open_context %2 = getelementptr inbounds %struct.file.214359, %struct.file.214359* %0, i64 0, i32 16 %3 = bitcast i8** %2 to %struct.nfs_open_context.214915** %4 = load %struct.nfs_open_context.214915*, %struct.nfs_open_context.214915** %3, align 8 %5 = icmp eq %struct.nfs_open_context.214915* %4, null br i1 %5, label %21, label %6 %7 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %4, i64 0, i32 2 %8 = load %struct.dentry.214823*, %struct.dentry.214823** %7, align 8 %9 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %8, i64 0, i32 5 %10 = load %struct.inode.214835*, %struct.inode.214835** %9, align 8 %11 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %4, i64 0, i32 7 %12 = bitcast i64* %11 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %12, i32 -17, i8* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %4, i64 0, i32 8 %14 = load i32, i32* %13, align 8 %15 = icmp slt i32 %14, 0 br i1 %15, label %16, label %20 %17 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %10, i64 0, i32 9 %18 = load %struct.address_space.214836*, %struct.address_space.214836** %17, align 8 %19 = tail call i32 bitcast (i32 (%struct.address_space.121998*)* @invalidate_inode_pages2 to i32 (%struct.address_space.214836*)*)(%struct.address_space.214836* %18) #83 br label %20 store i8* null, i8** %2, align 8 tail call fastcc void @__put_nfs_open_context(%struct.nfs_open_context.214915* nonnull %4, i32 1) #83 Function:__put_nfs_open_context %3 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 2 %4 = load %struct.dentry.214823*, %struct.dentry.214823** %3, align 8 %5 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %4, i64 0, i32 5 %6 = load %struct.inode.214835*, %struct.inode.214835** %5, align 8 %7 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %4, i64 0, i32 9 %8 = load %struct.super_block.214819*, %struct.super_block.214819** %7, align 8 %9 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0 %10 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 %14 = add i32 %11, -1 %15 = or i32 %14, %11 %16 = icmp sgt i32 %15, -1 br i1 %16, label %64, label %17, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %9, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_get_lock_context 1 _nfs4_do_setattr 2 nfs4_do_setattr 3 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 2 %36 = call zeroext i1 @nfs4_copy_delegation_stateid(%struct.inode* %0, i32 2, %struct.nfs4_stateid_struct* %35, %struct.cred** nonnull %9) #83 br i1 %36, label %62, label %37 %38 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %38, label %57, label %39 %40 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %4, i64 0, i32 5 %41 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %40, align 8 %42 = icmp eq %struct.nfs4_state.233157* %41, null br i1 %42, label %57, label %43 %44 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %41, i64 0, i32 5 %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 512 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %160 %49 = call %struct.nfs_lock_context.233159* bitcast (%struct.nfs_lock_context.214916* (%struct.nfs_open_context.214915*)* @nfs_get_lock_context to %struct.nfs_lock_context.233159* (%struct.nfs_open_context.233158*)*)(%struct.nfs_open_context.233158* nonnull %4) #83 Function:nfs_get_lock_context %2 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 2 %3 = load %struct.dentry.214823*, %struct.dentry.214823** %2, align 8 %4 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %3, i64 0, i32 5 %5 = load %struct.inode.214835*, %struct.inode.214835** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 1 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 %8 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %9 = getelementptr %struct.list_head, %struct.list_head* %8, i64 -1, i32 1 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %9, i64 1 %11 = bitcast %struct.list_head** %10 to %struct.list_head* %12 = icmp eq %struct.list_head* %6, %11 br i1 %12, label %56, label %13 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.214809** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.214809**)) #11, !srcloc !4 %15 = inttoptr i64 %14 to %struct.task_struct.214809* %16 = getelementptr inbounds %struct.task_struct.214809, %struct.task_struct.214809* %15, i64 0, i32 101 %17 = bitcast %struct.files_struct** %16 to i8** br label %18 %19 = phi %struct.list_head* [ %11, %13 ], [ %54, %49 ] %20 = phi %struct.list_head** [ %9, %13 ], [ %52, %49 ] %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %20, i64 4 %22 = bitcast %struct.list_head** %21 to i8** %23 = load i8*, i8** %22, align 8 %24 = load i8*, i8** %17, align 16 %25 = icmp eq i8* %23, %24 br i1 %25, label %26, label %49 %27 = bitcast %struct.list_head** %20 to %struct.seqcount_spinlock* %28 = bitcast %struct.list_head** %20 to i32* %29 = load volatile i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %41, label %31 %32 = phi i32 [ %39, %38 ], [ %29, %26 ] %33 = add i32 %32, 1 %34 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 %33, i32* %28, i32 %32) #6, !srcloc !5 %35 = extractvalue { i8, i32 } %34, 0 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %41, !prof !6, !misexpect !7 %39 = extractvalue { i8, i32 } %34, 1 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %31 %42 = phi i32 [ 0, %26 ], [ 0, %38 ], [ %32, %31 ] %43 = add i32 %42, 1 %44 = or i32 %43, %42 %45 = icmp sgt i32 %44, -1 br i1 %45, label %47, label %46, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %27, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_nfs_open_context 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_inode_make_writeable 4 _nfs4_do_setattr 5 nfs4_do_setattr 6 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 tail call void @__rcu_read_lock() #83 %43 = load volatile %struct.list_head*, %struct.list_head** %35, align 8 %44 = icmp eq %struct.list_head* %43, %34 br i1 %44, label %142, label %45 %46 = phi %struct.list_head* [ %140, %138 ], [ %43, %42 ] %47 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -8 %48 = bitcast %struct.list_head* %47 to %struct.nfs_open_context.237826* %49 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -2 %50 = bitcast %struct.list_head* %49 to %struct.nfs4_state.237825** %51 = load %struct.nfs4_state.237825*, %struct.nfs4_state.237825** %50, align 8 %52 = icmp eq %struct.nfs4_state.237825* %51, null br i1 %52, label %138, label %53 %54 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 2 %57 = icmp eq i64 %56, 0 br i1 %57, label %138, label %58 %59 = load volatile i64, i64* %54, align 8 %60 = and i64 %59, 512 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %138 %63 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8, i32 1 %64 = load i32, i32* %63, align 4 %65 = load i32, i32* %36, align 4 %66 = icmp eq i32 %64, %65 br i1 %66, label %67, label %138 %68 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8 %69 = bitcast %struct.nfs4_stateid_struct* %68 to i8* %70 = tail call i32 @bcmp(i8* dereferenceable(16) %69, i8* dereferenceable(16) %37, i64 16) #6 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %138 %73 = tail call %struct.nfs_open_context.237826* bitcast (%struct.nfs_open_context.214915* (%struct.nfs_open_context.214915*)* @get_nfs_open_context to %struct.nfs_open_context.237826* (%struct.nfs_open_context.237826*)*)(%struct.nfs_open_context.237826* %48) #83 Function:get_nfs_open_context %2 = icmp eq %struct.nfs_open_context.214915* %0, null br i1 %2, label %26, label %3 %4 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0 %5 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %18, label %8 %9 = phi i32 [ %16, %15 ], [ %6, %3 ] %10 = add i32 %9, 1 %11 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 %10, i32* %5, i32 %9) #6, !srcloc !4 %12 = extractvalue { i8, i32 } %11, 0 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %18, !prof !5, !misexpect !6 %16 = extractvalue { i8, i32 } %11, 1 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %8 %19 = phi i32 [ 0, %3 ], [ 0, %15 ], [ %9, %8 ] %20 = add i32 %19, 1 %21 = or i32 %20, %19 %22 = icmp sgt i32 %21, -1 br i1 %22, label %24, label %23, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_nfs_open_context 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_inode_make_writeable 4 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.233146** %6 = load %struct.nfs_renameargs.233146*, %struct.nfs_renameargs.233146** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.233147** %9 = load %struct.nfs_renameres.233147*, %struct.nfs_renameres.233147** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 tail call void @__rcu_read_lock() #83 %43 = load volatile %struct.list_head*, %struct.list_head** %35, align 8 %44 = icmp eq %struct.list_head* %43, %34 br i1 %44, label %142, label %45 %46 = phi %struct.list_head* [ %140, %138 ], [ %43, %42 ] %47 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -8 %48 = bitcast %struct.list_head* %47 to %struct.nfs_open_context.237826* %49 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -2 %50 = bitcast %struct.list_head* %49 to %struct.nfs4_state.237825** %51 = load %struct.nfs4_state.237825*, %struct.nfs4_state.237825** %50, align 8 %52 = icmp eq %struct.nfs4_state.237825* %51, null br i1 %52, label %138, label %53 %54 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 2 %57 = icmp eq i64 %56, 0 br i1 %57, label %138, label %58 %59 = load volatile i64, i64* %54, align 8 %60 = and i64 %59, 512 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %138 %63 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8, i32 1 %64 = load i32, i32* %63, align 4 %65 = load i32, i32* %36, align 4 %66 = icmp eq i32 %64, %65 br i1 %66, label %67, label %138 %68 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8 %69 = bitcast %struct.nfs4_stateid_struct* %68 to i8* %70 = tail call i32 @bcmp(i8* dereferenceable(16) %69, i8* dereferenceable(16) %37, i64 16) #6 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %138 %73 = tail call %struct.nfs_open_context.237826* bitcast (%struct.nfs_open_context.214915* (%struct.nfs_open_context.214915*)* @get_nfs_open_context to %struct.nfs_open_context.237826* (%struct.nfs_open_context.237826*)*)(%struct.nfs_open_context.237826* %48) #83 Function:get_nfs_open_context %2 = icmp eq %struct.nfs_open_context.214915* %0, null br i1 %2, label %26, label %3 %4 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0 %5 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %18, label %8 %9 = phi i32 [ %16, %15 ], [ %6, %3 ] %10 = add i32 %9, 1 %11 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 %10, i32* %5, i32 %9) #6, !srcloc !4 %12 = extractvalue { i8, i32 } %11, 0 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %18, !prof !5, !misexpect !6 %16 = extractvalue { i8, i32 } %11, 1 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %8 %19 = phi i32 [ 0, %3 ], [ 0, %15 ], [ %9, %8 ] %20 = add i32 %19, 1 %21 = or i32 %20, %19 %22 = icmp sgt i32 %21, -1 br i1 %22, label %24, label %23, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_nfs_open_context 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_inode_make_writeable 4 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 tail call void @__rcu_read_lock() #83 %43 = load volatile %struct.list_head*, %struct.list_head** %35, align 8 %44 = icmp eq %struct.list_head* %43, %34 br i1 %44, label %142, label %45 %46 = phi %struct.list_head* [ %140, %138 ], [ %43, %42 ] %47 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -8 %48 = bitcast %struct.list_head* %47 to %struct.nfs_open_context.237826* %49 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -2 %50 = bitcast %struct.list_head* %49 to %struct.nfs4_state.237825** %51 = load %struct.nfs4_state.237825*, %struct.nfs4_state.237825** %50, align 8 %52 = icmp eq %struct.nfs4_state.237825* %51, null br i1 %52, label %138, label %53 %54 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 2 %57 = icmp eq i64 %56, 0 br i1 %57, label %138, label %58 %59 = load volatile i64, i64* %54, align 8 %60 = and i64 %59, 512 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %138 %63 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8, i32 1 %64 = load i32, i32* %63, align 4 %65 = load i32, i32* %36, align 4 %66 = icmp eq i32 %64, %65 br i1 %66, label %67, label %138 %68 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8 %69 = bitcast %struct.nfs4_stateid_struct* %68 to i8* %70 = tail call i32 @bcmp(i8* dereferenceable(16) %69, i8* dereferenceable(16) %37, i64 16) #6 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %138 %73 = tail call %struct.nfs_open_context.237826* bitcast (%struct.nfs_open_context.214915* (%struct.nfs_open_context.214915*)* @get_nfs_open_context to %struct.nfs_open_context.237826* (%struct.nfs_open_context.237826*)*)(%struct.nfs_open_context.237826* %48) #83 Function:get_nfs_open_context %2 = icmp eq %struct.nfs_open_context.214915* %0, null br i1 %2, label %26, label %3 %4 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0 %5 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %18, label %8 %9 = phi i32 [ %16, %15 ], [ %6, %3 ] %10 = add i32 %9, 1 %11 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 %10, i32* %5, i32 %9) #6, !srcloc !4 %12 = extractvalue { i8, i32 } %11, 0 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %18, !prof !5, !misexpect !6 %16 = extractvalue { i8, i32 } %11, 1 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %8 %19 = phi i32 [ 0, %3 ], [ 0, %15 ], [ %9, %8 ] %20 = add i32 %19, 1 %21 = or i32 %20, %19 %22 = icmp sgt i32 %21, -1 br i1 %22, label %24, label %23, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_nfs_open_context 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.233142** %6 = load %struct.nfs_removeargs.233142*, %struct.nfs_removeargs.233142** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.233144** %9 = load %struct.nfs_removeres.233144*, %struct.nfs_removeres.233144** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.233131** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #83 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 tail call void @__rcu_read_lock() #83 %43 = load volatile %struct.list_head*, %struct.list_head** %35, align 8 %44 = icmp eq %struct.list_head* %43, %34 br i1 %44, label %142, label %45 %46 = phi %struct.list_head* [ %140, %138 ], [ %43, %42 ] %47 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -8 %48 = bitcast %struct.list_head* %47 to %struct.nfs_open_context.237826* %49 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -2 %50 = bitcast %struct.list_head* %49 to %struct.nfs4_state.237825** %51 = load %struct.nfs4_state.237825*, %struct.nfs4_state.237825** %50, align 8 %52 = icmp eq %struct.nfs4_state.237825* %51, null br i1 %52, label %138, label %53 %54 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 2 %57 = icmp eq i64 %56, 0 br i1 %57, label %138, label %58 %59 = load volatile i64, i64* %54, align 8 %60 = and i64 %59, 512 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %138 %63 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8, i32 1 %64 = load i32, i32* %63, align 4 %65 = load i32, i32* %36, align 4 %66 = icmp eq i32 %64, %65 br i1 %66, label %67, label %138 %68 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8 %69 = bitcast %struct.nfs4_stateid_struct* %68 to i8* %70 = tail call i32 @bcmp(i8* dereferenceable(16) %69, i8* dereferenceable(16) %37, i64 16) #6 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %138 %73 = tail call %struct.nfs_open_context.237826* bitcast (%struct.nfs_open_context.214915* (%struct.nfs_open_context.214915*)* @get_nfs_open_context to %struct.nfs_open_context.237826* (%struct.nfs_open_context.237826*)*)(%struct.nfs_open_context.237826* %48) #83 Function:get_nfs_open_context %2 = icmp eq %struct.nfs_open_context.214915* %0, null br i1 %2, label %26, label %3 %4 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0 %5 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %18, label %8 %9 = phi i32 [ %16, %15 ], [ %6, %3 ] %10 = add i32 %9, 1 %11 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 %10, i32* %5, i32 %9) #6, !srcloc !4 %12 = extractvalue { i8, i32 } %11, 0 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %18, !prof !5, !misexpect !6 %16 = extractvalue { i8, i32 } %11, 1 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %8 %19 = phi i32 [ 0, %3 ], [ 0, %15 ], [ %9, %8 ] %20 = add i32 %19, 1 %21 = or i32 %20, %19 %22 = icmp sgt i32 %21, -1 br i1 %22, label %24, label %23, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %4, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs3_set_acl ------------- Path:  Function:nfs3_set_acl %5 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %1, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, -4096 %8 = icmp eq i16 %7, 16384 br i1 %8, label %9, label %16 switch i32 %3, label %16 [ i32 32768, label %10 i32 16384, label %13 ] %14 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.232196*, i32)*)(%struct.inode.232196* %1, i32 32768) #83 %15 = icmp ugt %struct.posix_acl* %14, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %15, label %63, label %16 %17 = phi %struct.posix_acl* [ %2, %9 ], [ %2, %4 ], [ %2, %10 ], [ %14, %13 ] %18 = phi %struct.posix_acl* [ null, %9 ], [ null, %4 ], [ %11, %10 ], [ %2, %13 ] %19 = icmp eq %struct.posix_acl* %17, null br i1 %19, label %20, label %24 %21 = load i16, i16* %5, align 8 %22 = tail call %struct.posix_acl* @posix_acl_from_mode(i16 zeroext %21, i32 3264) #83 %23 = icmp ugt %struct.posix_acl* %22, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %23, label %63, label %24 %64 = phi %struct.posix_acl* [ null, %20 ], [ %2, %13 ], [ %2, %10 ] %65 = phi %struct.posix_acl* [ %18, %20 ], [ null, %13 ], [ null, %10 ] %66 = phi %struct.posix_acl* [ %22, %20 ], [ %14, %13 ], [ %11, %10 ] %67 = ptrtoint %struct.posix_acl* %66 to i64 %68 = trunc i64 %67 to i32 br label %27 %28 = phi %struct.posix_acl* [ %64, %63 ], [ %25, %24 ] %29 = phi %struct.posix_acl* [ %65, %63 ], [ %18, %24 ] %30 = phi i32 [ %68, %63 ], [ %26, %24 ] %31 = icmp eq %struct.posix_acl* %28, %2 %32 = icmp eq %struct.posix_acl* %28, null %33 = or i1 %31, %32 br i1 %33, label %46, label %34 %35 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 0 %36 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 0, i32 0, i32 0 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 -1, i32* %36) #6, !srcloc !4 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 %40 = add i32 %37, -1 %41 = or i32 %40, %37 %42 = icmp sgt i32 %41, -1 br i1 %42, label %46, label %43, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %35, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs3_set_acl ------------- Path:  Function:nfs3_set_acl %5 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %1, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, -4096 %8 = icmp eq i16 %7, 16384 br i1 %8, label %9, label %16 switch i32 %3, label %16 [ i32 32768, label %10 i32 16384, label %13 ] %14 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.232196*, i32)*)(%struct.inode.232196* %1, i32 32768) #83 %15 = icmp ugt %struct.posix_acl* %14, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %15, label %63, label %16 %17 = phi %struct.posix_acl* [ %2, %9 ], [ %2, %4 ], [ %2, %10 ], [ %14, %13 ] %18 = phi %struct.posix_acl* [ null, %9 ], [ null, %4 ], [ %11, %10 ], [ %2, %13 ] %19 = icmp eq %struct.posix_acl* %17, null br i1 %19, label %20, label %24 %21 = load i16, i16* %5, align 8 %22 = tail call %struct.posix_acl* @posix_acl_from_mode(i16 zeroext %21, i32 3264) #83 %23 = icmp ugt %struct.posix_acl* %22, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %23, label %63, label %24 %64 = phi %struct.posix_acl* [ null, %20 ], [ %2, %13 ], [ %2, %10 ] %65 = phi %struct.posix_acl* [ %18, %20 ], [ null, %13 ], [ null, %10 ] %66 = phi %struct.posix_acl* [ %22, %20 ], [ %14, %13 ], [ %11, %10 ] %67 = ptrtoint %struct.posix_acl* %66 to i64 %68 = trunc i64 %67 to i32 br label %27 %28 = phi %struct.posix_acl* [ %64, %63 ], [ %25, %24 ] %29 = phi %struct.posix_acl* [ %65, %63 ], [ %18, %24 ] %30 = phi i32 [ %68, %63 ], [ %26, %24 ] %31 = icmp eq %struct.posix_acl* %28, %2 %32 = icmp eq %struct.posix_acl* %28, null %33 = or i1 %31, %32 br i1 %33, label %46, label %34 %35 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 0 %36 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 0, i32 0, i32 0 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 -1, i32* %36) #6, !srcloc !4 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %45 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 1 tail call void @kvfree_call_rcu(%struct.callback_head* %45, void (%struct.callback_head*)* nonnull inttoptr (i64 8 to void (%struct.callback_head*)*)) #83 br label %46 %47 = icmp eq %struct.posix_acl* %29, %2 %48 = icmp eq %struct.posix_acl* %29, null %49 = or i1 %47, %48 br i1 %49, label %62, label %50 %51 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %29, i64 0, i32 0 %52 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %29, i64 0, i32 0, i32 0, i32 0 %53 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %52, i32 -1, i32* %52) #6, !srcloc !4 %54 = icmp eq i32 %53, 1 br i1 %54, label %60, label %55 %56 = add i32 %53, -1 %57 = or i32 %56, %53 %58 = icmp sgt i32 %57, -1 br i1 %58, label %62, label %59, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %51, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_set_lock_state 1 nfs4_proc_unlck 2 nfs4_proc_lock ------------- Path:  Function:nfs4_proc_lock %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.nfs_open_context.233158** %7 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %6, align 8 %8 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %7, i64 0, i32 5 %9 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %8, align 8 %10 = icmp eq i32 %1, 5 br i1 %10, label %11, label %15 %16 = and i32 %1, -2 %17 = icmp eq i32 %16, 6 br i1 %17, label %18, label %143 %19 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %2, i64 0, i32 7 %20 = load i8, i8* %19, align 4 %21 = icmp eq i8 %20, 2 %22 = icmp eq %struct.nfs4_state.233157* %9, null br i1 %21, label %23, label %26 br i1 %22, label %143, label %24 %25 = tail call fastcc i32 @nfs4_proc_unlck(%struct.nfs4_state.233157* nonnull %9, %struct.file_lock* %2) #83 Function:nfs4_proc_unlck %3 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %0, i64 0, i32 4 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.233154*, %struct.nfs4_state_owner.233154** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 24, i32 4 %8 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.nfs4_state.234728*, %struct.file_lock*)* @nfs4_set_lock_state to i32 (%struct.nfs4_state.233157*, %struct.file_lock*)*)(%struct.nfs4_state.233157* %0, %struct.file_lock* %1) #83 Function:nfs4_set_lock_state %3 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 17 %4 = load %struct.file_lock_operations*, %struct.file_lock_operations** %3, align 8 %5 = icmp eq %struct.file_lock_operations* %4, null br i1 %5, label %6, label %112 %7 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 5 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 6, i32 0, i32 0 %10 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 2 %11 = bitcast %struct.list_head* %10 to %struct.nfs4_lock_state.234758** %12 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 3 br label %13 %14 = phi %struct.nfs4_lock_state.234758* [ null, %6 ], [ %59, %90 ] tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %15 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %11, align 8 %16 = getelementptr %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %15, i64 0, i32 0 %17 = icmp eq %struct.list_head* %16, %10 br i1 %17, label %43, label %18 %19 = phi %struct.nfs4_lock_state.234758* [ %28, %24 ], [ %15, %13 ] %20 = phi %struct.nfs4_lock_state.234758* [ %26, %24 ], [ null, %13 ] %21 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %19, i64 0, i32 6 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, %8 br i1 %23, label %31, label %24 %25 = icmp eq i8* %22, null %26 = select i1 %25, %struct.nfs4_lock_state.234758* %19, %struct.nfs4_lock_state.234758* %20 %27 = bitcast %struct.nfs4_lock_state.234758* %19 to %struct.nfs4_lock_state.234758** %28 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %28, i64 0, i32 0 %30 = icmp eq %struct.list_head* %29, %10 br i1 %30, label %31, label %18 %32 = phi %struct.nfs4_lock_state.234758* [ %26, %24 ], [ %19, %18 ] %33 = icmp eq %struct.nfs4_lock_state.234758* %32, null br i1 %33, label %43, label %34 %35 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %32, i64 0, i32 5 %36 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %35, i64 0, i32 0, i32 0 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 1, i32* %36) #6, !srcloc !4 %38 = icmp eq i32 %37, 0 br i1 %38, label %95, label %39, !prof !5, !misexpect !6 %40 = add i32 %37, 1 %41 = or i32 %40, %37 %42 = icmp sgt i32 %41, -1 br i1 %42, label %97, label %95, !prof !7, !misexpect !6 %96 = phi i32 [ 2, %34 ], [ 1, %39 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %35, i32 %96) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_select_rw_stateid 1 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 2, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %127 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.234730* %2, null br i1 %14, label %79, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %79, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.234730, %struct.nfs_lock_context.234730* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.234730, %struct.nfs_lock_context.234730* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.234729*, %struct.nfs_open_context.234729** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.234729, %struct.nfs_open_context.234729* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 2 %28 = bitcast %struct.list_head* %27 to %struct.nfs4_lock_state.234758** %29 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %28, align 8 %30 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %29, i64 0, i32 0 %31 = icmp eq %struct.list_head* %30, %27 br i1 %31, label %75, label %32 %33 = phi %struct.nfs4_lock_state.234758* [ %42, %38 ], [ %29, %19 ] %34 = phi %struct.nfs4_lock_state.234758* [ %40, %38 ], [ null, %19 ] %35 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %33, i64 0, i32 6 %36 = load i8*, i8** %35, align 8 %37 = icmp eq i8* %36, %21 br i1 %37, label %45, label %38 %39 = icmp eq i8* %36, %25 %40 = select i1 %39, %struct.nfs4_lock_state.234758* %33, %struct.nfs4_lock_state.234758* %34 %41 = bitcast %struct.nfs4_lock_state.234758* %33 to %struct.nfs4_lock_state.234758** %42 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %41, align 8 %43 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %42, i64 0, i32 0 %44 = icmp eq %struct.list_head* %43, %27 br i1 %44, label %45, label %32 %46 = phi %struct.nfs4_lock_state.234758* [ %40, %38 ], [ %33, %32 ] %47 = icmp eq %struct.nfs4_lock_state.234758* %46, null br i1 %47, label %75, label %48 %49 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %46, i64 0, i32 5 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %49, i64 0, i32 0, i32 0 %51 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %50, i32 1, i32* %50) #6, !srcloc !4 %52 = icmp eq i32 %51, 0 br i1 %52, label %57, label %53, !prof !5, !misexpect !6 %54 = add i32 %51, 1 %55 = or i32 %54, %51 %56 = icmp sgt i32 %55, -1 br i1 %56, label %59, label %57, !prof !7, !misexpect !6 %58 = phi i32 [ 2, %48 ], [ 1, %53 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %49, i32 %58) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_select_rw_stateid 1 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 1, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %127 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.234730* %2, null br i1 %14, label %79, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %79, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.234730, %struct.nfs_lock_context.234730* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.234730, %struct.nfs_lock_context.234730* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.234729*, %struct.nfs_open_context.234729** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.234729, %struct.nfs_open_context.234729* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 2 %28 = bitcast %struct.list_head* %27 to %struct.nfs4_lock_state.234758** %29 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %28, align 8 %30 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %29, i64 0, i32 0 %31 = icmp eq %struct.list_head* %30, %27 br i1 %31, label %75, label %32 %33 = phi %struct.nfs4_lock_state.234758* [ %42, %38 ], [ %29, %19 ] %34 = phi %struct.nfs4_lock_state.234758* [ %40, %38 ], [ null, %19 ] %35 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %33, i64 0, i32 6 %36 = load i8*, i8** %35, align 8 %37 = icmp eq i8* %36, %21 br i1 %37, label %45, label %38 %39 = icmp eq i8* %36, %25 %40 = select i1 %39, %struct.nfs4_lock_state.234758* %33, %struct.nfs4_lock_state.234758* %34 %41 = bitcast %struct.nfs4_lock_state.234758* %33 to %struct.nfs4_lock_state.234758** %42 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %41, align 8 %43 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %42, i64 0, i32 0 %44 = icmp eq %struct.list_head* %43, %27 br i1 %44, label %45, label %32 %46 = phi %struct.nfs4_lock_state.234758* [ %40, %38 ], [ %33, %32 ] %47 = icmp eq %struct.nfs4_lock_state.234758* %46, null br i1 %47, label %75, label %48 %49 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %46, i64 0, i32 5 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %49, i64 0, i32 0, i32 0 %51 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %50, i32 1, i32* %50) #6, !srcloc !4 %52 = icmp eq i32 %51, 0 br i1 %52, label %57, label %53, !prof !5, !misexpect !6 %54 = add i32 %51, 1 %55 = or i32 %54, %51 %56 = icmp sgt i32 %55, -1 br i1 %56, label %59, label %57, !prof !7, !misexpect !6 %58 = phi i32 [ 2, %48 ], [ 1, %53 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %49, i32 %58) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 _nfs4_do_setattr 4 nfs4_do_setattr 5 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 %189 = add i32 %186, -1 %190 = or i32 %189, %186 %191 = icmp sgt i32 %190, -1 br i1 %191, label %205, label %192, !prof !13, !misexpect !14 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %184, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.233146** %6 = load %struct.nfs_renameargs.233146*, %struct.nfs_renameargs.233146** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.233147** %9 = load %struct.nfs_renameres.233147*, %struct.nfs_renameres.233147** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 %189 = add i32 %186, -1 %190 = or i32 %189, %186 %191 = icmp sgt i32 %190, -1 br i1 %191, label %205, label %192, !prof !13, !misexpect !14 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %184, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 %189 = add i32 %186, -1 %190 = or i32 %189, %186 %191 = icmp sgt i32 %190, -1 br i1 %191, label %205, label %192, !prof !13, !misexpect !14 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %184, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.233142** %6 = load %struct.nfs_removeargs.233142*, %struct.nfs_removeargs.233142** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.233144** %9 = load %struct.nfs_removeres.233144*, %struct.nfs_removeres.233144** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.233131** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #83 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 %189 = add i32 %186, -1 %190 = or i32 %189, %186 %191 = icmp sgt i32 %190, -1 br i1 %191, label %205, label %192, !prof !13, !misexpect !14 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %184, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_inode_make_writeable 2 _nfs4_do_setattr 3 nfs4_do_setattr 4 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_inode_make_writeable 2 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.233146** %6 = load %struct.nfs_renameargs.233146*, %struct.nfs_renameargs.233146** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.233147** %9 = load %struct.nfs_renameres.233147*, %struct.nfs_renameres.233147** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_inode_make_writeable 2 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.233142** %6 = load %struct.nfs_removeargs.233142*, %struct.nfs_removeargs.233142** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.233144** %9 = load %struct.nfs_removeres.233144*, %struct.nfs_removeres.233144** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.233131** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #83 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 regmap_cache_only_write_file ------------- Path:  Function:regmap_cache_only_write_file %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = getelementptr i8, i8* %7, i64 -524 %9 = bitcast i8* %8 to %struct.regmap.603327* %10 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %64 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %14 = load %struct.dentry*, %struct.dentry** %13, align 8 %15 = call i32 @debugfs_file_get(%struct.dentry* %14) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 regmap_cache_bypass_write_file ------------- Path:  Function:regmap_cache_bypass_write_file %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %45 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %12 = load %struct.dentry*, %struct.dentry** %11, align 8 %13 = call i32 @debugfs_file_get(%struct.dentry* %12) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_read_file_str ------------- Path:  Function:debugfs_read_file_str %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_read_file_str ------------- Path:  Function:debugfs_read_file_str %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 read_file_blob ------------- Path:  Function:read_file_blob %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.iovec** %7 = load %struct.iovec*, %struct.iovec** %6, align 8 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %9 = load %struct.dentry*, %struct.dentry** %8, align 8 %10 = tail call i32 @debugfs_file_get(%struct.dentry* %9) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_read_file_bool ------------- Path:  Function:debugfs_read_file_bool %5 = alloca [2 x i8], align 1 %6 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = tail call i32 @debugfs_file_get(%struct.dentry* %8) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_read_file_bool ------------- Path:  Function:debugfs_read_file_bool %5 = alloca [2 x i8], align 1 %6 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = tail call i32 @debugfs_file_get(%struct.dentry* %8) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_read_file_bool ------------- Path:  Function:debugfs_read_file_bool %5 = alloca [2 x i8], align 1 %6 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = tail call i32 @debugfs_file_get(%struct.dentry* %8) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_read_file_bool ------------- Path:  Function:debugfs_read_file_bool %5 = alloca [2 x i8], align 1 %6 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = tail call i32 @debugfs_file_get(%struct.dentry* %8) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_write_file_bool ------------- Path:  Function:debugfs_write_file_bool %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %9 = load %struct.dentry*, %struct.dentry** %8, align 8 %10 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %34 %13 = call i32 @debugfs_file_get(%struct.dentry* %9) #84 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_write_file_bool ------------- Path:  Function:debugfs_write_file_bool %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %9 = load %struct.dentry*, %struct.dentry** %8, align 8 %10 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %34 %13 = call i32 @debugfs_file_get(%struct.dentry* %9) #84 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 full_proxy_open ------------- Path:  Function:full_proxy_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = tail call i32 @debugfs_file_get(%struct.dentry* %4) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 open_proxy_open ------------- Path:  Function:open_proxy_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = tail call i32 @debugfs_file_get(%struct.dentry* %4) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %27 = phi i8* [ %25, %24 ], [ %9, %11 ], [ %3, %1 ] %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 2, i32 1 %29 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %28, align 8 %30 = icmp eq %struct.hlist_bl_node** %29, null br i1 %30, label %31, label %35 %36 = getelementptr inbounds i8, i8* %27, i64 8 %37 = bitcast i8* %36 to %struct.seqcount_spinlock* %38 = bitcast i8* %36 to i32* %39 = load volatile i32, i32* %38, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %51, label %41 %42 = phi i32 [ %49, %48 ], [ %39, %35 ] %43 = add i32 %42, 1 %44 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 %43, i32* %38, i32 %42) #6, !srcloc !5 %45 = extractvalue { i8, i32 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !6, !misexpect !7 %49 = extractvalue { i8, i32 } %44, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %41 %52 = phi i32 [ 0, %35 ], [ 0, %48 ], [ %42, %41 ] %53 = add i32 %52, 1 %54 = or i32 %53, %52 %55 = icmp sgt i32 %54, -1 br i1 %55, label %57, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %37, i32 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 ipc_rcu_getref 1 __do_semtimedop 2 do_semtimedop 3 compat_ksys_semtimedop 4 compat_ksys_ipc 5 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #83 Function:compat_ksys_ipc %7 = alloca %struct.static_call_site, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %17 = zext i32 %4 to i64 %18 = inttoptr i64 %17 to %struct.orc_entry* %19 = zext i32 %5 to i64 %20 = inttoptr i64 %19 to %struct.static_call_site* %21 = tail call i64 @compat_ksys_semtimedop(i32 %1, %struct.orc_entry* %18, i32 %2, %struct.static_call_site* %20) #83 Function:compat_ksys_semtimedop %5 = alloca %struct.cpu_itimer, align 8 %6 = icmp eq %struct.static_call_site* %3, null br i1 %6, label %16, label %7 %17 = tail call fastcc i64 @do_semtimedop(i32 %0, %struct.orc_entry* %1, i32 %2, %struct.cpu_itimer* null) #84 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 %76 = icmp eq i8* %75, null br i1 %76, label %319, label %77 %78 = bitcast i8* %75 to %struct.sem_undo_list* %79 = getelementptr inbounds i8, i8* %75, i64 4 %80 = bitcast i8* %79 to i32* store i32 0, i32* %80, align 4 %81 = bitcast i8* %75 to i32* store volatile i32 1, i32* %81, align 8 %82 = getelementptr inbounds i8, i8* %75, i64 8 %83 = bitcast i8* %82 to %struct.list_head* %84 = bitcast i8* %82 to %struct.list_head** store volatile %struct.list_head* %83, %struct.list_head** %84, align 8 %85 = getelementptr inbounds i8, i8* %75, i64 16 %86 = bitcast i8* %85 to i8** store i8* %82, i8** %86, align 8 %87 = bitcast %struct.sem_undo_list** %70 to i8** store i8* %75, i8** %87, align 16 br label %88 %89 = phi %struct.sem_undo_list* [ %71, %67 ], [ %78, %77 ] %90 = ptrtoint %struct.sem_undo_list* %89 to i64 tail call void @__rcu_read_lock() #83 %91 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %91) #83 %92 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %93 = load volatile i32, i32* %92, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %96, !prof !5, !misexpect !6 %97 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 2 br label %98 %99 = phi %struct.list_head* [ %97, %96 ], [ %101, %103 ] %100 = getelementptr %struct.list_head, %struct.list_head* %99, i64 0, i32 0 %101 = load volatile %struct.list_head*, %struct.list_head** %100, align 8 %102 = icmp eq %struct.list_head* %101, %97 br i1 %102, label %110, label %103 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %91) #83 %111 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 0, i64 0 %112 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %111, i32 %0) #83 %113 = bitcast %struct.kern_ipc_perm* %112 to %struct.sem_array* %114 = icmp ugt %struct.kern_ipc_perm* %112, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %114, label %126, label %128 %129 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %112, i64 1, i32 11 %130 = bitcast %struct.rhash_head* %129 to i32* %131 = load i32, i32* %130, align 8 %132 = tail call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %112) #83 Function:ipc_rcu_getref %2 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %0, i64 0, i32 13 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %16, label %6 %7 = phi i32 [ %14, %13 ], [ %4, %1 ] %8 = add i32 %7, 1 %9 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 %8, i32* %3, i32 %7) #6, !srcloc !4 %10 = extractvalue { i8, i32 } %9, 0 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %16, !prof !5, !misexpect !6 %14 = extractvalue { i8, i32 } %9, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %6 %17 = phi i32 [ 0, %1 ], [ 0, %13 ], [ %7, %6 ] %18 = add i32 %17, 1 %19 = or i32 %18, %17 %20 = icmp sgt i32 %19, -1 br i1 %20, label %22, label %21, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %2, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipc_rcu_getref 1 __do_semtimedop 2 do_semtimedop 3 __ia32_sys_semop ------------- Path:  Function:__ia32_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.orc_entry* %11 = trunc i64 %8 to i32 %12 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %10, i32 %11, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 %76 = icmp eq i8* %75, null br i1 %76, label %319, label %77 %78 = bitcast i8* %75 to %struct.sem_undo_list* %79 = getelementptr inbounds i8, i8* %75, i64 4 %80 = bitcast i8* %79 to i32* store i32 0, i32* %80, align 4 %81 = bitcast i8* %75 to i32* store volatile i32 1, i32* %81, align 8 %82 = getelementptr inbounds i8, i8* %75, i64 8 %83 = bitcast i8* %82 to %struct.list_head* %84 = bitcast i8* %82 to %struct.list_head** store volatile %struct.list_head* %83, %struct.list_head** %84, align 8 %85 = getelementptr inbounds i8, i8* %75, i64 16 %86 = bitcast i8* %85 to i8** store i8* %82, i8** %86, align 8 %87 = bitcast %struct.sem_undo_list** %70 to i8** store i8* %75, i8** %87, align 16 br label %88 %89 = phi %struct.sem_undo_list* [ %71, %67 ], [ %78, %77 ] %90 = ptrtoint %struct.sem_undo_list* %89 to i64 tail call void @__rcu_read_lock() #83 %91 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %91) #83 %92 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %93 = load volatile i32, i32* %92, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %96, !prof !5, !misexpect !6 %97 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 2 br label %98 %99 = phi %struct.list_head* [ %97, %96 ], [ %101, %103 ] %100 = getelementptr %struct.list_head, %struct.list_head* %99, i64 0, i32 0 %101 = load volatile %struct.list_head*, %struct.list_head** %100, align 8 %102 = icmp eq %struct.list_head* %101, %97 br i1 %102, label %110, label %103 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %91) #83 %111 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 0, i64 0 %112 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %111, i32 %0) #83 %113 = bitcast %struct.kern_ipc_perm* %112 to %struct.sem_array* %114 = icmp ugt %struct.kern_ipc_perm* %112, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %114, label %126, label %128 %129 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %112, i64 1, i32 11 %130 = bitcast %struct.rhash_head* %129 to i32* %131 = load i32, i32* %130, align 8 %132 = tail call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %112) #83 Function:ipc_rcu_getref %2 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %0, i64 0, i32 13 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %16, label %6 %7 = phi i32 [ %14, %13 ], [ %4, %1 ] %8 = add i32 %7, 1 %9 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 %8, i32* %3, i32 %7) #6, !srcloc !4 %10 = extractvalue { i8, i32 } %9, 0 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %16, !prof !5, !misexpect !6 %14 = extractvalue { i8, i32 } %9, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %6 %17 = phi i32 [ 0, %1 ], [ 0, %13 ], [ %7, %6 ] %18 = add i32 %17, 1 %19 = or i32 %18, %17 %20 = icmp sgt i32 %19, -1 br i1 %20, label %22, label %21, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %2, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipc_rcu_getref 1 __do_semtimedop 2 do_semtimedop 3 __ia32_sys_semtimedop ------------- Path:  Function:__ia32_sys_semtimedop %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 %76 = icmp eq i8* %75, null br i1 %76, label %319, label %77 %78 = bitcast i8* %75 to %struct.sem_undo_list* %79 = getelementptr inbounds i8, i8* %75, i64 4 %80 = bitcast i8* %79 to i32* store i32 0, i32* %80, align 4 %81 = bitcast i8* %75 to i32* store volatile i32 1, i32* %81, align 8 %82 = getelementptr inbounds i8, i8* %75, i64 8 %83 = bitcast i8* %82 to %struct.list_head* %84 = bitcast i8* %82 to %struct.list_head** store volatile %struct.list_head* %83, %struct.list_head** %84, align 8 %85 = getelementptr inbounds i8, i8* %75, i64 16 %86 = bitcast i8* %85 to i8** store i8* %82, i8** %86, align 8 %87 = bitcast %struct.sem_undo_list** %70 to i8** store i8* %75, i8** %87, align 16 br label %88 %89 = phi %struct.sem_undo_list* [ %71, %67 ], [ %78, %77 ] %90 = ptrtoint %struct.sem_undo_list* %89 to i64 tail call void @__rcu_read_lock() #83 %91 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %91) #83 %92 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %93 = load volatile i32, i32* %92, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %96, !prof !5, !misexpect !6 %97 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 2 br label %98 %99 = phi %struct.list_head* [ %97, %96 ], [ %101, %103 ] %100 = getelementptr %struct.list_head, %struct.list_head* %99, i64 0, i32 0 %101 = load volatile %struct.list_head*, %struct.list_head** %100, align 8 %102 = icmp eq %struct.list_head* %101, %97 br i1 %102, label %110, label %103 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %91) #83 %111 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 0, i64 0 %112 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %111, i32 %0) #83 %113 = bitcast %struct.kern_ipc_perm* %112 to %struct.sem_array* %114 = icmp ugt %struct.kern_ipc_perm* %112, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %114, label %126, label %128 %129 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %112, i64 1, i32 11 %130 = bitcast %struct.rhash_head* %129 to i32* %131 = load i32, i32* %130, align 8 %132 = tail call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %112) #83 Function:ipc_rcu_getref %2 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %0, i64 0, i32 13 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %16, label %6 %7 = phi i32 [ %14, %13 ], [ %4, %1 ] %8 = add i32 %7, 1 %9 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 %8, i32* %3, i32 %7) #6, !srcloc !4 %10 = extractvalue { i8, i32 } %9, 0 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %16, !prof !5, !misexpect !6 %14 = extractvalue { i8, i32 } %9, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %6 %17 = phi i32 [ 0, %1 ], [ 0, %13 ], [ %7, %6 ] %18 = add i32 %17, 1 %19 = or i32 %18, %17 %20 = icmp sgt i32 %19, -1 br i1 %20, label %22, label %21, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %2, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipc_rcu_getref 1 __do_semtimedop 2 do_semtimedop 3 __ia32_sys_semtimedop_time32 ------------- Path:  Function:__ia32_sys_semtimedop_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 %76 = icmp eq i8* %75, null br i1 %76, label %319, label %77 %78 = bitcast i8* %75 to %struct.sem_undo_list* %79 = getelementptr inbounds i8, i8* %75, i64 4 %80 = bitcast i8* %79 to i32* store i32 0, i32* %80, align 4 %81 = bitcast i8* %75 to i32* store volatile i32 1, i32* %81, align 8 %82 = getelementptr inbounds i8, i8* %75, i64 8 %83 = bitcast i8* %82 to %struct.list_head* %84 = bitcast i8* %82 to %struct.list_head** store volatile %struct.list_head* %83, %struct.list_head** %84, align 8 %85 = getelementptr inbounds i8, i8* %75, i64 16 %86 = bitcast i8* %85 to i8** store i8* %82, i8** %86, align 8 %87 = bitcast %struct.sem_undo_list** %70 to i8** store i8* %75, i8** %87, align 16 br label %88 %89 = phi %struct.sem_undo_list* [ %71, %67 ], [ %78, %77 ] %90 = ptrtoint %struct.sem_undo_list* %89 to i64 tail call void @__rcu_read_lock() #83 %91 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %91) #83 %92 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %93 = load volatile i32, i32* %92, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %96, !prof !5, !misexpect !6 %97 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 2 br label %98 %99 = phi %struct.list_head* [ %97, %96 ], [ %101, %103 ] %100 = getelementptr %struct.list_head, %struct.list_head* %99, i64 0, i32 0 %101 = load volatile %struct.list_head*, %struct.list_head** %100, align 8 %102 = icmp eq %struct.list_head* %101, %97 br i1 %102, label %110, label %103 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %91) #83 %111 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 0, i64 0 %112 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %111, i32 %0) #83 %113 = bitcast %struct.kern_ipc_perm* %112 to %struct.sem_array* %114 = icmp ugt %struct.kern_ipc_perm* %112, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %114, label %126, label %128 %129 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %112, i64 1, i32 11 %130 = bitcast %struct.rhash_head* %129 to i32* %131 = load i32, i32* %130, align 8 %132 = tail call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %112) #83 Function:ipc_rcu_getref %2 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %0, i64 0, i32 13 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %16, label %6 %7 = phi i32 [ %14, %13 ], [ %4, %1 ] %8 = add i32 %7, 1 %9 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 %8, i32* %3, i32 %7) #6, !srcloc !4 %10 = extractvalue { i8, i32 } %9, 0 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %16, !prof !5, !misexpect !6 %14 = extractvalue { i8, i32 } %9, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %6 %17 = phi i32 [ 0, %1 ], [ 0, %13 ], [ %7, %6 ] %18 = add i32 %17, 1 %19 = or i32 %18, %17 %20 = icmp sgt i32 %19, -1 br i1 %20, label %22, label %21, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %2, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipc_rcu_getref 1 __do_semtimedop 2 do_semtimedop 3 __x64_sys_semop ------------- Path:  Function:__x64_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.orc_entry** %6 = load %struct.orc_entry*, %struct.orc_entry** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %6, i32 %10, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 %76 = icmp eq i8* %75, null br i1 %76, label %319, label %77 %78 = bitcast i8* %75 to %struct.sem_undo_list* %79 = getelementptr inbounds i8, i8* %75, i64 4 %80 = bitcast i8* %79 to i32* store i32 0, i32* %80, align 4 %81 = bitcast i8* %75 to i32* store volatile i32 1, i32* %81, align 8 %82 = getelementptr inbounds i8, i8* %75, i64 8 %83 = bitcast i8* %82 to %struct.list_head* %84 = bitcast i8* %82 to %struct.list_head** store volatile %struct.list_head* %83, %struct.list_head** %84, align 8 %85 = getelementptr inbounds i8, i8* %75, i64 16 %86 = bitcast i8* %85 to i8** store i8* %82, i8** %86, align 8 %87 = bitcast %struct.sem_undo_list** %70 to i8** store i8* %75, i8** %87, align 16 br label %88 %89 = phi %struct.sem_undo_list* [ %71, %67 ], [ %78, %77 ] %90 = ptrtoint %struct.sem_undo_list* %89 to i64 tail call void @__rcu_read_lock() #83 %91 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %91) #83 %92 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %93 = load volatile i32, i32* %92, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %96, !prof !5, !misexpect !6 %97 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 2 br label %98 %99 = phi %struct.list_head* [ %97, %96 ], [ %101, %103 ] %100 = getelementptr %struct.list_head, %struct.list_head* %99, i64 0, i32 0 %101 = load volatile %struct.list_head*, %struct.list_head** %100, align 8 %102 = icmp eq %struct.list_head* %101, %97 br i1 %102, label %110, label %103 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %91) #83 %111 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 0, i64 0 %112 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %111, i32 %0) #83 %113 = bitcast %struct.kern_ipc_perm* %112 to %struct.sem_array* %114 = icmp ugt %struct.kern_ipc_perm* %112, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %114, label %126, label %128 %129 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %112, i64 1, i32 11 %130 = bitcast %struct.rhash_head* %129 to i32* %131 = load i32, i32* %130, align 8 %132 = tail call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %112) #83 Function:ipc_rcu_getref %2 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %0, i64 0, i32 13 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %16, label %6 %7 = phi i32 [ %14, %13 ], [ %4, %1 ] %8 = add i32 %7, 1 %9 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 %8, i32* %3, i32 %7) #6, !srcloc !4 %10 = extractvalue { i8, i32 } %9, 0 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %16, !prof !5, !misexpect !6 %14 = extractvalue { i8, i32 } %9, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %6 %17 = phi i32 [ 0, %1 ], [ 0, %13 ], [ %7, %6 ] %18 = add i32 %17, 1 %19 = or i32 %18, %17 %20 = icmp sgt i32 %19, -1 br i1 %20, label %22, label %21, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %2, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipc_rcu_getref 1 __do_semtimedop 2 do_semtimedop 3 __x64_sys_semtimedop ------------- Path:  Function:__x64_sys_semtimedop %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 %76 = icmp eq i8* %75, null br i1 %76, label %319, label %77 %78 = bitcast i8* %75 to %struct.sem_undo_list* %79 = getelementptr inbounds i8, i8* %75, i64 4 %80 = bitcast i8* %79 to i32* store i32 0, i32* %80, align 4 %81 = bitcast i8* %75 to i32* store volatile i32 1, i32* %81, align 8 %82 = getelementptr inbounds i8, i8* %75, i64 8 %83 = bitcast i8* %82 to %struct.list_head* %84 = bitcast i8* %82 to %struct.list_head** store volatile %struct.list_head* %83, %struct.list_head** %84, align 8 %85 = getelementptr inbounds i8, i8* %75, i64 16 %86 = bitcast i8* %85 to i8** store i8* %82, i8** %86, align 8 %87 = bitcast %struct.sem_undo_list** %70 to i8** store i8* %75, i8** %87, align 16 br label %88 %89 = phi %struct.sem_undo_list* [ %71, %67 ], [ %78, %77 ] %90 = ptrtoint %struct.sem_undo_list* %89 to i64 tail call void @__rcu_read_lock() #83 %91 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %91) #83 %92 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %93 = load volatile i32, i32* %92, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %96, !prof !5, !misexpect !6 %97 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 2 br label %98 %99 = phi %struct.list_head* [ %97, %96 ], [ %101, %103 ] %100 = getelementptr %struct.list_head, %struct.list_head* %99, i64 0, i32 0 %101 = load volatile %struct.list_head*, %struct.list_head** %100, align 8 %102 = icmp eq %struct.list_head* %101, %97 br i1 %102, label %110, label %103 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %91) #83 %111 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 0, i64 0 %112 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %111, i32 %0) #83 %113 = bitcast %struct.kern_ipc_perm* %112 to %struct.sem_array* %114 = icmp ugt %struct.kern_ipc_perm* %112, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %114, label %126, label %128 %129 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %112, i64 1, i32 11 %130 = bitcast %struct.rhash_head* %129 to i32* %131 = load i32, i32* %130, align 8 %132 = tail call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %112) #83 Function:ipc_rcu_getref %2 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %0, i64 0, i32 13 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %16, label %6 %7 = phi i32 [ %14, %13 ], [ %4, %1 ] %8 = add i32 %7, 1 %9 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 %8, i32* %3, i32 %7) #6, !srcloc !4 %10 = extractvalue { i8, i32 } %9, 0 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %16, !prof !5, !misexpect !6 %14 = extractvalue { i8, i32 } %9, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %6 %17 = phi i32 [ 0, %1 ], [ 0, %13 ], [ %7, %6 ] %18 = add i32 %17, 1 %19 = or i32 %18, %17 %20 = icmp sgt i32 %19, -1 br i1 %20, label %22, label %21, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %2, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipc_rcu_getref 1 __do_semtimedop 2 do_semtimedop 3 __x64_sys_semtimedop_time32 ------------- Path:  Function:__x64_sys_semtimedop_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 %76 = icmp eq i8* %75, null br i1 %76, label %319, label %77 %78 = bitcast i8* %75 to %struct.sem_undo_list* %79 = getelementptr inbounds i8, i8* %75, i64 4 %80 = bitcast i8* %79 to i32* store i32 0, i32* %80, align 4 %81 = bitcast i8* %75 to i32* store volatile i32 1, i32* %81, align 8 %82 = getelementptr inbounds i8, i8* %75, i64 8 %83 = bitcast i8* %82 to %struct.list_head* %84 = bitcast i8* %82 to %struct.list_head** store volatile %struct.list_head* %83, %struct.list_head** %84, align 8 %85 = getelementptr inbounds i8, i8* %75, i64 16 %86 = bitcast i8* %85 to i8** store i8* %82, i8** %86, align 8 %87 = bitcast %struct.sem_undo_list** %70 to i8** store i8* %75, i8** %87, align 16 br label %88 %89 = phi %struct.sem_undo_list* [ %71, %67 ], [ %78, %77 ] %90 = ptrtoint %struct.sem_undo_list* %89 to i64 tail call void @__rcu_read_lock() #83 %91 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %91) #83 %92 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %93 = load volatile i32, i32* %92, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %96, !prof !5, !misexpect !6 %97 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %89, i64 0, i32 2 br label %98 %99 = phi %struct.list_head* [ %97, %96 ], [ %101, %103 ] %100 = getelementptr %struct.list_head, %struct.list_head* %99, i64 0, i32 0 %101 = load volatile %struct.list_head*, %struct.list_head** %100, align 8 %102 = icmp eq %struct.list_head* %101, %97 br i1 %102, label %110, label %103 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %91) #83 %111 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 0, i64 0 %112 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %111, i32 %0) #83 %113 = bitcast %struct.kern_ipc_perm* %112 to %struct.sem_array* %114 = icmp ugt %struct.kern_ipc_perm* %112, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %114, label %126, label %128 %129 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %112, i64 1, i32 11 %130 = bitcast %struct.rhash_head* %129 to i32* %131 = load i32, i32* %130, align 8 %132 = tail call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %112) #83 Function:ipc_rcu_getref %2 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %0, i64 0, i32 13 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %16, label %6 %7 = phi i32 [ %14, %13 ], [ %4, %1 ] %8 = add i32 %7, 1 %9 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 %8, i32* %3, i32 %7) #6, !srcloc !4 %10 = extractvalue { i8, i32 } %9, 0 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %16, !prof !5, !misexpect !6 %14 = extractvalue { i8, i32 } %9, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %6 %17 = phi i32 [ 0, %1 ], [ 0, %13 ], [ %7, %6 ] %18 = add i32 %17, 1 %19 = or i32 %18, %17 %20 = icmp sgt i32 %19, -1 br i1 %20, label %22, label %21, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %2, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __shm_open 1 shm_mmap ------------- Path:  Function:shm_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = tail call fastcc i32 @__shm_open(%struct.vm_area_struct* %1) #83 Function:__shm_open %2 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %3 = load %struct.file*, %struct.file** %2, align 8 %4 = getelementptr inbounds %struct.file, %struct.file* %3, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.shm_file_data** %6 = load %struct.shm_file_data*, %struct.shm_file_data** %5, align 8 %7 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %6, i64 0, i32 1 %8 = load %struct.ipc_namespace*, %struct.ipc_namespace** %7, align 8 %9 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 tail call void @__rcu_read_lock() #83 %11 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %8, i64 0, i32 0, i64 2 %12 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_idr(%struct.ipc_ids* %11, i32 %10) #83 %13 = icmp ugt %struct.kern_ipc_perm* %12, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %13, label %20, label %14 %15 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %12, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %15) #83 %16 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %12, i64 0, i32 1 %17 = load i8, i8* %16, align 4, !range !4 %18 = icmp eq i8 %17, 0 br i1 %18, label %22, label %19 %23 = phi %struct.kern_ipc_perm* [ %21, %20 ], [ %12, %14 ] %24 = icmp ugt %struct.kern_ipc_perm* %23, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %24, label %25, label %28 %29 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %23, i64 1 %30 = bitcast %struct.kern_ipc_perm* %29 to %struct.file** %31 = load %struct.file*, %struct.file** %30, align 64 %32 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %6, i64 0, i32 2 %33 = load %struct.file*, %struct.file** %32, align 8 %34 = icmp eq %struct.file* %31, %33 br i1 %34, label %37, label %35 %38 = tail call i64 @ktime_get_real_seconds() #83 %39 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %23, i64 1, i32 6 %40 = bitcast %struct.kuid_t* %39 to i64* store i64 %38, i64* %40, align 8 %41 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %23, i64 1, i32 11 %42 = bitcast %struct.rhash_head* %41 to %struct.pid** %43 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %44 = inttoptr i64 %43 to %struct.task_struct* %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %44, i64 0, i32 104 %46 = load %struct.signal_struct*, %struct.signal_struct** %45, align 8 %47 = getelementptr %struct.signal_struct, %struct.signal_struct* %46, i64 0, i32 22, i64 1 %48 = load %struct.pid*, %struct.pid** %47, align 8 %49 = load %struct.pid*, %struct.pid** %42, align 8 %50 = icmp eq %struct.pid* %49, %48 br i1 %50, label %65, label %51 %52 = icmp eq %struct.pid* %48, null br i1 %52, label %64, label %53 %54 = getelementptr inbounds %struct.pid, %struct.pid* %48, i64 0, i32 0 %55 = getelementptr inbounds %struct.pid, %struct.pid* %48, i64 0, i32 0, i32 0, i32 0 %56 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %55, i32 1, i32* %55) #6, !srcloc !6 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59, !prof !7, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %54, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 __shm_open 1 shm_mmap ------------- Path:  Function:shm_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = tail call fastcc i32 @__shm_open(%struct.vm_area_struct* %1) #83 Function:__shm_open %2 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %3 = load %struct.file*, %struct.file** %2, align 8 %4 = getelementptr inbounds %struct.file, %struct.file* %3, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.shm_file_data** %6 = load %struct.shm_file_data*, %struct.shm_file_data** %5, align 8 %7 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %6, i64 0, i32 1 %8 = load %struct.ipc_namespace*, %struct.ipc_namespace** %7, align 8 %9 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 tail call void @__rcu_read_lock() #83 %11 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %8, i64 0, i32 0, i64 2 %12 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_idr(%struct.ipc_ids* %11, i32 %10) #83 %13 = icmp ugt %struct.kern_ipc_perm* %12, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %13, label %20, label %14 %15 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %12, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %15) #83 %16 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %12, i64 0, i32 1 %17 = load i8, i8* %16, align 4, !range !4 %18 = icmp eq i8 %17, 0 br i1 %18, label %22, label %19 %23 = phi %struct.kern_ipc_perm* [ %21, %20 ], [ %12, %14 ] %24 = icmp ugt %struct.kern_ipc_perm* %23, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %24, label %25, label %28 %29 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %23, i64 1 %30 = bitcast %struct.kern_ipc_perm* %29 to %struct.file** %31 = load %struct.file*, %struct.file** %30, align 64 %32 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %6, i64 0, i32 2 %33 = load %struct.file*, %struct.file** %32, align 8 %34 = icmp eq %struct.file* %31, %33 br i1 %34, label %37, label %35 %38 = tail call i64 @ktime_get_real_seconds() #83 %39 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %23, i64 1, i32 6 %40 = bitcast %struct.kuid_t* %39 to i64* store i64 %38, i64* %40, align 8 %41 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %23, i64 1, i32 11 %42 = bitcast %struct.rhash_head* %41 to %struct.pid** %43 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %44 = inttoptr i64 %43 to %struct.task_struct* %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %44, i64 0, i32 104 %46 = load %struct.signal_struct*, %struct.signal_struct** %45, align 8 %47 = getelementptr %struct.signal_struct, %struct.signal_struct* %46, i64 0, i32 22, i64 1 %48 = load %struct.pid*, %struct.pid** %47, align 8 %49 = load %struct.pid*, %struct.pid** %42, align 8 %50 = icmp eq %struct.pid* %49, %48 br i1 %50, label %65, label %51 %52 = icmp eq %struct.pid* %48, null br i1 %52, label %64, label %53 %54 = getelementptr inbounds %struct.pid, %struct.pid* %48, i64 0, i32 0 %55 = getelementptr inbounds %struct.pid, %struct.pid* %48, i64 0, i32 0, i32 0, i32 0 %56 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %55, i32 1, i32* %55) #6, !srcloc !6 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59, !prof !7, !misexpect !8 %60 = add i32 %56, 1 %61 = or i32 %60, %56 %62 = icmp sgt i32 %61, -1 br i1 %62, label %64, label %63, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %54, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 mqueue_create_attr 1 mqueue_create ------------- Path:  Function:mqueue_create %6 = tail call i32 @mqueue_create_attr(%struct.dentry* %2, i16 zeroext %3, i8* null) #83 Function:mqueue_create_attr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %5 = load %struct.dentry*, %struct.dentry** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %5, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = bitcast i8* %2 to %struct.mq_attr* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @mq_lock, i64 0, i32 0, i32 0)) #83 %9 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.ipc_namespace** %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 16 %14 = icmp eq %struct.ipc_namespace* %13, null br i1 %14, label %65, label %15 %16 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 24, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipcns_get ------------- Path:  Function:ipcns_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %21, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 2 %8 = load %struct.ipc_namespace*, %struct.ipc_namespace** %7, align 8 %9 = icmp eq %struct.ipc_namespace* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %8, i64 0, i32 24, i32 3 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %16, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipcns_get ------------- Path:  Function:ipcns_get %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 121, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 103 %4 = load %struct.nsproxy*, %struct.nsproxy** %3, align 64 %5 = icmp eq %struct.nsproxy* %4, null br i1 %5, label %21, label %6 %7 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %4, i64 0, i32 2 %8 = load %struct.ipc_namespace*, %struct.ipc_namespace** %7, align 8 %9 = icmp eq %struct.ipc_namespace* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %8, i64 0, i32 24, i32 3 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %16, !prof !5, !misexpect !6 %17 = add i32 %13, 1 %18 = or i32 %17, %13 %19 = icmp sgt i32 %18, -1 br i1 %19, label %21, label %20, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 key_lookup 1 lookup_user_key 2 __se_sys_keyctl 3 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 Function:key_lookup tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @key_serial_lock, i64 0, i32 0, i32 0)) #83 %2 = load %struct.rb_node*, %struct.rb_node** getelementptr inbounds (%struct.rb_root, %struct.rb_root* @key_serial_tree, i64 0, i32 0), align 8 %3 = icmp eq %struct.rb_node* %2, null br i1 %3, label %21, label %4 %5 = phi %struct.rb_node* [ %19, %17 ], [ %2, %1 ] %6 = getelementptr %struct.rb_node, %struct.rb_node* %5, i64 -1, i32 2 %7 = bitcast %struct.rb_node** %6 to %struct.key.237885* %8 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = icmp sgt i32 %9, %0 br i1 %10, label %11, label %13 %14 = icmp slt i32 %9, %0 br i1 %14, label %15, label %22 %23 = bitcast %struct.rb_node** %6 to %struct.key.237885* %24 = bitcast %struct.rb_node** %6 to %struct.seqcount_spinlock* %25 = bitcast %struct.rb_node** %6 to i32* %26 = load volatile i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %38, label %28 %29 = phi i32 [ %36, %35 ], [ %26, %22 ] %30 = add i32 %29, 1 %31 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 %30, i32* %25, i32 %29) #6, !srcloc !4 %32 = extractvalue { i8, i32 } %31, 0 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %38, !prof !5, !misexpect !6 %36 = extractvalue { i8, i32 } %31, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %28 %39 = phi i32 [ 0, %22 ], [ 0, %35 ], [ %29, %28 ] %40 = add i32 %39, 1 %41 = or i32 %40, %39 %42 = icmp sgt i32 %41, -1 br i1 %42, label %44, label %43, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %24, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 key_lookup 1 lookup_user_key 2 __se_sys_keyctl 3 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 Function:key_lookup tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @key_serial_lock, i64 0, i32 0, i32 0)) #83 %2 = load %struct.rb_node*, %struct.rb_node** getelementptr inbounds (%struct.rb_root, %struct.rb_root* @key_serial_tree, i64 0, i32 0), align 8 %3 = icmp eq %struct.rb_node* %2, null br i1 %3, label %21, label %4 %5 = phi %struct.rb_node* [ %19, %17 ], [ %2, %1 ] %6 = getelementptr %struct.rb_node, %struct.rb_node* %5, i64 -1, i32 2 %7 = bitcast %struct.rb_node** %6 to %struct.key.237885* %8 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = icmp sgt i32 %9, %0 br i1 %10, label %11, label %13 %14 = icmp slt i32 %9, %0 br i1 %14, label %15, label %22 %23 = bitcast %struct.rb_node** %6 to %struct.key.237885* %24 = bitcast %struct.rb_node** %6 to %struct.seqcount_spinlock* %25 = bitcast %struct.rb_node** %6 to i32* %26 = load volatile i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %38, label %28 %29 = phi i32 [ %36, %35 ], [ %26, %22 ] %30 = add i32 %29, 1 %31 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 %30, i32* %25, i32 %29) #6, !srcloc !4 %32 = extractvalue { i8, i32 } %31, 0 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %38, !prof !5, !misexpect !6 %36 = extractvalue { i8, i32 } %31, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %28 %39 = phi i32 [ 0, %22 ], [ 0, %35 ], [ %29, %28 ] %40 = add i32 %39, 1 %41 = or i32 %40, %39 %42 = icmp sgt i32 %41, -1 br i1 %42, label %44, label %43, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %24, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 key_lookup 1 lookup_user_key 2 keyctl_keyring_move 3 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 Function:key_lookup tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @key_serial_lock, i64 0, i32 0, i32 0)) #83 %2 = load %struct.rb_node*, %struct.rb_node** getelementptr inbounds (%struct.rb_root, %struct.rb_root* @key_serial_tree, i64 0, i32 0), align 8 %3 = icmp eq %struct.rb_node* %2, null br i1 %3, label %21, label %4 %5 = phi %struct.rb_node* [ %19, %17 ], [ %2, %1 ] %6 = getelementptr %struct.rb_node, %struct.rb_node* %5, i64 -1, i32 2 %7 = bitcast %struct.rb_node** %6 to %struct.key.237885* %8 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = icmp sgt i32 %9, %0 br i1 %10, label %11, label %13 %14 = icmp slt i32 %9, %0 br i1 %14, label %15, label %22 %23 = bitcast %struct.rb_node** %6 to %struct.key.237885* %24 = bitcast %struct.rb_node** %6 to %struct.seqcount_spinlock* %25 = bitcast %struct.rb_node** %6 to i32* %26 = load volatile i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %38, label %28 %29 = phi i32 [ %36, %35 ], [ %26, %22 ] %30 = add i32 %29, 1 %31 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 %30, i32* %25, i32 %29) #6, !srcloc !4 %32 = extractvalue { i8, i32 } %31, 0 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %38, !prof !5, !misexpect !6 %36 = extractvalue { i8, i32 } %31, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %28 %39 = phi i32 [ 0, %22 ], [ 0, %35 ], [ %29, %28 ] %40 = add i32 %39, 1 %41 = or i32 %40, %39 %42 = icmp sgt i32 %41, -1 br i1 %42, label %44, label %43, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %24, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 key_lookup 1 lookup_user_key 2 __se_sys_add_key 3 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 Function:key_lookup tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @key_serial_lock, i64 0, i32 0, i32 0)) #83 %2 = load %struct.rb_node*, %struct.rb_node** getelementptr inbounds (%struct.rb_root, %struct.rb_root* @key_serial_tree, i64 0, i32 0), align 8 %3 = icmp eq %struct.rb_node* %2, null br i1 %3, label %21, label %4 %5 = phi %struct.rb_node* [ %19, %17 ], [ %2, %1 ] %6 = getelementptr %struct.rb_node, %struct.rb_node* %5, i64 -1, i32 2 %7 = bitcast %struct.rb_node** %6 to %struct.key.237885* %8 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = icmp sgt i32 %9, %0 br i1 %10, label %11, label %13 %14 = icmp slt i32 %9, %0 br i1 %14, label %15, label %22 %23 = bitcast %struct.rb_node** %6 to %struct.key.237885* %24 = bitcast %struct.rb_node** %6 to %struct.seqcount_spinlock* %25 = bitcast %struct.rb_node** %6 to i32* %26 = load volatile i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %38, label %28 %29 = phi i32 [ %36, %35 ], [ %26, %22 ] %30 = add i32 %29, 1 %31 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 %30, i32* %25, i32 %29) #6, !srcloc !4 %32 = extractvalue { i8, i32 } %31, 0 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %38, !prof !5, !misexpect !6 %36 = extractvalue { i8, i32 } %31, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %28 %39 = phi i32 [ 0, %22 ], [ 0, %35 ], [ %29, %28 ] %40 = add i32 %39, 1 %41 = or i32 %40, %39 %42 = icmp sgt i32 %41, -1 br i1 %42, label %44, label %43, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %24, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 key_lookup 1 lookup_user_key 2 __se_sys_add_key 3 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 Function:key_lookup tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @key_serial_lock, i64 0, i32 0, i32 0)) #83 %2 = load %struct.rb_node*, %struct.rb_node** getelementptr inbounds (%struct.rb_root, %struct.rb_root* @key_serial_tree, i64 0, i32 0), align 8 %3 = icmp eq %struct.rb_node* %2, null br i1 %3, label %21, label %4 %5 = phi %struct.rb_node* [ %19, %17 ], [ %2, %1 ] %6 = getelementptr %struct.rb_node, %struct.rb_node* %5, i64 -1, i32 2 %7 = bitcast %struct.rb_node** %6 to %struct.key.237885* %8 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = icmp sgt i32 %9, %0 br i1 %10, label %11, label %13 %14 = icmp slt i32 %9, %0 br i1 %14, label %15, label %22 %23 = bitcast %struct.rb_node** %6 to %struct.key.237885* %24 = bitcast %struct.rb_node** %6 to %struct.seqcount_spinlock* %25 = bitcast %struct.rb_node** %6 to i32* %26 = load volatile i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %38, label %28 %29 = phi i32 [ %36, %35 ], [ %26, %22 ] %30 = add i32 %29, 1 %31 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 %30, i32* %25, i32 %29) #6, !srcloc !4 %32 = extractvalue { i8, i32 } %31, 0 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %38, !prof !5, !misexpect !6 %36 = extractvalue { i8, i32 } %31, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %28 %39 = phi i32 [ 0, %22 ], [ 0, %35 ], [ %29, %28 ] %40 = add i32 %39, 1 %41 = or i32 %40, %39 %42 = icmp sgt i32 %41, -1 br i1 %42, label %44, label %43, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %24, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %68 = tail call i64 @keyctl_reject_key(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.264755** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.264755**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.264755* %7 = getelementptr inbounds %struct.task_struct.264755, %struct.task_struct.264755* %6, i64 0, i32 94 %8 = load %struct.cred.264455*, %struct.cred.264455** %7, align 8 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.264455, %struct.cred.264455* %8, i64 0, i32 19 %16 = load %struct.key.264430*, %struct.key.264430** %15, align 8 %17 = icmp eq %struct.key.264430* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.264758** %21 = load %struct.request_key_auth.264758*, %struct.request_key_auth.264758** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 1 %23 = load %struct.key.264430*, %struct.key.264430** %22, align 8 %24 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %39 = icmp eq i32 %3, -7 br i1 %39, label %77, label %40 %41 = icmp sgt i32 %3, -9 br i1 %41, label %42, label %77 %43 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 2 %44 = load %struct.key.264430*, %struct.key.264430** %43, align 8 %45 = icmp eq %struct.key.264430* %44, null br i1 %45, label %59, label %46 %47 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %44, i64 0, i32 0 %48 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %44, i64 0, i32 0, i32 0, i32 0 %49 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %48, i32 1, i32* %48) #6, !srcloc !5 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %52, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %47, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %221 = trunc i64 %1 to i32 %222 = trunc i64 %2 to i32 %223 = trunc i64 %3 to i32 %224 = trunc i64 %4 to i32 %225 = tail call i64 @keyctl_reject_key(i32 %221, i32 %222, i32 %223, i32 %224) #83 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.264755** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.264755**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.264755* %7 = getelementptr inbounds %struct.task_struct.264755, %struct.task_struct.264755* %6, i64 0, i32 94 %8 = load %struct.cred.264455*, %struct.cred.264455** %7, align 8 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.264455, %struct.cred.264455* %8, i64 0, i32 19 %16 = load %struct.key.264430*, %struct.key.264430** %15, align 8 %17 = icmp eq %struct.key.264430* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.264758** %21 = load %struct.request_key_auth.264758*, %struct.request_key_auth.264758** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 1 %23 = load %struct.key.264430*, %struct.key.264430** %22, align 8 %24 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %39 = icmp eq i32 %3, -7 br i1 %39, label %77, label %40 %41 = icmp sgt i32 %3, -9 br i1 %41, label %42, label %77 %43 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 2 %44 = load %struct.key.264430*, %struct.key.264430** %43, align 8 %45 = icmp eq %struct.key.264430* %44, null br i1 %45, label %59, label %46 %47 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %44, i64 0, i32 0 %48 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %44, i64 0, i32 0, i32 0, i32 0 %49 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %48, i32 1, i32* %48) #6, !srcloc !5 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %52, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %47, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %221 = trunc i64 %1 to i32 %222 = trunc i64 %2 to i32 %223 = trunc i64 %3 to i32 %224 = trunc i64 %4 to i32 %225 = tail call i64 @keyctl_reject_key(i32 %221, i32 %222, i32 %223, i32 %224) #83 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.264755** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.264755**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.264755* %7 = getelementptr inbounds %struct.task_struct.264755, %struct.task_struct.264755* %6, i64 0, i32 94 %8 = load %struct.cred.264455*, %struct.cred.264455** %7, align 8 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.264455, %struct.cred.264455* %8, i64 0, i32 19 %16 = load %struct.key.264430*, %struct.key.264430** %15, align 8 %17 = icmp eq %struct.key.264430* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.264758** %21 = load %struct.request_key_auth.264758*, %struct.request_key_auth.264758** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 1 %23 = load %struct.key.264430*, %struct.key.264430** %22, align 8 %24 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %39 = icmp eq i32 %3, -7 br i1 %39, label %77, label %40 %41 = icmp sgt i32 %3, -9 br i1 %41, label %42, label %77 %43 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 2 %44 = load %struct.key.264430*, %struct.key.264430** %43, align 8 %45 = icmp eq %struct.key.264430* %44, null br i1 %45, label %59, label %46 %47 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %44, i64 0, i32 0 %48 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %44, i64 0, i32 0, i32 0, i32 0 %49 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %48, i32 1, i32* %48) #6, !srcloc !5 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %52, !prof !6, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %47, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %68 = tail call i64 @keyctl_reject_key(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.264755** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.264755**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.264755* %7 = getelementptr inbounds %struct.task_struct.264755, %struct.task_struct.264755* %6, i64 0, i32 94 %8 = load %struct.cred.264455*, %struct.cred.264455** %7, align 8 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.264455, %struct.cred.264455* %8, i64 0, i32 19 %16 = load %struct.key.264430*, %struct.key.264430** %15, align 8 %17 = icmp eq %struct.key.264430* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.264758** %21 = load %struct.request_key_auth.264758*, %struct.request_key_auth.264758** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 1 %23 = load %struct.key.264430*, %struct.key.264430** %22, align 8 %24 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %39 = icmp eq i32 %3, -7 br i1 %39, label %77, label %40 %41 = icmp sgt i32 %3, -9 br i1 %41, label %42, label %77 %43 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 2 %44 = load %struct.key.264430*, %struct.key.264430** %43, align 8 %45 = icmp eq %struct.key.264430* %44, null br i1 %45, label %59, label %46 %47 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %44, i64 0, i32 0 %48 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %44, i64 0, i32 0, i32 0, i32 0 %49 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %48, i32 1, i32* %48) #6, !srcloc !5 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %52, !prof !6, !misexpect !7 %53 = add i32 %49, 1 %54 = or i32 %53, %49 %55 = icmp sgt i32 %54, -1 br i1 %55, label %59, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %47, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %221 = trunc i64 %1 to i32 %222 = trunc i64 %2 to i32 %223 = trunc i64 %3 to i32 %224 = trunc i64 %4 to i32 %225 = tail call i64 @keyctl_reject_key(i32 %221, i32 %222, i32 %223, i32 %224) #83 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.264755** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.264755**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.264755* %7 = getelementptr inbounds %struct.task_struct.264755, %struct.task_struct.264755* %6, i64 0, i32 94 %8 = load %struct.cred.264455*, %struct.cred.264455** %7, align 8 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.264455, %struct.cred.264455* %8, i64 0, i32 19 %16 = load %struct.key.264430*, %struct.key.264430** %15, align 8 %17 = icmp eq %struct.key.264430* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.264758** %21 = load %struct.request_key_auth.264758*, %struct.request_key_auth.264758** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 1 %23 = load %struct.key.264430*, %struct.key.264430** %22, align 8 %24 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %39 = icmp eq i32 %3, -7 br i1 %39, label %77, label %40 %41 = icmp sgt i32 %3, -9 br i1 %41, label %42, label %77 %43 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 2 %44 = load %struct.key.264430*, %struct.key.264430** %43, align 8 %45 = icmp eq %struct.key.264430* %44, null br i1 %45, label %59, label %46 %47 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %44, i64 0, i32 0 %48 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %44, i64 0, i32 0, i32 0, i32 0 %49 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %48, i32 1, i32* %48) #6, !srcloc !5 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %52, !prof !6, !misexpect !7 %53 = add i32 %49, 1 %54 = or i32 %53, %49 %55 = icmp sgt i32 %54, -1 br i1 %55, label %59, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %47, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %221 = trunc i64 %1 to i32 %222 = trunc i64 %2 to i32 %223 = trunc i64 %3 to i32 %224 = trunc i64 %4 to i32 %225 = tail call i64 @keyctl_reject_key(i32 %221, i32 %222, i32 %223, i32 %224) #83 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.264755** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.264755**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.264755* %7 = getelementptr inbounds %struct.task_struct.264755, %struct.task_struct.264755* %6, i64 0, i32 94 %8 = load %struct.cred.264455*, %struct.cred.264455** %7, align 8 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.264455, %struct.cred.264455* %8, i64 0, i32 19 %16 = load %struct.key.264430*, %struct.key.264430** %15, align 8 %17 = icmp eq %struct.key.264430* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.264758** %21 = load %struct.request_key_auth.264758*, %struct.request_key_auth.264758** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 1 %23 = load %struct.key.264430*, %struct.key.264430** %22, align 8 %24 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %39 = icmp eq i32 %3, -7 br i1 %39, label %77, label %40 %41 = icmp sgt i32 %3, -9 br i1 %41, label %42, label %77 %43 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 2 %44 = load %struct.key.264430*, %struct.key.264430** %43, align 8 %45 = icmp eq %struct.key.264430* %44, null br i1 %45, label %59, label %46 %47 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %44, i64 0, i32 0 %48 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %44, i64 0, i32 0, i32 0, i32 0 %49 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %48, i32 1, i32* %48) #6, !srcloc !5 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %52, !prof !6, !misexpect !7 %53 = add i32 %49, 1 %54 = or i32 %53, %49 %55 = icmp sgt i32 %54, -1 br i1 %55, label %59, label %56, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %47, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_instantiate_key_common 1 keyctl_instantiate_key 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %52 = inttoptr i64 %9 to i8* %53 = tail call i64 @keyctl_instantiate_key(i32 %17, i8* %52, i64 %12, i32 %20) #83 Function:keyctl_instantiate_key %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.iov_iter, align 8 %7 = icmp ne i8* %1, null %8 = icmp ne i64 %2, 0 %9 = and i1 %7, %8 br i1 %9, label %10, label %21 %22 = tail call fastcc i64 @keyctl_instantiate_key_common(i32 %0, %struct.iov_iter* null, i32 %3) #84 Function:keyctl_instantiate_key_common %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.264755** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.264755**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.264755* %6 = getelementptr inbounds %struct.task_struct.264755, %struct.task_struct.264755* %5, i64 0, i32 94 %7 = load %struct.cred.264455*, %struct.cred.264455** %6, align 8 %8 = icmp eq %struct.iov_iter* %1, null br i1 %8, label %15, label %9 %16 = phi %struct.iov_iter* [ %1, %13 ], [ null, %9 ], [ null, %3 ] %17 = phi i64 [ %11, %13 ], [ 0, %9 ], [ 0, %3 ] %18 = getelementptr inbounds %struct.cred.264455, %struct.cred.264455* %7, i64 0, i32 19 %19 = load %struct.key.264430*, %struct.key.264430** %18, align 8 %20 = icmp eq %struct.key.264430* %19, null br i1 %20, label %88, label %21 %22 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %19, i64 0, i32 16, i32 0, i32 0, i64 0 %23 = bitcast i8** %22 to %struct.request_key_auth.264758** %24 = load %struct.request_key_auth.264758*, %struct.request_key_auth.264758** %23, align 8 %25 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %24, i64 0, i32 1 %26 = load %struct.key.264430*, %struct.key.264430** %25, align 8 %27 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %0 br i1 %29, label %30, label %88 %31 = icmp eq %struct.iov_iter* %16, null br i1 %31, label %39, label %32 %33 = tail call noalias i8* @kvmalloc_node(i64 %17, i32 3264, i32 -1) #83 %34 = icmp eq i8* %33, null br i1 %34, label %88, label %35 %36 = tail call i64 @_copy_from_iter(i8* nonnull %33, i64 %17, %struct.iov_iter* nonnull %16) #84 %37 = icmp eq i64 %36, %17 br i1 %37, label %39, label %38, !prof !5, !misexpect !6 %40 = phi i8* [ null, %30 ], [ %33, %35 ] %41 = icmp eq i32 %2, 0 br i1 %41, label %72, label %42 %43 = icmp sgt i32 %2, 0 br i1 %43, label %44, label %51 %52 = icmp eq i32 %2, -7 br i1 %52, label %85, label %53 %54 = icmp sgt i32 %2, -9 br i1 %54, label %55, label %85 %56 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %24, i64 0, i32 2 %57 = load %struct.key.264430*, %struct.key.264430** %56, align 8 %58 = icmp eq %struct.key.264430* %57, null br i1 %58, label %72, label %59 %60 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %57, i64 0, i32 0 %61 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %57, i64 0, i32 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 1, i32* %61) #6, !srcloc !7 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %65, !prof !8, !misexpect !9 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %60, i32 2) #84 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_instantiate_key_common 1 keyctl_instantiate_key 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %52 = inttoptr i64 %9 to i8* %53 = tail call i64 @keyctl_instantiate_key(i32 %17, i8* %52, i64 %12, i32 %20) #83 Function:keyctl_instantiate_key %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.iov_iter, align 8 %7 = icmp ne i8* %1, null %8 = icmp ne i64 %2, 0 %9 = and i1 %7, %8 br i1 %9, label %10, label %21 %22 = tail call fastcc i64 @keyctl_instantiate_key_common(i32 %0, %struct.iov_iter* null, i32 %3) #84 Function:keyctl_instantiate_key_common %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.264755** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.264755**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.264755* %6 = getelementptr inbounds %struct.task_struct.264755, %struct.task_struct.264755* %5, i64 0, i32 94 %7 = load %struct.cred.264455*, %struct.cred.264455** %6, align 8 %8 = icmp eq %struct.iov_iter* %1, null br i1 %8, label %15, label %9 %16 = phi %struct.iov_iter* [ %1, %13 ], [ null, %9 ], [ null, %3 ] %17 = phi i64 [ %11, %13 ], [ 0, %9 ], [ 0, %3 ] %18 = getelementptr inbounds %struct.cred.264455, %struct.cred.264455* %7, i64 0, i32 19 %19 = load %struct.key.264430*, %struct.key.264430** %18, align 8 %20 = icmp eq %struct.key.264430* %19, null br i1 %20, label %88, label %21 %22 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %19, i64 0, i32 16, i32 0, i32 0, i64 0 %23 = bitcast i8** %22 to %struct.request_key_auth.264758** %24 = load %struct.request_key_auth.264758*, %struct.request_key_auth.264758** %23, align 8 %25 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %24, i64 0, i32 1 %26 = load %struct.key.264430*, %struct.key.264430** %25, align 8 %27 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %0 br i1 %29, label %30, label %88 %31 = icmp eq %struct.iov_iter* %16, null br i1 %31, label %39, label %32 %33 = tail call noalias i8* @kvmalloc_node(i64 %17, i32 3264, i32 -1) #83 %34 = icmp eq i8* %33, null br i1 %34, label %88, label %35 %36 = tail call i64 @_copy_from_iter(i8* nonnull %33, i64 %17, %struct.iov_iter* nonnull %16) #84 %37 = icmp eq i64 %36, %17 br i1 %37, label %39, label %38, !prof !5, !misexpect !6 %40 = phi i8* [ null, %30 ], [ %33, %35 ] %41 = icmp eq i32 %2, 0 br i1 %41, label %72, label %42 %43 = icmp sgt i32 %2, 0 br i1 %43, label %44, label %51 %52 = icmp eq i32 %2, -7 br i1 %52, label %85, label %53 %54 = icmp sgt i32 %2, -9 br i1 %54, label %55, label %85 %56 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %24, i64 0, i32 2 %57 = load %struct.key.264430*, %struct.key.264430** %56, align 8 %58 = icmp eq %struct.key.264430* %57, null br i1 %58, label %72, label %59 %60 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %57, i64 0, i32 0 %61 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %57, i64 0, i32 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 1, i32* %61) #6, !srcloc !7 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %65, !prof !8, !misexpect !9 %66 = add i32 %62, 1 %67 = or i32 %66, %62 %68 = icmp sgt i32 %67, -1 br i1 %68, label %72, label %69, !prof !5, !misexpect !9 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %60, i32 1) #84 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %25 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 18 %26 = load %struct.key.264821*, %struct.key.264821** %25, align 8 %27 = icmp eq %struct.key.264821* %26, null br i1 %27, label %28, label %58 store %struct.key.264821* %26, %struct.key.264821** %5, align 8 %59 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %26, i64 0, i32 0 %60 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %26, i64 0, i32 0, i32 0, i32 0 %61 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %60, i32 1, i32* %60) #6, !srcloc !6 %62 = icmp eq i32 %61, 0 br i1 %62, label %67, label %63, !prof !7, !misexpect !8 %64 = add i32 %61, 1 %65 = or i32 %64, %61 %66 = icmp sgt i32 %65, -1 br i1 %66, label %69, label %67, !prof !9, !misexpect !8 %68 = phi i32 [ 2, %58 ], [ 1, %63 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %59, i32 %68) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %25 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 18 %26 = load %struct.key.264821*, %struct.key.264821** %25, align 8 %27 = icmp eq %struct.key.264821* %26, null br i1 %27, label %28, label %58 store %struct.key.264821* %26, %struct.key.264821** %5, align 8 %59 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %26, i64 0, i32 0 %60 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %26, i64 0, i32 0, i32 0, i32 0 %61 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %60, i32 1, i32* %60) #6, !srcloc !6 %62 = icmp eq i32 %61, 0 br i1 %62, label %67, label %63, !prof !7, !misexpect !8 %64 = add i32 %61, 1 %65 = or i32 %64, %61 %66 = icmp sgt i32 %65, -1 br i1 %66, label %69, label %67, !prof !9, !misexpect !8 %68 = phi i32 [ 2, %58 ], [ 1, %63 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %59, i32 %68) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_keyring_move 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %25 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 18 %26 = load %struct.key.264821*, %struct.key.264821** %25, align 8 %27 = icmp eq %struct.key.264821* %26, null br i1 %27, label %28, label %58 store %struct.key.264821* %26, %struct.key.264821** %5, align 8 %59 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %26, i64 0, i32 0 %60 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %26, i64 0, i32 0, i32 0, i32 0 %61 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %60, i32 1, i32* %60) #6, !srcloc !6 %62 = icmp eq i32 %61, 0 br i1 %62, label %67, label %63, !prof !7, !misexpect !8 %64 = add i32 %61, 1 %65 = or i32 %64, %61 %66 = icmp sgt i32 %65, -1 br i1 %66, label %69, label %67, !prof !9, !misexpect !8 %68 = phi i32 [ 2, %58 ], [ 1, %63 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %59, i32 %68) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %25 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 18 %26 = load %struct.key.264821*, %struct.key.264821** %25, align 8 %27 = icmp eq %struct.key.264821* %26, null br i1 %27, label %28, label %58 store %struct.key.264821* %26, %struct.key.264821** %5, align 8 %59 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %26, i64 0, i32 0 %60 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %26, i64 0, i32 0, i32 0, i32 0 %61 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %60, i32 1, i32* %60) #6, !srcloc !6 %62 = icmp eq i32 %61, 0 br i1 %62, label %67, label %63, !prof !7, !misexpect !8 %64 = add i32 %61, 1 %65 = or i32 %64, %61 %66 = icmp sgt i32 %65, -1 br i1 %66, label %69, label %67, !prof !9, !misexpect !8 %68 = phi i32 [ 2, %58 ], [ 1, %63 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %59, i32 %68) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %25 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 18 %26 = load %struct.key.264821*, %struct.key.264821** %25, align 8 %27 = icmp eq %struct.key.264821* %26, null br i1 %27, label %28, label %58 store %struct.key.264821* %26, %struct.key.264821** %5, align 8 %59 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %26, i64 0, i32 0 %60 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %26, i64 0, i32 0, i32 0, i32 0 %61 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %60, i32 1, i32* %60) #6, !srcloc !6 %62 = icmp eq i32 %61, 0 br i1 %62, label %67, label %63, !prof !7, !misexpect !8 %64 = add i32 %61, 1 %65 = or i32 %64, %61 %66 = icmp sgt i32 %65, -1 br i1 %66, label %69, label %67, !prof !9, !misexpect !8 %68 = phi i32 [ 2, %58 ], [ 1, %63 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %59, i32 %68) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %75 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 17 %76 = load %struct.key.264821*, %struct.key.264821** %75, align 8 %77 = icmp eq %struct.key.264821* %76, null br i1 %77, label %78, label %108 store %struct.key.264821* %76, %struct.key.264821** %5, align 8 %109 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %76, i64 0, i32 0 %110 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %76, i64 0, i32 0, i32 0, i32 0 %111 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %110, i32 1, i32* %110) #6, !srcloc !6 %112 = icmp eq i32 %111, 0 br i1 %112, label %117, label %113, !prof !7, !misexpect !8 %114 = add i32 %111, 1 %115 = or i32 %114, %111 %116 = icmp sgt i32 %115, -1 br i1 %116, label %119, label %117, !prof !9, !misexpect !8 %118 = phi i32 [ 2, %108 ], [ 1, %113 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %109, i32 %118) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %75 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 17 %76 = load %struct.key.264821*, %struct.key.264821** %75, align 8 %77 = icmp eq %struct.key.264821* %76, null br i1 %77, label %78, label %108 store %struct.key.264821* %76, %struct.key.264821** %5, align 8 %109 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %76, i64 0, i32 0 %110 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %76, i64 0, i32 0, i32 0, i32 0 %111 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %110, i32 1, i32* %110) #6, !srcloc !6 %112 = icmp eq i32 %111, 0 br i1 %112, label %117, label %113, !prof !7, !misexpect !8 %114 = add i32 %111, 1 %115 = or i32 %114, %111 %116 = icmp sgt i32 %115, -1 br i1 %116, label %119, label %117, !prof !9, !misexpect !8 %118 = phi i32 [ 2, %108 ], [ 1, %113 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %109, i32 %118) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_keyring_move 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %75 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 17 %76 = load %struct.key.264821*, %struct.key.264821** %75, align 8 %77 = icmp eq %struct.key.264821* %76, null br i1 %77, label %78, label %108 store %struct.key.264821* %76, %struct.key.264821** %5, align 8 %109 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %76, i64 0, i32 0 %110 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %76, i64 0, i32 0, i32 0, i32 0 %111 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %110, i32 1, i32* %110) #6, !srcloc !6 %112 = icmp eq i32 %111, 0 br i1 %112, label %117, label %113, !prof !7, !misexpect !8 %114 = add i32 %111, 1 %115 = or i32 %114, %111 %116 = icmp sgt i32 %115, -1 br i1 %116, label %119, label %117, !prof !9, !misexpect !8 %118 = phi i32 [ 2, %108 ], [ 1, %113 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %109, i32 %118) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %75 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 17 %76 = load %struct.key.264821*, %struct.key.264821** %75, align 8 %77 = icmp eq %struct.key.264821* %76, null br i1 %77, label %78, label %108 store %struct.key.264821* %76, %struct.key.264821** %5, align 8 %109 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %76, i64 0, i32 0 %110 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %76, i64 0, i32 0, i32 0, i32 0 %111 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %110, i32 1, i32* %110) #6, !srcloc !6 %112 = icmp eq i32 %111, 0 br i1 %112, label %117, label %113, !prof !7, !misexpect !8 %114 = add i32 %111, 1 %115 = or i32 %114, %111 %116 = icmp sgt i32 %115, -1 br i1 %116, label %119, label %117, !prof !9, !misexpect !8 %118 = phi i32 [ 2, %108 ], [ 1, %113 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %109, i32 %118) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %75 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 17 %76 = load %struct.key.264821*, %struct.key.264821** %75, align 8 %77 = icmp eq %struct.key.264821* %76, null br i1 %77, label %78, label %108 store %struct.key.264821* %76, %struct.key.264821** %5, align 8 %109 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %76, i64 0, i32 0 %110 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %76, i64 0, i32 0, i32 0, i32 0 %111 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %110, i32 1, i32* %110) #6, !srcloc !6 %112 = icmp eq i32 %111, 0 br i1 %112, label %117, label %113, !prof !7, !misexpect !8 %114 = add i32 %111, 1 %115 = or i32 %114, %111 %116 = icmp sgt i32 %115, -1 br i1 %116, label %119, label %117, !prof !9, !misexpect !8 %118 = phi i32 [ 2, %108 ], [ 1, %113 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %109, i32 %118) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 16 %126 = load %struct.key.264821*, %struct.key.264821** %125, align 8 %127 = icmp eq %struct.key.264821* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 store %struct.key.264821* %126, %struct.key.264821** %5, align 8 %162 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 0 %163 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 0, i32 0, i32 0 %164 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %163, i32 1, i32* %163) #6, !srcloc !6 %165 = icmp eq i32 %164, 0 br i1 %165, label %170, label %166, !prof !7, !misexpect !8 %167 = add i32 %164, 1 %168 = or i32 %167, %164 %169 = icmp sgt i32 %168, -1 br i1 %169, label %172, label %170, !prof !9, !misexpect !8 %171 = phi i32 [ 2, %161 ], [ 1, %166 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %162, i32 %171) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 16 %126 = load %struct.key.264821*, %struct.key.264821** %125, align 8 %127 = icmp eq %struct.key.264821* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 store %struct.key.264821* %126, %struct.key.264821** %5, align 8 %162 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 0 %163 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 0, i32 0, i32 0 %164 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %163, i32 1, i32* %163) #6, !srcloc !6 %165 = icmp eq i32 %164, 0 br i1 %165, label %170, label %166, !prof !7, !misexpect !8 %167 = add i32 %164, 1 %168 = or i32 %167, %164 %169 = icmp sgt i32 %168, -1 br i1 %169, label %172, label %170, !prof !9, !misexpect !8 %171 = phi i32 [ 2, %161 ], [ 1, %166 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %162, i32 %171) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_keyring_move 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 16 %126 = load %struct.key.264821*, %struct.key.264821** %125, align 8 %127 = icmp eq %struct.key.264821* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 store %struct.key.264821* %126, %struct.key.264821** %5, align 8 %162 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 0 %163 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 0, i32 0, i32 0 %164 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %163, i32 1, i32* %163) #6, !srcloc !6 %165 = icmp eq i32 %164, 0 br i1 %165, label %170, label %166, !prof !7, !misexpect !8 %167 = add i32 %164, 1 %168 = or i32 %167, %164 %169 = icmp sgt i32 %168, -1 br i1 %169, label %172, label %170, !prof !9, !misexpect !8 %171 = phi i32 [ 2, %161 ], [ 1, %166 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %162, i32 %171) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 16 %126 = load %struct.key.264821*, %struct.key.264821** %125, align 8 %127 = icmp eq %struct.key.264821* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 store %struct.key.264821* %126, %struct.key.264821** %5, align 8 %162 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 0 %163 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 0, i32 0, i32 0 %164 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %163, i32 1, i32* %163) #6, !srcloc !6 %165 = icmp eq i32 %164, 0 br i1 %165, label %170, label %166, !prof !7, !misexpect !8 %167 = add i32 %164, 1 %168 = or i32 %167, %164 %169 = icmp sgt i32 %168, -1 br i1 %169, label %172, label %170, !prof !9, !misexpect !8 %171 = phi i32 [ 2, %161 ], [ 1, %166 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %162, i32 %171) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 16 %126 = load %struct.key.264821*, %struct.key.264821** %125, align 8 %127 = icmp eq %struct.key.264821* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 store %struct.key.264821* %126, %struct.key.264821** %5, align 8 %162 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 0 %163 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 0, i32 0, i32 0 %164 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %163, i32 1, i32* %163) #6, !srcloc !6 %165 = icmp eq i32 %164, 0 br i1 %165, label %170, label %166, !prof !7, !misexpect !8 %167 = add i32 %164, 1 %168 = or i32 %167, %164 %169 = icmp sgt i32 %168, -1 br i1 %169, label %172, label %170, !prof !9, !misexpect !8 %171 = phi i32 [ 2, %161 ], [ 1, %166 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %162, i32 %171) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %194 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 19 %195 = load %struct.key.264821*, %struct.key.264821** %194, align 8 store %struct.key.264821* %195, %struct.key.264821** %5, align 8 %196 = icmp eq %struct.key.264821* %195, null br i1 %196, label %344, label %197 %198 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %195, i64 0, i32 0 %199 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %195, i64 0, i32 0, i32 0, i32 0 %200 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %199, i32 1, i32* %199) #6, !srcloc !6 %201 = icmp eq i32 %200, 0 br i1 %201, label %206, label %202, !prof !7, !misexpect !8 %203 = add i32 %200, 1 %204 = or i32 %203, %200 %205 = icmp sgt i32 %204, -1 br i1 %205, label %208, label %206, !prof !9, !misexpect !8 %207 = phi i32 [ 2, %197 ], [ 1, %202 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %198, i32 %207) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %194 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 19 %195 = load %struct.key.264821*, %struct.key.264821** %194, align 8 store %struct.key.264821* %195, %struct.key.264821** %5, align 8 %196 = icmp eq %struct.key.264821* %195, null br i1 %196, label %344, label %197 %198 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %195, i64 0, i32 0 %199 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %195, i64 0, i32 0, i32 0, i32 0 %200 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %199, i32 1, i32* %199) #6, !srcloc !6 %201 = icmp eq i32 %200, 0 br i1 %201, label %206, label %202, !prof !7, !misexpect !8 %203 = add i32 %200, 1 %204 = or i32 %203, %200 %205 = icmp sgt i32 %204, -1 br i1 %205, label %208, label %206, !prof !9, !misexpect !8 %207 = phi i32 [ 2, %197 ], [ 1, %202 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %198, i32 %207) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_keyring_move 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %194 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 19 %195 = load %struct.key.264821*, %struct.key.264821** %194, align 8 store %struct.key.264821* %195, %struct.key.264821** %5, align 8 %196 = icmp eq %struct.key.264821* %195, null br i1 %196, label %344, label %197 %198 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %195, i64 0, i32 0 %199 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %195, i64 0, i32 0, i32 0, i32 0 %200 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %199, i32 1, i32* %199) #6, !srcloc !6 %201 = icmp eq i32 %200, 0 br i1 %201, label %206, label %202, !prof !7, !misexpect !8 %203 = add i32 %200, 1 %204 = or i32 %203, %200 %205 = icmp sgt i32 %204, -1 br i1 %205, label %208, label %206, !prof !9, !misexpect !8 %207 = phi i32 [ 2, %197 ], [ 1, %202 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %198, i32 %207) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %194 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 19 %195 = load %struct.key.264821*, %struct.key.264821** %194, align 8 store %struct.key.264821* %195, %struct.key.264821** %5, align 8 %196 = icmp eq %struct.key.264821* %195, null br i1 %196, label %344, label %197 %198 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %195, i64 0, i32 0 %199 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %195, i64 0, i32 0, i32 0, i32 0 %200 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %199, i32 1, i32* %199) #6, !srcloc !6 %201 = icmp eq i32 %200, 0 br i1 %201, label %206, label %202, !prof !7, !misexpect !8 %203 = add i32 %200, 1 %204 = or i32 %203, %200 %205 = icmp sgt i32 %204, -1 br i1 %205, label %208, label %206, !prof !9, !misexpect !8 %207 = phi i32 [ 2, %197 ], [ 1, %202 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %198, i32 %207) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %194 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 19 %195 = load %struct.key.264821*, %struct.key.264821** %194, align 8 store %struct.key.264821* %195, %struct.key.264821** %5, align 8 %196 = icmp eq %struct.key.264821* %195, null br i1 %196, label %344, label %197 %198 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %195, i64 0, i32 0 %199 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %195, i64 0, i32 0, i32 0, i32 0 %200 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %199, i32 1, i32* %199) #6, !srcloc !6 %201 = icmp eq i32 %200, 0 br i1 %201, label %206, label %202, !prof !7, !misexpect !8 %203 = add i32 %200, 1 %204 = or i32 %203, %200 %205 = icmp sgt i32 %204, -1 br i1 %205, label %208, label %206, !prof !9, !misexpect !8 %207 = phi i32 [ 2, %197 ], [ 1, %202 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %198, i32 %207) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 blk_finish_plug 4 __se_sys_io_submit 5 __ia32_sys_io_submit ------------- Path:  Function:__ia32_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_io_submit(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %74, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %74, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 64 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #83 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %4) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 store %struct.io_cq.294802* null, %struct.io_cq.294802** %21, align 8 br label %27 %28 = load i32, i32* %6, align 4 %29 = and i32 %28, 64 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %31 %32 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 5 %33 = load i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = icmp eq i64 %34, 0 br i1 %35, label %40, label %36 %41 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 25, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %41, i32 1, i32* %41) #6, !srcloc !4 br label %42 %43 = load i32, i32* @laptop_mode, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %55, label %45 %56 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 4 %57 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %56, align 8 %58 = icmp eq %struct.rq_qos.294814* %57, null br i1 %58, label %60, label %59 %61 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 21 store volatile i32 0, i32* %61, align 8 %62 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 22 %63 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %62, i64 0, i32 0, i32 0 %64 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %63, i32 -1, i32* %63) #6, !srcloc !7 %65 = icmp eq i32 %64, 1 br i1 %65, label %71, label %66 %67 = add i32 %64, -1 %68 = or i32 %67, %64 %69 = icmp sgt i32 %68, -1 br i1 %69, label %72, label %70, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %62, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 blk_finish_plug 4 __se_sys_io_submit 5 __x64_sys_io_submit ------------- Path:  Function:__x64_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_io_submit(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %74, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %74, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 64 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #83 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %4) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 store %struct.io_cq.294802* null, %struct.io_cq.294802** %21, align 8 br label %27 %28 = load i32, i32* %6, align 4 %29 = and i32 %28, 64 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %31 %32 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 5 %33 = load i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = icmp eq i64 %34, 0 br i1 %35, label %40, label %36 %41 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 25, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %41, i32 1, i32* %41) #6, !srcloc !4 br label %42 %43 = load i32, i32* @laptop_mode, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %55, label %45 %56 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 4 %57 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %56, align 8 %58 = icmp eq %struct.rq_qos.294814* %57, null br i1 %58, label %60, label %59 %61 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 21 store volatile i32 0, i32* %61, align 8 %62 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 22 %63 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %62, i64 0, i32 0, i32 0 %64 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %63, i32 -1, i32* %63) #6, !srcloc !7 %65 = icmp eq i32 %64, 1 br i1 %65, label %71, label %66 %67 = add i32 %64, -1 %68 = or i32 %67, %64 %69 = icmp sgt i32 %68, -1 br i1 %69, label %72, label %70, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %62, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 blk_finish_plug 4 do_madvise 5 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %210 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %211 = load %struct.mm_struct*, %struct.mm_struct** %210, align 8 %212 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %213 = load i64, i64* %212, align 8 switch i32 %3, label %254 [ i32 0, label %214 i32 2, label %216 i32 1, label %219 i32 10, label %222 i32 11, label %224 i32 18, label %229 i32 19, label %238 i32 16, label %240 i32 17, label %242 i32 15, label %250 i32 14, label %250 ] %243 = and i64 %213, 4194304 %244 = icmp ne i64 %243, 0 %245 = and i64 %213, 268715008 %246 = icmp eq i64 %245, 0 %247 = or i1 %244, %246 br i1 %247, label %248, label %329 %330 = phi i32 [ -12, %53 ], [ %328, %327 ], [ -22, %242 ], [ -12, %284 ], [ -12, %273 ], [ -22, %229 ], [ -22, %224 ], [ -22, %141 ], [ -22, %136 ], [ %81, %312 ], [ -12, %78 ], [ %81, %310 ], [ -12, %323 ] call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 store %struct.io_cq.294802* null, %struct.io_cq.294802** %21, align 8 br label %27 %28 = load i32, i32* %6, align 4 %29 = and i32 %28, 64 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %31 %32 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 5 %33 = load i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = icmp eq i64 %34, 0 br i1 %35, label %40, label %36 %41 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 25, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %41, i32 1, i32* %41) #6, !srcloc !4 br label %42 %43 = load i32, i32* @laptop_mode, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %55, label %45 %56 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 4 %57 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %56, align 8 %58 = icmp eq %struct.rq_qos.294814* %57, null br i1 %58, label %60, label %59 %61 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 21 store volatile i32 0, i32* %61, align 8 %62 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 22 %63 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %62, i64 0, i32 0, i32 0 %64 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %63, i32 -1, i32* %63) #6, !srcloc !7 %65 = icmp eq i32 %64, 1 br i1 %65, label %71, label %66 %67 = add i32 %64, -1 %68 = or i32 %67, %64 %69 = icmp sgt i32 %68, -1 br i1 %69, label %72, label %70, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %62, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 blk_finish_plug 4 do_madvise 5 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %210 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %211 = load %struct.mm_struct*, %struct.mm_struct** %210, align 8 %212 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %213 = load i64, i64* %212, align 8 switch i32 %3, label %254 [ i32 0, label %214 i32 2, label %216 i32 1, label %219 i32 10, label %222 i32 11, label %224 i32 18, label %229 i32 19, label %238 i32 16, label %240 i32 17, label %242 i32 15, label %250 i32 14, label %250 ] %243 = and i64 %213, 4194304 %244 = icmp ne i64 %243, 0 %245 = and i64 %213, 268715008 %246 = icmp eq i64 %245, 0 %247 = or i1 %244, %246 br i1 %247, label %248, label %329 %330 = phi i32 [ -12, %53 ], [ %328, %327 ], [ -22, %242 ], [ -12, %284 ], [ -12, %273 ], [ -22, %229 ], [ -22, %224 ], [ -22, %141 ], [ -22, %136 ], [ %81, %312 ], [ -12, %78 ], [ %81, %310 ], [ -12, %323 ] call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 store %struct.io_cq.294802* null, %struct.io_cq.294802** %21, align 8 br label %27 %28 = load i32, i32* %6, align 4 %29 = and i32 %28, 64 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %31 %32 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 5 %33 = load i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = icmp eq i64 %34, 0 br i1 %35, label %40, label %36 %41 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 25, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %41, i32 1, i32* %41) #6, !srcloc !4 br label %42 %43 = load i32, i32* @laptop_mode, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %55, label %45 %56 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 4 %57 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %56, align 8 %58 = icmp eq %struct.rq_qos.294814* %57, null br i1 %58, label %60, label %59 %61 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 21 store volatile i32 0, i32* %61, align 8 %62 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 22 %63 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %62, i64 0, i32 0, i32 0 %64 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %63, i32 -1, i32* %63) #6, !srcloc !7 %65 = icmp eq i32 %64, 1 br i1 %65, label %71, label %66 %67 = add i32 %64, -1 %68 = or i32 %67, %64 %69 = icmp sgt i32 %68, -1 br i1 %69, label %72, label %70, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %62, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 blk_finish_plug 4 __ia32_compat_sys_io_submit ------------- Path:  Function:__ia32_compat_sys_io_submit %2 = alloca %struct.blk_plug, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %6 to i32 %11 = inttoptr i64 %9 to i32* %12 = bitcast %struct.blk_plug* %2 to i8* %13 = icmp sgt i32 %10, -1 br i1 %13, label %14, label %82, !prof !4, !misexpect !5 %15 = and i64 %4, 4294967295 %16 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %15) #83 %17 = icmp eq %struct.kioctx* %16, null br i1 %17, label %82, label %18, !prof !6, !misexpect !5 %19 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %16, i64 0, i32 7 %20 = load i32, i32* %19, align 64 %21 = icmp ult i32 %20, %10 %22 = select i1 %21, i32 %20, i32 %10 %23 = icmp sgt i32 %22, 2 br i1 %23, label %24, label %25 %26 = icmp sgt i32 %22, 0 br i1 %26, label %27, label %57 %28 = zext i32 %22 to i64 br label %29 %30 = phi i64 [ 0, %27 ], [ %46, %45 ] %32 = getelementptr i32, i32* %11, i64 %30 %33 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %32, i64 4, i64 %31) #6, !srcloc !7 %34 = extractvalue { i32*, i32, i64 } %33, 0 %35 = extractvalue { i32*, i32, i64 } %33, 2 %36 = ptrtoint i32* %34 to i64 %37 = and i64 %36, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %51, !prof !4, !misexpect !5 %40 = extractvalue { i32*, i32, i64 } %33, 1 %41 = zext i32 %40 to i64 %42 = inttoptr i64 %41 to %struct.iocb* %43 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %16, %struct.iocb* %42, i1 zeroext true) #83 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %48 %46 = add nuw nsw i64 %30, 1 %47 = icmp eq i64 %46, %28 br i1 %47, label %53, label %29 %54 = phi i32 [ %49, %48 ], [ %52, %51 ], [ %22, %45 ] %55 = phi i64 [ %50, %48 ], [ -14, %51 ], [ 0, %45 ] br i1 %23, label %56, label %57 call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %2) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 store %struct.io_cq.294802* null, %struct.io_cq.294802** %21, align 8 br label %27 %28 = load i32, i32* %6, align 4 %29 = and i32 %28, 64 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %31 %32 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 5 %33 = load i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = icmp eq i64 %34, 0 br i1 %35, label %40, label %36 %41 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 25, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %41, i32 1, i32* %41) #6, !srcloc !4 br label %42 %43 = load i32, i32* @laptop_mode, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %55, label %45 %56 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 4 %57 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %56, align 8 %58 = icmp eq %struct.rq_qos.294814* %57, null br i1 %58, label %60, label %59 %61 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 21 store volatile i32 0, i32* %61, align 8 %62 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 22 %63 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %62, i64 0, i32 0, i32 0 %64 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %63, i32 -1, i32* %63) #6, !srcloc !7 %65 = icmp eq i32 %64, 1 br i1 %65, label %71, label %66 %67 = add i32 %64, -1 %68 = or i32 %67, %64 %69 = icmp sgt i32 %68, -1 br i1 %69, label %72, label %70, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %62, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 bio_poll 4 iocb_bio_iopoll ------------- Path:  Function:iocb_bio_iopoll tail call void @__rcu_read_lock() #83 %4 = getelementptr inbounds %struct.kiocb.290504, %struct.kiocb.290504* %0, i64 0, i32 3 %5 = load volatile i8*, i8** %4, align 8 %6 = bitcast i8* %5 to %struct.bio.290594* %7 = icmp eq i8* %5, null br i1 %7, label %15, label %8 %9 = getelementptr inbounds i8, i8* %5, i64 8 %10 = bitcast i8* %9 to %struct.block_device.290586** %11 = load %struct.block_device.290586*, %struct.block_device.290586** %10, align 8 %12 = icmp eq %struct.block_device.290586* %11, null br i1 %12, label %15, label %13 %14 = tail call i32 @bio_poll(%struct.bio.290594* nonnull %6, %struct.io_comp_batch.290810* %1, i32 %2) #84 Function:bio_poll %4 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %5 = load %struct.block_device.290586*, %struct.block_device.290586** %4, align 8 %6 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %5, i64 0, i32 18 %7 = load %struct.request_queue.290802*, %struct.request_queue.290802** %6, align 8 %8 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 9 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, -1 br i1 %10, label %54, label %11 %12 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %7, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 65536 %15 = icmp eq i64 %14, 0 br i1 %15, label %54, label %16 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.290793* %19 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %18, i64 0, i32 129 %20 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %19, align 8 %21 = icmp eq %struct.blk_plug.290756* %20, null br i1 %21, label %23, label %22 tail call void @blk_flush_plug(%struct.blk_plug.290756* nonnull %20, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 store %struct.io_cq.294802* null, %struct.io_cq.294802** %21, align 8 br label %27 %28 = load i32, i32* %6, align 4 %29 = and i32 %28, 64 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %31 %32 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 5 %33 = load i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = icmp eq i64 %34, 0 br i1 %35, label %40, label %36 %41 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 25, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %41, i32 1, i32* %41) #6, !srcloc !4 br label %42 %43 = load i32, i32* @laptop_mode, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %55, label %45 %56 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 4 %57 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %56, align 8 %58 = icmp eq %struct.rq_qos.294814* %57, null br i1 %58, label %60, label %59 %61 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 21 store volatile i32 0, i32* %61, align 8 %62 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 22 %63 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %62, i64 0, i32 0, i32 0 %64 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %63, i32 -1, i32* %63) #6, !srcloc !7 %65 = icmp eq i32 %64, 1 br i1 %65, label %71, label %66 %67 = add i32 %64, -1 %68 = or i32 %67, %64 %69 = icmp sgt i32 %68, -1 br i1 %69, label %72, label %70, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %62, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 wakeup_flusher_threads 4 ksys_sync 5 __do_sys_sync ------------- Path:  Function:__do_sys_sync tail call void @ksys_sync() #83 Function:ksys_sync %1 = alloca i32, align 4 %2 = alloca i32, align 4 %3 = bitcast i32* %1 to i8* store i32 0, i32* %1, align 4 %4 = bitcast i32* %2 to i8* store i32 1, i32* %2, align 4 tail call void @wakeup_flusher_threads(i32 2) #83 Function:wakeup_flusher_threads %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 129 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, null br i1 %6, label %17, label %7 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 0 %9 = load %struct.request*, %struct.request** %8, align 8 %10 = icmp eq %struct.request* %9, null br i1 %10, label %11, label %16 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 7 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %17, label %16 tail call void bitcast (void (%struct.blk_plug.290756*, i1)* @blk_flush_plug to void (%struct.blk_plug*, i1)*)(%struct.blk_plug* nonnull %5, i1 zeroext true) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 store %struct.io_cq.294802* null, %struct.io_cq.294802** %21, align 8 br label %27 %28 = load i32, i32* %6, align 4 %29 = and i32 %28, 64 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %31 %32 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 5 %33 = load i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = icmp eq i64 %34, 0 br i1 %35, label %40, label %36 %41 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 25, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %41, i32 1, i32* %41) #6, !srcloc !4 br label %42 %43 = load i32, i32* @laptop_mode, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %55, label %45 %56 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 4 %57 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %56, align 8 %58 = icmp eq %struct.rq_qos.294814* %57, null br i1 %58, label %60, label %59 %61 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 21 store volatile i32 0, i32* %61, align 8 %62 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 22 %63 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %62, i64 0, i32 0, i32 0 %64 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %63, i32 -1, i32* %63) #6, !srcloc !7 %65 = icmp eq i32 %64, 1 br i1 %65, label %71, label %66 %67 = add i32 %64, -1 %68 = or i32 %67, %64 %69 = icmp sgt i32 %68, -1 br i1 %69, label %72, label %70, !prof !5, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %62, i32 3) #83 ------------- Good: 9894 Bad: 553 Ignored: 11110 Check Use of Function:nl80211_send_iface Check Use of Function:dst_release Use: =BAD PATH= Call Stack: 0 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = bitcast %struct.dst_entry.873303* %0 to %struct.rt6_info.873315* %4 = icmp eq %struct.dst_entry.873303* %0, null br i1 %4, label %64, label %5 %6 = getelementptr inbounds %struct.dst_entry.873303, %struct.dst_entry.873303* %0, i64 1, i32 14 %7 = bitcast %struct.lwtunnel_state.873279** %6 to i32* %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 16777216 %10 = icmp eq i32 %9, 0 br i1 %10, label %63, label %11 tail call void bitcast (void (%struct.dst_entry.745678*)* @dst_release to void (%struct.dst_entry.873303*)*)(%struct.dst_entry.873303* nonnull %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __udp_disconnect ------------- Path:  Function:__udp_disconnect %3 = getelementptr inbounds %struct.sock.831941, %struct.sock.831941* %0, i64 0, i32 0, i32 4 store volatile i8 7, i8* %3, align 2 %4 = bitcast %struct.sock.831941* %0 to i32* store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.sock.831941, %struct.sock.831941* %0, i64 0, i32 0, i32 2 %6 = bitcast %struct.kuid_t* %5 to i16* store i16 0, i16* %6, align 4 %7 = getelementptr inbounds %struct.sock.831941, %struct.sock.831941* %0, i64 0, i32 0, i32 21, i32 0 store i32 0, i32* %7, align 4 %8 = getelementptr inbounds %struct.sock.831941, %struct.sock.831941* %0, i64 0, i32 0, i32 6 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.sock.831941, %struct.sock.831941* %0, i64 0, i32 44 %10 = load i8, i8* %9, align 8 %11 = and i8 %10, 64 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %46 %14 = getelementptr inbounds %struct.sock.831941, %struct.sock.831941* %0, i64 1, i32 0, i32 1, i32 0 store i32 0, i32* %14, align 8 %15 = bitcast %struct.sock.831941* %0 to %struct.static_call_site* %16 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %15, i64 0, i32 1 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.sock.831941, %struct.sock.831941* %0, i64 0, i32 0, i32 3 %18 = load i16, i16* %17, align 8 %19 = icmp eq i16 %18, 10 br i1 %19, label %20, label %34 %35 = getelementptr inbounds %struct.sock.831941, %struct.sock.831941* %0, i64 0, i32 0, i32 8 %36 = load %struct.proto.831921*, %struct.proto.831921** %35, align 8 %37 = getelementptr inbounds %struct.proto.831921, %struct.proto.831921* %36, i64 0, i32 23 %38 = load void (%struct.sock.831941*)*, void (%struct.sock.831941*)** %37, align 8 %39 = icmp eq void (%struct.sock.831941*)* %38, null br i1 %39, label %44, label %40 %41 = load i8, i8* %9, align 8 %42 = icmp sgt i8 %41, -1 br i1 %42, label %52, label %43 tail call void %38(%struct.sock.831941* %0) #83 br label %44 %45 = load i8, i8* %9, align 8 br label %46 %47 = phi i8 [ %45, %44 ], [ %10, %2 ] %48 = icmp sgt i8 %47, -1 br i1 %48, label %49, label %58 %59 = getelementptr inbounds %struct.sock.831941, %struct.sock.831941* %0, i64 0, i32 0, i32 16 store i16 -1, i16* %59, align 8 %60 = getelementptr inbounds %struct.sock.831941, %struct.sock.831941* %0, i64 0, i32 28 store i32 0, i32* %60, align 8 %61 = getelementptr inbounds %struct.sock.831941, %struct.sock.831941* %0, i64 0, i32 18 %62 = tail call %struct.dst_entry.831645* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.dst_entry.831645** %61, %struct.dst_entry.831645* null, %struct.dst_entry.831645** %61) #6, !srcloc !4 tail call void bitcast (void (%struct.dst_entry.745678*)* @dst_release to void (%struct.dst_entry.831645*)*)(%struct.dst_entry.831645* %62) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_negative_advice ------------- Path:  Function:ipv4_negative_advice %2 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* %3 = icmp eq %struct.dst_entry.813038* %0, null br i1 %3, label %19, label %4 %5 = getelementptr inbounds %struct.dst_entry.813038, %struct.dst_entry.813038* %0, i64 0, i32 8 %6 = load i16, i16* %5, align 2 %7 = icmp sgt i16 %6, 0 br i1 %7, label %8, label %9 tail call void bitcast (void (%struct.dst_entry.745678*)* @dst_release to void (%struct.dst_entry.813038*)*)(%struct.dst_entry.813038* nonnull %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_negative_advice ------------- Path:  Function:ipv4_negative_advice %2 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* %3 = icmp eq %struct.dst_entry.813038* %0, null br i1 %3, label %19, label %4 %5 = getelementptr inbounds %struct.dst_entry.813038, %struct.dst_entry.813038* %0, i64 0, i32 8 %6 = load i16, i16* %5, align 2 %7 = icmp sgt i16 %6, 0 br i1 %7, label %8, label %9 %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %2, i64 0, i32 2 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 262144 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %18 %15 = getelementptr inbounds %struct.dst_entry.813038, %struct.dst_entry.813038* %0, i64 0, i32 3 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 tail call void bitcast (void (%struct.dst_entry.745678*)* @dst_release to void (%struct.dst_entry.813038*)*)(%struct.dst_entry.813038* nonnull %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #83 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %39 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff* nonnull %0) #84 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff* %0) #83 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry* tail call void bitcast (void (%struct.dst_entry.745678*)* @dst_release to void (%struct.dst_entry*)*)(%struct.dst_entry* %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #83 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %39 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff* nonnull %0) #84 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff* %0) #83 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry* tail call void bitcast (void (%struct.dst_entry.745678*)* @dst_release to void (%struct.dst_entry*)*)(%struct.dst_entry* %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %39 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff* nonnull %0) #84 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff* %0) #83 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry* tail call void bitcast (void (%struct.dst_entry.745678*)* @dst_release to void (%struct.dst_entry*)*)(%struct.dst_entry* %10) #83 ------------- Good: 730 Bad: 7 Ignored: 1258 Check Use of Function:invoke_tx_handlers_late Check Use of Function:ieee80211_clear_tx_pending Check Use of Function:__dquot_alloc_space Check Use of Function:serport_ldisc_close Check Use of Function:freeze_super Check Use of Function:anon_inode_getfd Check Use of Function:may_expand_vm Check Use of Function:security_sem_associate Use: =BAD PATH= Call Stack: 0 __x64_sys_semget ------------- Path:  Function:__x64_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 103 %16 = load %struct.nsproxy*, %struct.nsproxy** %15, align 64 %17 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %16, i64 0, i32 2 %18 = load %struct.ipc_namespace*, %struct.ipc_namespace** %17, align 8 %19 = icmp slt i32 %10, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 1, i64 0 %22 = load i32, i32* %21, align 8 %23 = icmp slt i32 %22, %10 br i1 %23, label %32, label %24 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %25, align 8 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %26, align 4 %27 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %28 = bitcast %struct.anon.1* %27 to i32* store i32 %10, i32* %28, align 8 %29 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 0, i64 0 %30 = call i32 bitcast (i32 (%struct.ipc_namespace.259985*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.260893*, %struct.ipc_params*)*)(%struct.ipc_namespace* %18, %struct.ipc_ids* %29, %struct.ipc_ops.260893* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_semget ------------- Path:  Function:__ia32_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 103 %16 = load %struct.nsproxy*, %struct.nsproxy** %15, align 64 %17 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %16, i64 0, i32 2 %18 = load %struct.ipc_namespace*, %struct.ipc_namespace** %17, align 8 %19 = icmp slt i32 %10, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 1, i64 0 %22 = load i32, i32* %21, align 8 %23 = icmp slt i32 %22, %10 br i1 %23, label %32, label %24 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %25, align 8 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %26, align 4 %27 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %28 = bitcast %struct.anon.1* %27 to i32* store i32 %10, i32* %28, align 8 %29 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 0, i64 0 %30 = call i32 bitcast (i32 (%struct.ipc_namespace.259985*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.260893*, %struct.ipc_params*)*)(%struct.ipc_namespace* %18, %struct.ipc_ids* %29, %struct.ipc_ops.260893* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_semget 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #83 Function:compat_ksys_ipc %7 = alloca %struct.static_call_site, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %24 = tail call i64 @ksys_semget(i32 %1, i32 %2, i32 %3) #83 Function:ksys_semget %4 = alloca %struct.ipc_params, align 8 %5 = bitcast %struct.ipc_params* %4 to i8* %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct* %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %7, i64 0, i32 103 %9 = load %struct.nsproxy*, %struct.nsproxy** %8, align 64 %10 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %9, i64 0, i32 2 %11 = load %struct.ipc_namespace*, %struct.ipc_namespace** %10, align 8 %12 = icmp slt i32 %1, 0 br i1 %12, label %25, label %13 %14 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %11, i64 0, i32 1, i64 0 %15 = load i32, i32* %14, align 8 %16 = icmp slt i32 %15, %1 br i1 %16, label %25, label %17 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 0 store i32 %0, i32* %18, align 8 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 1 store i32 %2, i32* %19, align 4 %20 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 2 %21 = bitcast %struct.anon.1* %20 to i32* store i32 %1, i32* %21, align 8 %22 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %11, i64 0, i32 0, i64 0 %23 = call i32 bitcast (i32 (%struct.ipc_namespace.259985*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.260893*, %struct.ipc_params*)*)(%struct.ipc_namespace* %11, %struct.ipc_ids* %22, %struct.ipc_ops.260893* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %4) #83 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:__put_mountpoint Check Use of Function:cfg80211_find_elem_match Check Use of Function:drm_modeset_lock_all Use: =BAD PATH= Call Stack: 0 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 tail call void bitcast (void (%struct.drm_device.387280*)* @drm_modeset_lock_all to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 intel_overlay_put_image_ioctl ------------- Path:  Function:intel_overlay_put_image_ioctl %4 = alloca i8, align 1 %5 = alloca %struct.i915_gem_ww_ctx.545140, align 8 %6 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.intel_overlay** %9 = load %struct.intel_overlay*, %struct.intel_overlay** %8, align 8 %10 = icmp eq %struct.intel_overlay* %9, null br i1 %10, label %11, label %18 %19 = bitcast i8* %1 to i32* %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 16777216 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %25 tail call void bitcast (void (%struct.drm_device.387280*)* @drm_modeset_lock_all to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 wm_latency_write 1 pri_wm_latency_write ------------- Path:  Function:pri_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.428426** %10 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 0, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #83 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.428426** %14 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #83 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.41054, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #84 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.387280*)* @drm_modeset_lock_all to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %15) #83 ------------- Use: =BAD PATH= Call Stack: 0 wm_latency_write 1 spr_wm_latency_write ------------- Path:  Function:spr_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.428426** %10 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 1, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #83 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.428426** %14 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #83 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.41054, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #84 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.387280*)* @drm_modeset_lock_all to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %15) #83 ------------- Use: =BAD PATH= Call Stack: 0 wm_latency_write 1 cur_wm_latency_write ------------- Path:  Function:cur_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.428426** %10 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 2, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #83 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.428426** %14 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #83 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.41054, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #84 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.387280*)* @drm_modeset_lock_all to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %15) #83 ------------- Good: 13 Bad: 5 Ignored: 16 Check Use of Function:__do_loopback Check Use of Function:__this_cpu_preempt_check Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 cancel_delayed_work 4 __rpc_do_wake_up_task_on_wq 5 rpc_wake_up_first_on_wq 6 rpc_wake_up_first 7 nfs41_wake_and_assign_slot 8 nfs4_commit_done ------------- Path:  Function:nfs4_commit_done %3 = getelementptr inbounds %struct.nfs_commit_data.233181, %struct.nfs_commit_data.233181* %1, i64 0, i32 9, i32 0, i32 0 %4 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %3, align 8 %5 = icmp eq %struct.nfs4_slot.233140* %4, null br i1 %5, label %13, label %6 %7 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %4, i64 0, i32 0 %8 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %8, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %8, %struct.nfs4_slot.233140* nonnull %4) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 Function:cancel_delayed_work %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 0 %4 = bitcast i64* %2 to i8* br label %5 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 cancel_delayed_work 4 __rpc_do_wake_up_task_on_wq 5 rpc_wake_up_first_on_wq 6 rpc_wake_up_first 7 nfs41_wake_and_assign_slot 8 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %8 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %5, i64 0, i32 0 %9 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %9, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #83 %11 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %9, %struct.nfs4_slot.233140* nonnull %5) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 Function:cancel_delayed_work %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 0 %4 = bitcast i64* %2 to i8* br label %5 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 cancel_delayed_work 4 __rpc_do_wake_up_task_on_wq 5 rpc_wake_up_first_on_wq 6 rpc_wake_up_first 7 nfs41_wake_and_assign_slot 8 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %8 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %5, i64 0, i32 0 %9 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %9, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #83 %11 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %9, %struct.nfs4_slot.233140* nonnull %5) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 Function:cancel_delayed_work %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 0 %4 = bitcast i64* %2 to i8* br label %5 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 cancel_delayed_work 4 __rpc_do_wake_up_task_on_wq 5 rpc_wake_up_first_on_wq 6 rpc_wake_up_first 7 nfs41_wake_and_assign_slot 8 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.233148** %7 = load %struct.nfs_renamedata.233148*, %struct.nfs_renamedata.233148** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %8, align 8 %10 = icmp eq %struct.nfs4_slot.233140* %9, null br i1 %10, label %18, label %11 %12 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %9, i64 0, i32 0 %13 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %13, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %14) #83 %15 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %13, %struct.nfs4_slot.233140* nonnull %9) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 Function:cancel_delayed_work %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 0 %4 = bitcast i64* %2 to i8* br label %5 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 cancel_delayed_work 4 __rpc_do_wake_up_task_on_wq 5 rpc_wake_up_first_on_wq 6 rpc_wake_up_first 7 nfs41_wake_and_assign_slot 8 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.233145** %6 = load %struct.nfs_unlinkdata.233145*, %struct.nfs_unlinkdata.233145** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %17, label %10 %11 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %8, i64 0, i32 0 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %12, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %13) #83 %14 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot.233140* nonnull %8) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 Function:cancel_delayed_work %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 0 %4 = bitcast i64* %2 to i8* br label %5 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 __cancel_work_timer 4 cancel_work_sync 5 intel_fbc_reset_underrun 6 i915_fifo_underrun_reset_write ------------- Path:  Function:i915_fifo_underrun_reset_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_i915_private.428426** %8 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %7, align 8 %9 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i8, i8* %5, align 1, !range !4 %15 = icmp eq i8 %14, 0 br i1 %15, label %77, label %16 %17 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %8, i64 0, i32 0, i32 30, i32 20 %18 = bitcast %struct.list_head* %17 to i8** %19 = load i8*, i8** %18, align 8 %20 = bitcast i8* %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %72, label %22 %23 = icmp eq %struct.drm_i915_private.428426* %8, null %24 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %8, i64 0, i32 0, i32 2 br label %25 %26 = phi i8* [ %19, %22 ], [ %69, %67 ] %27 = getelementptr i8, i8* %26, i64 -16 %28 = bitcast i8* %27 to %struct.intel_crtc.428263* %29 = getelementptr i8, i8* %26, i64 24 %30 = bitcast i8* %29 to %struct.drm_modeset_lock* %31 = call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %30) #83 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = getelementptr i8, i8* %26, i64 824 %37 = bitcast i8* %36 to %struct.intel_crtc_state.428259** %38 = load %struct.intel_crtc_state.428259*, %struct.intel_crtc_state.428259** %37, align 8 %39 = getelementptr inbounds %struct.intel_crtc_state.428259, %struct.intel_crtc_state.428259* %38, i64 0, i32 0, i32 19 %40 = load %struct.drm_crtc_commit.373222*, %struct.drm_crtc_commit.373222** %39, align 8 %41 = icmp eq %struct.drm_crtc_commit.373222* %40, null br i1 %41, label %50, label %42 %51 = getelementptr inbounds %struct.intel_crtc_state.428259, %struct.intel_crtc_state.428259* %38, i64 0, i32 1, i32 0 %52 = load i8, i8* %51, align 8, !range !4 %53 = icmp eq i8 %52, 0 br i1 %53, label %67, label %54 call void @drm_modeset_unlock(%struct.drm_modeset_lock* %30) #83 %68 = bitcast i8* %26 to i8** %69 = load i8*, i8** %68, align 8 %70 = bitcast i8* %69 to %struct.list_head* %71 = icmp eq %struct.list_head* %17, %70 br i1 %71, label %72, label %25 %73 = call i32 bitcast (i32 (%struct.drm_i915_private.418547*)* @intel_fbc_reset_underrun to i32 (%struct.drm_i915_private.428426*)*)(%struct.drm_i915_private.428426* %8) #83 Function:intel_fbc_reset_underrun %2 = getelementptr inbounds %struct.drm_i915_private.418547, %struct.drm_i915_private.418547* %0, i64 0, i32 31, i32 12 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #83 Function:cancel_work_sync %2 = tail call fastcc zeroext i1 @__cancel_work_timer(%struct.work_struct* %0, i1 zeroext false) #83 Function:__cancel_work_timer %3 = alloca i64, align 8 %4 = alloca %struct.cwt_wait, align 8 %5 = bitcast i64* %3 to i8* %6 = bitcast %struct.cwt_wait* %4 to i8* %7 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0 %8 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 1 %9 = bitcast i8** %8 to %struct.task_struct** %10 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 2 %11 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3, i32 1 %14 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 0 %15 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 1 %16 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 br label %17 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 %30 = icmp sgt i32 %18, -1 br i1 %30, label %31, label %17, !prof !7, !misexpect !5 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 __cancel_work_timer 4 cancel_work_sync 5 tty_buffer_cancel_work 6 tty_port_put 7 con_cleanup ------------- Path:  Function:con_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %3 = bitcast i8** %2 to %struct.vc_data.357703** %4 = load %struct.vc_data.357703*, %struct.vc_data.357703** %3, align 8 %5 = getelementptr inbounds %struct.vc_data.357703, %struct.vc_data.357703* %4, i64 0, i32 0 tail call void bitcast (void (%struct.tty_port.352437*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %5) #83 Function:tty_port_put %2 = icmp eq %struct.tty_port.352437* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.352437, %struct.tty_port.352437* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.352437* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.352434** %20 = load %struct.tty_struct.352434*, %struct.tty_struct.352434** %19, align 8 %21 = icmp eq %struct.tty_struct.352434* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #83 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.352012*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.352437*)*)(%struct.tty_port.352437* %17) #83 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.352012, %struct.tty_port.352012* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #83 Function:cancel_work_sync %2 = tail call fastcc zeroext i1 @__cancel_work_timer(%struct.work_struct* %0, i1 zeroext false) #83 Function:__cancel_work_timer %3 = alloca i64, align 8 %4 = alloca %struct.cwt_wait, align 8 %5 = bitcast i64* %3 to i8* %6 = bitcast %struct.cwt_wait* %4 to i8* %7 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0 %8 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 1 %9 = bitcast i8** %8 to %struct.task_struct** %10 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 2 %11 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3, i32 1 %14 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 0 %15 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 1 %16 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 br label %17 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 %30 = icmp sgt i32 %18, -1 br i1 %30, label %31, label %17, !prof !7, !misexpect !5 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 __cancel_work_timer 4 cancel_work_sync 5 tty_buffer_cancel_work 6 tty_port_put 7 pty_cleanup ------------- Path:  Function:pty_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %3 = load %struct.tty_port*, %struct.tty_port** %2, align 8 tail call void bitcast (void (%struct.tty_port.352437*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %3) #83 Function:tty_port_put %2 = icmp eq %struct.tty_port.352437* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.352437, %struct.tty_port.352437* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.352437* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.352434** %20 = load %struct.tty_struct.352434*, %struct.tty_struct.352434** %19, align 8 %21 = icmp eq %struct.tty_struct.352434* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #83 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.352012*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.352437*)*)(%struct.tty_port.352437* %17) #83 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.352012, %struct.tty_port.352012* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #83 Function:cancel_work_sync %2 = tail call fastcc zeroext i1 @__cancel_work_timer(%struct.work_struct* %0, i1 zeroext false) #83 Function:__cancel_work_timer %3 = alloca i64, align 8 %4 = alloca %struct.cwt_wait, align 8 %5 = bitcast i64* %3 to i8* %6 = bitcast %struct.cwt_wait* %4 to i8* %7 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0 %8 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 1 %9 = bitcast i8** %8 to %struct.task_struct** %10 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 2 %11 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3, i32 1 %14 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 0 %15 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 1 %16 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 br label %17 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 %30 = icmp sgt i32 %18, -1 br i1 %30, label %31, label %17, !prof !7, !misexpect !5 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 __cancel_work_timer 4 cancel_work_sync 5 tty_buffer_cancel_work 6 tty_port_put 7 pty_cleanup ------------- Path:  Function:pty_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %3 = load %struct.tty_port*, %struct.tty_port** %2, align 8 tail call void bitcast (void (%struct.tty_port.352437*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %3) #83 Function:tty_port_put %2 = icmp eq %struct.tty_port.352437* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.352437, %struct.tty_port.352437* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.352437* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.352434** %20 = load %struct.tty_struct.352434*, %struct.tty_struct.352434** %19, align 8 %21 = icmp eq %struct.tty_struct.352434* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #83 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.352012*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.352437*)*)(%struct.tty_port.352437* %17) #83 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.352012, %struct.tty_port.352012* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #83 Function:cancel_work_sync %2 = tail call fastcc zeroext i1 @__cancel_work_timer(%struct.work_struct* %0, i1 zeroext false) #83 Function:__cancel_work_timer %3 = alloca i64, align 8 %4 = alloca %struct.cwt_wait, align 8 %5 = bitcast i64* %3 to i8* %6 = bitcast %struct.cwt_wait* %4 to i8* %7 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0 %8 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 1 %9 = bitcast i8** %8 to %struct.task_struct** %10 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 2 %11 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3, i32 1 %14 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 0 %15 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 1 %16 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 br label %17 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 %30 = icmp sgt i32 %18, -1 br i1 %30, label %31, label %17, !prof !7, !misexpect !5 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 cancel_delayed_work 4 __rpc_do_wake_up_task_on_wq 5 rpc_wake_up_first_on_wq 6 rpc_wake_up_first 7 nfs41_wake_and_assign_slot 8 nfs4_commit_done ------------- Path:  Function:nfs4_commit_done %3 = getelementptr inbounds %struct.nfs_commit_data.233181, %struct.nfs_commit_data.233181* %1, i64 0, i32 9, i32 0, i32 0 %4 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %3, align 8 %5 = icmp eq %struct.nfs4_slot.233140* %4, null br i1 %5, label %13, label %6 %7 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %4, i64 0, i32 0 %8 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %8, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %8, %struct.nfs4_slot.233140* nonnull %4) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 Function:cancel_delayed_work %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 0 %4 = bitcast i64* %2 to i8* br label %5 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 %63 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @wq_rr_cpu_last) #4, !srcloc !17 %64 = tail call i32 @cpumask_next_and(i32 %63, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %65 = load i32, i32* @nr_cpu_ids, align 4 %66 = icmp ult i32 %64, %65 br i1 %66, label %70, label %67, !prof !4, !misexpect !5 %68 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %69 = icmp ult i32 %68, %65 br i1 %69, label %70, label %72, !prof !4, !misexpect !5 %71 = phi i32 [ %68, %67 ], [ %64, %62 ] tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.36.5892, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 cancel_delayed_work 4 __rpc_do_wake_up_task_on_wq 5 rpc_wake_up_first_on_wq 6 rpc_wake_up_first 7 nfs41_wake_and_assign_slot 8 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %8 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %5, i64 0, i32 0 %9 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %9, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #83 %11 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %9, %struct.nfs4_slot.233140* nonnull %5) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 Function:cancel_delayed_work %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 0 %4 = bitcast i64* %2 to i8* br label %5 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 %63 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @wq_rr_cpu_last) #4, !srcloc !17 %64 = tail call i32 @cpumask_next_and(i32 %63, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %65 = load i32, i32* @nr_cpu_ids, align 4 %66 = icmp ult i32 %64, %65 br i1 %66, label %70, label %67, !prof !4, !misexpect !5 %68 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %69 = icmp ult i32 %68, %65 br i1 %69, label %70, label %72, !prof !4, !misexpect !5 %71 = phi i32 [ %68, %67 ], [ %64, %62 ] tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.36.5892, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 cancel_delayed_work 4 __rpc_do_wake_up_task_on_wq 5 rpc_wake_up_first_on_wq 6 rpc_wake_up_first 7 nfs41_wake_and_assign_slot 8 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %8 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %5, i64 0, i32 0 %9 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %9, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #83 %11 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %9, %struct.nfs4_slot.233140* nonnull %5) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 Function:cancel_delayed_work %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 0 %4 = bitcast i64* %2 to i8* br label %5 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 %63 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @wq_rr_cpu_last) #4, !srcloc !17 %64 = tail call i32 @cpumask_next_and(i32 %63, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %65 = load i32, i32* @nr_cpu_ids, align 4 %66 = icmp ult i32 %64, %65 br i1 %66, label %70, label %67, !prof !4, !misexpect !5 %68 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %69 = icmp ult i32 %68, %65 br i1 %69, label %70, label %72, !prof !4, !misexpect !5 %71 = phi i32 [ %68, %67 ], [ %64, %62 ] tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.36.5892, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 cancel_delayed_work 4 __rpc_do_wake_up_task_on_wq 5 rpc_wake_up_first_on_wq 6 rpc_wake_up_first 7 nfs41_wake_and_assign_slot 8 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.233148** %7 = load %struct.nfs_renamedata.233148*, %struct.nfs_renamedata.233148** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %8, align 8 %10 = icmp eq %struct.nfs4_slot.233140* %9, null br i1 %10, label %18, label %11 %12 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %9, i64 0, i32 0 %13 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %13, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %14) #83 %15 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %13, %struct.nfs4_slot.233140* nonnull %9) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 Function:cancel_delayed_work %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 0 %4 = bitcast i64* %2 to i8* br label %5 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 %63 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @wq_rr_cpu_last) #4, !srcloc !17 %64 = tail call i32 @cpumask_next_and(i32 %63, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %65 = load i32, i32* @nr_cpu_ids, align 4 %66 = icmp ult i32 %64, %65 br i1 %66, label %70, label %67, !prof !4, !misexpect !5 %68 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %69 = icmp ult i32 %68, %65 br i1 %69, label %70, label %72, !prof !4, !misexpect !5 %71 = phi i32 [ %68, %67 ], [ %64, %62 ] tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.36.5892, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 cancel_delayed_work 4 __rpc_do_wake_up_task_on_wq 5 rpc_wake_up_first_on_wq 6 rpc_wake_up_first 7 nfs41_wake_and_assign_slot 8 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.233145** %6 = load %struct.nfs_unlinkdata.233145*, %struct.nfs_unlinkdata.233145** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %17, label %10 %11 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %8, i64 0, i32 0 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %12, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %13) #83 %14 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot.233140* nonnull %8) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 Function:cancel_delayed_work %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 0 %4 = bitcast i64* %2 to i8* br label %5 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 %6 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %3, i1 zeroext true, i64* nonnull %2) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 %63 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @wq_rr_cpu_last) #4, !srcloc !17 %64 = tail call i32 @cpumask_next_and(i32 %63, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %65 = load i32, i32* @nr_cpu_ids, align 4 %66 = icmp ult i32 %64, %65 br i1 %66, label %70, label %67, !prof !4, !misexpect !5 %68 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %69 = icmp ult i32 %68, %65 br i1 %69, label %70, label %72, !prof !4, !misexpect !5 %71 = phi i32 [ %68, %67 ], [ %64, %62 ] tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.36.5892, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 __cancel_work_timer 4 cancel_work_sync 5 intel_fbc_reset_underrun 6 i915_fifo_underrun_reset_write ------------- Path:  Function:i915_fifo_underrun_reset_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_i915_private.428426** %8 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %7, align 8 %9 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i8, i8* %5, align 1, !range !4 %15 = icmp eq i8 %14, 0 br i1 %15, label %77, label %16 %17 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %8, i64 0, i32 0, i32 30, i32 20 %18 = bitcast %struct.list_head* %17 to i8** %19 = load i8*, i8** %18, align 8 %20 = bitcast i8* %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %72, label %22 %23 = icmp eq %struct.drm_i915_private.428426* %8, null %24 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %8, i64 0, i32 0, i32 2 br label %25 %26 = phi i8* [ %19, %22 ], [ %69, %67 ] %27 = getelementptr i8, i8* %26, i64 -16 %28 = bitcast i8* %27 to %struct.intel_crtc.428263* %29 = getelementptr i8, i8* %26, i64 24 %30 = bitcast i8* %29 to %struct.drm_modeset_lock* %31 = call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %30) #83 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = getelementptr i8, i8* %26, i64 824 %37 = bitcast i8* %36 to %struct.intel_crtc_state.428259** %38 = load %struct.intel_crtc_state.428259*, %struct.intel_crtc_state.428259** %37, align 8 %39 = getelementptr inbounds %struct.intel_crtc_state.428259, %struct.intel_crtc_state.428259* %38, i64 0, i32 0, i32 19 %40 = load %struct.drm_crtc_commit.373222*, %struct.drm_crtc_commit.373222** %39, align 8 %41 = icmp eq %struct.drm_crtc_commit.373222* %40, null br i1 %41, label %50, label %42 %51 = getelementptr inbounds %struct.intel_crtc_state.428259, %struct.intel_crtc_state.428259* %38, i64 0, i32 1, i32 0 %52 = load i8, i8* %51, align 8, !range !4 %53 = icmp eq i8 %52, 0 br i1 %53, label %67, label %54 call void @drm_modeset_unlock(%struct.drm_modeset_lock* %30) #83 %68 = bitcast i8* %26 to i8** %69 = load i8*, i8** %68, align 8 %70 = bitcast i8* %69 to %struct.list_head* %71 = icmp eq %struct.list_head* %17, %70 br i1 %71, label %72, label %25 %73 = call i32 bitcast (i32 (%struct.drm_i915_private.418547*)* @intel_fbc_reset_underrun to i32 (%struct.drm_i915_private.428426*)*)(%struct.drm_i915_private.428426* %8) #83 Function:intel_fbc_reset_underrun %2 = getelementptr inbounds %struct.drm_i915_private.418547, %struct.drm_i915_private.418547* %0, i64 0, i32 31, i32 12 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #83 Function:cancel_work_sync %2 = tail call fastcc zeroext i1 @__cancel_work_timer(%struct.work_struct* %0, i1 zeroext false) #83 Function:__cancel_work_timer %3 = alloca i64, align 8 %4 = alloca %struct.cwt_wait, align 8 %5 = bitcast i64* %3 to i8* %6 = bitcast %struct.cwt_wait* %4 to i8* %7 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0 %8 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 1 %9 = bitcast i8** %8 to %struct.task_struct** %10 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 2 %11 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3, i32 1 %14 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 0 %15 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 1 %16 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 br label %17 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 %30 = icmp sgt i32 %18, -1 br i1 %30, label %31, label %17, !prof !7, !misexpect !5 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 %63 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @wq_rr_cpu_last) #4, !srcloc !17 %64 = tail call i32 @cpumask_next_and(i32 %63, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %65 = load i32, i32* @nr_cpu_ids, align 4 %66 = icmp ult i32 %64, %65 br i1 %66, label %70, label %67, !prof !4, !misexpect !5 %68 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %69 = icmp ult i32 %68, %65 br i1 %69, label %70, label %72, !prof !4, !misexpect !5 %71 = phi i32 [ %68, %67 ], [ %64, %62 ] tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.36.5892, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 __cancel_work_timer 4 cancel_work_sync 5 tty_buffer_cancel_work 6 tty_port_put 7 con_cleanup ------------- Path:  Function:con_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %3 = bitcast i8** %2 to %struct.vc_data.357703** %4 = load %struct.vc_data.357703*, %struct.vc_data.357703** %3, align 8 %5 = getelementptr inbounds %struct.vc_data.357703, %struct.vc_data.357703* %4, i64 0, i32 0 tail call void bitcast (void (%struct.tty_port.352437*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %5) #83 Function:tty_port_put %2 = icmp eq %struct.tty_port.352437* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.352437, %struct.tty_port.352437* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.352437* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.352434** %20 = load %struct.tty_struct.352434*, %struct.tty_struct.352434** %19, align 8 %21 = icmp eq %struct.tty_struct.352434* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #83 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.352012*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.352437*)*)(%struct.tty_port.352437* %17) #83 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.352012, %struct.tty_port.352012* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #83 Function:cancel_work_sync %2 = tail call fastcc zeroext i1 @__cancel_work_timer(%struct.work_struct* %0, i1 zeroext false) #83 Function:__cancel_work_timer %3 = alloca i64, align 8 %4 = alloca %struct.cwt_wait, align 8 %5 = bitcast i64* %3 to i8* %6 = bitcast %struct.cwt_wait* %4 to i8* %7 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0 %8 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 1 %9 = bitcast i8** %8 to %struct.task_struct** %10 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 2 %11 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3, i32 1 %14 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 0 %15 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 1 %16 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 br label %17 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 %30 = icmp sgt i32 %18, -1 br i1 %30, label %31, label %17, !prof !7, !misexpect !5 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 %63 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @wq_rr_cpu_last) #4, !srcloc !17 %64 = tail call i32 @cpumask_next_and(i32 %63, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %65 = load i32, i32* @nr_cpu_ids, align 4 %66 = icmp ult i32 %64, %65 br i1 %66, label %70, label %67, !prof !4, !misexpect !5 %68 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %69 = icmp ult i32 %68, %65 br i1 %69, label %70, label %72, !prof !4, !misexpect !5 %71 = phi i32 [ %68, %67 ], [ %64, %62 ] tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.36.5892, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 __cancel_work_timer 4 cancel_work_sync 5 tty_buffer_cancel_work 6 tty_port_put 7 pty_cleanup ------------- Path:  Function:pty_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %3 = load %struct.tty_port*, %struct.tty_port** %2, align 8 tail call void bitcast (void (%struct.tty_port.352437*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %3) #83 Function:tty_port_put %2 = icmp eq %struct.tty_port.352437* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.352437, %struct.tty_port.352437* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.352437* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.352434** %20 = load %struct.tty_struct.352434*, %struct.tty_struct.352434** %19, align 8 %21 = icmp eq %struct.tty_struct.352434* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #83 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.352012*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.352437*)*)(%struct.tty_port.352437* %17) #83 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.352012, %struct.tty_port.352012* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #83 Function:cancel_work_sync %2 = tail call fastcc zeroext i1 @__cancel_work_timer(%struct.work_struct* %0, i1 zeroext false) #83 Function:__cancel_work_timer %3 = alloca i64, align 8 %4 = alloca %struct.cwt_wait, align 8 %5 = bitcast i64* %3 to i8* %6 = bitcast %struct.cwt_wait* %4 to i8* %7 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0 %8 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 1 %9 = bitcast i8** %8 to %struct.task_struct** %10 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 2 %11 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3, i32 1 %14 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 0 %15 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 1 %16 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 br label %17 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 %30 = icmp sgt i32 %18, -1 br i1 %30, label %31, label %17, !prof !7, !misexpect !5 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 %63 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @wq_rr_cpu_last) #4, !srcloc !17 %64 = tail call i32 @cpumask_next_and(i32 %63, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %65 = load i32, i32* @nr_cpu_ids, align 4 %66 = icmp ult i32 %64, %65 br i1 %66, label %70, label %67, !prof !4, !misexpect !5 %68 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %69 = icmp ult i32 %68, %65 br i1 %69, label %70, label %72, !prof !4, !misexpect !5 %71 = phi i32 [ %68, %67 ], [ %64, %62 ] tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.36.5892, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __queue_work 1 pwq_dec_nr_in_flight 2 try_to_grab_pending 3 __cancel_work_timer 4 cancel_work_sync 5 tty_buffer_cancel_work 6 tty_port_put 7 pty_cleanup ------------- Path:  Function:pty_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %3 = load %struct.tty_port*, %struct.tty_port** %2, align 8 tail call void bitcast (void (%struct.tty_port.352437*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %3) #83 Function:tty_port_put %2 = icmp eq %struct.tty_port.352437* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.352437, %struct.tty_port.352437* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.352437* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.352434** %20 = load %struct.tty_struct.352434*, %struct.tty_struct.352434** %19, align 8 %21 = icmp eq %struct.tty_struct.352434* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #83 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.352012*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.352437*)*)(%struct.tty_port.352437* %17) #83 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.352012, %struct.tty_port.352012* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #83 Function:cancel_work_sync %2 = tail call fastcc zeroext i1 @__cancel_work_timer(%struct.work_struct* %0, i1 zeroext false) #83 Function:__cancel_work_timer %3 = alloca i64, align 8 %4 = alloca %struct.cwt_wait, align 8 %5 = bitcast i64* %3 to i8* %6 = bitcast %struct.cwt_wait* %4 to i8* %7 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0 %8 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 1 %9 = bitcast i8** %8 to %struct.task_struct** %10 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 2 %11 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 3, i32 1 %14 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 0, i32 0 %15 = getelementptr inbounds %struct.cwt_wait, %struct.cwt_wait* %4, i64 0, i32 1 %16 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 br label %17 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 %30 = icmp sgt i32 %18, -1 br i1 %30, label %31, label %17, !prof !7, !misexpect !5 %18 = call fastcc i32 @try_to_grab_pending(%struct.work_struct* %0, i1 zeroext %1, i64* nonnull %3) #83 Function:try_to_grab_pending %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %6 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i64 %6, i64* %2, align 8 br i1 %1, label %7, label %12 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 1 %9 = bitcast %struct.work_struct* %8 to %struct.timer_list* %10 = call i32 @del_timer(%struct.timer_list* %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %168 %13 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %14 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 0, i64* %13) #6, !srcloc !6 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %168, label %17 call void @__rcu_read_lock() #83 %18 = load volatile i64, i64* %13, align 8 %19 = and i64 %18, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %22 = and i64 %18, -256 %23 = inttoptr i64 %22 to %struct.pool_workqueue* %24 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %23, i64 0, i32 0 %25 = load %struct.worker_pool*, %struct.worker_pool** %24, align 256 br label %35 %36 = phi %struct.worker_pool* [ %25, %21 ], [ %34, %30 ] %37 = icmp eq %struct.worker_pool* %36, null br i1 %37, label %158, label %38 %39 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %36, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %39) #83 %40 = load volatile i64, i64* %13, align 8 %41 = and i64 %40, 4 %42 = icmp eq i64 %41, 0 %43 = and i64 %40, -256 %44 = inttoptr i64 %43 to %struct.pool_workqueue* %45 = icmp eq i64 %43, 0 %46 = or i1 %42, %45 br i1 %46, label %157, label %47 %48 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %44, i64 0, i32 0 %49 = load %struct.worker_pool*, %struct.worker_pool** %48, align 256 %50 = icmp eq %struct.worker_pool* %49, %36 br i1 %50, label %51, label %157 %52 = and i64 %40, 2 %53 = icmp eq i64 %52, 0 br i1 %53, label %138, label %54 %139 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1 %140 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 1, i32 1 %141 = load %struct.list_head*, %struct.list_head** %140, align 8 %142 = getelementptr inbounds %struct.list_head, %struct.list_head* %139, i64 0, i32 0 %143 = load %struct.list_head*, %struct.list_head** %142, align 8 %144 = getelementptr inbounds %struct.list_head, %struct.list_head* %143, i64 0, i32 1 store %struct.list_head* %141, %struct.list_head** %144, align 8 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %141, i64 0, i32 0 store volatile %struct.list_head* %143, %struct.list_head** %145, align 8 store volatile %struct.list_head* %139, %struct.list_head** %142, align 8 store %struct.list_head* %139, %struct.list_head** %140, align 8 %146 = load i64, i64* %13, align 8 call fastcc void @pwq_dec_nr_in_flight(%struct.pool_workqueue* nonnull %44, i64 %146) #84 Function:pwq_dec_nr_in_flight %3 = alloca i64, align 8 %4 = lshr i64 %1, 4 %5 = trunc i64 %4 to i32 %6 = and i32 %5, 15 %7 = and i64 %1, 2 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %22 %10 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 6 %11 = load i32, i32* %10, align 4 %12 = add i32 %11, -1 store i32 %12, i32* %10, align 4 %13 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %13 br i1 %16, label %22, label %17 %23 = zext i32 %6 to i64 %24 = getelementptr %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 5, i64 %23 %25 = load i32, i32* %24, align 4 %26 = add i32 %25, -1 store i32 %26, i32* %24, align 4 %27 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 3 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %6 %30 = icmp eq i32 %26, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %44, !prof !4, !misexpect !5 store i32 -1, i32* %27, align 4 %33 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %34 = load %struct.workqueue_struct*, %struct.workqueue_struct** %33, align 8 %35 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %34, i64 0, i32 5, i32 0 %36 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !6 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %44, label %39 %45 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 4 %46 = load i32, i32* %45, align 8 %47 = add i32 %46, -1 store i32 %47, i32* %45, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %71, !prof !7, !misexpect !5 %50 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 1 %51 = load %struct.workqueue_struct*, %struct.workqueue_struct** %50, align 8 %52 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %51, i64 0, i32 19 %53 = load i32, i32* %52, align 64 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57, !prof !7, !misexpect !8 %58 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %0, i64 0, i32 11 %59 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %60 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !11 %61 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %62 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %58, i64 0, i32 0, i32 0 %63 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %62, i64 0, i64* %62) #6, !srcloc !13 %64 = and i8 %63, 1 %65 = icmp eq i8 %64, 0 br i1 %65, label %66, label %67 call fastcc void @__queue_work(i32 64, %struct.workqueue_struct* %59, %struct.work_struct* %58) #84 Function:__queue_work %4 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 19 %5 = load i32, i32* %4, align 64 %6 = and i32 %5, 65536 %7 = icmp eq i32 %6, 0 br i1 %7, label %30, label %8, !prof !4, !misexpect !5 %9 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %10 = and i32 %9, 16711936 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %29, !prof !7 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 32 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19, !prof !9 %20 = tail call i8* bitcast (i8* (%struct.task_struct.49298*)* @kthread_data to i8* (%struct.task_struct*)*)(%struct.task_struct* %14) #83 %21 = icmp eq i8* %20, null br i1 %21, label %29, label %22, !prof !9 %23 = getelementptr inbounds i8, i8* %20, i64 32 %24 = bitcast i8* %23 to %struct.pool_workqueue** %25 = load %struct.pool_workqueue*, %struct.pool_workqueue** %24, align 8 %26 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %25, i64 0, i32 1 %27 = load %struct.workqueue_struct*, %struct.workqueue_struct** %26, align 8 %28 = icmp eq %struct.workqueue_struct* %27, %1 br i1 %28, label %30, label %29, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %31 = icmp eq i32 %0, 64 %32 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 14 %33 = getelementptr inbounds %struct.workqueue_struct, %struct.workqueue_struct* %1, i64 0, i32 20 %34 = bitcast %struct.pool_workqueue** %33 to i64* %35 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 0, i32 0 %36 = ptrtoint %struct.work_struct* %2 to i64 %37 = mul i64 %36, 7046029254386353131 %38 = lshr i64 %37, 58 %39 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %2, i64 0, i32 2 br label %40 %41 = phi i32 [ %0, %30 ], [ %100, %167 ] %42 = load i32, i32* %4, align 64 %43 = and i32 %42, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %87, label %45 br i1 %31, label %46, label %72 %47 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !12 %48 = load i8, i8* @wq_debug_force_rr_cpu, align 1, !range !13 %49 = icmp eq i8 %48, 1 br i1 %49, label %55, label %50, !prof !14, !misexpect !15 %56 = load i1, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br i1 %56, label %59, label %57 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([74 x i8], [74 x i8]* @.str.34.5890, i64 0, i64 0)) #84 store i1 true, i1* @wq_select_unbound_cpu.printed_dbg_warning, align 1 br label %59 %60 = load i64, i64* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0, i32 0, i64 0), align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %72, label %62 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.35.5891, i64 0, i64 0)) #83 %63 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @wq_rr_cpu_last) #4, !srcloc !17 %64 = tail call i32 @cpumask_next_and(i32 %63, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %65 = load i32, i32* @nr_cpu_ids, align 4 %66 = icmp ult i32 %64, %65 br i1 %66, label %70, label %67, !prof !4, !misexpect !5 %68 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @wq_unbound_cpumask, i64 0, i64 0), %struct.cpumask* nonnull @__cpu_online_mask) #85 %69 = icmp ult i32 %68, %65 br i1 %69, label %70, label %72, !prof !4, !misexpect !5 %71 = phi i32 [ %68, %67 ], [ %64, %62 ] tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.36.5892, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 queued_spin_lock_slowpath 1 tracing_saved_cmdlines_size_read ------------- Path:  Function:tracing_saved_cmdlines_size_read %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %7 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.qspinlock, %struct.qspinlock* @trace_cmdline_lock, i64 0, i32 0, i32 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.qspinlock, %struct.qspinlock* @trace_cmdline_lock, i64 0, i32 0, i32 0, i32 0), i32 0) #6, !srcloc !4 %8 = extractvalue { i8, i32 } %7, 0 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %13, !prof !5, !misexpect !6 %12 = extractvalue { i8, i32 } %7, 1 tail call void @queued_spin_lock_slowpath(%struct.qspinlock* nonnull @trace_cmdline_lock, i32 %12) #83 Function:queued_spin_lock_slowpath %3 = icmp eq i32 %1, 256 br i1 %3, label %4, label %15 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 256 br i1 %7, label %8, label %15 %9 = phi i32 [ %10, %8 ], [ 512, %4 ] %10 = add nsw i32 %9, -1 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i32, i32* %5, align 4 %12 = icmp ne i32 %11, 256 %13 = icmp eq i32 %10, 0 %14 = or i1 %13, %12 br i1 %14, label %15, label %8 %16 = phi i32 [ %1, %2 ], [ %6, %4 ], [ %11, %8 ] %17 = icmp ult i32 %16, 256 br i1 %17, label %18, label %46 %19 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 %20 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsl $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},I,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 8, i32* %19) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = zext i8 %21 to i32 %23 = shl nuw nsw i32 %22, 8 %24 = load volatile i32, i32* %19, align 4 %25 = and i32 %24, -65281 %26 = or i32 %23, %25 %27 = icmp ugt i32 %26, 255 br i1 %27, label %28, label %33, !prof !6, !misexpect !7 %29 = icmp eq i8 %21, 0 br i1 %29, label %30, label %46 %47 = tail call i32 @debug_smp_processor_id() #83 %48 = zext i32 %47 to i64 %49 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %48 %50 = load i64, i64* %49, align 8 %51 = add i64 %50, ptrtoint ([4 x %struct.qnode]* @qnodes to i64) %52 = inttoptr i64 %51 to %struct.mcs_spinlock* %53 = getelementptr inbounds %struct.mcs_spinlock, %struct.mcs_spinlock* %52, i64 0, i32 2 %54 = load i32, i32* %53, align 4 %55 = add i32 %54, 1 store i32 %55, i32* %53, align 4 %56 = tail call i32 @debug_smp_processor_id() #83 %57 = shl i32 %56, 18 %58 = add i32 %57, 262144 %59 = shl i32 %54, 16 %60 = or i32 %58, %59 %61 = icmp sgt i32 %54, 3 br i1 %61, label %62, label %73, !prof !6, !misexpect !7 %63 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 br label %64 %65 = load volatile i32, i32* %63, align 4 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72, !prof !9, !misexpect !7 %68 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %63, i32 1, i32* %63, i32 0) #6, !srcloc !10 %69 = extractvalue { i8, i32 } %68, 0 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %72, label %147 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.7755, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 queued_spin_lock_slowpath 1 ring_buffer_alloc_read_page 2 tracing_buffers_read ------------- Path:  Function:tracing_buffers_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.ftrace_buffer_info** %7 = load %struct.ftrace_buffer_info*, %struct.ftrace_buffer_info** %6, align 8 %8 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0 %9 = icmp eq i64 %2, 0 br i1 %9, label %114, label %10 %11 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null br i1 %13, label %14, label %29 %15 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 2 %16 = load %struct.array_buffer*, %struct.array_buffer** %15, align 8 %17 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %16, i64 0, i32 1 %18 = load %struct.trace_buffer*, %struct.trace_buffer** %17, align 8 %19 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = tail call i8* @ring_buffer_alloc_read_page(%struct.trace_buffer* %18, i32 %20) #83 Function:ring_buffer_alloc_read_page %3 = alloca i64, align 8 %4 = zext i32 %1 to i64 %5 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 3, i64 0, i32 0, i64 0 %6 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4) #6, !srcloc !4 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %61, label %9 %10 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 6 %11 = load %struct.ring_buffer_per_cpu**, %struct.ring_buffer_per_cpu*** %10, align 8 %12 = sext i32 %1 to i64 %13 = getelementptr %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %11, i64 %12 %14 = load %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %13, align 8 %15 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !5 %16 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %14, i64 0, i32 5 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %17, i64 0, i32 0, i32 0, i32 0 %19 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18, i32 0) #6, !srcloc !7 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %25, !prof !8, !misexpect !9 %24 = extractvalue { i8, i32 } %19, 1 call void @queued_spin_lock_slowpath(%struct.qspinlock* %17, i32 %24) #83 Function:queued_spin_lock_slowpath %3 = icmp eq i32 %1, 256 br i1 %3, label %4, label %15 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 256 br i1 %7, label %8, label %15 %9 = phi i32 [ %10, %8 ], [ 512, %4 ] %10 = add nsw i32 %9, -1 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i32, i32* %5, align 4 %12 = icmp ne i32 %11, 256 %13 = icmp eq i32 %10, 0 %14 = or i1 %13, %12 br i1 %14, label %15, label %8 %16 = phi i32 [ %1, %2 ], [ %6, %4 ], [ %11, %8 ] %17 = icmp ult i32 %16, 256 br i1 %17, label %18, label %46 %19 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 %20 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsl $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},I,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 8, i32* %19) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = zext i8 %21 to i32 %23 = shl nuw nsw i32 %22, 8 %24 = load volatile i32, i32* %19, align 4 %25 = and i32 %24, -65281 %26 = or i32 %23, %25 %27 = icmp ugt i32 %26, 255 br i1 %27, label %28, label %33, !prof !6, !misexpect !7 %29 = icmp eq i8 %21, 0 br i1 %29, label %30, label %46 %47 = tail call i32 @debug_smp_processor_id() #83 %48 = zext i32 %47 to i64 %49 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %48 %50 = load i64, i64* %49, align 8 %51 = add i64 %50, ptrtoint ([4 x %struct.qnode]* @qnodes to i64) %52 = inttoptr i64 %51 to %struct.mcs_spinlock* %53 = getelementptr inbounds %struct.mcs_spinlock, %struct.mcs_spinlock* %52, i64 0, i32 2 %54 = load i32, i32* %53, align 4 %55 = add i32 %54, 1 store i32 %55, i32* %53, align 4 %56 = tail call i32 @debug_smp_processor_id() #83 %57 = shl i32 %56, 18 %58 = add i32 %57, 262144 %59 = shl i32 %54, 16 %60 = or i32 %58, %59 %61 = icmp sgt i32 %54, 3 br i1 %61, label %62, label %73, !prof !6, !misexpect !7 %63 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 br label %64 %65 = load volatile i32, i32* %63, align 4 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72, !prof !9, !misexpect !7 %68 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %63, i32 1, i32* %63, i32 0) #6, !srcloc !10 %69 = extractvalue { i8, i32 } %68, 0 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %72, label %147 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.7755, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __mod_node_page_state 1 workingset_update_node 2 xas_store 3 xa_erase 4 i915_gem_vm_destroy_ioctl ------------- Path:  Function:i915_gem_vm_destroy_ioctl %4 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 19 %5 = bitcast i8** %4 to %struct.drm_i915_file_private.436064** %6 = load %struct.drm_i915_file_private.436064*, %struct.drm_i915_file_private.436064** %5, align 8 %7 = getelementptr inbounds i8, i8* %1, i64 8 %8 = bitcast i8* %7 to i32* %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %35 %12 = bitcast i8* %1 to i64* %13 = load i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %35 %16 = getelementptr inbounds %struct.drm_i915_file_private.436064, %struct.drm_i915_file_private.436064* %6, i64 0, i32 5 %17 = getelementptr inbounds i8, i8* %1, i64 12 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = tail call i8* @xa_erase(%struct.xarray* %16, i64 %20) #83 Function:xa_erase %3 = alloca %struct.xa_state, align 8 %4 = getelementptr inbounds %struct.xarray, %struct.xarray* %0, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #83 %5 = bitcast %struct.xa_state* %3 to i8* %6 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 store %struct.xarray* %0, %struct.xarray** %6, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %10 = bitcast i8* %8 to i32* store i32 0, i32* %10, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %9, align 8 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %12 = bitcast %struct.xa_node** %11 to i8* %13 = call i8* @xas_store(%struct.xa_state* nonnull %3, i8* null) #83 Function:xas_store %3 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 0 %4 = load %struct.xarray*, %struct.xarray** %3, align 8 %5 = getelementptr inbounds %struct.xarray, %struct.xarray* %4, i64 0, i32 2 %6 = ptrtoint i8* %1 to i64 %7 = icmp eq i8* %1, null br i1 %7, label %16, label %8 %17 = tail call i8* @xas_load(%struct.xa_state* %0) #83 br label %18 %19 = phi i8* [ %15, %8 ], [ %17, %16 ] %20 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 6 %21 = bitcast %struct.xa_node** %20 to i64* %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 3 %24 = icmp eq i64 %23, 0 %25 = inttoptr i64 %22 to %struct.xa_node* br i1 %24, label %26, label %312 %27 = icmp eq i64 %22, 0 br i1 %27, label %36, label %28 %37 = icmp eq i8* %19, %1 %38 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 3 %39 = load i8, i8* %38, align 1 %40 = icmp eq i8 %39, 0 %41 = and i1 %37, %40 br i1 %41, label %312, label %42 %43 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 4 %44 = load i8, i8* %43, align 2 %45 = zext i8 %44 to i32 %46 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 3 %47 = zext i8 %39 to i32 %48 = add nuw nsw i32 %47, %45 br i1 %27, label %78, label %49 %50 = zext i8 %44 to i64 %51 = getelementptr %struct.xa_node, %struct.xa_node* %25, i64 0, i32 7, i64 %50 %52 = icmp eq i8 %39, 0 br i1 %52, label %78, label %53 %54 = zext i8 %39 to i64 %55 = add nuw nsw i64 %54, %50 %56 = add nuw nsw i64 %55, 1 %57 = getelementptr %struct.xa_node, %struct.xa_node* %25, i64 0, i32 8, i32 0, i64 0, i64 0 %58 = zext i8 %44 to i64 %59 = add nuw nsw i64 %58, 1 %60 = tail call i64 @_find_next_bit(i64* %57, i64* null, i64 %56, i64 %59, i64 0, i64 0) #84 %61 = icmp eq i64 %60, %56 br i1 %61, label %70, label %62 %71 = load i8, i8* %43, align 2 %72 = load %struct.xa_node*, %struct.xa_node** %20, align 8 %73 = getelementptr %struct.xa_node, %struct.xa_node* %72, i64 0, i32 8, i32 0, i64 1, i64 0 %74 = zext i8 %71 to i64 %75 = add nuw nsw i64 %74, 1 %76 = tail call i64 @_find_next_bit(i64* %73, i64* null, i64 %56, i64 %75, i64 0, i64 0) #84 %77 = icmp eq i64 %76, %56 br i1 %77, label %322, label %314 %323 = load i8, i8* %43, align 2 %324 = load %struct.xa_node*, %struct.xa_node** %20, align 8 %325 = getelementptr %struct.xa_node, %struct.xa_node* %324, i64 0, i32 8, i32 0, i64 2, i64 0 %326 = zext i8 %323 to i64 %327 = add nuw nsw i64 %326, 1 %328 = tail call i64 @_find_next_bit(i64* %325, i64* null, i64 %56, i64 %327, i64 0, i64 0) #84 %329 = icmp eq i64 %328, %56 br i1 %329, label %78, label %330 %79 = phi i8** [ %51, %49 ], [ %5, %42 ], [ %51, %330 ], [ %51, %322 ] br i1 %7, label %80, label %81 %82 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %25, i64 0, i32 0 %83 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 8 %84 = trunc i64 %6 to i32 %85 = and i32 %84, 1 %86 = add nsw i32 %85, -1 br label %87 %88 = phi i32 [ %45, %81 ], [ %180, %179 ] %89 = phi i32 [ 0, %81 ], [ %159, %179 ] %90 = phi i32 [ 0, %81 ], [ %164, %179 ] %91 = phi i8* [ %19, %81 ], [ %184, %179 ] %92 = phi i8** [ %79, %81 ], [ %185, %179 ] %93 = phi i8* [ %1, %81 ], [ %181, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8* %93, i8** %92, align 8 %94 = ptrtoint i8* %91 to i64 %95 = and i64 %94, 3 %96 = icmp eq i64 %95, 2 %97 = icmp ugt i8* %91, inttoptr (i64 4096 to i8*) %98 = and i1 %97, %96 br i1 %98, label %99, label %152 br i1 %27, label %103, label %100 %101 = load i8, i8* %82, align 8 %102 = icmp eq i8 %101, 0 br i1 %102, label %153, label %103 %154 = icmp eq i8* %91, null %155 = zext i1 %154 to i32 %156 = icmp eq i8* %93, null %157 = sext i1 %156 to i32 %158 = add i32 %89, %155 %159 = add i32 %158, %157 %160 = trunc i64 %94 to i32 %161 = and i32 %160, 1 %162 = xor i32 %161, 1 %163 = add i32 %86, %90 %164 = add i32 %163, %162 br i1 %156, label %174, label %165 %175 = icmp eq i32 %88, 63 br i1 %175, label %186, label %176 %177 = add i32 %88, 1 %178 = icmp ugt i32 %177, %48 br i1 %178, label %186, label %179 %187 = or i32 %164, %159 %188 = icmp eq i32 %187, 0 %189 = or i1 %27, %188 br i1 %189, label %312, label %190 %191 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %25, i64 0, i32 2 %192 = load i8, i8* %191, align 2 %193 = trunc i32 %159 to i8 %194 = add i8 %192, %193 store i8 %194, i8* %191, align 2 %195 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %25, i64 0, i32 3 %196 = load i8, i8* %195, align 1 %197 = trunc i32 %164 to i8 %198 = add i8 %196, %197 store i8 %198, i8* %195, align 1 %199 = load void (%struct.xa_node*)*, void (%struct.xa_node*)** %83, align 8 %200 = icmp eq void (%struct.xa_node*)* %199, null br i1 %200, label %202, label %201 tail call void %199(%struct.xa_node* nonnull %25) #84 Function:workingset_update_node %2 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %0, i64 0, i32 2 %3 = load i8, i8* %2, align 2 %4 = icmp eq i8 %3, 0 br i1 %4, label %42, label %5 %6 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %0, i64 0, i32 3 %7 = load i8, i8* %6, align 1 %8 = icmp eq i8 %3, %7 br i1 %8, label %9, label %42 %10 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %0, i64 0, i32 6, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %14, label %75 %15 = tail call zeroext i1 @list_lru_add(%struct.list_lru* nonnull @shadow_nodes, %struct.list_head* %10) #83 %16 = getelementptr %struct.xa_node, %struct.xa_node* %0, i64 0, i32 0 %17 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %18 = ptrtoint %struct.xa_node* %0 to i64 %19 = add i64 %18, 2147483648 %20 = icmp ugt i8* %16, inttoptr (i64 -2147483649 to i8*) %21 = load i64, i64* @phys_base, align 8 %22 = load i64, i64* @page_offset_base, align 8 %23 = sub i64 -2147483648, %22 %24 = select i1 %20, i64 %21, i64 %23 %25 = add i64 %19, %24 %26 = lshr i64 %25, 12 %27 = getelementptr %struct.page, %struct.page* %17, i64 %26 %28 = getelementptr %struct.page, %struct.page* %17, i64 %26, i32 1 %29 = bitcast %union.anon.20* %28 to i64* %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 1 %32 = icmp eq i64 %31, 0 %33 = add i64 %30, -1 %34 = ptrtoint %struct.page* %27 to i64 %35 = select i1 %32, i64 %34, i64 %33, !prof !4 %36 = inttoptr i64 %35 to %struct.page* %37 = getelementptr inbounds %struct.page, %struct.page* %36, i64 0, i32 0 %38 = load i64, i64* %37, align 16 %39 = lshr i64 %38, 58 %40 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %39 %41 = load %struct.pglist_data*, %struct.pglist_data** %40, align 8 tail call void bitcast (void (%struct.pglist_data.124020*, i32, i64)* @__mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %41, i32 9, i64 1) #83 Function:__mod_node_page_state %4 = getelementptr inbounds %struct.pglist_data.124020, %struct.pglist_data.124020* %0, i64 0, i32 30 %5 = load %struct.per_cpu_nodestat*, %struct.per_cpu_nodestat** %4, align 64 %6 = zext i32 %1 to i64 %7 = getelementptr %struct.per_cpu_nodestat, %struct.per_cpu_nodestat* %5, i64 0, i32 1, i64 %6 %8 = add i32 %1, -5 %9 = icmp ult i32 %8, 2 %10 = ashr i64 %2, 12 %11 = select i1 %9, i64 %10, i64 %2 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.2.13919, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __mod_node_page_state 1 workingset_update_node 2 xas_store 3 xa_erase 4 i915_gem_vm_destroy_ioctl ------------- Path:  Function:i915_gem_vm_destroy_ioctl %4 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 19 %5 = bitcast i8** %4 to %struct.drm_i915_file_private.436064** %6 = load %struct.drm_i915_file_private.436064*, %struct.drm_i915_file_private.436064** %5, align 8 %7 = getelementptr inbounds i8, i8* %1, i64 8 %8 = bitcast i8* %7 to i32* %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %35 %12 = bitcast i8* %1 to i64* %13 = load i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %35 %16 = getelementptr inbounds %struct.drm_i915_file_private.436064, %struct.drm_i915_file_private.436064* %6, i64 0, i32 5 %17 = getelementptr inbounds i8, i8* %1, i64 12 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = tail call i8* @xa_erase(%struct.xarray* %16, i64 %20) #83 Function:xa_erase %3 = alloca %struct.xa_state, align 8 %4 = getelementptr inbounds %struct.xarray, %struct.xarray* %0, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #83 %5 = bitcast %struct.xa_state* %3 to i8* %6 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 store %struct.xarray* %0, %struct.xarray** %6, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %10 = bitcast i8* %8 to i32* store i32 0, i32* %10, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %9, align 8 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %12 = bitcast %struct.xa_node** %11 to i8* %13 = call i8* @xas_store(%struct.xa_state* nonnull %3, i8* null) #83 Function:xas_store %3 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 0 %4 = load %struct.xarray*, %struct.xarray** %3, align 8 %5 = getelementptr inbounds %struct.xarray, %struct.xarray* %4, i64 0, i32 2 %6 = ptrtoint i8* %1 to i64 %7 = icmp eq i8* %1, null br i1 %7, label %16, label %8 %17 = tail call i8* @xas_load(%struct.xa_state* %0) #83 br label %18 %19 = phi i8* [ %15, %8 ], [ %17, %16 ] %20 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 6 %21 = bitcast %struct.xa_node** %20 to i64* %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 3 %24 = icmp eq i64 %23, 0 %25 = inttoptr i64 %22 to %struct.xa_node* br i1 %24, label %26, label %312 %27 = icmp eq i64 %22, 0 br i1 %27, label %36, label %28 %37 = icmp eq i8* %19, %1 %38 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 3 %39 = load i8, i8* %38, align 1 %40 = icmp eq i8 %39, 0 %41 = and i1 %37, %40 br i1 %41, label %312, label %42 %43 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 4 %44 = load i8, i8* %43, align 2 %45 = zext i8 %44 to i32 %46 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 3 %47 = zext i8 %39 to i32 %48 = add nuw nsw i32 %47, %45 br i1 %27, label %78, label %49 %50 = zext i8 %44 to i64 %51 = getelementptr %struct.xa_node, %struct.xa_node* %25, i64 0, i32 7, i64 %50 %52 = icmp eq i8 %39, 0 br i1 %52, label %78, label %53 %54 = zext i8 %39 to i64 %55 = add nuw nsw i64 %54, %50 %56 = add nuw nsw i64 %55, 1 %57 = getelementptr %struct.xa_node, %struct.xa_node* %25, i64 0, i32 8, i32 0, i64 0, i64 0 %58 = zext i8 %44 to i64 %59 = add nuw nsw i64 %58, 1 %60 = tail call i64 @_find_next_bit(i64* %57, i64* null, i64 %56, i64 %59, i64 0, i64 0) #84 %61 = icmp eq i64 %60, %56 br i1 %61, label %70, label %62 %71 = load i8, i8* %43, align 2 %72 = load %struct.xa_node*, %struct.xa_node** %20, align 8 %73 = getelementptr %struct.xa_node, %struct.xa_node* %72, i64 0, i32 8, i32 0, i64 1, i64 0 %74 = zext i8 %71 to i64 %75 = add nuw nsw i64 %74, 1 %76 = tail call i64 @_find_next_bit(i64* %73, i64* null, i64 %56, i64 %75, i64 0, i64 0) #84 %77 = icmp eq i64 %76, %56 br i1 %77, label %322, label %314 %323 = load i8, i8* %43, align 2 %324 = load %struct.xa_node*, %struct.xa_node** %20, align 8 %325 = getelementptr %struct.xa_node, %struct.xa_node* %324, i64 0, i32 8, i32 0, i64 2, i64 0 %326 = zext i8 %323 to i64 %327 = add nuw nsw i64 %326, 1 %328 = tail call i64 @_find_next_bit(i64* %325, i64* null, i64 %56, i64 %327, i64 0, i64 0) #84 %329 = icmp eq i64 %328, %56 br i1 %329, label %78, label %330 %79 = phi i8** [ %51, %49 ], [ %5, %42 ], [ %51, %330 ], [ %51, %322 ] br i1 %7, label %80, label %81 %82 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %25, i64 0, i32 0 %83 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 8 %84 = trunc i64 %6 to i32 %85 = and i32 %84, 1 %86 = add nsw i32 %85, -1 br label %87 %88 = phi i32 [ %45, %81 ], [ %180, %179 ] %89 = phi i32 [ 0, %81 ], [ %159, %179 ] %90 = phi i32 [ 0, %81 ], [ %164, %179 ] %91 = phi i8* [ %19, %81 ], [ %184, %179 ] %92 = phi i8** [ %79, %81 ], [ %185, %179 ] %93 = phi i8* [ %1, %81 ], [ %181, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8* %93, i8** %92, align 8 %94 = ptrtoint i8* %91 to i64 %95 = and i64 %94, 3 %96 = icmp eq i64 %95, 2 %97 = icmp ugt i8* %91, inttoptr (i64 4096 to i8*) %98 = and i1 %97, %96 br i1 %98, label %99, label %152 br i1 %27, label %103, label %100 %101 = load i8, i8* %82, align 8 %102 = icmp eq i8 %101, 0 br i1 %102, label %153, label %103 %154 = icmp eq i8* %91, null %155 = zext i1 %154 to i32 %156 = icmp eq i8* %93, null %157 = sext i1 %156 to i32 %158 = add i32 %89, %155 %159 = add i32 %158, %157 %160 = trunc i64 %94 to i32 %161 = and i32 %160, 1 %162 = xor i32 %161, 1 %163 = add i32 %86, %90 %164 = add i32 %163, %162 br i1 %156, label %174, label %165 %175 = icmp eq i32 %88, 63 br i1 %175, label %186, label %176 %177 = add i32 %88, 1 %178 = icmp ugt i32 %177, %48 br i1 %178, label %186, label %179 %187 = or i32 %164, %159 %188 = icmp eq i32 %187, 0 %189 = or i1 %27, %188 br i1 %189, label %312, label %190 %191 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %25, i64 0, i32 2 %192 = load i8, i8* %191, align 2 %193 = trunc i32 %159 to i8 %194 = add i8 %192, %193 store i8 %194, i8* %191, align 2 %195 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %25, i64 0, i32 3 %196 = load i8, i8* %195, align 1 %197 = trunc i32 %164 to i8 %198 = add i8 %196, %197 store i8 %198, i8* %195, align 1 %199 = load void (%struct.xa_node*)*, void (%struct.xa_node*)** %83, align 8 %200 = icmp eq void (%struct.xa_node*)* %199, null br i1 %200, label %202, label %201 tail call void %199(%struct.xa_node* nonnull %25) #84 Function:workingset_update_node %2 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %0, i64 0, i32 2 %3 = load i8, i8* %2, align 2 %4 = icmp eq i8 %3, 0 br i1 %4, label %42, label %5 %6 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %0, i64 0, i32 3 %7 = load i8, i8* %6, align 1 %8 = icmp eq i8 %3, %7 br i1 %8, label %9, label %42 %10 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %0, i64 0, i32 6, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %14, label %75 %15 = tail call zeroext i1 @list_lru_add(%struct.list_lru* nonnull @shadow_nodes, %struct.list_head* %10) #83 %16 = getelementptr %struct.xa_node, %struct.xa_node* %0, i64 0, i32 0 %17 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %18 = ptrtoint %struct.xa_node* %0 to i64 %19 = add i64 %18, 2147483648 %20 = icmp ugt i8* %16, inttoptr (i64 -2147483649 to i8*) %21 = load i64, i64* @phys_base, align 8 %22 = load i64, i64* @page_offset_base, align 8 %23 = sub i64 -2147483648, %22 %24 = select i1 %20, i64 %21, i64 %23 %25 = add i64 %19, %24 %26 = lshr i64 %25, 12 %27 = getelementptr %struct.page, %struct.page* %17, i64 %26 %28 = getelementptr %struct.page, %struct.page* %17, i64 %26, i32 1 %29 = bitcast %union.anon.20* %28 to i64* %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 1 %32 = icmp eq i64 %31, 0 %33 = add i64 %30, -1 %34 = ptrtoint %struct.page* %27 to i64 %35 = select i1 %32, i64 %34, i64 %33, !prof !4 %36 = inttoptr i64 %35 to %struct.page* %37 = getelementptr inbounds %struct.page, %struct.page* %36, i64 0, i32 0 %38 = load i64, i64* %37, align 16 %39 = lshr i64 %38, 58 %40 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %39 %41 = load %struct.pglist_data*, %struct.pglist_data** %40, align 8 tail call void bitcast (void (%struct.pglist_data.124020*, i32, i64)* @__mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %41, i32 9, i64 1) #83 Function:__mod_node_page_state %4 = getelementptr inbounds %struct.pglist_data.124020, %struct.pglist_data.124020* %0, i64 0, i32 30 %5 = load %struct.per_cpu_nodestat*, %struct.per_cpu_nodestat** %4, align 64 %6 = zext i32 %1 to i64 %7 = getelementptr %struct.per_cpu_nodestat, %struct.per_cpu_nodestat* %5, i64 0, i32 1, i64 %6 %8 = add i32 %1, -5 %9 = icmp ult i32 %8, 2 %10 = ashr i64 %2, 12 %11 = select i1 %9, i64 %10, i64 %2 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.2.13919, i64 0, i64 0)) #83 %12 = tail call i8 asm "movb %gs:$1, $0", "=q,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7) #4, !srcloc !4 %13 = sext i8 %12 to i64 %14 = add i64 %11, %13 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.2.13919, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __mod_node_page_state 1 workingset_update_node 2 xas_store 3 xa_erase 4 i915_gem_vm_destroy_ioctl ------------- Path:  Function:i915_gem_vm_destroy_ioctl %4 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 19 %5 = bitcast i8** %4 to %struct.drm_i915_file_private.436064** %6 = load %struct.drm_i915_file_private.436064*, %struct.drm_i915_file_private.436064** %5, align 8 %7 = getelementptr inbounds i8, i8* %1, i64 8 %8 = bitcast i8* %7 to i32* %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %35 %12 = bitcast i8* %1 to i64* %13 = load i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %35 %16 = getelementptr inbounds %struct.drm_i915_file_private.436064, %struct.drm_i915_file_private.436064* %6, i64 0, i32 5 %17 = getelementptr inbounds i8, i8* %1, i64 12 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = tail call i8* @xa_erase(%struct.xarray* %16, i64 %20) #83 Function:xa_erase %3 = alloca %struct.xa_state, align 8 %4 = getelementptr inbounds %struct.xarray, %struct.xarray* %0, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #83 %5 = bitcast %struct.xa_state* %3 to i8* %6 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 store %struct.xarray* %0, %struct.xarray** %6, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %10 = bitcast i8* %8 to i32* store i32 0, i32* %10, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %9, align 8 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %12 = bitcast %struct.xa_node** %11 to i8* %13 = call i8* @xas_store(%struct.xa_state* nonnull %3, i8* null) #83 Function:xas_store %3 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 0 %4 = load %struct.xarray*, %struct.xarray** %3, align 8 %5 = getelementptr inbounds %struct.xarray, %struct.xarray* %4, i64 0, i32 2 %6 = ptrtoint i8* %1 to i64 %7 = icmp eq i8* %1, null br i1 %7, label %16, label %8 %17 = tail call i8* @xas_load(%struct.xa_state* %0) #83 br label %18 %19 = phi i8* [ %15, %8 ], [ %17, %16 ] %20 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 6 %21 = bitcast %struct.xa_node** %20 to i64* %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 3 %24 = icmp eq i64 %23, 0 %25 = inttoptr i64 %22 to %struct.xa_node* br i1 %24, label %26, label %312 %27 = icmp eq i64 %22, 0 br i1 %27, label %36, label %28 %37 = icmp eq i8* %19, %1 %38 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 3 %39 = load i8, i8* %38, align 1 %40 = icmp eq i8 %39, 0 %41 = and i1 %37, %40 br i1 %41, label %312, label %42 %43 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 4 %44 = load i8, i8* %43, align 2 %45 = zext i8 %44 to i32 %46 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 3 %47 = zext i8 %39 to i32 %48 = add nuw nsw i32 %47, %45 br i1 %27, label %78, label %49 %50 = zext i8 %44 to i64 %51 = getelementptr %struct.xa_node, %struct.xa_node* %25, i64 0, i32 7, i64 %50 %52 = icmp eq i8 %39, 0 br i1 %52, label %78, label %53 %54 = zext i8 %39 to i64 %55 = add nuw nsw i64 %54, %50 %56 = add nuw nsw i64 %55, 1 %57 = getelementptr %struct.xa_node, %struct.xa_node* %25, i64 0, i32 8, i32 0, i64 0, i64 0 %58 = zext i8 %44 to i64 %59 = add nuw nsw i64 %58, 1 %60 = tail call i64 @_find_next_bit(i64* %57, i64* null, i64 %56, i64 %59, i64 0, i64 0) #84 %61 = icmp eq i64 %60, %56 br i1 %61, label %70, label %62 %71 = load i8, i8* %43, align 2 %72 = load %struct.xa_node*, %struct.xa_node** %20, align 8 %73 = getelementptr %struct.xa_node, %struct.xa_node* %72, i64 0, i32 8, i32 0, i64 1, i64 0 %74 = zext i8 %71 to i64 %75 = add nuw nsw i64 %74, 1 %76 = tail call i64 @_find_next_bit(i64* %73, i64* null, i64 %56, i64 %75, i64 0, i64 0) #84 %77 = icmp eq i64 %76, %56 br i1 %77, label %322, label %314 %323 = load i8, i8* %43, align 2 %324 = load %struct.xa_node*, %struct.xa_node** %20, align 8 %325 = getelementptr %struct.xa_node, %struct.xa_node* %324, i64 0, i32 8, i32 0, i64 2, i64 0 %326 = zext i8 %323 to i64 %327 = add nuw nsw i64 %326, 1 %328 = tail call i64 @_find_next_bit(i64* %325, i64* null, i64 %56, i64 %327, i64 0, i64 0) #84 %329 = icmp eq i64 %328, %56 br i1 %329, label %78, label %330 %79 = phi i8** [ %51, %49 ], [ %5, %42 ], [ %51, %330 ], [ %51, %322 ] br i1 %7, label %80, label %81 %82 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %25, i64 0, i32 0 %83 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 8 %84 = trunc i64 %6 to i32 %85 = and i32 %84, 1 %86 = add nsw i32 %85, -1 br label %87 %88 = phi i32 [ %45, %81 ], [ %180, %179 ] %89 = phi i32 [ 0, %81 ], [ %159, %179 ] %90 = phi i32 [ 0, %81 ], [ %164, %179 ] %91 = phi i8* [ %19, %81 ], [ %184, %179 ] %92 = phi i8** [ %79, %81 ], [ %185, %179 ] %93 = phi i8* [ %1, %81 ], [ %181, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8* %93, i8** %92, align 8 %94 = ptrtoint i8* %91 to i64 %95 = and i64 %94, 3 %96 = icmp eq i64 %95, 2 %97 = icmp ugt i8* %91, inttoptr (i64 4096 to i8*) %98 = and i1 %97, %96 br i1 %98, label %99, label %152 br i1 %27, label %103, label %100 %101 = load i8, i8* %82, align 8 %102 = icmp eq i8 %101, 0 br i1 %102, label %153, label %103 %154 = icmp eq i8* %91, null %155 = zext i1 %154 to i32 %156 = icmp eq i8* %93, null %157 = sext i1 %156 to i32 %158 = add i32 %89, %155 %159 = add i32 %158, %157 %160 = trunc i64 %94 to i32 %161 = and i32 %160, 1 %162 = xor i32 %161, 1 %163 = add i32 %86, %90 %164 = add i32 %163, %162 br i1 %156, label %174, label %165 %175 = icmp eq i32 %88, 63 br i1 %175, label %186, label %176 %177 = add i32 %88, 1 %178 = icmp ugt i32 %177, %48 br i1 %178, label %186, label %179 %187 = or i32 %164, %159 %188 = icmp eq i32 %187, 0 %189 = or i1 %27, %188 br i1 %189, label %312, label %190 %191 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %25, i64 0, i32 2 %192 = load i8, i8* %191, align 2 %193 = trunc i32 %159 to i8 %194 = add i8 %192, %193 store i8 %194, i8* %191, align 2 %195 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %25, i64 0, i32 3 %196 = load i8, i8* %195, align 1 %197 = trunc i32 %164 to i8 %198 = add i8 %196, %197 store i8 %198, i8* %195, align 1 %199 = load void (%struct.xa_node*)*, void (%struct.xa_node*)** %83, align 8 %200 = icmp eq void (%struct.xa_node*)* %199, null br i1 %200, label %202, label %201 tail call void %199(%struct.xa_node* nonnull %25) #84 Function:workingset_update_node %2 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %0, i64 0, i32 2 %3 = load i8, i8* %2, align 2 %4 = icmp eq i8 %3, 0 br i1 %4, label %42, label %5 %6 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %0, i64 0, i32 3 %7 = load i8, i8* %6, align 1 %8 = icmp eq i8 %3, %7 br i1 %8, label %9, label %42 %10 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %0, i64 0, i32 6, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %14, label %75 %15 = tail call zeroext i1 @list_lru_add(%struct.list_lru* nonnull @shadow_nodes, %struct.list_head* %10) #83 %16 = getelementptr %struct.xa_node, %struct.xa_node* %0, i64 0, i32 0 %17 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %18 = ptrtoint %struct.xa_node* %0 to i64 %19 = add i64 %18, 2147483648 %20 = icmp ugt i8* %16, inttoptr (i64 -2147483649 to i8*) %21 = load i64, i64* @phys_base, align 8 %22 = load i64, i64* @page_offset_base, align 8 %23 = sub i64 -2147483648, %22 %24 = select i1 %20, i64 %21, i64 %23 %25 = add i64 %19, %24 %26 = lshr i64 %25, 12 %27 = getelementptr %struct.page, %struct.page* %17, i64 %26 %28 = getelementptr %struct.page, %struct.page* %17, i64 %26, i32 1 %29 = bitcast %union.anon.20* %28 to i64* %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 1 %32 = icmp eq i64 %31, 0 %33 = add i64 %30, -1 %34 = ptrtoint %struct.page* %27 to i64 %35 = select i1 %32, i64 %34, i64 %33, !prof !4 %36 = inttoptr i64 %35 to %struct.page* %37 = getelementptr inbounds %struct.page, %struct.page* %36, i64 0, i32 0 %38 = load i64, i64* %37, align 16 %39 = lshr i64 %38, 58 %40 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %39 %41 = load %struct.pglist_data*, %struct.pglist_data** %40, align 8 tail call void bitcast (void (%struct.pglist_data.124020*, i32, i64)* @__mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %41, i32 9, i64 1) #83 Function:__mod_node_page_state %4 = getelementptr inbounds %struct.pglist_data.124020, %struct.pglist_data.124020* %0, i64 0, i32 30 %5 = load %struct.per_cpu_nodestat*, %struct.per_cpu_nodestat** %4, align 64 %6 = zext i32 %1 to i64 %7 = getelementptr %struct.per_cpu_nodestat, %struct.per_cpu_nodestat* %5, i64 0, i32 1, i64 %6 %8 = add i32 %1, -5 %9 = icmp ult i32 %8, 2 %10 = ashr i64 %2, 12 %11 = select i1 %9, i64 %10, i64 %2 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.2.13919, i64 0, i64 0)) #83 %12 = tail call i8 asm "movb %gs:$1, $0", "=q,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7) #4, !srcloc !4 %13 = sext i8 %12 to i64 %14 = add i64 %11, %13 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.2.13919, i64 0, i64 0)) #83 %15 = getelementptr inbounds %struct.per_cpu_nodestat, %struct.per_cpu_nodestat* %5, i64 0, i32 0 %16 = tail call i8 asm "movb %gs:$1, $0", "=q,*m,~{dirflag},~{fpsr},~{flags}"(i8* %15) #4, !srcloc !5 %17 = sext i8 %16 to i64 %18 = icmp slt i64 %14, 0 %19 = sub i64 0, %14 %20 = select i1 %18, i64 %19, i64 %14 %21 = icmp sgt i64 %20, %17 br i1 %21, label %22, label %25, !prof !6, !misexpect !7 %23 = getelementptr %struct.pglist_data.124020, %struct.pglist_data.124020* %0, i64 0, i32 31, i64 %6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; addq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 %14, i64* %23) #6, !srcloc !8 %24 = getelementptr [40 x %struct.anon.1], [40 x %struct.anon.1]* @vm_node_stat, i64 0, i64 %6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; addq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %24, i64 %14, i64* %24) #6, !srcloc !8 br label %25 %26 = phi i64 [ 0, %22 ], [ %14, %3 ] tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.3.13920, i64 0, i64 0)) #83 ------------- Good: 6785 Bad: 23 Ignored: 4621 Check Use of Function:elf_map Check Use of Function:dev_ifsioc Check Use of Function:mutex_is_locked Use: =BAD PATH= Call Stack: 0 n_tty_poll ------------- Path:  Function:n_tty_poll %4 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 27 %5 = icmp eq %struct.poll_table_struct.350710* %2, null br i1 %5, label %21, label %6 %22 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 29 %23 = bitcast i8** %22 to %struct.n_tty_data** %24 = load %struct.n_tty_data*, %struct.n_tty_data** %23, align 8 %25 = getelementptr %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 13, i32 5, i64 5 %26 = load i8, i8* %25, align 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %34 %29 = getelementptr %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 13, i32 5, i64 6 %30 = load i8, i8* %29, align 1 %31 = icmp eq i8 %30, 0 %32 = select i1 %31, i8 1, i8 %30 %33 = zext i8 %32 to i64 br label %34 %35 = phi i64 [ 1, %21 ], [ %33, %28 ] %36 = getelementptr inbounds %struct.n_tty_data, %struct.n_tty_data* %24, i64 0, i32 10 %37 = load i8, i8* %36, align 1 %38 = and i8 %37, 16 %39 = icmp eq i8 %38, 0 br i1 %39, label %45, label %40 %41 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 13, i32 3 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 65536 %44 = icmp eq i32 %43, 0 br i1 %44, label %52, label %45 %53 = getelementptr inbounds %struct.n_tty_data, %struct.n_tty_data* %24, i64 0, i32 2 %54 = load i64, i64* %53, align 8 %55 = getelementptr inbounds %struct.n_tty_data, %struct.n_tty_data* %24, i64 0, i32 14 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %54, %56 br i1 %57, label %58, label %97 %98 = phi i32 [ 65, %52 ], [ %96, %94 ], [ 65, %45 ] %99 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 20, i32 4 %100 = load i8, i8* %99, align 1, !range !4 %101 = icmp eq i8 %100, 0 br i1 %101, label %109, label %102 %103 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 24 %104 = load %struct.tty_struct.351000*, %struct.tty_struct.351000** %103, align 8 %105 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %104, i64 0, i32 20, i32 3 %106 = load i8, i8* %105, align 8 %107 = icmp eq i8 %106, 0 %108 = select i1 %107, i32 %98, i32 67 br label %109 %110 = phi i32 [ %98, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 16 %112 = load volatile i64, i64* %111, align 8 %113 = and i64 %112, 4 %114 = icmp eq i64 %113, 0 %115 = or i32 %110, 16 %116 = tail call i32 bitcast (i32 (%struct.file*)* @tty_hung_up_p to i32 (%struct.file.350889*)*)(%struct.file.350889* %1) #83 %117 = icmp eq i32 %116, 0 %118 = and i1 %117, %114 %119 = select i1 %118, i32 %110, i32 %115 %120 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 4 %121 = load %struct.tty_operations.350995*, %struct.tty_operations.350995** %120, align 8 %122 = getelementptr inbounds %struct.tty_operations.350995, %struct.tty_operations.350995* %121, i64 0, i32 7 %123 = load i32 (%struct.tty_struct.351000*, i8*, i32)*, i32 (%struct.tty_struct.351000*, i8*, i32)** %122, align 8 %124 = icmp eq i32 (%struct.tty_struct.351000*, i8*, i32)* %123, null br i1 %124, label %136, label %125 %126 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 8 %127 = tail call zeroext i1 @mutex_is_locked(%struct.mutex* %126) #83 ------------- Good: 303 Bad: 1 Ignored: 237 Check Use of Function:perf_event_namespaces Check Use of Function:dev_get_mac_address Check Use of Function:ieee80211_sta_join_ibss Check Use of Function:kern_path Check Use of Function:dev_change_proto_down Check Use of Function:mnt_warn_timestamp_expiry Check Use of Function:force_sig Use: =BAD PATH= Call Stack: 0 signal_fault 1 __ia32_compat_sys_rt_sigreturn ------------- Path:  Function:__ia32_compat_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = bitcast %struct.cpumask* %2 to i8* %12 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %13 = load i64, i64* %12, align 8 %14 = add i64 %13, -4 %15 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %16 = add i64 %15, -268 %17 = icmp ult i64 %16, %14 br i1 %17, label %41, label %18, !prof !6, !misexpect !7 %19 = inttoptr i64 %14 to %struct.rt_sigframe_ia32* %21 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 4 %22 = bitcast %struct.kernel_cap_struct* %21 to i64* %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %20) #6, !srcloc !8 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %41, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %2) #83 %32 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 3 %33 = call fastcc zeroext i1 @ia32_restore_sigcontext(%struct.pt_regs* %10, %struct.sigcontext_32* %32) #84 br i1 %33, label %34, label %41 %35 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 2 %36 = call i32 @compat_restore_altstack(%struct.kernel_symbol* %35) #83 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %41 %42 = inttoptr i64 %14 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %42, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.3.4806, i64 0, i64 0)) #83 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.2039** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.2039**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.2039* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #83 ------------- Use: =BAD PATH= Call Stack: 0 signal_fault 1 __ia32_compat_sys_sigreturn ------------- Path:  Function:__ia32_compat_sys_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = inttoptr i64 %13 to %struct.sigframe_ia32* %15 = bitcast %struct.cpumask* %2 to i8* %16 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %17 = add i64 %16, -736 %18 = icmp ult i64 %17, %13 br i1 %18, label %49, label %19, !prof !6, !misexpect !7 %21 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2 %22 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2, i32 26 %23 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %22, i64 4, i64 %20) #6, !srcloc !8 %24 = extractvalue { i32*, i32, i64 } %23, 0 %25 = extractvalue { i32*, i32, i64 } %23, 1 %26 = extractvalue { i32*, i32, i64 } %23, 2 %27 = ptrtoint i32* %24 to i64 %28 = zext i32 %25 to i64 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %28, i64* %29, align 8 %30 = and i64 %27, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %49, !prof !9, !misexpect !10 %34 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 4, i64 0 %35 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %34, i64 4, i64 %33) #6, !srcloc !11 %36 = extractvalue { i32*, i32, i64 } %35, 0 %37 = extractvalue { i32*, i32, i64 } %35, 1 %38 = extractvalue { i32*, i32, i64 } %35, 2 %39 = ptrtoint i32* %36 to i64 %40 = bitcast %struct.cpumask* %2 to i32* %41 = getelementptr inbounds i32, i32* %40, i64 1 store i32 %37, i32* %41, align 4 %42 = and i64 %39, 4294967295 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %49, !prof !9, !misexpect !10 %50 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %50, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.4803, i64 0, i64 0)) #83 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.2039** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.2039**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.2039* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #83 ------------- Use: =BAD PATH= Call Stack: 0 signal_fault 1 __do_sys_rt_sigreturn ------------- Path:  Function:__do_sys_rt_sigreturn %2 = alloca %struct.sigcontext_64, align 8 %3 = alloca %struct.cpumask, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.2039** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.2039**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.2039* %6 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %5, i64 0, i32 2 %7 = bitcast i8** %6 to i64* %8 = load i64, i64* %7, align 32 %9 = add i64 %8, 16384 %10 = inttoptr i64 %9 to %struct.pt_regs* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %10, i64 -1 %12 = bitcast %struct.cpumask* %3 to i8* %13 = getelementptr %struct.pt_regs, %struct.pt_regs* %10, i64 -1, i32 19 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, -8 %16 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %17 = add i64 %16, -440 %18 = icmp ult i64 %17, %15 br i1 %18, label %138, label %19, !prof !6, !misexpect !7 %20 = inttoptr i64 %15 to %struct.rt_sigframe* %22 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %20, i64 0, i32 1, i32 4, i32 0, i64 0 %23 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %22, i64 8, i64 %21) #6, !srcloc !8 %24 = extractvalue { i64*, i64, i64 } %23, 0 %25 = extractvalue { i64*, i64, i64 } %23, 1 %26 = extractvalue { i64*, i64, i64 } %23, 2 %27 = ptrtoint i64* %24 to i64 %28 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %3, i64 0, i32 0, i64 0 store i64 %25, i64* %28, align 8 %29 = and i64 %27, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %138, !prof !9, !misexpect !10 %33 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %20, i64 0, i32 1, i32 0 %34 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %33, i64 8, i64 %32) #6, !srcloc !11 %35 = extractvalue { i64*, i64, i64 } %34, 0 %36 = extractvalue { i64*, i64, i64 } %34, 2 %37 = ptrtoint i64* %35 to i64 %38 = and i64 %37, 4294967295 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %138, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %3) #83 %41 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %20, i64 0, i32 1, i32 3 %42 = bitcast %struct.sigcontext_64* %2 to i8* %43 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %5, i64 0, i32 61, i32 1 store i64 (%struct.restart_block*)* @do_no_restart_syscall, i64 (%struct.restart_block*)** %43, align 8 %44 = bitcast %struct.sigcontext_64* %41 to i8* %45 = call i64 @_copy_from_user(i8* nonnull %42, i8* %44, i64 192) #83 %46 = icmp eq i64 %45, 0 br i1 %46, label %48, label %47 br label %138 %139 = inttoptr i64 %15 to i8* call void @signal_fault(%struct.pt_regs* %11, i8* %139, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.6.1394, i64 0, i64 0)) #84 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.2039** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.2039**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.2039* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #83 ------------- Good: 7 Bad: 3 Ignored: 21 Check Use of Function:get_fs_type Check Use of Function:wiphy_unregister Check Use of Function:dissolve_on_fput Check Use of Function:vfs_parse_fs_string Check Use of Function:hpet_compat_ioctl Check Use of Function:security_task_fix_setgid Check Use of Function:wiphy_regulatory_register Check Use of Function:mount_capable Check Use of Function:percpu_ref_exit Check Use of Function:unregister_pernet_subsys Check Use of Function:drm_vblank_get Check Use of Function:simple_rmdir Check Use of Function:kbd_rate Check Use of Function:cancel_work_sync Use: =BAD PATH= Call Stack: 0 intel_fbc_reset_underrun 1 i915_fifo_underrun_reset_write ------------- Path:  Function:i915_fifo_underrun_reset_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_i915_private.428426** %8 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %7, align 8 %9 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i8, i8* %5, align 1, !range !4 %15 = icmp eq i8 %14, 0 br i1 %15, label %77, label %16 %17 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %8, i64 0, i32 0, i32 30, i32 20 %18 = bitcast %struct.list_head* %17 to i8** %19 = load i8*, i8** %18, align 8 %20 = bitcast i8* %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %72, label %22 %23 = icmp eq %struct.drm_i915_private.428426* %8, null %24 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %8, i64 0, i32 0, i32 2 br label %25 %26 = phi i8* [ %19, %22 ], [ %69, %67 ] %27 = getelementptr i8, i8* %26, i64 -16 %28 = bitcast i8* %27 to %struct.intel_crtc.428263* %29 = getelementptr i8, i8* %26, i64 24 %30 = bitcast i8* %29 to %struct.drm_modeset_lock* %31 = call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %30) #83 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = getelementptr i8, i8* %26, i64 824 %37 = bitcast i8* %36 to %struct.intel_crtc_state.428259** %38 = load %struct.intel_crtc_state.428259*, %struct.intel_crtc_state.428259** %37, align 8 %39 = getelementptr inbounds %struct.intel_crtc_state.428259, %struct.intel_crtc_state.428259* %38, i64 0, i32 0, i32 19 %40 = load %struct.drm_crtc_commit.373222*, %struct.drm_crtc_commit.373222** %39, align 8 %41 = icmp eq %struct.drm_crtc_commit.373222* %40, null br i1 %41, label %50, label %42 %51 = getelementptr inbounds %struct.intel_crtc_state.428259, %struct.intel_crtc_state.428259* %38, i64 0, i32 1, i32 0 %52 = load i8, i8* %51, align 8, !range !4 %53 = icmp eq i8 %52, 0 br i1 %53, label %67, label %54 call void @drm_modeset_unlock(%struct.drm_modeset_lock* %30) #83 %68 = bitcast i8* %26 to i8** %69 = load i8*, i8** %68, align 8 %70 = bitcast i8* %69 to %struct.list_head* %71 = icmp eq %struct.list_head* %17, %70 br i1 %71, label %72, label %25 %73 = call i32 bitcast (i32 (%struct.drm_i915_private.418547*)* @intel_fbc_reset_underrun to i32 (%struct.drm_i915_private.428426*)*)(%struct.drm_i915_private.428426* %8) #83 Function:intel_fbc_reset_underrun %2 = getelementptr inbounds %struct.drm_i915_private.418547, %struct.drm_i915_private.418547* %0, i64 0, i32 31, i32 12 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_buffer_cancel_work 1 tty_port_put 2 con_cleanup ------------- Path:  Function:con_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %3 = bitcast i8** %2 to %struct.vc_data.357703** %4 = load %struct.vc_data.357703*, %struct.vc_data.357703** %3, align 8 %5 = getelementptr inbounds %struct.vc_data.357703, %struct.vc_data.357703* %4, i64 0, i32 0 tail call void bitcast (void (%struct.tty_port.352437*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %5) #83 Function:tty_port_put %2 = icmp eq %struct.tty_port.352437* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.352437, %struct.tty_port.352437* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.352437* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.352434** %20 = load %struct.tty_struct.352434*, %struct.tty_struct.352434** %19, align 8 %21 = icmp eq %struct.tty_struct.352434* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #83 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.352012*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.352437*)*)(%struct.tty_port.352437* %17) #83 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.352012, %struct.tty_port.352012* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_buffer_cancel_work 1 tty_port_put 2 pty_cleanup ------------- Path:  Function:pty_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %3 = load %struct.tty_port*, %struct.tty_port** %2, align 8 tail call void bitcast (void (%struct.tty_port.352437*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %3) #83 Function:tty_port_put %2 = icmp eq %struct.tty_port.352437* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.352437, %struct.tty_port.352437* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.352437* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.352434** %20 = load %struct.tty_struct.352434*, %struct.tty_struct.352434** %19, align 8 %21 = icmp eq %struct.tty_struct.352434* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #83 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.352012*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.352437*)*)(%struct.tty_port.352437* %17) #83 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.352012, %struct.tty_port.352012* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_buffer_cancel_work 1 tty_port_put 2 pty_cleanup ------------- Path:  Function:pty_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %3 = load %struct.tty_port*, %struct.tty_port** %2, align 8 tail call void bitcast (void (%struct.tty_port.352437*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %3) #83 Function:tty_port_put %2 = icmp eq %struct.tty_port.352437* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.352437, %struct.tty_port.352437* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.352437* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.352434** %20 = load %struct.tty_struct.352434*, %struct.tty_struct.352434** %19, align 8 %21 = icmp eq %struct.tty_struct.352434* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #83 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.352012*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.352437*)*)(%struct.tty_port.352437* %17) #83 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.352012, %struct.tty_port.352012* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #83 ------------- Good: 122 Bad: 4 Ignored: 52 Check Use of Function:get_device Use: =BAD PATH= Call Stack: 0 xps_cpus_show ------------- Path:  Function:xps_cpus_show %3 = getelementptr inbounds %struct.netdev_queue.754308, %struct.netdev_queue.754308* %0, i64 0, i32 0 %4 = load %struct.net_device.754351*, %struct.net_device.754351** %3, align 64 %5 = getelementptr inbounds %struct.net_device.754351, %struct.net_device.754351* %4, i64 0, i32 88 %6 = load i32, i32* %5, align 8 %7 = icmp ugt i32 %6, 1 br i1 %7, label %8, label %40 %9 = getelementptr inbounds %struct.net_device.754351, %struct.net_device.754351* %4, i64 0, i32 87 %10 = bitcast %struct.netdev_queue.754308** %9 to i64* %11 = load i64, i64* %10, align 64 %12 = ptrtoint %struct.netdev_queue.754308* %0 to i64 %13 = sub i64 %12, %11 %14 = sdiv exact i64 %13, 320 %15 = trunc i64 %14 to i32 %16 = icmp ugt i32 %6, %15 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = tail call i32 @rtnl_trylock() #83 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %24 %25 = load %struct.netdev_queue.754308*, %struct.netdev_queue.754308** %9, align 64 %26 = and i64 %14, 4294967295 %27 = getelementptr %struct.netdev_queue.754308, %struct.netdev_queue.754308* %25, i64 %26, i32 7 %28 = load %struct.net_device.754351*, %struct.net_device.754351** %27, align 16 %29 = icmp eq %struct.net_device.754351* %28, null %30 = select i1 %29, %struct.net_device.754351* %4, %struct.net_device.754351* %28 %31 = tail call i32 bitcast (i32 (%struct.net_device.744736*, i32)* @netdev_txq_to_tc to i32 (%struct.net_device.754351*, i32)*)(%struct.net_device.754351* %30, i32 %15) #83 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %34 %35 = getelementptr inbounds %struct.net_device.754351, %struct.net_device.754351* %30, i64 0, i32 114 %36 = tail call %struct.device.754070* bitcast (%struct.device* (%struct.device*)* @get_device to %struct.device.754070* (%struct.device.754070*)*)(%struct.device.754070* %35) #83 ------------- Use: =BAD PATH= Call Stack: 0 scsi_device_get 1 sdev_store_delete ------------- Path:  Function:sdev_store_delete %5 = getelementptr %struct.device.609954, %struct.device.609954* %0, i64 -1, i32 11, i32 8, i32 0, i32 1 %6 = bitcast i64* %5 to %struct.scsi_device.610229* %7 = tail call i32 bitcast (i32 (%struct.scsi_device*)* @scsi_device_get to i32 (%struct.scsi_device.610229*)*)(%struct.scsi_device.610229* %6) #83 Function:scsi_device_get %2 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 68 %3 = load i32, i32* %2, align 8 %4 = add i32 %3, -3 %5 = icmp ult i32 %4, 2 br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 54 %8 = tail call %struct.device.606559* bitcast (%struct.device* (%struct.device*)* @get_device to %struct.device.606559* (%struct.device.606559*)*)(%struct.device.606559* %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 pci_dev_get 1 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.48040, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* %300 = bitcast i32* %9 to i8* %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.48041, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %305 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** @vga_default, align 8 %306 = call %struct.pci_dev.313800* @pci_dev_get(%struct.pci_dev.313800* %305) #83 Function:pci_dev_get %2 = icmp eq %struct.pci_dev.313800* %0, null br i1 %2, label %6, label %3 %4 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 46 %5 = tail call %struct.device* @get_device(%struct.device* %4) #83 ------------- Good: 118 Bad: 3 Ignored: 105 Check Use of Function:fixup_pi_owner Check Use of Function:netdev_master_upper_dev_get Check Use of Function:__rseq_handle_notify_resume Check Use of Function:rt_mutex_cleanup_proxy_lock Check Use of Function:scsi_autopm_put_device Check Use of Function:fpu__clear_user_states Check Use of Function:security_context_to_sid_force Check Use of Function:set_cpus_allowed_ptr Check Use of Function:__sta_info_recalc_tim Check Use of Function:maybe_link Check Use of Function:wait_for_completion_timeout Check Use of Function:__usecs_to_jiffies Check Use of Function:dir_add Check Use of Function:ip6_route_del Check Use of Function:vfs_mknod Check Use of Function:vfs_mkdir Check Use of Function:blkdev_compat_ptr_ioctl Check Use of Function:set_regdom Check Use of Function:proc_dointvec Use: =BAD PATH= Call Stack: 0 proc_ipc_sem_dointvec ------------- Path:  Function:proc_ipc_sem_dointvec %6 = alloca %struct.ctl_table, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 103 %10 = load %struct.nsproxy*, %struct.nsproxy** %9, align 64 %11 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %10, i64 0, i32 2 %12 = load %struct.ipc_namespace*, %struct.ipc_namespace** %11, align 8 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %12, i64 0, i32 1, i64 3 %14 = load i32, i32* %13, align 4 %15 = bitcast %struct.ctl_table* %6 to i8* %16 = bitcast %struct.ctl_table* %0 to i8* %17 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = bitcast %struct.ipc_namespace** %11 to i8** %21 = load i8*, i8** %20, align 8 %22 = sub i64 %19, ptrtoint (%struct.ipc_namespace.260378* @init_ipc_ns to i64) %23 = getelementptr i8, i8* %21, i64 %22 %24 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %23, i8** %24, align 8 %25 = call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_mq_dointvec ------------- Path:  Function:proc_mq_dointvec %6 = alloca %struct.ctl_table, align 8 %7 = bitcast %struct.ctl_table* %6 to i8* %8 = bitcast %struct.ctl_table* %0 to i8* %9 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %10 = bitcast i8** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.263291** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.263291**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.263291* %14 = getelementptr inbounds %struct.task_struct.263291, %struct.task_struct.263291* %13, i64 0, i32 103 %15 = load %struct.nsproxy.263230*, %struct.nsproxy.263230** %14, align 64 %16 = getelementptr inbounds %struct.nsproxy.263230, %struct.nsproxy.263230* %15, i64 0, i32 2 %17 = bitcast %struct.ipc_namespace.260378** %16 to i8** %18 = load i8*, i8** %17, align 8 %19 = sub i64 %11, ptrtoint (%struct.ipc_namespace.260378* @init_ipc_ns to i64) %20 = getelementptr i8, i8* %18, i64 %19 %21 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %20, i8** %21, align 8 %22 = call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_entropy ------------- Path:  Function:proc_do_entropy %6 = alloca %struct.ctl_table, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.ctl_table* %6 to i8* %9 = bitcast i32* %7 to i8* %10 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %11 = bitcast i8** %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = load i32, i32* %12, align 4 %14 = ashr i32 %13, 3 store i32 %14, i32* %7, align 4 %15 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 %16 = bitcast i8** %15 to i32** store i32* %7, i32** %16, align 8 %17 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 4, i32* %17, align 8 %18 = call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipv6_sysctl_rtcache_flush ------------- Path:  Function:ipv6_sysctl_rtcache_flush %6 = icmp eq i32 %1, 0 br i1 %6, label %20, label %7 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 7 %9 = bitcast i8** %8 to %struct.net.873518** %10 = load %struct.net.873518*, %struct.net.873518** %9, align 8 %11 = getelementptr inbounds %struct.net.873518, %struct.net.873518* %10, i64 0, i32 35, i32 1, i32 5 %12 = load i32, i32* %11, align 8 %13 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_proxy_ndp ------------- Path:  Function:addrconf_sysctl_proxy_ndp %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_disable ------------- Path:  Function:addrconf_sysctl_disable %6 = alloca %struct.netdev_notifier_info.872346, align 8 %7 = alloca %struct.netdev_notifier_info.872346, align 8 %8 = alloca i32, align 4 %9 = alloca %struct.ctl_table, align 8 %10 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %11 = bitcast i8** %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = bitcast i32* %8 to i8* %14 = load i32, i32* %12, align 4 store i32 %14, i32* %8, align 4 %15 = load i64, i64* %4, align 8 %16 = bitcast %struct.ctl_table* %9 to i8* %17 = bitcast %struct.ctl_table* %0 to i8* %18 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %9, i64 0, i32 1 %19 = bitcast i8** %18 to i32** store i32* %8, i32** %19, align 8 %20 = call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %9, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_dev_weight ------------- Path:  Function:proc_do_dev_weight %6 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_dev_weight ------------- Path:  Function:proc_do_dev_weight %6 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_dev_weight ------------- Path:  Function:proc_do_dev_weight %6 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_ignore_routes_with_linkdown ------------- Path:  Function:addrconf_sysctl_ignore_routes_with_linkdown %6 = alloca i32, align 4 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = bitcast i8** %8 to i32** %10 = load i32*, i32** %9, align 8 %11 = bitcast i32* %6 to i8* %12 = load i32, i32* %10, align 4 store i32 %12, i32* %6, align 4 %13 = load i64, i64* %4, align 8 %14 = bitcast %struct.ctl_table* %7 to i8* %15 = bitcast %struct.ctl_table* %0 to i8* %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 %17 = bitcast i8** %16 to i32** store i32* %6, i32** %17, align 8 %18 = call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_disable_policy ------------- Path:  Function:addrconf_sysctl_disable_policy %6 = alloca i32, align 4 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = bitcast i8** %8 to i32** %10 = load i32*, i32** %9, align 8 %11 = bitcast i32* %6 to i8* %12 = load i32, i32* %10, align 4 store i32 %12, i32* %6, align 4 %13 = load i64, i64* %4, align 8 %14 = bitcast %struct.ctl_table* %7 to i8* %15 = bitcast %struct.ctl_table* %0 to i8* %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 %17 = bitcast i8** %16 to i32** store i32* %6, i32** %17, align 8 %18 = call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_sysctl_forward ------------- Path:  Function:devinet_sysctl_forward %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = load i64, i64* %4, align 8 %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 8 %12 = bitcast i8** %11 to %struct.net.813150** %13 = load %struct.net.813150*, %struct.net.813150** %12, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %17 %16 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 0, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_sysctl_forward ------------- Path:  Function:devinet_sysctl_forward %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = load i64, i64* %4, align 8 %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 8 %12 = bitcast i8** %11 to %struct.net.813150** %13 = load %struct.net.813150*, %struct.net.813150** %12, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %17 %16 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 0, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_forward ------------- Path:  Function:addrconf_sysctl_forward %6 = alloca i32, align 4 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = bitcast i8** %8 to i32** %10 = load i32*, i32** %9, align 8 %11 = bitcast i32* %6 to i8* %12 = load i32, i32* %10, align 4 store i32 %12, i32* %6, align 4 %13 = load i64, i64* %4, align 8 %14 = bitcast %struct.ctl_table* %7 to i8* %15 = bitcast %struct.ctl_table* %0 to i8* %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 %17 = bitcast i8** %16 to i32** store i32* %6, i32** %17, align 8 %18 = call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 nf_conntrack_hash_sysctl ------------- Path:  Function:nf_conntrack_hash_sysctl %6 = load i32, i32* @nf_conntrack_htable_size, align 4 store i32 %6, i32* @nf_conntrack_htable_size_user, align 4 %7 = tail call i32 bitcast (i32 (%struct.ctl_table.50160*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #83 ------------- Good: 7 Bad: 52 Ignored: 5 Check Use of Function:ieee80211_del_virtual_monitor Check Use of Function:pci_bus_read_config_byte Use: =BAD PATH= Call Stack: 0 pci_read_config_byte 1 subordinate_bus_number_show ------------- Path:  Function:subordinate_bus_number_show %4 = alloca i8, align 1 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %6 = bitcast %struct.irq_domain** %5 to %struct.pci_dev.313800* %7 = call i32 @pci_read_config_byte(%struct.pci_dev.313800* %6, i32 26, i8* nonnull %4) #83 Function:pci_read_config_byte %4 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 44 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 3 br i1 %6, label %7, label %8 %9 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 1 %10 = load %struct.pci_bus.313802*, %struct.pci_bus.313802** %9, align 8 %11 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = tail call i32 @pci_bus_read_config_byte(%struct.pci_bus.313802* %10, i32 %12, i32 %1, i8* %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 pci_read_config_byte 1 secondary_bus_number_show ------------- Path:  Function:secondary_bus_number_show %4 = alloca i8, align 1 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %6 = bitcast %struct.irq_domain** %5 to %struct.pci_dev.313800* %7 = call i32 @pci_read_config_byte(%struct.pci_dev.313800* %6, i32 25, i8* nonnull %4) #83 Function:pci_read_config_byte %4 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 44 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 3 br i1 %6, label %7, label %8 %9 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 1 %10 = load %struct.pci_bus.313802*, %struct.pci_bus.313802** %9, align 8 %11 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = tail call i32 @pci_bus_read_config_byte(%struct.pci_bus.313802* %10, i32 %12, i32 %1, i8* %2) #83 ------------- Good: 229 Bad: 2 Ignored: 448 Check Use of Function:msdos_create Check Use of Function:io_req_complete_post Check Use of Function:ieee80211_check_fast_rx_iface Check Use of Function:get_user_pages_fast Use: =BAD PATH= Call Stack: 0 get_futex_key 1 futex_wake 2 do_futex 3 __se_sys_futex 4 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_futex_key 1 futex_wake 2 do_futex 3 __se_sys_futex 4 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_futex_key 1 futex_wake 2 do_futex 3 __se_sys_futex_time32 4 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 get_futex_key 1 futex_wake 2 do_futex 3 __se_sys_futex_time32 4 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 ------------- Good: 23 Bad: 4 Ignored: 16 Check Use of Function:path_openat Check Use of Function:audit_log_path_denied Check Use of Function:generic_setlease Use: =BAD PATH= Call Stack: 0 nfs4_proc_setlease 1 nfs4_setlease ------------- Path:  Function:nfs4_setlease %5 = tail call i32 @nfs4_proc_setlease(%struct.file* %0, i64 %1, %struct.file_lock** %2, i8** %3) #83 Function:nfs4_proc_setlease switch i64 %1, label %22 [ i64 0, label %5 i64 1, label %5 i64 2, label %20 ] %21 = tail call i32 @generic_setlease(%struct.file* %0, i64 2, %struct.file_lock** null, i8** %3) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_setlease 1 nfs4_setlease ------------- Path:  Function:nfs4_setlease %5 = tail call i32 @nfs4_proc_setlease(%struct.file* %0, i64 %1, %struct.file_lock** %2, i8** %3) #83 Function:nfs4_proc_setlease switch i64 %1, label %22 [ i64 0, label %5 i64 1, label %5 i64 2, label %20 ] %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq i64 %1, 0 %9 = select i1 %8, i32 1, i32 2 %10 = tail call i32 @nfs4_have_delegation(%struct.inode* %7, i32 %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %22, label %12 %13 = tail call i32 @generic_setlease(%struct.file* %0, i64 %1, %struct.file_lock** %2, i8** %3) #83 ------------- Good: 2 Bad: 2 Ignored: 1 Check Use of Function:vm_mmap_pgoff Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_compat_sys_ia32_mmap ------------- Path:  Function:__ia32_compat_sys_ia32_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #83 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %56 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %56 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %56 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %56 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %56 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 vm_mmap 1 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %153 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %11 = bitcast %struct.mutex* %10 to i8* %12 = load i8, i8* %11, align 8 %13 = icmp ugt i8 %12, 12 br i1 %13, label %153, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 32 %16 = bitcast i8* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ult i64 %17, 2 br i1 %18, label %19, label %153 %20 = icmp eq i64 %17, 0 br i1 %20, label %25, label %21 %22 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %23 = and i64 %22, 65536 %24 = icmp eq i64 %23, 0 br i1 %24, label %153, label %25 %26 = bitcast i8* %1 to i32* %27 = load i32, i32* %26, align 8 tail call void @__rcu_read_lock() #83 %28 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %29 = zext i32 %27 to i64 %30 = tail call i8* @idr_find(%struct.idr* %28, i64 %29) #83 %31 = icmp eq i8* %30, null br i1 %31, label %55, label %32 %33 = bitcast i8* %30 to %struct.seqcount_spinlock* %34 = bitcast i8* %30 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %34, i32 %39, i32* nonnull %34, i32 %38) #6, !srcloc !4 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %45 = extractvalue { i8, i32 } %40, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %37 %48 = phi i32 [ 0, %32 ], [ %38, %37 ], [ 0, %44 ] %49 = add i32 %48, 1 %50 = or i32 %49, %48 %51 = icmp sgt i32 %50, -1 br i1 %51, label %53, label %52, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %33, i32 0) #83 br label %53 %54 = icmp eq i32 %48, 0 br i1 %54, label %55, label %56 tail call void @__rcu_read_unlock() #83 %57 = getelementptr inbounds i8, i8* %30, i64 16 %58 = bitcast i8* %57 to %struct.file** %59 = load %struct.file*, %struct.file** %58, align 8 %60 = icmp eq %struct.file* %59, null br i1 %60, label %140, label %61 %62 = getelementptr inbounds i8, i8* %1, i64 8 %63 = bitcast i8* %62 to i64* %64 = load i64, i64* %63, align 8 %65 = getelementptr inbounds i8, i8* %1, i64 16 %66 = bitcast i8* %65 to i64* %67 = getelementptr inbounds i8, i8* %30, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %64 br i1 %70, label %71, label %140 %72 = load i64, i64* %66, align 8 %73 = sub i64 %69, %64 %74 = icmp ugt i64 %72, %73 br i1 %74, label %140, label %75 %76 = tail call i64 @vm_mmap(%struct.file* nonnull %59, i64 0, i64 %72, i64 3, i64 1, i64 %64) #83 Function:vm_mmap %7 = add i64 %2, 4095 %8 = and i64 %7, -4096 %9 = xor i64 %5, -1 %10 = icmp ule i64 %8, %9 %11 = and i64 %5, 4095 %12 = icmp eq i64 %11, 0 %13 = and i1 %10, %12 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %15 = lshr i64 %5, 12 %16 = tail call i64 @vm_mmap_pgoff(%struct.file* %0, i64 %1, i64 %2, i64 %3, i64 %4, i64 %15) #83 ------------- Good: 10 Bad: 6 Ignored: 4 Check Use of Function:tty_lock Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 Function:tty_jobctrl_ioctl switch i32 %3, label %233 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %95 i32 21520, label %132 i32 21545, label %206 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct.353794*)*)(%struct.tty_struct.353794* %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl 2 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #83 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 Function:tty_jobctrl_ioctl switch i32 %3, label %233 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %95 i32 21520, label %132 i32 21545, label %206 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct.353794*)*)(%struct.tty_struct.353794* %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl 2 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #83 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 Function:tty_jobctrl_ioctl switch i32 %3, label %233 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %95 i32 21520, label %132 i32 21545, label %206 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct.353794*)*)(%struct.tty_struct.353794* %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 Function:tty_jobctrl_ioctl switch i32 %3, label %233 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %95 i32 21520, label %132 i32 21545, label %206 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct.353794*)*)(%struct.tty_struct.353794* %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct*, %struct.tty_struct** %7, align 8 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* %8) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct*, %struct.tty_struct** %7, align 8 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* %8) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.352793*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #84 ------------- Good: 13 Bad: 9 Ignored: 17 Check Use of Function:step_into Check Use of Function:io_allocate_scq_urings Check Use of Function:kfree_skb_list Check Use of Function:nv_free_irq Check Use of Function:security_compute_av_user Check Use of Function:cfg80211_sme_auth_timeout Check Use of Function:ramfs_create Check Use of Function:path_init Check Use of Function:find_get_context Check Use of Function:drv_get_tsf Check Use of Function:fat_compat_dir_ioctl Check Use of Function:fsync_bdev Check Use of Function:stream_open Use: =BAD PATH= Call Stack: 0 snd_seq_open ------------- Path:  Function:snd_seq_open %3 = tail call i32 @stream_open(%struct.inode* %0, %struct.file* %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_timer_user_open ------------- Path:  Function:snd_timer_user_open %3 = tail call i32 @stream_open(%struct.inode* %0, %struct.file* %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_ctl_open ------------- Path:  Function:snd_ctl_open %3 = tail call i32 @stream_open(%struct.inode* %0, %struct.file* %1) #83 ------------- Good: 6 Bad: 3 Ignored: 3 Check Use of Function:msdos_lookup Check Use of Function:isofs_lookup Check Use of Function:security_inode_unlink Check Use of Function:udp_abort Check Use of Function:proc_map_files_lookup Check Use of Function:kernel_wait Check Use of Function:lock_mount Check Use of Function:proc_tgid_net_lookup Check Use of Function:bad_inode_lookup Check Use of Function:bad_inode_atomic_open Check Use of Function:rtc_cmos_write Check Use of Function:user_shm_lock Check Use of Function:filp_open Check Use of Function:security_perf_event_open Use: =BAD PATH= Call Stack: 0 __se_sys_perf_event_open 1 __ia32_sys_perf_event_open ------------- Path:  Function:__ia32_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = inttoptr i64 %0 to %struct.perf_event_attr* %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %3 to i32 %11 = bitcast %struct.perf_event_attr* %6 to i8* %12 = icmp ult i64 %4, 16 br i1 %12, label %13, label %1094 %14 = call i32 @security_perf_event_open(%struct.perf_event_attr* nonnull %6, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_perf_event_open 1 __x64_sys_perf_event_open ------------- Path:  Function:__x64_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = inttoptr i64 %0 to %struct.perf_event_attr* %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %3 to i32 %11 = bitcast %struct.perf_event_attr* %6 to i8* %12 = icmp ult i64 %4, 16 br i1 %12, label %13, label %1094 %14 = call i32 @security_perf_event_open(%struct.perf_event_attr* nonnull %6, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 perf_copy_attr 1 __se_sys_perf_event_open 2 __ia32_sys_perf_event_open ------------- Path:  Function:__ia32_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = inttoptr i64 %0 to %struct.perf_event_attr* %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %3 to i32 %11 = bitcast %struct.perf_event_attr* %6 to i8* %12 = icmp ult i64 %4, 16 br i1 %12, label %13, label %1094 %14 = call i32 @security_perf_event_open(%struct.perf_event_attr* nonnull %6, i32 0) #83 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = call fastcc i32 @perf_copy_attr(%struct.perf_event_attr* %7, %struct.perf_event_attr* nonnull %6) #83 Function:perf_copy_attr %3 = bitcast %struct.perf_event_attr* %1 to i8* %5 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %0, i64 0, i32 1 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 1 %9 = extractvalue { i32*, i32, i64 } %6, 2 %10 = ptrtoint i32* %7 to i64 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %155 %14 = icmp eq i32 %8, 0 %15 = select i1 %14, i32 64, i32 %8 %16 = add i32 %15, -64 %17 = icmp ugt i32 %16, 4032 br i1 %17, label %150, label %18 %19 = bitcast %struct.perf_event_attr* %0 to i8* %20 = icmp ult i32 %15, 128 %21 = select i1 %20, i32 %15, i32 128 %22 = zext i32 %21 to i64 %23 = select i1 %20, i32 128, i32 %15 %24 = sub nuw nsw i32 %23, %21 %25 = zext i32 %24 to i64 br i1 %20, label %26, label %28 %27 = getelementptr i8, i8* %3, i64 %22 br label %36 %37 = tail call i64 @_copy_from_user(i8* %3, i8* %19, i64 %22) #83 %38 = icmp eq i64 %37, 0 br i1 %38, label %40, label %155 %41 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 1 store i32 %15, i32* %41, align 4 %42 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 6 %43 = load i64, i64* %42, align 8 %44 = icmp ult i64 %43, 274877906944 br i1 %44, label %45, label %155 %46 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 18 %47 = load i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 br i1 %48, label %49, label %155 %50 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 20 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %155 %54 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 4 %55 = load i64, i64* %54, align 8 %56 = icmp ult i64 %55, 33554432 br i1 %56, label %57, label %155 %58 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 5 %59 = load i64, i64* %58, align 8 %60 = icmp ult i64 %59, 16 br i1 %60, label %61, label %155 %62 = and i64 %55, 2048 %63 = icmp eq i64 %62, 0 br i1 %63, label %93, label %64 %65 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 11 %66 = load i64, i64* %65, align 8 %67 = add i64 %66, -8 %68 = icmp ugt i64 %67, 262135 br i1 %68, label %155, label %69 %70 = and i64 %66, 7 %71 = icmp eq i64 %70, 0 br i1 %71, label %72, label %77 %78 = phi i64 [ %66, %69 ], [ %76, %72 ] %79 = and i64 %78, 6 %80 = icmp eq i64 %79, 0 br i1 %80, label %93, label %81 %82 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %83 = icmp sgt i32 %82, 1 br i1 %83, label %84, label %88 %89 = tail call i32 @security_perf_event_open(%struct.perf_event_attr* %1, i32 2) #83 ------------- Use: =BAD PATH= Call Stack: 0 perf_copy_attr 1 __se_sys_perf_event_open 2 __x64_sys_perf_event_open ------------- Path:  Function:__x64_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = inttoptr i64 %0 to %struct.perf_event_attr* %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %3 to i32 %11 = bitcast %struct.perf_event_attr* %6 to i8* %12 = icmp ult i64 %4, 16 br i1 %12, label %13, label %1094 %14 = call i32 @security_perf_event_open(%struct.perf_event_attr* nonnull %6, i32 0) #83 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = call fastcc i32 @perf_copy_attr(%struct.perf_event_attr* %7, %struct.perf_event_attr* nonnull %6) #83 Function:perf_copy_attr %3 = bitcast %struct.perf_event_attr* %1 to i8* %5 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %0, i64 0, i32 1 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 1 %9 = extractvalue { i32*, i32, i64 } %6, 2 %10 = ptrtoint i32* %7 to i64 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %155 %14 = icmp eq i32 %8, 0 %15 = select i1 %14, i32 64, i32 %8 %16 = add i32 %15, -64 %17 = icmp ugt i32 %16, 4032 br i1 %17, label %150, label %18 %19 = bitcast %struct.perf_event_attr* %0 to i8* %20 = icmp ult i32 %15, 128 %21 = select i1 %20, i32 %15, i32 128 %22 = zext i32 %21 to i64 %23 = select i1 %20, i32 128, i32 %15 %24 = sub nuw nsw i32 %23, %21 %25 = zext i32 %24 to i64 br i1 %20, label %26, label %28 %27 = getelementptr i8, i8* %3, i64 %22 br label %36 %37 = tail call i64 @_copy_from_user(i8* %3, i8* %19, i64 %22) #83 %38 = icmp eq i64 %37, 0 br i1 %38, label %40, label %155 %41 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 1 store i32 %15, i32* %41, align 4 %42 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 6 %43 = load i64, i64* %42, align 8 %44 = icmp ult i64 %43, 274877906944 br i1 %44, label %45, label %155 %46 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 18 %47 = load i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 br i1 %48, label %49, label %155 %50 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 20 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %155 %54 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 4 %55 = load i64, i64* %54, align 8 %56 = icmp ult i64 %55, 33554432 br i1 %56, label %57, label %155 %58 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 5 %59 = load i64, i64* %58, align 8 %60 = icmp ult i64 %59, 16 br i1 %60, label %61, label %155 %62 = and i64 %55, 2048 %63 = icmp eq i64 %62, 0 br i1 %63, label %93, label %64 %65 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 11 %66 = load i64, i64* %65, align 8 %67 = add i64 %66, -8 %68 = icmp ugt i64 %67, 262135 br i1 %68, label %155, label %69 %70 = and i64 %66, 7 %71 = icmp eq i64 %70, 0 br i1 %71, label %72, label %77 %78 = phi i64 [ %66, %69 ], [ %76, %72 ] %79 = and i64 %78, 6 %80 = icmp eq i64 %79, 0 br i1 %80, label %93, label %81 %82 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %83 = icmp sgt i32 %82, 1 br i1 %83, label %84, label %88 %89 = tail call i32 @security_perf_event_open(%struct.perf_event_attr* %1, i32 2) #83 ------------- Good: 13 Bad: 4 Ignored: 3 Check Use of Function:pci_dev_put Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.48040, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* %300 = bitcast i32* %9 to i8* %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.48041, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %308 = bitcast i32* %5 to i8* %309 = bitcast i32* %6 to i8* %310 = call i32 (i8*, i8*, ...) @sscanf(i8* %301, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.23.48042, i64 0, i64 0), i32* nonnull %8, i32* nonnull %9, i32* nonnull %5, i32* nonnull %6) #83 %311 = icmp eq i32 %310, 4 br i1 %311, label %313, label %312 %314 = load i32, i32* %5, align 4 %315 = shl i32 %314, 3 %316 = and i32 %315, 248 %317 = load i32, i32* %6, align 4 %318 = and i32 %317, 7 %319 = or i32 %316, %318 %320 = load i32, i32* %8, align 4 %321 = load i32, i32* %9, align 4 %322 = call %struct.pci_dev.313800* @pci_get_domain_bus_and_slot(i32 %320, i32 %321, i32 %319) #83 %323 = icmp eq %struct.pci_dev.313800* %322, null br i1 %323, label %362, label %324 %325 = phi %struct.pci_dev.313800* [ %306, %304 ], [ %322, %313 ] %326 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %327 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %326, i64 0, i32 0 %328 = icmp eq %struct.list_head* %327, @vga_list br i1 %328, label %341, label %329 %330 = phi %struct.vga_device* [ %336, %334 ], [ %326, %324 ] %331 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %330, i64 0, i32 1 %332 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %331, align 8 %333 = icmp eq %struct.pci_dev.313800* %332, %325 br i1 %333, label %339, label %334 %340 = icmp eq %struct.vga_device* %330, null br i1 %340, label %341, label %344 %345 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 store %struct.pci_dev.313800* %325, %struct.pci_dev.313800** %345, align 8 %346 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 0, i32 0 %347 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %346, align 8 %348 = icmp eq %struct.pci_dev.313800* %347, %325 br i1 %348, label %360, label %349 %350 = icmp eq %struct.pci_dev.313800* %347, null br i1 %350, label %351, label %356 %357 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 1, i32 0 %358 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %357, align 8 %359 = icmp eq %struct.pci_dev.313800* %358, %325 br i1 %359, label %360, label %526 %527 = icmp eq %struct.pci_dev.313800* %358, null br i1 %527, label %351, label %528 %529 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 2, i32 0 %530 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %529, align 8 %531 = icmp eq %struct.pci_dev.313800* %530, %325 br i1 %531, label %360, label %532 %533 = icmp eq %struct.pci_dev.313800* %530, null br i1 %533, label %351, label %534 %535 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 3, i32 0 %536 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %535, align 8 %537 = icmp eq %struct.pci_dev.313800* %536, %325 br i1 %537, label %360, label %538 %539 = icmp eq %struct.pci_dev.313800* %536, null br i1 %539, label %351, label %540 %541 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 4, i32 0 %542 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %541, align 8 %543 = icmp eq %struct.pci_dev.313800* %542, %325 br i1 %543, label %360, label %544 %545 = icmp eq %struct.pci_dev.313800* %542, null br i1 %545, label %351, label %546 %547 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 5, i32 0 %548 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %547, align 8 %549 = icmp eq %struct.pci_dev.313800* %548, %325 br i1 %549, label %360, label %550 %551 = icmp eq %struct.pci_dev.313800* %548, null br i1 %551, label %351, label %552 %553 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 6, i32 0 %554 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %553, align 8 %555 = icmp eq %struct.pci_dev.313800* %554, %325 br i1 %555, label %360, label %556 %557 = icmp eq %struct.pci_dev.313800* %554, null br i1 %557, label %351, label %558 %559 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 7, i32 0 %560 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %559, align 8 %561 = icmp eq %struct.pci_dev.313800* %560, %325 br i1 %561, label %360, label %562 %563 = icmp eq %struct.pci_dev.313800* %560, null br i1 %563, label %351, label %564 %565 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 8, i32 0 %566 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %565, align 8 %567 = icmp eq %struct.pci_dev.313800* %566, %325 br i1 %567, label %360, label %568 %569 = icmp eq %struct.pci_dev.313800* %566, null br i1 %569, label %351, label %570 %571 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 9, i32 0 %572 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %571, align 8 %573 = icmp eq %struct.pci_dev.313800* %572, %325 br i1 %573, label %360, label %574 %575 = icmp eq %struct.pci_dev.313800* %572, null br i1 %575, label %351, label %576 %577 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 10, i32 0 %578 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %577, align 8 %579 = icmp eq %struct.pci_dev.313800* %578, %325 br i1 %579, label %360, label %580 %581 = icmp eq %struct.pci_dev.313800* %578, null br i1 %581, label %351, label %582 %583 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 11, i32 0 %584 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %583, align 8 %585 = icmp eq %struct.pci_dev.313800* %584, %325 br i1 %585, label %360, label %586 %587 = icmp eq %struct.pci_dev.313800* %584, null br i1 %587, label %351, label %588 %589 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 12, i32 0 %590 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %589, align 8 %591 = icmp eq %struct.pci_dev.313800* %590, %325 br i1 %591, label %360, label %592 %593 = icmp eq %struct.pci_dev.313800* %590, null br i1 %593, label %351, label %594 %595 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 13, i32 0 %596 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %595, align 8 %597 = icmp eq %struct.pci_dev.313800* %596, %325 br i1 %597, label %360, label %598 %599 = icmp eq %struct.pci_dev.313800* %596, null br i1 %599, label %351, label %600 %601 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 14, i32 0 %602 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %601, align 8 %603 = icmp eq %struct.pci_dev.313800* %602, %325 br i1 %603, label %360, label %604 %605 = icmp eq %struct.pci_dev.313800* %602, null br i1 %605, label %351, label %606 %607 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 15, i32 0 %608 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %607, align 8 %609 = icmp eq %struct.pci_dev.313800* %608, %325 br i1 %609, label %360, label %610 %611 = icmp eq %struct.pci_dev.313800* %608, null br i1 %611, label %351, label %361 call void @pci_dev_put(%struct.pci_dev.313800* %325) #83 ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.48040, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* %300 = bitcast i32* %9 to i8* %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.48041, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %308 = bitcast i32* %5 to i8* %309 = bitcast i32* %6 to i8* %310 = call i32 (i8*, i8*, ...) @sscanf(i8* %301, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.23.48042, i64 0, i64 0), i32* nonnull %8, i32* nonnull %9, i32* nonnull %5, i32* nonnull %6) #83 %311 = icmp eq i32 %310, 4 br i1 %311, label %313, label %312 %314 = load i32, i32* %5, align 4 %315 = shl i32 %314, 3 %316 = and i32 %315, 248 %317 = load i32, i32* %6, align 4 %318 = and i32 %317, 7 %319 = or i32 %316, %318 %320 = load i32, i32* %8, align 4 %321 = load i32, i32* %9, align 4 %322 = call %struct.pci_dev.313800* @pci_get_domain_bus_and_slot(i32 %320, i32 %321, i32 %319) #83 %323 = icmp eq %struct.pci_dev.313800* %322, null br i1 %323, label %362, label %324 %325 = phi %struct.pci_dev.313800* [ %306, %304 ], [ %322, %313 ] %326 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %327 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %326, i64 0, i32 0 %328 = icmp eq %struct.list_head* %327, @vga_list br i1 %328, label %341, label %329 %330 = phi %struct.vga_device* [ %336, %334 ], [ %326, %324 ] %331 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %330, i64 0, i32 1 %332 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %331, align 8 %333 = icmp eq %struct.pci_dev.313800* %332, %325 br i1 %333, label %339, label %334 %340 = icmp eq %struct.vga_device* %330, null br i1 %340, label %341, label %344 %345 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 store %struct.pci_dev.313800* %325, %struct.pci_dev.313800** %345, align 8 %346 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 0, i32 0 %347 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %346, align 8 %348 = icmp eq %struct.pci_dev.313800* %347, %325 br i1 %348, label %360, label %349 %350 = icmp eq %struct.pci_dev.313800* %347, null br i1 %350, label %351, label %356 %357 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 1, i32 0 %358 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %357, align 8 %359 = icmp eq %struct.pci_dev.313800* %358, %325 br i1 %359, label %360, label %526 %527 = icmp eq %struct.pci_dev.313800* %358, null br i1 %527, label %351, label %528 %529 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 2, i32 0 %530 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %529, align 8 %531 = icmp eq %struct.pci_dev.313800* %530, %325 br i1 %531, label %360, label %532 %533 = icmp eq %struct.pci_dev.313800* %530, null br i1 %533, label %351, label %534 %535 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 3, i32 0 %536 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %535, align 8 %537 = icmp eq %struct.pci_dev.313800* %536, %325 br i1 %537, label %360, label %538 %539 = icmp eq %struct.pci_dev.313800* %536, null br i1 %539, label %351, label %540 %541 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 4, i32 0 %542 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %541, align 8 %543 = icmp eq %struct.pci_dev.313800* %542, %325 br i1 %543, label %360, label %544 %545 = icmp eq %struct.pci_dev.313800* %542, null br i1 %545, label %351, label %546 %547 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 5, i32 0 %548 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %547, align 8 %549 = icmp eq %struct.pci_dev.313800* %548, %325 br i1 %549, label %360, label %550 %551 = icmp eq %struct.pci_dev.313800* %548, null br i1 %551, label %351, label %552 %553 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 6, i32 0 %554 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %553, align 8 %555 = icmp eq %struct.pci_dev.313800* %554, %325 br i1 %555, label %360, label %556 %557 = icmp eq %struct.pci_dev.313800* %554, null br i1 %557, label %351, label %558 %559 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 7, i32 0 %560 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %559, align 8 %561 = icmp eq %struct.pci_dev.313800* %560, %325 br i1 %561, label %360, label %562 %563 = icmp eq %struct.pci_dev.313800* %560, null br i1 %563, label %351, label %564 %565 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 8, i32 0 %566 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %565, align 8 %567 = icmp eq %struct.pci_dev.313800* %566, %325 br i1 %567, label %360, label %568 %569 = icmp eq %struct.pci_dev.313800* %566, null br i1 %569, label %351, label %570 %571 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 9, i32 0 %572 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %571, align 8 %573 = icmp eq %struct.pci_dev.313800* %572, %325 br i1 %573, label %360, label %574 %575 = icmp eq %struct.pci_dev.313800* %572, null br i1 %575, label %351, label %576 %577 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 10, i32 0 %578 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %577, align 8 %579 = icmp eq %struct.pci_dev.313800* %578, %325 br i1 %579, label %360, label %580 %581 = icmp eq %struct.pci_dev.313800* %578, null br i1 %581, label %351, label %582 %583 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 11, i32 0 %584 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %583, align 8 %585 = icmp eq %struct.pci_dev.313800* %584, %325 br i1 %585, label %360, label %586 %587 = icmp eq %struct.pci_dev.313800* %584, null br i1 %587, label %351, label %588 %589 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 12, i32 0 %590 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %589, align 8 %591 = icmp eq %struct.pci_dev.313800* %590, %325 br i1 %591, label %360, label %592 %593 = icmp eq %struct.pci_dev.313800* %590, null br i1 %593, label %351, label %594 %595 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 13, i32 0 %596 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %595, align 8 %597 = icmp eq %struct.pci_dev.313800* %596, %325 br i1 %597, label %360, label %598 %599 = icmp eq %struct.pci_dev.313800* %596, null br i1 %599, label %351, label %600 %601 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 14, i32 0 %602 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %601, align 8 %603 = icmp eq %struct.pci_dev.313800* %602, %325 br i1 %603, label %360, label %604 %605 = icmp eq %struct.pci_dev.313800* %602, null br i1 %605, label %351, label %606 %607 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 15, i32 0 %608 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %607, align 8 %609 = icmp eq %struct.pci_dev.313800* %608, %325 br i1 %609, label %360, label %610 %611 = icmp eq %struct.pci_dev.313800* %608, null br i1 %611, label %351, label %361 %352 = phi i64 [ 0, %349 ], [ 1, %526 ], [ 2, %532 ], [ 3, %538 ], [ 4, %544 ], [ 5, %550 ], [ 6, %556 ], [ 7, %562 ], [ 8, %568 ], [ 9, %574 ], [ 10, %580 ], [ 11, %586 ], [ 12, %592 ], [ 13, %598 ], [ 14, %604 ], [ 15, %610 ] %353 = phi %struct.pci_dev.313800** [ %346, %349 ], [ %357, %526 ], [ %529, %532 ], [ %535, %538 ], [ %541, %544 ], [ %547, %550 ], [ %553, %556 ], [ %559, %562 ], [ %565, %568 ], [ %571, %574 ], [ %577, %580 ], [ %583, %586 ], [ %589, %592 ], [ %595, %598 ], [ %601, %604 ], [ %607, %610 ] store %struct.pci_dev.313800* %325, %struct.pci_dev.313800** %353, align 8 %354 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 %352, i32 2 store i32 0, i32* %354, align 4 %355 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 %352, i32 1 store i32 0, i32* %355, align 8 br label %360 call void @pci_dev_put(%struct.pci_dev.313800* %325) #83 ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.48040, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* %300 = bitcast i32* %9 to i8* %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.48041, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %308 = bitcast i32* %5 to i8* %309 = bitcast i32* %6 to i8* %310 = call i32 (i8*, i8*, ...) @sscanf(i8* %301, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.23.48042, i64 0, i64 0), i32* nonnull %8, i32* nonnull %9, i32* nonnull %5, i32* nonnull %6) #83 %311 = icmp eq i32 %310, 4 br i1 %311, label %313, label %312 %314 = load i32, i32* %5, align 4 %315 = shl i32 %314, 3 %316 = and i32 %315, 248 %317 = load i32, i32* %6, align 4 %318 = and i32 %317, 7 %319 = or i32 %316, %318 %320 = load i32, i32* %8, align 4 %321 = load i32, i32* %9, align 4 %322 = call %struct.pci_dev.313800* @pci_get_domain_bus_and_slot(i32 %320, i32 %321, i32 %319) #83 %323 = icmp eq %struct.pci_dev.313800* %322, null br i1 %323, label %362, label %324 %325 = phi %struct.pci_dev.313800* [ %306, %304 ], [ %322, %313 ] %326 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %327 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %326, i64 0, i32 0 %328 = icmp eq %struct.list_head* %327, @vga_list br i1 %328, label %341, label %329 %330 = phi %struct.vga_device* [ %336, %334 ], [ %326, %324 ] %331 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %330, i64 0, i32 1 %332 = load %struct.pci_dev.313800*, %struct.pci_dev.313800** %331, align 8 %333 = icmp eq %struct.pci_dev.313800* %332, %325 br i1 %333, label %339, label %334 %335 = bitcast %struct.vga_device* %330 to %struct.vga_device** %336 = load %struct.vga_device*, %struct.vga_device** %335, align 8 %337 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %336, i64 0, i32 0 %338 = icmp eq %struct.list_head* %337, @vga_list br i1 %338, label %341, label %329 %342 = icmp eq %struct.pci_dev.313800* %325, null br i1 %342, label %362, label %343 call void @pci_dev_put(%struct.pci_dev.313800* nonnull %325) #83 ------------- Good: 122 Bad: 3 Ignored: 4 Check Use of Function:simple_lookup Check Use of Function:proc_lookupfdinfo Check Use of Function:netdev_info Check Use of Function:proc_sys_lookup Check Use of Function:lock_rename Check Use of Function:drm_mode_plane_set_obj_prop Check Use of Function:try_to_unlazy Check Use of Function:proc_attr_dir_lookup Check Use of Function:bsg_ioctl Check Use of Function:release_dentry_name_snapshot Check Use of Function:nfs_atomic_open Check Use of Function:proc_root_lookup Check Use of Function:current_umask Use: =BAD PATH= Call Stack: 0 nfs4_proc_mkdir ------------- Path:  Function:nfs4_proc_mkdir %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = bitcast %struct.nfs4_exception* %4 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = getelementptr %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 35, i64 2 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 131072 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %23 %17 = tail call i32 @current_umask() #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_mknod ------------- Path:  Function:nfs4_proc_mknod %5 = alloca %struct.nfs4_exception, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.233131** %10 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %9, align 16 %11 = bitcast %struct.nfs4_exception* %5 to i8* %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %5, i64 0, i32 5 store i8 1, i8* %12, align 1 %13 = getelementptr %struct.nfs_server.233131, %struct.nfs_server.233131* %10, i64 0, i32 35, i64 2 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 131072 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %24 %18 = tail call i32 @current_umask() #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr* %7 to i8* %15 = getelementptr inbounds %struct.iattr, %struct.iattr* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.inode* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #83 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %288 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %34, label %27 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %36 = bitcast %struct.qstr* %35 to %struct.static_call_site* %37 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %36, i64 0, i32 1 %38 = load i32, i32* %37, align 4 %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %40 = load %struct.super_block*, %struct.super_block** %39, align 8 %41 = getelementptr inbounds %struct.super_block, %struct.super_block* %40, i64 0, i32 28 %42 = bitcast i8** %41 to %struct.nfs_server.212651** %43 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %42, align 16 %44 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %43, i64 0, i32 23 %45 = load i32, i32* %44, align 4 %46 = icmp ugt i32 %38, %45 br i1 %46, label %288, label %47 %48 = and i32 %3, 64 %49 = icmp eq i32 %48, 0 br i1 %49, label %65, label %50 %51 = getelementptr %struct.nfs_server.212651, %struct.nfs_server.212651* %43, i64 0, i32 35, i64 2 %52 = load i32, i32* %51, align 4 %53 = and i32 %52, 131072 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %60 %56 = call i32 @current_umask() #83 ------------- Good: 14 Bad: 3 Ignored: 6 Check Use of Function:ieee80211_stop_queues_by_reason Check Use of Function:inotify_ioctl Check Use of Function:ieee80211_wake_vif_queues Check Use of Function:d_obtain_alias Check Use of Function:nfs_lookup Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr* %7 to i8* %15 = getelementptr inbounds %struct.iattr, %struct.iattr* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.inode* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #83 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %288 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 268435456 %31 = icmp eq i32 %30, 0 br i1 %31, label %288, label %32 %33 = call %struct.dentry* @nfs_lookup(%struct.inode* %0, %struct.dentry* %1, i32 258) #84 ------------- Good: 1 Bad: 1 Ignored: 4 Check Use of Function:vfs_open Check Use of Function:iomem_get_mapping Check Use of Function:d_invalidate Check Use of Function:drm_master_open Check Use of Function:ring_buffer_unlock_commit Check Use of Function:ieee80211_if_remove Check Use of Function:unregister_inetaddr_notifier Check Use of Function:local_bh_enable.69882 Check Use of Function:kernfs_dop_revalidate Check Use of Function:kernel_halt Check Use of Function:strnlen_user Use: =BAD PATH= Call Stack: 0 strndup_user 1 dma_buf_ioctl ------------- Path:  Function:dma_buf_ioctl %4 = alloca %struct.anon.1, align 8 %5 = bitcast %struct.anon.1* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.dma_buf** %8 = load %struct.dma_buf*, %struct.dma_buf** %7, align 8 switch i32 %1, label %82 [ i32 1074291200, label %9 i32 1074029057, label %58 i32 1074291201, label %58 ] %59 = inttoptr i64 %2 to i8* %60 = tail call i8* @strndup_user(i8* %59, i64 32) #83 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 keyctl_pkey_params_get 2 keyctl_pkey_verify 3 __se_sys_keyctl 4 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %267 = inttoptr i64 %1 to %struct.keyctl_pkey_params* %268 = inttoptr i64 %2 to i8* %269 = inttoptr i64 %3 to i8* %270 = inttoptr i64 %4 to i8* %271 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %267, i8* %268, i8* %269, i8* %270) #83 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.238522, align 8 %8 = bitcast %struct.kernel_pkey_params.238522* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.238522, %struct.kernel_pkey_params.238522* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.25653, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #83 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.238522* nonnull %7) #83 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.238522* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.238522, %struct.kernel_pkey_params.238522* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.25653, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #83 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 keyctl_pkey_params_get 2 keyctl_pkey_verify 3 __se_sys_keyctl 4 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %267 = inttoptr i64 %1 to %struct.keyctl_pkey_params* %268 = inttoptr i64 %2 to i8* %269 = inttoptr i64 %3 to i8* %270 = inttoptr i64 %4 to i8* %271 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %267, i8* %268, i8* %269, i8* %270) #83 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.238522, align 8 %8 = bitcast %struct.kernel_pkey_params.238522* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.238522, %struct.kernel_pkey_params.238522* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.25653, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #83 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.238522* nonnull %7) #83 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.238522* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.238522, %struct.kernel_pkey_params.238522* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.25653, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #83 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 keyctl_pkey_params_get 2 keyctl_pkey_verify 3 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %91 = inttoptr i64 %6 to %struct.keyctl_pkey_params* %92 = inttoptr i64 %9 to i8* %93 = inttoptr i64 %12 to i8* %94 = inttoptr i64 %15 to i8* %95 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %91, i8* %92, i8* %93, i8* %94) #83 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.238522, align 8 %8 = bitcast %struct.kernel_pkey_params.238522* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.238522, %struct.kernel_pkey_params.238522* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.25653, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #83 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.238522* nonnull %7) #83 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.238522* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.238522, %struct.kernel_pkey_params.238522* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.25653, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #83 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 __se_sys_mount 2 __ia32_sys_mount ------------- Path:  Function:__ia32_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_mount(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #83 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 strndup_user 1 __se_sys_mount 2 __x64_sys_mount ------------- Path:  Function:__x64_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_mount(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #83 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 Function:strndup_user %3 = tail call i64 @strnlen_user(i8* %0, i64 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_memfd_create 1 __ia32_sys_memfd_create ------------- Path:  Function:__ia32_sys_memfd_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_memfd_create(i64 %4, i64 %7) #83 Function:__se_sys_memfd_create %3 = inttoptr i64 %0 to i8* %4 = trunc i64 %1 to i32 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %9 %10 = and i32 %4, 67108856 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %93 %13 = tail call i64 @strnlen_user(i8* %3, i64 250) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_memfd_create 1 __x64_sys_memfd_create ------------- Path:  Function:__x64_sys_memfd_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_memfd_create(i64 %3, i64 %5) #83 Function:__se_sys_memfd_create %3 = inttoptr i64 %0 to i8* %4 = trunc i64 %1 to i32 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %9 %10 = and i32 %4, 67108856 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %93 %13 = tail call i64 @strnlen_user(i8* %3, i64 250) #83 ------------- Good: 38 Bad: 14 Ignored: 12 Check Use of Function:ieee80211_send_delba Check Use of Function:vfat_revalidate Check Use of Function:__tty_hangup Check Use of Function:nfs4_lookup_revalidate Check Use of Function:proc_ns_dir_lookup Check Use of Function:get_task_io_context Use: =BAD PATH= Call Stack: 0 set_task_ioprio 1 __se_sys_ioprio_set 2 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %154 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %154 tail call void @__rcu_read_lock() #83 switch i32 %4, label %151 [ i32 1, label %19 i32 2, label %31 i32 3, label %87 ] %88 = icmp eq i32 %5, -1 br i1 %88, label %151, label %89 %90 = icmp eq i32 %5, 0 br i1 %90, label %91, label %98 %99 = tail call %struct.user_struct* @find_user(i32 %5) #83 br label %100 %101 = phi %struct.user_struct* [ %99, %98 ], [ %97, %91 ] %102 = icmp eq %struct.user_struct* %101, null br i1 %102, label %151, label %103 %104 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct.2039, %struct.task_struct.2039* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.sched_class*, %struct.task_group*, [32 x i8], %struct.sched_statistics, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, i32, %struct.kuid_t, %struct.list_head, %struct.rcu_node*, i64, i8, i8, i32, %struct.list_head, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, i64, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.26, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lockdep_map, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [32 x i8], %struct.thread_struct }* @init_task to %struct.task_struct.2039*), i64 0, i32 44, i32 0), align 8 %105 = getelementptr %struct.list_head, %struct.list_head* %104, i64 -70, i32 1 %106 = icmp eq %struct.list_head** %105, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.sched_class*, %struct.task_group*, [32 x i8], %struct.sched_statistics, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, i32, %struct.kuid_t, %struct.list_head, %struct.rcu_node*, i64, i8, i8, i32, %struct.list_head, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, i64, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.26, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lockdep_map, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [32 x i8], %struct.thread_struct }* @init_task to %struct.list_head**) br i1 %106, label %148, label %113 %114 = phi %struct.list_head* [ %110, %107 ], [ %104, %103 ] %115 = phi i32 [ %108, %107 ], [ -3, %103 ] %116 = getelementptr %struct.list_head, %struct.list_head* %114, i64 -70, i32 1 %117 = getelementptr inbounds %struct.list_head*, %struct.list_head** %116, i64 241 %118 = bitcast %struct.list_head** %117 to %struct.signal_struct.1997** %119 = load %struct.signal_struct.1997*, %struct.signal_struct.1997** %118, align 8 %120 = getelementptr inbounds %struct.signal_struct.1997, %struct.signal_struct.1997* %119, i64 0, i32 3, i32 0 %121 = load volatile %struct.list_head*, %struct.list_head** %120, align 8 %122 = getelementptr inbounds %struct.signal_struct.1997, %struct.signal_struct.1997* %119, i64 0, i32 3 %123 = icmp eq %struct.list_head* %121, %122 br i1 %123, label %107, label %124 %125 = phi %struct.list_head* [ %144, %141 ], [ %121, %113 ] %126 = phi i32 [ %142, %141 ], [ %115, %113 ] %127 = getelementptr %struct.list_head, %struct.list_head* %125, i64 -98 %128 = bitcast %struct.list_head* %127 to %struct.task_struct.2039* tail call void @__rcu_read_lock() #83 %129 = getelementptr %struct.list_head, %struct.list_head* %125, i64 16 %130 = bitcast %struct.list_head* %129 to %struct.cred** %131 = load volatile %struct.cred*, %struct.cred** %130, align 32 %132 = getelementptr inbounds %struct.cred, %struct.cred* %131, i64 0, i32 1, i32 0 %133 = load i32, i32* %132, align 4 tail call void @__rcu_read_unlock() #83 %134 = icmp eq i32 %133, %5 br i1 %134, label %135, label %141 %136 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.2039*, i32, %struct.pid_namespace.1720*)*)(%struct.task_struct.2039* %128, i32 0, %struct.pid_namespace.1720* null) #83 %137 = icmp eq i32 %136, 0 br i1 %137, label %141, label %138 %139 = tail call i32 @set_task_ioprio(%struct.task_struct.2039* %128, i32 %6) #83 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.2039** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.2039**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.2039* %5 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %0, i64 0, i32 93 %8 = load volatile %struct.cred*, %struct.cred** %7, align 32 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #83 br i1 %19, label %21, label %20 tail call void @__rcu_read_unlock() #83 %22 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @security_task_setioprio to i32 (%struct.task_struct.2039*, i32)*)(%struct.task_struct.2039* %0, i32 %1) #83 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context.2012* bitcast (%struct.io_context.290227* (%struct.task_struct.290370*, i32, i32)* @get_task_io_context to %struct.io_context.2012* (%struct.task_struct.2039*, i32, i32)*)(%struct.task_struct.2039* %0, i32 2592, i32 -1) #83 ------------- Use: =BAD PATH= Call Stack: 0 set_task_ioprio 1 __se_sys_ioprio_set 2 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %154 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %154 tail call void @__rcu_read_lock() #83 switch i32 %4, label %151 [ i32 1, label %19 i32 2, label %31 i32 3, label %87 ] %88 = icmp eq i32 %5, -1 br i1 %88, label %151, label %89 %90 = icmp eq i32 %5, 0 br i1 %90, label %91, label %98 %99 = tail call %struct.user_struct* @find_user(i32 %5) #83 br label %100 %101 = phi %struct.user_struct* [ %99, %98 ], [ %97, %91 ] %102 = icmp eq %struct.user_struct* %101, null br i1 %102, label %151, label %103 %104 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct.2039, %struct.task_struct.2039* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.sched_class*, %struct.task_group*, [32 x i8], %struct.sched_statistics, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, i32, %struct.kuid_t, %struct.list_head, %struct.rcu_node*, i64, i8, i8, i32, %struct.list_head, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, i64, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.26, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lockdep_map, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [32 x i8], %struct.thread_struct }* @init_task to %struct.task_struct.2039*), i64 0, i32 44, i32 0), align 8 %105 = getelementptr %struct.list_head, %struct.list_head* %104, i64 -70, i32 1 %106 = icmp eq %struct.list_head** %105, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.sched_class*, %struct.task_group*, [32 x i8], %struct.sched_statistics, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, i32, %struct.kuid_t, %struct.list_head, %struct.rcu_node*, i64, i8, i8, i32, %struct.list_head, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, i64, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.26, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lockdep_map, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [32 x i8], %struct.thread_struct }* @init_task to %struct.list_head**) br i1 %106, label %148, label %113 %114 = phi %struct.list_head* [ %110, %107 ], [ %104, %103 ] %115 = phi i32 [ %108, %107 ], [ -3, %103 ] %116 = getelementptr %struct.list_head, %struct.list_head* %114, i64 -70, i32 1 %117 = getelementptr inbounds %struct.list_head*, %struct.list_head** %116, i64 241 %118 = bitcast %struct.list_head** %117 to %struct.signal_struct.1997** %119 = load %struct.signal_struct.1997*, %struct.signal_struct.1997** %118, align 8 %120 = getelementptr inbounds %struct.signal_struct.1997, %struct.signal_struct.1997* %119, i64 0, i32 3, i32 0 %121 = load volatile %struct.list_head*, %struct.list_head** %120, align 8 %122 = getelementptr inbounds %struct.signal_struct.1997, %struct.signal_struct.1997* %119, i64 0, i32 3 %123 = icmp eq %struct.list_head* %121, %122 br i1 %123, label %107, label %124 %125 = phi %struct.list_head* [ %144, %141 ], [ %121, %113 ] %126 = phi i32 [ %142, %141 ], [ %115, %113 ] %127 = getelementptr %struct.list_head, %struct.list_head* %125, i64 -98 %128 = bitcast %struct.list_head* %127 to %struct.task_struct.2039* tail call void @__rcu_read_lock() #83 %129 = getelementptr %struct.list_head, %struct.list_head* %125, i64 16 %130 = bitcast %struct.list_head* %129 to %struct.cred** %131 = load volatile %struct.cred*, %struct.cred** %130, align 32 %132 = getelementptr inbounds %struct.cred, %struct.cred* %131, i64 0, i32 1, i32 0 %133 = load i32, i32* %132, align 4 tail call void @__rcu_read_unlock() #83 %134 = icmp eq i32 %133, %5 br i1 %134, label %135, label %141 %136 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.2039*, i32, %struct.pid_namespace.1720*)*)(%struct.task_struct.2039* %128, i32 0, %struct.pid_namespace.1720* null) #83 %137 = icmp eq i32 %136, 0 br i1 %137, label %141, label %138 %139 = tail call i32 @set_task_ioprio(%struct.task_struct.2039* %128, i32 %6) #83 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.2039** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.2039**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.2039* %5 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %0, i64 0, i32 93 %8 = load volatile %struct.cred*, %struct.cred** %7, align 32 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #83 br i1 %19, label %21, label %20 tail call void @__rcu_read_unlock() #83 %22 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @security_task_setioprio to i32 (%struct.task_struct.2039*, i32)*)(%struct.task_struct.2039* %0, i32 %1) #83 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context.2012* bitcast (%struct.io_context.290227* (%struct.task_struct.290370*, i32, i32)* @get_task_io_context to %struct.io_context.2012* (%struct.task_struct.2039*, i32, i32)*)(%struct.task_struct.2039* %0, i32 2592, i32 -1) #83 ------------- Good: 3 Bad: 2 Ignored: 4 Check Use of Function:ext4_xattr_user_get Check Use of Function:synchronize_irq Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_params 1 snd_pcm_kernel_ioctl 2 snd_pcm_channel_info 3 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %24 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %25 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.721187* %0, %struct.snd_pcm_hw_params* %24) #83 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.721187* %0, null br i1 %3, label %345, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.721183* %6, null br i1 %7, label %345, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #83 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #83 br label %32 br i1 %23, label %33, label %345 %34 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 20, i32 0 %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %345 %38 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %39 = icmp eq %struct.snd_pcm_runtime.721183* %38, null br i1 %39, label %62, label %40 %41 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %38, i64 0, i32 43 %42 = load i8, i8* %41, align 8, !range !6 %43 = icmp eq i8 %42, 0 br i1 %43, label %62, label %44 store i8 0, i8* %41, align 8 %45 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %46 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %45, align 8 %47 = icmp eq %struct.snd_pcm_ops.721177* %46, null br i1 %47, label %54, label %48 %49 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %46, i64 0, i32 7 %50 = load i32 (%struct.snd_pcm_substream.721187*)*, i32 (%struct.snd_pcm_substream.721187*)** %49, align 8 %51 = icmp eq i32 (%struct.snd_pcm_substream.721187*)* %50, null br i1 %51, label %54, label %52 %55 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %56 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %55, i64 0, i32 0 %57 = load %struct.snd_card*, %struct.snd_card** %56, align 8 %58 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %57, i64 0, i32 33 %59 = load i32, i32* %58, align 4 %60 = icmp sgt i32 %59, 0 br i1 %60, label %61, label %62 tail call void @synchronize_irq(i32 %59) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_params 1 snd_pcm_kernel_ioctl 2 snd_pcm_channel_info 3 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %24 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %25 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.721187* %0, %struct.snd_pcm_hw_params* %24) #83 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.721187* %0, null br i1 %3, label %345, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.721183* %6, null br i1 %7, label %345, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #83 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #83 br label %32 br i1 %23, label %33, label %345 %34 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 20, i32 0 %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %345 %38 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %39 = icmp eq %struct.snd_pcm_runtime.721183* %38, null br i1 %39, label %62, label %40 %41 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %38, i64 0, i32 43 %42 = load i8, i8* %41, align 8, !range !6 %43 = icmp eq i8 %42, 0 br i1 %43, label %62, label %44 store i8 0, i8* %41, align 8 %45 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %46 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %45, align 8 %47 = icmp eq %struct.snd_pcm_ops.721177* %46, null br i1 %47, label %54, label %48 %49 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %46, i64 0, i32 7 %50 = load i32 (%struct.snd_pcm_substream.721187*)*, i32 (%struct.snd_pcm_substream.721187*)** %49, align 8 %51 = icmp eq i32 (%struct.snd_pcm_substream.721187*)* %50, null br i1 %51, label %54, label %52 %55 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %56 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %55, i64 0, i32 0 %57 = load %struct.snd_card*, %struct.snd_card** %56, align 8 %58 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %57, i64 0, i32 33 %59 = load i32, i32* %58, align 4 %60 = icmp sgt i32 %59, 0 br i1 %60, label %61, label %62 tail call void @synchronize_irq(i32 %59) #83 ------------- Good: 83 Bad: 2 Ignored: 37 Check Use of Function:__vfs_setxattr_noperm Check Use of Function:drm_lease_held Check Use of Function:fget Use: =BAD PATH= Call Stack: 0 lo_ioctl 1 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %8 = load %struct.gendisk.604060*, %struct.gendisk.604060** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.604038* %0, i32 %1, i32 %2, i64 %35) #84 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %14 = load %struct.gendisk.604060*, %struct.gendisk.604060** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %332 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %262 i32 19460, label %300 i32 19461, label %314 i32 19463, label %327 i32 19464, label %327 i32 19465, label %327 ] %33 = trunc i64 %3 to i32 %34 = tail call %struct.file.604155* bitcast (%struct.file* (i32)* @fget to %struct.file.604155* (i32)*)(i32 %33) #84 ------------- Use: =BAD PATH= Call Stack: 0 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %14 = load %struct.gendisk.604060*, %struct.gendisk.604060** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %332 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %262 i32 19460, label %300 i32 19461, label %314 i32 19463, label %327 i32 19464, label %327 i32 19465, label %327 ] %33 = trunc i64 %3 to i32 %34 = tail call %struct.file.604155* bitcast (%struct.file* (i32)* @fget to %struct.file.604155* (i32)*)(i32 %33) #84 ------------- Use: =BAD PATH= Call Stack: 0 loop_configure 1 lo_ioctl 2 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %8 = load %struct.gendisk.604060*, %struct.gendisk.604060** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.604038* %0, i32 %1, i32 %2, i64 %35) #84 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %14 = load %struct.gendisk.604060*, %struct.gendisk.604060** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %332 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %262 i32 19460, label %300 i32 19461, label %314 i32 19463, label %327 i32 19464, label %327 i32 19465, label %327 ] %24 = bitcast %struct.loop_config* %12 to i8* %25 = inttoptr i64 %3 to i8* %26 = call i64 @_copy_from_user(i8* nonnull %24, i8* %25, i64 304) #84 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %30 %29 = call i32 @loop_configure(%struct.loop_device* %17, i32 %1, %struct.block_device.604038* %0, %struct.loop_config* nonnull %12) #83 Function:loop_configure %5 = getelementptr inbounds %struct.loop_config, %struct.loop_config* %3, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = tail call %struct.file.604155* bitcast (%struct.file* (i32)* @fget to %struct.file.604155* (i32)*)(i32 %6) #83 ------------- Use: =BAD PATH= Call Stack: 0 loop_configure 1 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %14 = load %struct.gendisk.604060*, %struct.gendisk.604060** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %332 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %262 i32 19460, label %300 i32 19461, label %314 i32 19463, label %327 i32 19464, label %327 i32 19465, label %327 ] %24 = bitcast %struct.loop_config* %12 to i8* %25 = inttoptr i64 %3 to i8* %26 = call i64 @_copy_from_user(i8* nonnull %24, i8* %25, i64 304) #84 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %30 %29 = call i32 @loop_configure(%struct.loop_device* %17, i32 %1, %struct.block_device.604038* %0, %struct.loop_config* nonnull %12) #83 Function:loop_configure %5 = getelementptr inbounds %struct.loop_config, %struct.loop_config* %3, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = tail call %struct.file.604155* bitcast (%struct.file* (i32)* @fget to %struct.file.604155* (i32)*)(i32 %6) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setns 1 __ia32_sys_setns ------------- Path:  Function:__ia32_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setns(i64 %4, i64 %7) #83 Function:__se_sys_setns %3 = alloca %struct.nsset, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = bitcast %struct.nsset* %3 to i8* %7 = tail call %struct.file* @fget(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setns 1 __x64_sys_setns ------------- Path:  Function:__x64_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setns(i64 %3, i64 %5) #83 Function:__se_sys_setns %3 = alloca %struct.nsset, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = bitcast %struct.nsset* %3 to i8* %7 = tail call %struct.file* @fget(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.thread_info, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.101855, %struct.file.101855* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #83 %240 = icmp sgt i32 %239, 0 %241 = icmp eq i32 %239, 0 %242 = select i1 %241, i32 -7, i32 %239 br i1 %240, label %243, label %246 %244 = call i64 @_copy_from_user(i8* nonnull %228, i8* %12, i64 24) #83 %245 = icmp eq i64 %244, 0 br i1 %245, label %249, label %246 %250 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 4 %251 = load i32, i32* %250, align 4 %252 = and i32 %251, -524289 %253 = icmp eq i32 %252, 0 br i1 %253, label %254, label %365 %255 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 1 %256 = load i32, i32* %255, align 8 %257 = zext i32 %256 to i64 %258 = and i64 %257, 4294967292 %259 = icmp eq i64 %258, 0 br i1 %259, label %260, label %365 %261 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 3 %262 = load i32, i32* %261, align 8 %263 = icmp ne i32 %262, 0 %264 = and i64 %257, 1 %265 = icmp eq i64 %264, 0 %266 = and i1 %265, %263 br i1 %266, label %365, label %267 %268 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 2 %269 = load i32, i32* %268, align 4 %270 = call %struct.file.101855* bitcast (%struct.file* (i32)* @fget to %struct.file.101855* (i32)*)(i32 %269) #83 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.thread_info, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.101855, %struct.file.101855* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #83 %240 = icmp sgt i32 %239, 0 %241 = icmp eq i32 %239, 0 %242 = select i1 %241, i32 -7, i32 %239 br i1 %240, label %243, label %246 %244 = call i64 @_copy_from_user(i8* nonnull %228, i8* %12, i64 24) #83 %245 = icmp eq i64 %244, 0 br i1 %245, label %249, label %246 %250 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 4 %251 = load i32, i32* %250, align 4 %252 = and i32 %251, -524289 %253 = icmp eq i32 %252, 0 br i1 %253, label %254, label %365 %255 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 1 %256 = load i32, i32* %255, align 8 %257 = zext i32 %256 to i64 %258 = and i64 %257, 4294967292 %259 = icmp eq i64 %258, 0 br i1 %259, label %260, label %365 %261 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 3 %262 = load i32, i32* %261, align 8 %263 = icmp ne i32 %262, 0 %264 = and i64 %257, 1 %265 = icmp eq i64 %264, 0 %266 = and i1 %265, %263 br i1 %266, label %365, label %267 %268 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 2 %269 = load i32, i32* %268, align 4 %270 = call %struct.file.101855* bitcast (%struct.file* (i32)* @fget to %struct.file.101855* (i32)*)(i32 %269) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_compat_sys_ia32_mmap ------------- Path:  Function:__ia32_compat_sys_ia32_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #83 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %10 = trunc i64 %4 to i32 %11 = trunc i64 %3 to i32 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 114 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file* @fget(i32 %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %10 = trunc i64 %4 to i32 %11 = trunc i64 %3 to i32 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 114 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file* @fget(i32 %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %10 = trunc i64 %4 to i32 %11 = trunc i64 %3 to i32 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 114 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file* @fget(i32 %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %10 = trunc i64 %4 to i32 %11 = trunc i64 %3 to i32 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 114 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file* @fget(i32 %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %10 = trunc i64 %4 to i32 %11 = trunc i64 %3 to i32 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 114 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file* @fget(i32 %10) #83 ------------- Good: 22 Bad: 13 Ignored: 33 Check Use of Function:ipv6_sysctl_register Check Use of Function:check_zeroed_user Use: =BAD PATH= Call Stack: 0 copy_clone_args_from_user 1 __se_sys_clone3 2 __ia32_sys_clone3 ------------- Path:  Function:__ia32_sys_clone3 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_clone3(i64 %4, i64 %7) #83 Function:__se_sys_clone3 %3 = alloca %struct.kernel_clone_args, align 8 %4 = alloca [32 x i32], align 16 %5 = inttoptr i64 %0 to %struct.clone_args* %6 = bitcast %struct.kernel_clone_args* %3 to i8* %7 = bitcast [32 x i32]* %4 to i8* %8 = getelementptr inbounds [32 x i32], [32 x i32]* %4, i64 0, i64 0 %9 = getelementptr inbounds %struct.kernel_clone_args, %struct.kernel_clone_args* %3, i64 0, i32 8 store i32* %8, i32** %9, align 8 %10 = call fastcc i32 @copy_clone_args_from_user(%struct.kernel_clone_args* nonnull %3, %struct.clone_args* %5, i64 %1) #83 Function:copy_clone_args_from_user %4 = alloca %struct.clone_args, align 8 %5 = bitcast %struct.clone_args* %4 to i8* %6 = getelementptr inbounds %struct.kernel_clone_args, %struct.kernel_clone_args* %0, i64 0, i32 8 %7 = load i32*, i32** %6, align 8 %8 = icmp ugt i64 %2, 4096 br i1 %8, label %95, label %9, !prof !4, !misexpect !5 %10 = icmp ult i64 %2, 64 br i1 %10, label %95, label %11, !prof !4, !misexpect !5 %12 = bitcast %struct.clone_args* %1 to i8* %13 = icmp ugt i64 %2, 88 %14 = select i1 %13, i64 88, i64 %2 %15 = icmp ult i64 %2, 88 %16 = select i1 %15, i64 88, i64 %2 %17 = sub nuw nsw i64 %16, %14 br i1 %15, label %18, label %20 br i1 %13, label %21, label %27 %22 = getelementptr i8, i8* %12, i64 %14 %23 = tail call i32 @check_zeroed_user(i8* %22, i64 %17) #83 ------------- Use: =BAD PATH= Call Stack: 0 copy_clone_args_from_user 1 __se_sys_clone3 2 __x64_sys_clone3 ------------- Path:  Function:__x64_sys_clone3 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_clone3(i64 %3, i64 %5) #83 Function:__se_sys_clone3 %3 = alloca %struct.kernel_clone_args, align 8 %4 = alloca [32 x i32], align 16 %5 = inttoptr i64 %0 to %struct.clone_args* %6 = bitcast %struct.kernel_clone_args* %3 to i8* %7 = bitcast [32 x i32]* %4 to i8* %8 = getelementptr inbounds [32 x i32], [32 x i32]* %4, i64 0, i64 0 %9 = getelementptr inbounds %struct.kernel_clone_args, %struct.kernel_clone_args* %3, i64 0, i32 8 store i32* %8, i32** %9, align 8 %10 = call fastcc i32 @copy_clone_args_from_user(%struct.kernel_clone_args* nonnull %3, %struct.clone_args* %5, i64 %1) #83 Function:copy_clone_args_from_user %4 = alloca %struct.clone_args, align 8 %5 = bitcast %struct.clone_args* %4 to i8* %6 = getelementptr inbounds %struct.kernel_clone_args, %struct.kernel_clone_args* %0, i64 0, i32 8 %7 = load i32*, i32** %6, align 8 %8 = icmp ugt i64 %2, 4096 br i1 %8, label %95, label %9, !prof !4, !misexpect !5 %10 = icmp ult i64 %2, 64 br i1 %10, label %95, label %11, !prof !4, !misexpect !5 %12 = bitcast %struct.clone_args* %1 to i8* %13 = icmp ugt i64 %2, 88 %14 = select i1 %13, i64 88, i64 %2 %15 = icmp ult i64 %2, 88 %16 = select i1 %15, i64 88, i64 %2 %17 = sub nuw nsw i64 %16, %14 br i1 %15, label %18, label %20 br i1 %13, label %21, label %27 %22 = getelementptr i8, i8* %12, i64 %14 %23 = tail call i32 @check_zeroed_user(i8* %22, i64 %17) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #83 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.thread_info, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.101855, %struct.file.101855* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %14 = bitcast %struct.seccomp_notif* %8 to i8* %15 = tail call i32 @check_zeroed_user(i8* %12, i64 80) #83 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.thread_info, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.101855, %struct.file.101855* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %14 = bitcast %struct.seccomp_notif* %8 to i8* %15 = tail call i32 @check_zeroed_user(i8* %12, i64 80) #83 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.thread_info, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.101855, %struct.file.101855* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #83 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.thread_info, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.101855, %struct.file.101855* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #83 ------------- Use: =BAD PATH= Call Stack: 0 perf_copy_attr 1 __se_sys_perf_event_open 2 __ia32_sys_perf_event_open ------------- Path:  Function:__ia32_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = inttoptr i64 %0 to %struct.perf_event_attr* %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %3 to i32 %11 = bitcast %struct.perf_event_attr* %6 to i8* %12 = icmp ult i64 %4, 16 br i1 %12, label %13, label %1094 %14 = call i32 @security_perf_event_open(%struct.perf_event_attr* nonnull %6, i32 0) #83 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = call fastcc i32 @perf_copy_attr(%struct.perf_event_attr* %7, %struct.perf_event_attr* nonnull %6) #83 Function:perf_copy_attr %3 = bitcast %struct.perf_event_attr* %1 to i8* %5 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %0, i64 0, i32 1 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 1 %9 = extractvalue { i32*, i32, i64 } %6, 2 %10 = ptrtoint i32* %7 to i64 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %155 %14 = icmp eq i32 %8, 0 %15 = select i1 %14, i32 64, i32 %8 %16 = add i32 %15, -64 %17 = icmp ugt i32 %16, 4032 br i1 %17, label %150, label %18 %19 = bitcast %struct.perf_event_attr* %0 to i8* %20 = icmp ult i32 %15, 128 %21 = select i1 %20, i32 %15, i32 128 %22 = zext i32 %21 to i64 %23 = select i1 %20, i32 128, i32 %15 %24 = sub nuw nsw i32 %23, %21 %25 = zext i32 %24 to i64 br i1 %20, label %26, label %28 %29 = icmp eq i32 %15, 128 br i1 %29, label %36, label %30 %31 = getelementptr i8, i8* %19, i64 %22 %32 = tail call i32 @check_zeroed_user(i8* %31, i64 %25) #83 ------------- Use: =BAD PATH= Call Stack: 0 perf_copy_attr 1 __se_sys_perf_event_open 2 __x64_sys_perf_event_open ------------- Path:  Function:__x64_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = inttoptr i64 %0 to %struct.perf_event_attr* %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %3 to i32 %11 = bitcast %struct.perf_event_attr* %6 to i8* %12 = icmp ult i64 %4, 16 br i1 %12, label %13, label %1094 %14 = call i32 @security_perf_event_open(%struct.perf_event_attr* nonnull %6, i32 0) #83 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = call fastcc i32 @perf_copy_attr(%struct.perf_event_attr* %7, %struct.perf_event_attr* nonnull %6) #83 Function:perf_copy_attr %3 = bitcast %struct.perf_event_attr* %1 to i8* %5 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %0, i64 0, i32 1 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 1 %9 = extractvalue { i32*, i32, i64 } %6, 2 %10 = ptrtoint i32* %7 to i64 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %155 %14 = icmp eq i32 %8, 0 %15 = select i1 %14, i32 64, i32 %8 %16 = add i32 %15, -64 %17 = icmp ugt i32 %16, 4032 br i1 %17, label %150, label %18 %19 = bitcast %struct.perf_event_attr* %0 to i8* %20 = icmp ult i32 %15, 128 %21 = select i1 %20, i32 %15, i32 128 %22 = zext i32 %21 to i64 %23 = select i1 %20, i32 128, i32 %15 %24 = sub nuw nsw i32 %23, %21 %25 = zext i32 %24 to i64 br i1 %20, label %26, label %28 %29 = icmp eq i32 %15, 128 br i1 %29, label %36, label %30 %31 = getelementptr i8, i8* %19, i64 %22 %32 = tail call i32 @check_zeroed_user(i8* %31, i64 %25) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_openat2 1 __ia32_sys_openat2 ------------- Path:  Function:__ia32_sys_openat2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_openat2(i64 %4, i64 %7, i64 %10, i64 %13) #83 Function:__se_sys_openat2 %5 = alloca %struct.perf_branch_entry, align 8 %6 = trunc i64 %0 to i32 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to %struct.perf_branch_entry* %9 = bitcast %struct.perf_branch_entry* %5 to i8* %10 = icmp ult i64 %3, 24 br i1 %10, label %48, label %11, !prof !4, !misexpect !5 %12 = inttoptr i64 %2 to i8* %13 = icmp eq i64 %3, 24 br i1 %13, label %22, label %14 %15 = add i64 %3, -24 %16 = getelementptr %struct.perf_branch_entry, %struct.perf_branch_entry* %8, i64 1 %17 = bitcast %struct.perf_branch_entry* %16 to i8* %18 = tail call i32 @check_zeroed_user(i8* %17, i64 %15) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_openat2 1 __x64_sys_openat2 ------------- Path:  Function:__x64_sys_openat2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_openat2(i64 %3, i64 %5, i64 %7, i64 %9) #83 Function:__se_sys_openat2 %5 = alloca %struct.perf_branch_entry, align 8 %6 = trunc i64 %0 to i32 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to %struct.perf_branch_entry* %9 = bitcast %struct.perf_branch_entry* %5 to i8* %10 = icmp ult i64 %3, 24 br i1 %10, label %48, label %11, !prof !4, !misexpect !5 %12 = inttoptr i64 %2 to i8* %13 = icmp eq i64 %3, 24 br i1 %13, label %22, label %14 %15 = add i64 %3, -24 %16 = getelementptr %struct.perf_branch_entry, %struct.perf_branch_entry* %8, i64 1 %17 = bitcast %struct.perf_branch_entry* %16 to i8* %18 = tail call i32 @check_zeroed_user(i8* %17, i64 %15) #83 ------------- Good: 4 Bad: 12 Ignored: 11 Check Use of Function:ida_alloc_range Check Use of Function:drv_sta_state Check Use of Function:ida_free Use: =BAD PATH= Call Stack: 0 devpts_kill_index 1 pty_unix98_remove ------------- Path:  Function:pty_unix98_remove %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %11, label %8 %12 = phi %struct.tty_struct* [ %10, %8 ], [ %1, %2 ] %13 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.pts_fs_info** %15 = load %struct.pts_fs_info*, %struct.pts_fs_info** %14, align 8 %16 = icmp eq %struct.pts_fs_info* %15, null br i1 %16, label %20, label %17 %18 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %19 = load i32, i32* %18, align 8 tail call void @devpts_kill_index(%struct.pts_fs_info* nonnull %15, i32 %19) #83 Function:devpts_kill_index %3 = getelementptr inbounds %struct.pts_fs_info, %struct.pts_fs_info* %0, i64 0, i32 0 tail call void @ida_free(%struct.ida* %3, i32 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 devpts_kill_index 1 pty_unix98_remove ------------- Path:  Function:pty_unix98_remove %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %11, label %8 %12 = phi %struct.tty_struct* [ %10, %8 ], [ %1, %2 ] %13 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.pts_fs_info** %15 = load %struct.pts_fs_info*, %struct.pts_fs_info** %14, align 8 %16 = icmp eq %struct.pts_fs_info* %15, null br i1 %16, label %20, label %17 %18 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %19 = load i32, i32* %18, align 8 tail call void @devpts_kill_index(%struct.pts_fs_info* nonnull %15, i32 %19) #83 Function:devpts_kill_index %3 = getelementptr inbounds %struct.pts_fs_info, %struct.pts_fs_info* %0, i64 0, i32 0 tail call void @ida_free(%struct.ida* %3, i32 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_set_lock_state 1 nfs4_proc_unlck 2 nfs4_proc_lock ------------- Path:  Function:nfs4_proc_lock %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.nfs_open_context.233158** %7 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %6, align 8 %8 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %7, i64 0, i32 5 %9 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %8, align 8 %10 = icmp eq i32 %1, 5 br i1 %10, label %11, label %15 %16 = and i32 %1, -2 %17 = icmp eq i32 %16, 6 br i1 %17, label %18, label %143 %19 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %2, i64 0, i32 7 %20 = load i8, i8* %19, align 4 %21 = icmp eq i8 %20, 2 %22 = icmp eq %struct.nfs4_state.233157* %9, null br i1 %21, label %23, label %26 br i1 %22, label %143, label %24 %25 = tail call fastcc i32 @nfs4_proc_unlck(%struct.nfs4_state.233157* nonnull %9, %struct.file_lock* %2) #83 Function:nfs4_proc_unlck %3 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %0, i64 0, i32 4 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.233154*, %struct.nfs4_state_owner.233154** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 24, i32 4 %8 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.nfs4_state.234728*, %struct.file_lock*)* @nfs4_set_lock_state to i32 (%struct.nfs4_state.233157*, %struct.file_lock*)*)(%struct.nfs4_state.233157* %0, %struct.file_lock* %1) #83 Function:nfs4_set_lock_state %3 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 17 %4 = load %struct.file_lock_operations*, %struct.file_lock_operations** %3, align 8 %5 = icmp eq %struct.file_lock_operations* %4, null br i1 %5, label %6, label %112 %7 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 5 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 6, i32 0, i32 0 %10 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 2 %11 = bitcast %struct.list_head* %10 to %struct.nfs4_lock_state.234758** %12 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 3 br label %13 %14 = phi %struct.nfs4_lock_state.234758* [ null, %6 ], [ %59, %90 ] tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %15 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %11, align 8 %16 = getelementptr %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %15, i64 0, i32 0 %17 = icmp eq %struct.list_head* %16, %10 br i1 %17, label %43, label %18 %19 = phi %struct.nfs4_lock_state.234758* [ %28, %24 ], [ %15, %13 ] %20 = phi %struct.nfs4_lock_state.234758* [ %26, %24 ], [ null, %13 ] %21 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %19, i64 0, i32 6 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, %8 br i1 %23, label %31, label %24 %25 = icmp eq i8* %22, null %26 = select i1 %25, %struct.nfs4_lock_state.234758* %19, %struct.nfs4_lock_state.234758* %20 %27 = bitcast %struct.nfs4_lock_state.234758* %19 to %struct.nfs4_lock_state.234758** %28 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %28, i64 0, i32 0 %30 = icmp eq %struct.list_head* %29, %10 br i1 %30, label %31, label %18 %32 = phi %struct.nfs4_lock_state.234758* [ %26, %24 ], [ %19, %18 ] %33 = icmp eq %struct.nfs4_lock_state.234758* %32, null br i1 %33, label %43, label %34 %35 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %32, i64 0, i32 5 %36 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %35, i64 0, i32 0, i32 0 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 1, i32* %36) #6, !srcloc !4 %38 = icmp eq i32 %37, 0 br i1 %38, label %95, label %39, !prof !5, !misexpect !6 %40 = add i32 %37, 1 %41 = or i32 %40, %37 %42 = icmp sgt i32 %41, -1 br i1 %42, label %97, label %95, !prof !7, !misexpect !6 %96 = phi i32 [ 2, %34 ], [ 1, %39 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %35, i32 %96) #83 br label %97 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %98 = icmp eq %struct.nfs4_lock_state.234758* %14, null br i1 %98, label %108, label %99 %100 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %12, align 8 %101 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %100, i64 0, i32 0 %102 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %101, align 8 %103 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %102, i64 0, i32 46 %104 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %14, i64 0, i32 3, i32 1 %105 = load i32, i32* %104, align 8 tail call void @ida_free(%struct.ida* %103, i32 %105) #83 ------------- Good: 137 Bad: 3 Ignored: 53 Check Use of Function:autofs_dev_ioctl_compat Check Use of Function:walk_page_range Use: =BAD PATH= Call Stack: 0 madvise_willneed 1 do_madvise 2 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #83 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %12 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %13 = bitcast %struct.vm_area_struct* %0 to i8* %14 = tail call i32 @walk_page_range(%struct.mm_struct* %12, i64 %2, i64 %3, %struct.mm_walk_ops* nonnull @swapin_walk_ops, i8* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 madvise_willneed 1 do_madvise 2 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #83 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %12 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %13 = bitcast %struct.vm_area_struct* %0 to i8* %14 = tail call i32 @walk_page_range(%struct.mm_struct* %12, i64 %2, i64 %3, %struct.mm_walk_ops* nonnull @swapin_walk_ops, i8* %13) #83 ------------- Good: 27 Bad: 2 Ignored: 13 Check Use of Function:hugetlbfs_create Check Use of Function:drm_send_event_timestamp_locked Check Use of Function:xt_match_to_user Check Use of Function:fat_trim_fs Check Use of Function:init_mkdir Check Use of Function:lookup_user_key Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %48 = trunc i64 %1 to i32 %49 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %48, i64 0, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %48 = trunc i64 %1 to i32 %49 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %48, i64 0, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %80 = trunc i64 %2 to i32 %81 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %80, i64 1, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %80 = trunc i64 %2 to i32 %81 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %80, i64 1, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %126 = trunc i64 %2 to i32 %127 = and i32 %126, -1061109568 %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %293 %130 = trunc i64 %1 to i32 %131 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %130, i64 3, i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %126 = trunc i64 %2 to i32 %127 = and i32 %126, -1061109568 %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %293 %130 = trunc i64 %1 to i32 %131 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %130, i64 3, i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_move 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_move 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %273 = trunc i64 %1 to i32 %274 = trunc i64 %2 to i32 %275 = trunc i64 %3 to i32 %276 = trunc i64 %4 to i32 %277 = tail call i64 @keyctl_keyring_move(i32 %273, i32 %274, i32 %275, i32 %276) #83 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_move 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %273 = trunc i64 %1 to i32 %274 = trunc i64 %2 to i32 %275 = trunc i64 %3 to i32 %276 = trunc i64 %4 to i32 %277 = tail call i64 @keyctl_keyring_move(i32 %273, i32 %274, i32 %275, i32 %276) #83 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %75 = inttoptr i64 %9 to i8* %76 = inttoptr i64 %12 to i8* %77 = tail call i64 @keyctl_restrict_keyring(i32 %17, i8* %75, i8* %76) #83 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %249 = trunc i64 %1 to i32 %250 = inttoptr i64 %2 to i8* %251 = inttoptr i64 %3 to i8* %252 = tail call i64 @keyctl_restrict_keyring(i32 %249, i8* %250, i8* %251) #83 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %249 = trunc i64 %1 to i32 %250 = inttoptr i64 %2 to i8* %251 = inttoptr i64 %3 to i8* %252 = tail call i64 @keyctl_restrict_keyring(i32 %249, i8* %250, i8* %251) #83 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %73 = tail call i64 @keyctl_invalidate_key(i32 %17) #83 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %246 = trunc i64 %1 to i32 %247 = tail call i64 @keyctl_invalidate_key(i32 %246) #83 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %246 = trunc i64 %1 to i32 %247 = tail call i64 @keyctl_invalidate_key(i32 %246) #83 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %66 = tail call i64 @keyctl_session_to_parent() #83 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 5) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %219 = tail call i64 @keyctl_session_to_parent() #83 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 5) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %219 = tail call i64 @keyctl_session_to_parent() #83 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 5) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %63 = inttoptr i64 %9 to i8* %64 = tail call i64 @keyctl_get_security(i32 %17, i8* %63, i64 %12) #83 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %215 = trunc i64 %1 to i32 %216 = inttoptr i64 %2 to i8* %217 = tail call i64 @keyctl_get_security(i32 %215, i8* %216, i64 %3) #83 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %215 = trunc i64 %1 to i32 %216 = inttoptr i64 %2 to i8* %217 = tail call i64 @keyctl_get_security(i32 %215, i8* %216, i64 %3) #83 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %59 = tail call i64 @keyctl_set_timeout(i32 %17, i32 %18) #83 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %208 = trunc i64 %1 to i32 %209 = trunc i64 %2 to i32 %210 = tail call i64 @keyctl_set_timeout(i32 %208, i32 %209) #83 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %208 = trunc i64 %1 to i32 %209 = trunc i64 %2 to i32 %210 = tail call i64 @keyctl_set_timeout(i32 %208, i32 %209) #83 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %68 = tail call i64 @keyctl_reject_key(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.264755** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.264755**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.264755* %7 = getelementptr inbounds %struct.task_struct.264755, %struct.task_struct.264755* %6, i64 0, i32 94 %8 = load %struct.cred.264455*, %struct.cred.264455** %7, align 8 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.264455, %struct.cred.264455* %8, i64 0, i32 19 %16 = load %struct.key.264430*, %struct.key.264430** %15, align 8 %17 = icmp eq %struct.key.264430* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.264758** %21 = load %struct.request_key_auth.264758*, %struct.request_key_auth.264758** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 1 %23 = load %struct.key.264430*, %struct.key.264430** %22, align 8 %24 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %32 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %221 = trunc i64 %1 to i32 %222 = trunc i64 %2 to i32 %223 = trunc i64 %3 to i32 %224 = trunc i64 %4 to i32 %225 = tail call i64 @keyctl_reject_key(i32 %221, i32 %222, i32 %223, i32 %224) #83 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.264755** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.264755**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.264755* %7 = getelementptr inbounds %struct.task_struct.264755, %struct.task_struct.264755* %6, i64 0, i32 94 %8 = load %struct.cred.264455*, %struct.cred.264455** %7, align 8 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.264455, %struct.cred.264455* %8, i64 0, i32 19 %16 = load %struct.key.264430*, %struct.key.264430** %15, align 8 %17 = icmp eq %struct.key.264430* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.264758** %21 = load %struct.request_key_auth.264758*, %struct.request_key_auth.264758** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 1 %23 = load %struct.key.264430*, %struct.key.264430** %22, align 8 %24 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %32 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %221 = trunc i64 %1 to i32 %222 = trunc i64 %2 to i32 %223 = trunc i64 %3 to i32 %224 = trunc i64 %4 to i32 %225 = tail call i64 @keyctl_reject_key(i32 %221, i32 %222, i32 %223, i32 %224) #83 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.264755** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.264755**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.264755* %7 = getelementptr inbounds %struct.task_struct.264755, %struct.task_struct.264755* %6, i64 0, i32 94 %8 = load %struct.cred.264455*, %struct.cred.264455** %7, align 8 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.264455, %struct.cred.264455* %8, i64 0, i32 19 %16 = load %struct.key.264430*, %struct.key.264430** %15, align 8 %17 = icmp eq %struct.key.264430* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.264758** %21 = load %struct.request_key_auth.264758*, %struct.request_key_auth.264758** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %21, i64 0, i32 1 %23 = load %struct.key.264430*, %struct.key.264430** %22, align 8 %24 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %32 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_instantiate_key_common 1 keyctl_instantiate_key 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %52 = inttoptr i64 %9 to i8* %53 = tail call i64 @keyctl_instantiate_key(i32 %17, i8* %52, i64 %12, i32 %20) #83 Function:keyctl_instantiate_key %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.iov_iter, align 8 %7 = icmp ne i8* %1, null %8 = icmp ne i64 %2, 0 %9 = and i1 %7, %8 br i1 %9, label %10, label %21 %22 = tail call fastcc i64 @keyctl_instantiate_key_common(i32 %0, %struct.iov_iter* null, i32 %3) #84 Function:keyctl_instantiate_key_common %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.264755** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.264755**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.264755* %6 = getelementptr inbounds %struct.task_struct.264755, %struct.task_struct.264755* %5, i64 0, i32 94 %7 = load %struct.cred.264455*, %struct.cred.264455** %6, align 8 %8 = icmp eq %struct.iov_iter* %1, null br i1 %8, label %15, label %9 %16 = phi %struct.iov_iter* [ %1, %13 ], [ null, %9 ], [ null, %3 ] %17 = phi i64 [ %11, %13 ], [ 0, %9 ], [ 0, %3 ] %18 = getelementptr inbounds %struct.cred.264455, %struct.cred.264455* %7, i64 0, i32 19 %19 = load %struct.key.264430*, %struct.key.264430** %18, align 8 %20 = icmp eq %struct.key.264430* %19, null br i1 %20, label %88, label %21 %22 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %19, i64 0, i32 16, i32 0, i32 0, i64 0 %23 = bitcast i8** %22 to %struct.request_key_auth.264758** %24 = load %struct.request_key_auth.264758*, %struct.request_key_auth.264758** %23, align 8 %25 = getelementptr inbounds %struct.request_key_auth.264758, %struct.request_key_auth.264758* %24, i64 0, i32 1 %26 = load %struct.key.264430*, %struct.key.264430** %25, align 8 %27 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %0 br i1 %29, label %30, label %88 %31 = icmp eq %struct.iov_iter* %16, null br i1 %31, label %39, label %32 %33 = tail call noalias i8* @kvmalloc_node(i64 %17, i32 3264, i32 -1) #83 %34 = icmp eq i8* %33, null br i1 %34, label %88, label %35 %36 = tail call i64 @_copy_from_iter(i8* nonnull %33, i64 %17, %struct.iov_iter* nonnull %16) #84 %37 = icmp eq i64 %36, %17 br i1 %37, label %39, label %38, !prof !5, !misexpect !6 %40 = phi i8* [ null, %30 ], [ %33, %35 ] %41 = icmp eq i32 %2, 0 br i1 %41, label %72, label %42 %43 = icmp sgt i32 %2, 0 br i1 %43, label %44, label %51 %45 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %2, i64 1, i32 3) #84 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %48 = tail call i64 @keyctl_chown_key(i32 %17, i32 %18, i32 %19) #83 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %109, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %121 = trunc i64 %1 to i32 %122 = trunc i64 %2 to i32 %123 = trunc i64 %3 to i32 %124 = tail call i64 @keyctl_chown_key(i32 %121, i32 %122, i32 %123) #83 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %109, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %121 = trunc i64 %1 to i32 %122 = trunc i64 %2 to i32 %123 = trunc i64 %3 to i32 %124 = tail call i64 @keyctl_chown_key(i32 %121, i32 %122, i32 %123) #83 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %109, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %45 = inttoptr i64 %9 to i8* %46 = tail call i64 @keyctl_read_key(i32 %17, i8* %45, i64 %12) #83 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 10) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %117 = trunc i64 %1 to i32 %118 = inttoptr i64 %2 to i8* %119 = tail call i64 @keyctl_read_key(i32 %117, i8* %118, i64 %3) #83 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 10) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %117 = trunc i64 %1 to i32 %118 = inttoptr i64 %2 to i8* %119 = tail call i64 @keyctl_read_key(i32 %117, i8* %118, i64 %3) #83 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 10) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %39 = tail call i64 @keyctl_keyring_unlink(i32 %17, i32 %18) #83 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %107 = trunc i64 %1 to i32 %108 = trunc i64 %2 to i32 %109 = tail call i64 @keyctl_keyring_unlink(i32 %107, i32 %108) #83 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %107 = trunc i64 %1 to i32 %108 = trunc i64 %2 to i32 %109 = tail call i64 @keyctl_keyring_unlink(i32 %107, i32 %108) #83 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %35 = tail call i64 @keyctl_keyring_clear(i32 %17) #83 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %77 = trunc i64 %1 to i32 %78 = tail call i64 @keyctl_keyring_clear(i32 %77) #83 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %77 = trunc i64 %1 to i32 %78 = tail call i64 @keyctl_keyring_clear(i32 %77) #83 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %32 = inttoptr i64 %9 to i8* %33 = tail call i64 @keyctl_describe_key(i32 %17, i8* %32, i64 %12) #83 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %72 = trunc i64 %1 to i32 %73 = inttoptr i64 %2 to i8* %74 = and i64 %3, 4294967295 %75 = tail call i64 @keyctl_describe_key(i32 %72, i8* %73, i64 %74) #83 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %72 = trunc i64 %1 to i32 %73 = inttoptr i64 %2 to i8* %74 = and i64 %3, 4294967295 %75 = tail call i64 @keyctl_describe_key(i32 %72, i8* %73, i64 %74) #83 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %27 = inttoptr i64 %9 to i8* %28 = tail call i64 @keyctl_update_key(i32 %17, i8* %27, i64 %12) #83 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call noalias i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #83 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #84 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #84 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #83 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call noalias i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #83 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #84 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #84 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #83 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call noalias i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #83 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #84 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #84 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_keyring_ID 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %22 = tail call i64 @keyctl_get_keyring_ID(i32 %17, i32 %18) #83 Function:keyctl_get_keyring_ID %3 = icmp ne i32 %1, 0 %4 = zext i1 %3 to i64 %5 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 %4, i32 4) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_revoke_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %30 = tail call i64 @keyctl_revoke_key(i32 %17) #83 Function:keyctl_revoke_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_link 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %37 = tail call i64 @keyctl_keyring_link(i32 %17, i32 %18) #83 Function:keyctl_keyring_link %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 1, i32 3) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_setperm_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %50 = tail call i64 @keyctl_setperm_key(i32 %17, i32 %18) #83 Function:keyctl_setperm_key %3 = and i32 %1, -1061109568 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %28 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #83 ------------- Good: 20 Bad: 55 Ignored: 0 Check Use of Function:ieee80211_freq_khz_to_channel Check Use of Function:dm_pr_release Check Use of Function:ieee80211_sta_rx_bw_to_chan_width Check Use of Function:drv_change_interface Check Use of Function:fat_generic_ioctl Use: =BAD PATH= Call Stack: 0 fat_dir_ioctl ------------- Path:  Function:fat_dir_ioctl %4 = alloca %struct.fat_ioctl_filldir_callback, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = inttoptr i64 %2 to %struct.__fat_dirent* switch i32 %1, label %9 [ i32 -2110754302, label %11 i32 -2110754303, label %8 ] %10 = tail call i64 bitcast (i64 (%struct.file.207352*, i32, i64)* @fat_generic_ioctl to i64 (%struct.file*, i32, i64)*)(%struct.file* %0, i32 %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 fat_compat_dir_ioctl ------------- Path:  Function:fat_compat_dir_ioctl %4 = alloca %struct.fat_ioctl_filldir_callback, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = and i64 %2, 4294967295 %8 = inttoptr i64 %7 to i8* switch i32 %1, label %10 [ i32 -2112327166, label %12 i32 -2112327167, label %9 ] %11 = tail call i64 bitcast (i64 (%struct.file.207352*, i32, i64)* @fat_generic_ioctl to i64 (%struct.file*, i32, i64)*)(%struct.file* %0, i32 %1, i64 %2) #83 ------------- Good: 0 Bad: 2 Ignored: 0 Check Use of Function:drm_crtc_check_viewport Check Use of Function:hrtimer_start_range_ns Use: =BAD PATH= Call Stack: 0 task_clock_event_add ------------- Path:  Function:task_clock_event_add %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %30, label %5 %6 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 27 %7 = load %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %6, align 8 %8 = getelementptr inbounds %struct.perf_event_context.115041, %struct.perf_event_context.115041* %7, i64 0, i32 18 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 26, i32 5, i32 0, i32 0, i32 0 store volatile i64 %9, i64* %10, align 8 %11 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 22, i32 3, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %30, label %14 %15 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 26, i32 7, i32 0, i32 1, i32 0, i32 0, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %21, label %18 %22 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 26, i32 6 %23 = load i64, i64* %22, align 8 %24 = icmp ugt i64 %23, 10000 %25 = select i1 %24, i64 %23, i64 10000 br label %26 %27 = phi i64 [ %20, %18 ], [ %25, %21 ] %28 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 26, i32 0 %29 = bitcast %union.anon.66.296* %28 to %struct.hrtimer* tail call void @hrtimer_start_range_ns(%struct.hrtimer* %29, i64 %27, i64 0, i32 11) #83 ------------- Use: =BAD PATH= Call Stack: 0 task_clock_event_start ------------- Path:  Function:task_clock_event_start %3 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 27 %4 = load %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %3, align 8 %5 = getelementptr inbounds %struct.perf_event_context.115041, %struct.perf_event_context.115041* %4, i64 0, i32 18 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 26, i32 5, i32 0, i32 0, i32 0 store volatile i64 %6, i64* %7, align 8 %8 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 22, i32 3, i32 0 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %27, label %11 %12 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 26, i32 7, i32 0, i32 1, i32 0, i32 0, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %18, label %15 %19 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 26, i32 6 %20 = load i64, i64* %19, align 8 %21 = icmp ugt i64 %20, 10000 %22 = select i1 %21, i64 %20, i64 10000 br label %23 %24 = phi i64 [ %17, %15 ], [ %22, %18 ] %25 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 26, i32 0 %26 = bitcast %union.anon.66.296* %25 to %struct.hrtimer* tail call void @hrtimer_start_range_ns(%struct.hrtimer* %26, i64 %24, i64 0, i32 11) #83 ------------- Good: 201 Bad: 2 Ignored: 165 Check Use of Function:dma_buf_ioctl Check Use of Function:sock_ioctl Use: =BAD PATH= Call Stack: 0 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8*, align 8 %6 = alloca %struct.ifreq, align 8 %7 = alloca %struct.ifreq, align 8 %8 = alloca i8, align 1 %9 = alloca i8*, align 8 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.socket** %12 = load %struct.socket*, %struct.socket** %11, align 8 %13 = getelementptr inbounds %struct.socket, %struct.socket* %12, i64 0, i32 4 %14 = getelementptr inbounds %struct.socket, %struct.socket* %12, i64 0, i32 5 %15 = load %struct.proto_ops*, %struct.proto_ops** %14, align 32 %16 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %15, i64 0, i32 10 %17 = load i32 (%struct.socket*, i32, i64)*, i32 (%struct.socket*, i32, i64)** %16, align 8 %18 = icmp eq i32 (%struct.socket*, i32, i64)* %17, null br i1 %18, label %21, label %19 %22 = phi i32 [ %20, %19 ], [ -515, %3 ] %23 = icmp eq i32 %22, -515 %24 = and i32 %1, -256 %25 = icmp eq i32 %24, 35584 %26 = and i1 %25, %23 %27 = xor i1 %23, true %28 = or i1 %25, %27 %29 = select i1 %26, i32 -22, i32 %22 br i1 %28, label %164, label %30 %31 = and i64 %2, 4294967295 %32 = inttoptr i64 %31 to i8* %33 = load %struct.sock*, %struct.sock** %13, align 8 %34 = getelementptr inbounds %struct.sock, %struct.sock* %33, i64 0, i32 0, i32 9, i32 0 %35 = load %struct.net*, %struct.net** %34, align 8 %36 = and i32 %1, -16 %37 = icmp eq i32 %36, 35312 br i1 %37, label %38, label %41 switch i32 %1, label %164 [ i32 35137, label %42 i32 35136, label %42 i32 35146, label %55 i32 35078, label %100 i32 35079, label %100 i32 35142, label %108 i32 35219, label %108 i32 35220, label %108 i32 35248, label %108 i32 35249, label %108 i32 35073, label %126 i32 35074, label %126 i32 35075, label %126 i32 35076, label %126 i32 35232, label %126 i32 35233, label %126 i32 35202, label %126 i32 35203, label %126 i32 35148, label %126 i32 -2146399994, label %126 i32 -2146399993, label %126 i32 35090, label %126 i32 35091, label %129 i32 35092, label %129 i32 35184, label %129 i32 35185, label %129 i32 35101, label %129 i32 35102, label %129 i32 35105, label %129 i32 35106, label %129 i32 35103, label %129 i32 35104, label %129 i32 35111, label %129 i32 35108, label %129 i32 35121, label %129 i32 35122, label %129 i32 35123, label %129 i32 35093, label %129 i32 35094, label %129 i32 35127, label %129 i32 35126, label %129 i32 35097, label %129 i32 35098, label %129 i32 35095, label %129 i32 35096, label %129 i32 35099, label %129 i32 35100, label %129 i32 35124, label %129 i32 35125, label %129 i32 35138, label %129 i32 35139, label %129 i32 35234, label %129 i32 35235, label %129 i32 35088, label %129 i32 35107, label %129 i32 35143, label %129 i32 35144, label %129 i32 35145, label %129 i32 35216, label %129 i32 35217, label %129 i32 35218, label %129 i32 35221, label %129 i32 35157, label %129 i32 35156, label %129 i32 35155, label %129 i32 21521, label %129 i32 35147, label %129 i32 35077, label %129 ] %127 = tail call i64 @sock_ioctl(%struct.file* %0, i32 %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8*, align 8 %6 = alloca %struct.ifreq, align 8 %7 = alloca %struct.ifreq, align 8 %8 = alloca i8, align 1 %9 = alloca i8*, align 8 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.socket** %12 = load %struct.socket*, %struct.socket** %11, align 8 %13 = getelementptr inbounds %struct.socket, %struct.socket* %12, i64 0, i32 4 %14 = getelementptr inbounds %struct.socket, %struct.socket* %12, i64 0, i32 5 %15 = load %struct.proto_ops*, %struct.proto_ops** %14, align 32 %16 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %15, i64 0, i32 10 %17 = load i32 (%struct.socket*, i32, i64)*, i32 (%struct.socket*, i32, i64)** %16, align 8 %18 = icmp eq i32 (%struct.socket*, i32, i64)* %17, null br i1 %18, label %21, label %19 %22 = phi i32 [ %20, %19 ], [ -515, %3 ] %23 = icmp eq i32 %22, -515 %24 = and i32 %1, -256 %25 = icmp eq i32 %24, 35584 %26 = and i1 %25, %23 %27 = xor i1 %23, true %28 = or i1 %25, %27 %29 = select i1 %26, i32 -22, i32 %22 br i1 %28, label %164, label %30 %31 = and i64 %2, 4294967295 %32 = inttoptr i64 %31 to i8* %33 = load %struct.sock*, %struct.sock** %13, align 8 %34 = getelementptr inbounds %struct.sock, %struct.sock* %33, i64 0, i32 0, i32 9, i32 0 %35 = load %struct.net*, %struct.net** %34, align 8 %36 = and i32 %1, -16 %37 = icmp eq i32 %36, 35312 br i1 %37, label %38, label %41 %39 = tail call i64 @sock_ioctl(%struct.file* %0, i32 %1, i64 %31) #83 ------------- Good: 6 Bad: 2 Ignored: 3 Check Use of Function:autofs_dev_ioctl Use: =BAD PATH= Call Stack: 0 autofs_dev_ioctl_compat ------------- Path:  Function:autofs_dev_ioctl_compat %4 = and i64 %2, 4294967295 %5 = tail call i64 @autofs_dev_ioctl(%struct.file* %0, i32 %1, i64 %4) #83 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:e1000e_reset Check Use of Function:drm_atomic_helper_update_plane Check Use of Function:out_of_line_wait_on_bit Use: =BAD PATH= Call Stack: 0 wait_for_key_construction 1 lookup_user_key 2 __se_sys_keyctl 3 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 store %struct.key.264821* %258, %struct.key.264821** %5, align 8 %259 = icmp ugt %struct.key.264821* %258, inttoptr (i64 -4096 to %struct.key.264821*) br i1 %259, label %260, label %262 %263 = ptrtoint %struct.key.264821* %258 to i64 %264 = bitcast %struct.key.264821* %258 to %struct.__key_reference_with_attributes* %265 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %258, i64 0, i32 15, i32 0 %266 = bitcast %struct.keyring_index_key.264817* %265 to i8* %267 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 2, i32 1 %268 = bitcast i8** %267 to i64* store i64 %263, i64* %268, align 8 call void @__rcu_read_lock() #83 %269 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 %270 = icmp ugt %struct.__key_reference_with_attributes* %269, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %270, label %271, label %308 %272 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %273 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %272, i64 0, i32 19 %274 = load %struct.key.264821*, %struct.key.264821** %273, align 8 %275 = icmp eq %struct.key.264821* %274, null br i1 %275, label %299, label %276 %277 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %278 = icmp eq %struct.cred.265010* %272, %277 br i1 %278, label %279, label %299 %280 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 0, i32 2 %281 = load %struct.key_type.265226*, %struct.key_type.265226** %280, align 8 %282 = icmp eq %struct.key_type.265226* %281, bitcast ({ i8*, i64, i32, i32 (i8*)*, i32 (%struct.key_preparsed_payload*)*, void (%struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key_match_data.265574*)*, void (%struct.key_match_data.265574*)*, void (%struct.key.265828*)*, void (%struct.key.265828*)*, void (%struct.key.265828*, %struct.seq_file.265818*)*, i64 (%struct.key.265828*, i8*, i64)*, i32 (%struct.key.265828*, i8*)*, %struct.key_restriction.265819* (i8*)*, i32 (%struct.kernel_pkey_params.265821*, %struct.kernel_pkey_query*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, %struct.list_head, %struct.lockdep_map }* @key_type_request_key_auth to %struct.key_type.265226*) br i1 %282, label %299, label %283 %284 = call i32 bitcast (i32 (%struct.key.237885*)* @key_validate to i32 (%struct.key.264821*)*)(%struct.key.264821* nonnull %274) #83 %285 = icmp eq i32 %284, 0 br i1 %285, label %286, label %299 %287 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %288 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %287, i64 0, i32 19 %289 = load %struct.key.264821*, %struct.key.264821** %288, align 8 %290 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %289, i64 0, i32 16, i32 0, i32 0, i64 0 %291 = bitcast i8** %290 to %struct.request_key_auth.265231** %292 = load %struct.request_key_auth.265231*, %struct.request_key_auth.265231** %291, align 8 %293 = getelementptr inbounds %struct.request_key_auth.265231, %struct.request_key_auth.265231* %292, i64 0, i32 3 %294 = bitcast %struct.cred.265010** %293 to i64* %295 = load i64, i64* %294, align 8 %296 = bitcast %struct.cred.265010** %13 to i64* store i64 %295, i64* %296, align 8 %297 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 store %struct.cred.265010* %272, %struct.cred.265010** %13, align 8 %298 = icmp ugt %struct.__key_reference_with_attributes* %297, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %298, label %299, label %308 %300 = phi %struct.__key_reference_with_attributes* [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %279 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %276 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %271 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %283 ], [ %297, %286 ] %301 = icmp eq %struct.__key_reference_with_attributes* %269, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %302 = icmp eq %struct.__key_reference_with_attributes* %300, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %303 = or i1 %301, %302 br i1 %303, label %304, label %305 call void @__rcu_read_unlock() #83 br label %313 %314 = phi %struct.__key_reference_with_attributes* [ %264, %308 ], [ %309, %311 ], [ %254, %251 ], [ %212, %208 ], [ %192, %188 ], [ %184, %180 ], [ %176, %172 ], [ %123, %119 ], [ %73, %69 ], [ %264, %304 ] %315 = icmp eq i32 %2, 7 br i1 %315, label %336, label %316 %317 = and i64 %1, 2 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %325 %320 = load %struct.key.264821*, %struct.key.264821** %5, align 8 %321 = call i32 bitcast (i32 (%struct.key.237885*, i1)* @wait_for_key_construction to i32 (%struct.key.264821*, i1)*)(%struct.key.264821* %320, i1 zeroext true) #83 Function:wait_for_key_construction %3 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %0, i64 0, i32 14 %4 = tail call i32 @__SCT__might_resched() #83 %5 = load volatile i64, i64* %3, align 8 %6 = and i64 %5, 8 %7 = icmp eq i64 %6, 0 br i1 %7, label %13, label %8 %9 = select i1 %1, i32 1, i32 2 %10 = bitcast i64* %3 to i8* %11 = tail call i32 @out_of_line_wait_on_bit(i8* %10, i32 3, i32 (%struct.sigaltstack*, i32)* nonnull @bit_wait, i32 %9) #83 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_key_construction 1 lookup_user_key 2 __se_sys_keyctl 3 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 store %struct.key.264821* %258, %struct.key.264821** %5, align 8 %259 = icmp ugt %struct.key.264821* %258, inttoptr (i64 -4096 to %struct.key.264821*) br i1 %259, label %260, label %262 %263 = ptrtoint %struct.key.264821* %258 to i64 %264 = bitcast %struct.key.264821* %258 to %struct.__key_reference_with_attributes* %265 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %258, i64 0, i32 15, i32 0 %266 = bitcast %struct.keyring_index_key.264817* %265 to i8* %267 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 2, i32 1 %268 = bitcast i8** %267 to i64* store i64 %263, i64* %268, align 8 call void @__rcu_read_lock() #83 %269 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 %270 = icmp ugt %struct.__key_reference_with_attributes* %269, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %270, label %271, label %308 %272 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %273 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %272, i64 0, i32 19 %274 = load %struct.key.264821*, %struct.key.264821** %273, align 8 %275 = icmp eq %struct.key.264821* %274, null br i1 %275, label %299, label %276 %277 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %278 = icmp eq %struct.cred.265010* %272, %277 br i1 %278, label %279, label %299 %280 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 0, i32 2 %281 = load %struct.key_type.265226*, %struct.key_type.265226** %280, align 8 %282 = icmp eq %struct.key_type.265226* %281, bitcast ({ i8*, i64, i32, i32 (i8*)*, i32 (%struct.key_preparsed_payload*)*, void (%struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key_match_data.265574*)*, void (%struct.key_match_data.265574*)*, void (%struct.key.265828*)*, void (%struct.key.265828*)*, void (%struct.key.265828*, %struct.seq_file.265818*)*, i64 (%struct.key.265828*, i8*, i64)*, i32 (%struct.key.265828*, i8*)*, %struct.key_restriction.265819* (i8*)*, i32 (%struct.kernel_pkey_params.265821*, %struct.kernel_pkey_query*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, %struct.list_head, %struct.lockdep_map }* @key_type_request_key_auth to %struct.key_type.265226*) br i1 %282, label %299, label %283 %284 = call i32 bitcast (i32 (%struct.key.237885*)* @key_validate to i32 (%struct.key.264821*)*)(%struct.key.264821* nonnull %274) #83 %285 = icmp eq i32 %284, 0 br i1 %285, label %286, label %299 %287 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %288 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %287, i64 0, i32 19 %289 = load %struct.key.264821*, %struct.key.264821** %288, align 8 %290 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %289, i64 0, i32 16, i32 0, i32 0, i64 0 %291 = bitcast i8** %290 to %struct.request_key_auth.265231** %292 = load %struct.request_key_auth.265231*, %struct.request_key_auth.265231** %291, align 8 %293 = getelementptr inbounds %struct.request_key_auth.265231, %struct.request_key_auth.265231* %292, i64 0, i32 3 %294 = bitcast %struct.cred.265010** %293 to i64* %295 = load i64, i64* %294, align 8 %296 = bitcast %struct.cred.265010** %13 to i64* store i64 %295, i64* %296, align 8 %297 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 store %struct.cred.265010* %272, %struct.cred.265010** %13, align 8 %298 = icmp ugt %struct.__key_reference_with_attributes* %297, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %298, label %299, label %308 %300 = phi %struct.__key_reference_with_attributes* [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %279 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %276 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %271 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %283 ], [ %297, %286 ] %301 = icmp eq %struct.__key_reference_with_attributes* %269, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %302 = icmp eq %struct.__key_reference_with_attributes* %300, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %303 = or i1 %301, %302 br i1 %303, label %304, label %305 call void @__rcu_read_unlock() #83 br label %313 %314 = phi %struct.__key_reference_with_attributes* [ %264, %308 ], [ %309, %311 ], [ %254, %251 ], [ %212, %208 ], [ %192, %188 ], [ %184, %180 ], [ %176, %172 ], [ %123, %119 ], [ %73, %69 ], [ %264, %304 ] %315 = icmp eq i32 %2, 7 br i1 %315, label %336, label %316 %317 = and i64 %1, 2 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %325 %320 = load %struct.key.264821*, %struct.key.264821** %5, align 8 %321 = call i32 bitcast (i32 (%struct.key.237885*, i1)* @wait_for_key_construction to i32 (%struct.key.264821*, i1)*)(%struct.key.264821* %320, i1 zeroext true) #83 Function:wait_for_key_construction %3 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %0, i64 0, i32 14 %4 = tail call i32 @__SCT__might_resched() #83 %5 = load volatile i64, i64* %3, align 8 %6 = and i64 %5, 8 %7 = icmp eq i64 %6, 0 br i1 %7, label %13, label %8 %9 = select i1 %1, i32 1, i32 2 %10 = bitcast i64* %3 to i8* %11 = tail call i32 @out_of_line_wait_on_bit(i8* %10, i32 3, i32 (%struct.sigaltstack*, i32)* nonnull @bit_wait, i32 %9) #83 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_key_construction 1 lookup_user_key 2 keyctl_keyring_move 3 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 store %struct.key.264821* %258, %struct.key.264821** %5, align 8 %259 = icmp ugt %struct.key.264821* %258, inttoptr (i64 -4096 to %struct.key.264821*) br i1 %259, label %260, label %262 %263 = ptrtoint %struct.key.264821* %258 to i64 %264 = bitcast %struct.key.264821* %258 to %struct.__key_reference_with_attributes* %265 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %258, i64 0, i32 15, i32 0 %266 = bitcast %struct.keyring_index_key.264817* %265 to i8* %267 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 2, i32 1 %268 = bitcast i8** %267 to i64* store i64 %263, i64* %268, align 8 call void @__rcu_read_lock() #83 %269 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 %270 = icmp ugt %struct.__key_reference_with_attributes* %269, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %270, label %271, label %308 %272 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %273 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %272, i64 0, i32 19 %274 = load %struct.key.264821*, %struct.key.264821** %273, align 8 %275 = icmp eq %struct.key.264821* %274, null br i1 %275, label %299, label %276 %277 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %278 = icmp eq %struct.cred.265010* %272, %277 br i1 %278, label %279, label %299 %280 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 0, i32 2 %281 = load %struct.key_type.265226*, %struct.key_type.265226** %280, align 8 %282 = icmp eq %struct.key_type.265226* %281, bitcast ({ i8*, i64, i32, i32 (i8*)*, i32 (%struct.key_preparsed_payload*)*, void (%struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key_match_data.265574*)*, void (%struct.key_match_data.265574*)*, void (%struct.key.265828*)*, void (%struct.key.265828*)*, void (%struct.key.265828*, %struct.seq_file.265818*)*, i64 (%struct.key.265828*, i8*, i64)*, i32 (%struct.key.265828*, i8*)*, %struct.key_restriction.265819* (i8*)*, i32 (%struct.kernel_pkey_params.265821*, %struct.kernel_pkey_query*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, %struct.list_head, %struct.lockdep_map }* @key_type_request_key_auth to %struct.key_type.265226*) br i1 %282, label %299, label %283 %284 = call i32 bitcast (i32 (%struct.key.237885*)* @key_validate to i32 (%struct.key.264821*)*)(%struct.key.264821* nonnull %274) #83 %285 = icmp eq i32 %284, 0 br i1 %285, label %286, label %299 %287 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %288 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %287, i64 0, i32 19 %289 = load %struct.key.264821*, %struct.key.264821** %288, align 8 %290 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %289, i64 0, i32 16, i32 0, i32 0, i64 0 %291 = bitcast i8** %290 to %struct.request_key_auth.265231** %292 = load %struct.request_key_auth.265231*, %struct.request_key_auth.265231** %291, align 8 %293 = getelementptr inbounds %struct.request_key_auth.265231, %struct.request_key_auth.265231* %292, i64 0, i32 3 %294 = bitcast %struct.cred.265010** %293 to i64* %295 = load i64, i64* %294, align 8 %296 = bitcast %struct.cred.265010** %13 to i64* store i64 %295, i64* %296, align 8 %297 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 store %struct.cred.265010* %272, %struct.cred.265010** %13, align 8 %298 = icmp ugt %struct.__key_reference_with_attributes* %297, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %298, label %299, label %308 %300 = phi %struct.__key_reference_with_attributes* [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %279 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %276 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %271 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %283 ], [ %297, %286 ] %301 = icmp eq %struct.__key_reference_with_attributes* %269, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %302 = icmp eq %struct.__key_reference_with_attributes* %300, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %303 = or i1 %301, %302 br i1 %303, label %304, label %305 call void @__rcu_read_unlock() #83 br label %313 %314 = phi %struct.__key_reference_with_attributes* [ %264, %308 ], [ %309, %311 ], [ %254, %251 ], [ %212, %208 ], [ %192, %188 ], [ %184, %180 ], [ %176, %172 ], [ %123, %119 ], [ %73, %69 ], [ %264, %304 ] %315 = icmp eq i32 %2, 7 br i1 %315, label %336, label %316 %317 = and i64 %1, 2 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %325 %320 = load %struct.key.264821*, %struct.key.264821** %5, align 8 %321 = call i32 bitcast (i32 (%struct.key.237885*, i1)* @wait_for_key_construction to i32 (%struct.key.264821*, i1)*)(%struct.key.264821* %320, i1 zeroext true) #83 Function:wait_for_key_construction %3 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %0, i64 0, i32 14 %4 = tail call i32 @__SCT__might_resched() #83 %5 = load volatile i64, i64* %3, align 8 %6 = and i64 %5, 8 %7 = icmp eq i64 %6, 0 br i1 %7, label %13, label %8 %9 = select i1 %1, i32 1, i32 2 %10 = bitcast i64* %3 to i8* %11 = tail call i32 @out_of_line_wait_on_bit(i8* %10, i32 3, i32 (%struct.sigaltstack*, i32)* nonnull @bit_wait, i32 %9) #83 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_key_construction 1 lookup_user_key 2 __se_sys_add_key 3 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 store %struct.key.264821* %258, %struct.key.264821** %5, align 8 %259 = icmp ugt %struct.key.264821* %258, inttoptr (i64 -4096 to %struct.key.264821*) br i1 %259, label %260, label %262 %263 = ptrtoint %struct.key.264821* %258 to i64 %264 = bitcast %struct.key.264821* %258 to %struct.__key_reference_with_attributes* %265 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %258, i64 0, i32 15, i32 0 %266 = bitcast %struct.keyring_index_key.264817* %265 to i8* %267 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 2, i32 1 %268 = bitcast i8** %267 to i64* store i64 %263, i64* %268, align 8 call void @__rcu_read_lock() #83 %269 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 %270 = icmp ugt %struct.__key_reference_with_attributes* %269, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %270, label %271, label %308 %272 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %273 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %272, i64 0, i32 19 %274 = load %struct.key.264821*, %struct.key.264821** %273, align 8 %275 = icmp eq %struct.key.264821* %274, null br i1 %275, label %299, label %276 %277 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %278 = icmp eq %struct.cred.265010* %272, %277 br i1 %278, label %279, label %299 %280 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 0, i32 2 %281 = load %struct.key_type.265226*, %struct.key_type.265226** %280, align 8 %282 = icmp eq %struct.key_type.265226* %281, bitcast ({ i8*, i64, i32, i32 (i8*)*, i32 (%struct.key_preparsed_payload*)*, void (%struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key_match_data.265574*)*, void (%struct.key_match_data.265574*)*, void (%struct.key.265828*)*, void (%struct.key.265828*)*, void (%struct.key.265828*, %struct.seq_file.265818*)*, i64 (%struct.key.265828*, i8*, i64)*, i32 (%struct.key.265828*, i8*)*, %struct.key_restriction.265819* (i8*)*, i32 (%struct.kernel_pkey_params.265821*, %struct.kernel_pkey_query*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, %struct.list_head, %struct.lockdep_map }* @key_type_request_key_auth to %struct.key_type.265226*) br i1 %282, label %299, label %283 %284 = call i32 bitcast (i32 (%struct.key.237885*)* @key_validate to i32 (%struct.key.264821*)*)(%struct.key.264821* nonnull %274) #83 %285 = icmp eq i32 %284, 0 br i1 %285, label %286, label %299 %287 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %288 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %287, i64 0, i32 19 %289 = load %struct.key.264821*, %struct.key.264821** %288, align 8 %290 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %289, i64 0, i32 16, i32 0, i32 0, i64 0 %291 = bitcast i8** %290 to %struct.request_key_auth.265231** %292 = load %struct.request_key_auth.265231*, %struct.request_key_auth.265231** %291, align 8 %293 = getelementptr inbounds %struct.request_key_auth.265231, %struct.request_key_auth.265231* %292, i64 0, i32 3 %294 = bitcast %struct.cred.265010** %293 to i64* %295 = load i64, i64* %294, align 8 %296 = bitcast %struct.cred.265010** %13 to i64* store i64 %295, i64* %296, align 8 %297 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 store %struct.cred.265010* %272, %struct.cred.265010** %13, align 8 %298 = icmp ugt %struct.__key_reference_with_attributes* %297, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %298, label %299, label %308 %300 = phi %struct.__key_reference_with_attributes* [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %279 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %276 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %271 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %283 ], [ %297, %286 ] %301 = icmp eq %struct.__key_reference_with_attributes* %269, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %302 = icmp eq %struct.__key_reference_with_attributes* %300, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %303 = or i1 %301, %302 br i1 %303, label %304, label %305 call void @__rcu_read_unlock() #83 br label %313 %314 = phi %struct.__key_reference_with_attributes* [ %264, %308 ], [ %309, %311 ], [ %254, %251 ], [ %212, %208 ], [ %192, %188 ], [ %184, %180 ], [ %176, %172 ], [ %123, %119 ], [ %73, %69 ], [ %264, %304 ] %315 = icmp eq i32 %2, 7 br i1 %315, label %336, label %316 %317 = and i64 %1, 2 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %325 %320 = load %struct.key.264821*, %struct.key.264821** %5, align 8 %321 = call i32 bitcast (i32 (%struct.key.237885*, i1)* @wait_for_key_construction to i32 (%struct.key.264821*, i1)*)(%struct.key.264821* %320, i1 zeroext true) #83 Function:wait_for_key_construction %3 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %0, i64 0, i32 14 %4 = tail call i32 @__SCT__might_resched() #83 %5 = load volatile i64, i64* %3, align 8 %6 = and i64 %5, 8 %7 = icmp eq i64 %6, 0 br i1 %7, label %13, label %8 %9 = select i1 %1, i32 1, i32 2 %10 = bitcast i64* %3 to i8* %11 = tail call i32 @out_of_line_wait_on_bit(i8* %10, i32 3, i32 (%struct.sigaltstack*, i32)* nonnull @bit_wait, i32 %9) #83 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_key_construction 1 lookup_user_key 2 __se_sys_add_key 3 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 store %struct.key.264821* %258, %struct.key.264821** %5, align 8 %259 = icmp ugt %struct.key.264821* %258, inttoptr (i64 -4096 to %struct.key.264821*) br i1 %259, label %260, label %262 %263 = ptrtoint %struct.key.264821* %258 to i64 %264 = bitcast %struct.key.264821* %258 to %struct.__key_reference_with_attributes* %265 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %258, i64 0, i32 15, i32 0 %266 = bitcast %struct.keyring_index_key.264817* %265 to i8* %267 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 2, i32 1 %268 = bitcast i8** %267 to i64* store i64 %263, i64* %268, align 8 call void @__rcu_read_lock() #83 %269 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 %270 = icmp ugt %struct.__key_reference_with_attributes* %269, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %270, label %271, label %308 %272 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %273 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %272, i64 0, i32 19 %274 = load %struct.key.264821*, %struct.key.264821** %273, align 8 %275 = icmp eq %struct.key.264821* %274, null br i1 %275, label %299, label %276 %277 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %278 = icmp eq %struct.cred.265010* %272, %277 br i1 %278, label %279, label %299 %280 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 0, i32 2 %281 = load %struct.key_type.265226*, %struct.key_type.265226** %280, align 8 %282 = icmp eq %struct.key_type.265226* %281, bitcast ({ i8*, i64, i32, i32 (i8*)*, i32 (%struct.key_preparsed_payload*)*, void (%struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key_match_data.265574*)*, void (%struct.key_match_data.265574*)*, void (%struct.key.265828*)*, void (%struct.key.265828*)*, void (%struct.key.265828*, %struct.seq_file.265818*)*, i64 (%struct.key.265828*, i8*, i64)*, i32 (%struct.key.265828*, i8*)*, %struct.key_restriction.265819* (i8*)*, i32 (%struct.kernel_pkey_params.265821*, %struct.kernel_pkey_query*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, %struct.list_head, %struct.lockdep_map }* @key_type_request_key_auth to %struct.key_type.265226*) br i1 %282, label %299, label %283 %284 = call i32 bitcast (i32 (%struct.key.237885*)* @key_validate to i32 (%struct.key.264821*)*)(%struct.key.264821* nonnull %274) #83 %285 = icmp eq i32 %284, 0 br i1 %285, label %286, label %299 %287 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %288 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %287, i64 0, i32 19 %289 = load %struct.key.264821*, %struct.key.264821** %288, align 8 %290 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %289, i64 0, i32 16, i32 0, i32 0, i64 0 %291 = bitcast i8** %290 to %struct.request_key_auth.265231** %292 = load %struct.request_key_auth.265231*, %struct.request_key_auth.265231** %291, align 8 %293 = getelementptr inbounds %struct.request_key_auth.265231, %struct.request_key_auth.265231* %292, i64 0, i32 3 %294 = bitcast %struct.cred.265010** %293 to i64* %295 = load i64, i64* %294, align 8 %296 = bitcast %struct.cred.265010** %13 to i64* store i64 %295, i64* %296, align 8 %297 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 store %struct.cred.265010* %272, %struct.cred.265010** %13, align 8 %298 = icmp ugt %struct.__key_reference_with_attributes* %297, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %298, label %299, label %308 %300 = phi %struct.__key_reference_with_attributes* [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %279 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %276 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %271 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %283 ], [ %297, %286 ] %301 = icmp eq %struct.__key_reference_with_attributes* %269, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %302 = icmp eq %struct.__key_reference_with_attributes* %300, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %303 = or i1 %301, %302 br i1 %303, label %304, label %305 call void @__rcu_read_unlock() #83 br label %313 %314 = phi %struct.__key_reference_with_attributes* [ %264, %308 ], [ %309, %311 ], [ %254, %251 ], [ %212, %208 ], [ %192, %188 ], [ %184, %180 ], [ %176, %172 ], [ %123, %119 ], [ %73, %69 ], [ %264, %304 ] %315 = icmp eq i32 %2, 7 br i1 %315, label %336, label %316 %317 = and i64 %1, 2 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %325 %320 = load %struct.key.264821*, %struct.key.264821** %5, align 8 %321 = call i32 bitcast (i32 (%struct.key.237885*, i1)* @wait_for_key_construction to i32 (%struct.key.264821*, i1)*)(%struct.key.264821* %320, i1 zeroext true) #83 Function:wait_for_key_construction %3 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %0, i64 0, i32 14 %4 = tail call i32 @__SCT__might_resched() #83 %5 = load volatile i64, i64* %3, align 8 %6 = and i64 %5, 8 %7 = icmp eq i64 %6, 0 br i1 %7, label %13, label %8 %9 = select i1 %1, i32 1, i32 2 %10 = bitcast i64* %3 to i8* %11 = tail call i32 @out_of_line_wait_on_bit(i8* %10, i32 3, i32 (%struct.sigaltstack*, i32)* nonnull @bit_wait, i32 %9) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_clear_invalid_mapping 1 nfs_revalidate_mapping 2 nfs_readdir ------------- Path:  Function:nfs_readdir %3 = alloca [2 x i32], align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 67108864 %10 = icmp eq i32 %9, 0 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = phi %struct.dentry* [ %18, %11 ], [ %6, %2 ] %21 = getelementptr inbounds %struct.dentry, %struct.dentry* %20, i64 0, i32 5 %22 = load %struct.inode*, %struct.inode** %21, align 8 %23 = getelementptr %struct.inode, %struct.inode* %22, i64 -1, i32 24, i32 4 %24 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.nfs_open_dir_context** %26 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %22, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 28 %30 = bitcast i8** %29 to %struct.nfs_server.212651** %31 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %30, align 16 %32 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %31, i64 0, i32 6 %33 = load %struct.nfs_iostats*, %struct.nfs_iostats** %32, align 8 %34 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %33, i64 0, i32 1, i64 12 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !6 %35 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %41, label %38 %39 = tail call i32 bitcast (i32 (%struct.inode.214835*)* @nfs_attribute_cache_expired to i32 (%struct.inode*)*)(%struct.inode* %22) #83 %40 = icmp eq i32 %39, 0 br i1 %40, label %46, label %41 %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %43 = load %struct.address_space*, %struct.address_space** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.inode.214835*, %struct.address_space.214836*)* @nfs_revalidate_mapping to i32 (%struct.inode*, %struct.address_space*)*)(%struct.inode* %22, %struct.address_space* %43) #83 Function:nfs_revalidate_mapping %3 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 256 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %59 %8 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 9, i32 1 %10 = bitcast %struct.list_head** %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 256 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %49 %15 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %16 = load %struct.super_block.214819*, %struct.super_block.214819** %15, align 8 %17 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.214962** %19 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %19, i64 0, i32 0 %21 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %20, align 8 %22 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %21, i64 0, i32 12 %23 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %22, align 8 %24 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %23, i64 0, i32 47 %25 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %24, align 8 %26 = tail call i32 %25(%struct.inode.214835* %0, i32 1) #83 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %43 %44 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 9 %45 = bitcast %struct.list_head* %44 to i64* %46 = load volatile i64, i64* %45, align 8 %47 = and i64 %46, 2 %48 = icmp eq i64 %47, 0 br i1 %48, label %57, label %49 %58 = tail call i32 @nfs_clear_invalid_mapping(%struct.address_space.214836* %1) #84 Function:nfs_clear_invalid_mapping %2 = getelementptr inbounds %struct.address_space.214836, %struct.address_space.214836* %0, i64 0, i32 0 %3 = load %struct.inode.214835*, %struct.inode.214835** %2, align 8 %4 = getelementptr %struct.inode.214835, %struct.inode.214835* %3, i64 -1, i32 24, i32 4 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 9 %6 = bitcast %struct.list_head* %5 to i64* %7 = bitcast %struct.list_head* %5 to i8* %8 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %3, i64 0, i32 18, i32 0, i32 0 br label %9 %10 = tail call i32 @__SCT__might_resched() #83 %11 = load volatile i64, i64* %6, align 8 %12 = and i64 %11, 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %17, label %14 %15 = tail call i32 @out_of_line_wait_on_bit(i8* %7, i32 3, i32 (%struct.sigaltstack*, i32)* nonnull @nfs_wait_bit_killable, i32 258) #83 ------------- Use: =BAD PATH= Call Stack: 0 __wait_on_buffer 1 ext4_bread_batch 2 __ext4_find_entry 3 ext4_lookup ------------- Path:  Function:ext4_lookup %4 = alloca %struct.ext4_filename, align 8 %5 = alloca %struct.ext4_dir_entry_2*, align 8 %6 = bitcast %struct.ext4_dir_entry_2** %5 to i8* %7 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4, i32 0 %8 = bitcast %struct.anon.1* %7 to %struct.static_call_site* %9 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %8, i64 0, i32 1 %10 = load i32, i32* %9, align 4 %11 = icmp ugt i32 %10, 255 br i1 %11, label %80, label %12 %13 = bitcast %struct.ext4_filename* %4 to i8* %14 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4 %15 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 0 store %struct.qstr* %14, %struct.qstr** %15, align 8 %16 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4, i32 1 %17 = bitcast i8** %16 to i64* %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1 %20 = bitcast %struct.uuidcmp* %19 to i64* store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1, i32 1 store i32 %10, i32* %21, align 8 tail call void bitcast (void (%struct.dentry.151783*)* @generic_set_encrypted_ci_d_ops to void (%struct.dentry.190016*)*)(%struct.dentry.190016* %1) #83 %22 = call fastcc %struct.buffer_head.190040* @__ext4_find_entry(%struct.inode.190029* %0, %struct.ext4_filename* nonnull %4, %struct.ext4_dir_entry_2** nonnull %5, i32* null) #83 Function:__ext4_find_entry %5 = alloca [3 x %struct.dx_frame], align 16 %6 = alloca [8 x %struct.buffer_head.190040*], align 16 %7 = alloca i32, align 4 %8 = bitcast [8 x %struct.buffer_head.190040*]* %6 to i8* %9 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 0 %10 = load %struct.qstr*, %struct.qstr** %9, align 8 %11 = getelementptr inbounds %struct.qstr, %struct.qstr* %10, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 store %struct.ext4_dir_entry_2* null, %struct.ext4_dir_entry_2** %2, align 8 %13 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 8 %14 = load %struct.super_block.190011*, %struct.super_block.190011** %13, align 8 %15 = bitcast %struct.ext4_filename* %1 to %struct.static_call_site** %16 = load %struct.static_call_site*, %struct.static_call_site** %15, align 8 %17 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %16, i64 0, i32 1 %18 = load i32, i32* %17, align 4 %19 = icmp sgt i32 %18, 255 br i1 %19, label %449, label %20 %21 = getelementptr %struct.inode.190029, %struct.inode.190029* %0, i64 -1, i32 34 %22 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %21, i64 10, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 268435456 %25 = icmp eq i64 %24, 0 br i1 %25, label %41, label %26 %42 = phi %struct.buffer_head.190040* [ %33, %40 ], [ null, %26 ], [ null, %20 ] %43 = icmp slt i32 %18, 3 br i1 %43, label %44, label %50 %45 = load i8, i8* %12, align 1 %46 = icmp eq i8 %45, 46 br i1 %46, label %47, label %50 %48 = getelementptr i8, i8* %12, i64 1 %49 = load i8, i8* %48, align 1 switch i8 %49, label %50 [ i8 46, label %267 i8 0, label %267 ] %268 = phi i32 [ %259, %261 ], [ 1, %47 ], [ 1, %47 ] %269 = phi i32 [ %266, %261 ], [ 0, %47 ], [ 0, %47 ] %270 = phi %struct.buffer_head.190040* [ %252, %261 ], [ %42, %47 ], [ %42, %47 ] %271 = getelementptr inbounds [8 x %struct.buffer_head.190040*], [8 x %struct.buffer_head.190040*]* %6, i64 0, i64 0 %272 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %14, i64 0, i32 2 %273 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 1, i32 1 %274 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 1, i32 0 %275 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 14 br label %276 %277 = phi i32 [ %435, %430 ], [ %268, %267 ] %278 = phi i64 [ %304, %430 ], [ 0, %267 ] %279 = phi i64 [ %303, %430 ], [ 0, %267 ] %280 = phi i32 [ %277, %430 ], [ %269, %267 ] %281 = phi i32 [ 0, %430 ], [ %269, %267 ] br label %282 %283 = phi i64 [ %278, %276 ], [ %304, %425 ] %284 = phi i64 [ %279, %276 ], [ %303, %425 ] %285 = phi i32 [ %280, %276 ], [ %428, %425 ] %286 = call i32 @__SCT__cond_resched() #83 %287 = icmp ult i64 %283, %284 br i1 %287, label %301, label %288 %289 = icmp ugt i32 %281, %285 %290 = select i1 %289, i32 %281, i32 %277 %291 = sub i32 %290, %285 %292 = zext i32 %291 to i64 %293 = icmp ult i64 %292, 8 %294 = select i1 %293, i64 %292, i64 8 %295 = trunc i64 %294 to i32 %296 = call i32 @ext4_bread_batch(%struct.inode.190029* %0, i32 %285, i32 %295, i1 zeroext false, %struct.buffer_head.190040** nonnull %271) #83 Function:ext4_bread_batch %6 = icmp sgt i32 %2, 0 br i1 %6, label %7, label %55 %8 = zext i32 %2 to i64 br label %12 %13 = phi i64 [ 0, %7 ], [ %27, %26 ] %14 = trunc i64 %13 to i32 %15 = add i32 %14, %1 %16 = tail call %struct.buffer_head.190040* @ext4_getblk(%struct.jbd2_journal_handle.190058* null, %struct.inode.190029* %0, i32 %15, i32 0) #83 %17 = getelementptr %struct.buffer_head.190040*, %struct.buffer_head.190040** %4, i64 %13 store %struct.buffer_head.190040* %16, %struct.buffer_head.190040** %17, align 8 %18 = icmp ugt %struct.buffer_head.190040* %16, inttoptr (i64 -4096 to %struct.buffer_head.190040*) br i1 %18, label %19, label %26 %27 = add nuw nsw i64 %13, 1 %28 = icmp eq i64 %27, %8 br i1 %28, label %9, label %12 br i1 %6, label %10, label %55 %11 = zext i32 %2 to i64 br label %29 %30 = phi i64 [ 0, %10 ], [ %53, %52 ] %31 = getelementptr %struct.buffer_head.190040*, %struct.buffer_head.190040** %4, i64 %30 %32 = load %struct.buffer_head.190040*, %struct.buffer_head.190040** %31, align 8 %33 = icmp eq %struct.buffer_head.190040* %32, null br i1 %33, label %52, label %34 %35 = getelementptr inbounds %struct.buffer_head.190040, %struct.buffer_head.190040* %32, i64 0, i32 0 %36 = load volatile i64, i64* %35, align 8 %37 = and i64 %36, 1024 %38 = icmp eq i64 %37, 0 br i1 %38, label %45, label %39 %46 = load volatile i64, i64* %35, align 8 %47 = and i64 %46, 1 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %52 %53 = add nuw nsw i64 %30, 1 %54 = icmp eq i64 %53, %11 br i1 %54, label %55, label %29 %56 = and i1 %6, %3 br i1 %56, label %57, label %105 %58 = zext i32 %2 to i64 br label %62 %63 = phi i64 [ 0, %57 ], [ %75, %74 ] %64 = getelementptr %struct.buffer_head.190040*, %struct.buffer_head.190040** %4, i64 %63 %65 = load %struct.buffer_head.190040*, %struct.buffer_head.190040** %64, align 8 %66 = icmp eq %struct.buffer_head.190040* %65, null br i1 %66, label %74, label %67 %68 = tail call i32 @__SCT__might_resched() #84 %69 = getelementptr inbounds %struct.buffer_head.190040, %struct.buffer_head.190040* %65, i64 0, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 4 %72 = icmp eq i64 %71, 0 br i1 %72, label %74, label %73 tail call void bitcast (void (%struct.buffer_head.158297*)* @__wait_on_buffer to void (%struct.buffer_head.190040*)*)(%struct.buffer_head.190040* nonnull %65) #84 Function:__wait_on_buffer %2 = getelementptr inbounds %struct.buffer_head.158297, %struct.buffer_head.158297* %0, i64 0, i32 0 %3 = tail call i32 @__SCT__might_resched() #83 %4 = load volatile i64, i64* %2, align 8 %5 = and i64 %4, 4 %6 = icmp eq i64 %5, 0 br i1 %6, label %10, label %7 %8 = bitcast %struct.buffer_head.158297* %0 to i8* %9 = tail call i32 @out_of_line_wait_on_bit(i8* %8, i32 2, i32 (%struct.sigaltstack*, i32)* nonnull @bit_wait_io, i32 2) #83 ------------- Good: 100 Bad: 25 Ignored: 98 Check Use of Function:import_single_range Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %270, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %18 = zext i8 %16 to i64 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %18) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %270 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 114 %29 = load %struct.audit_context*, %struct.audit_context** %28, align 8 %30 = icmp eq %struct.audit_context* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %23, 0 br i1 %36, label %83, label %37 %38 = zext i8 %23 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %84) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %17, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %8, label %267 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %257 ] %153 = zext i32 %92 to i64 %154 = inttoptr i64 %153 to i8* %155 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %156 = load i32, i32* %155, align 8 %157 = zext i32 %156 to i64 %158 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 3 %159 = load i32, i32* %158, align 4 %160 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 4 %161 = load i32, i32* %160, align 16 %162 = zext i32 %161 to i64 %163 = inttoptr i64 %162 to %struct.sys_desc_table* %164 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 5 %165 = load i32, i32* %164, align 4 %166 = call i32 @__sys_sendto(i32 %90, i8* %154, i64 %157, i32 %159, %struct.sys_desc_table* %163, i32 %165) #83 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_sys_send ------------- Path:  Function:__ia32_sys_send %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = tail call i32 @__sys_sendto(i32 %12, i8* %13, i64 %9, i32 %14, %struct.sys_desc_table* null, i32 0) #83 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_sys_sendto ------------- Path:  Function:__ia32_sys_sendto %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %3 to i32 %18 = inttoptr i64 %6 to i8* %19 = trunc i64 %11 to i32 %20 = inttoptr i64 %14 to %struct.sys_desc_table* %21 = trunc i64 %16 to i32 %22 = tail call i32 @__sys_sendto(i32 %17, i8* %18, i64 %9, i32 %19, %struct.sys_desc_table* %20, i32 %21) #83 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __x64_sys_send ------------- Path:  Function:__x64_sys_send %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %10 to i32 %13 = tail call i32 @__sys_sendto(i32 %11, i8* %6, i64 %8, i32 %12, %struct.sys_desc_table* null, i32 0) #83 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __x64_sys_sendto ------------- Path:  Function:__x64_sys_sendto %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to %struct.sys_desc_table** %13 = load %struct.sys_desc_table*, %struct.sys_desc_table** %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %15 = load i64, i64* %14, align 8 %16 = trunc i64 %3 to i32 %17 = trunc i64 %10 to i32 %18 = trunc i64 %15 to i32 %19 = tail call i32 @__sys_sendto(i32 %16, i8* %6, i64 %8, i32 %17, %struct.sys_desc_table* %13, i32 %18) #83 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __se_sys_socketcall 2 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #83 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %18 = zext i8 %16 to i64 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %18) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct* %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 114 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 8 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %17) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %17, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %109 = trunc i64 %40 to i32 %110 = inttoptr i64 %42 to i8* %111 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %112 = load i64, i64* %111, align 16 %113 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %114 = load i64, i64* %113, align 8 %115 = trunc i64 %114 to i32 %116 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %117 = bitcast i64* %116 to %struct.sys_desc_table** %118 = load %struct.sys_desc_table*, %struct.sys_desc_table** %117, align 16 %119 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %120 = load i64, i64* %119, align 8 %121 = trunc i64 %120 to i32 %122 = call i32 @__sys_sendto(i32 %109, i8* %110, i64 %112, i32 %115, %struct.sys_desc_table* %118, i32 %121) #83 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __se_sys_socketcall 2 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #83 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %18 = zext i8 %16 to i64 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %18) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct* %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 114 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 8 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %17) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %17, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %109 = trunc i64 %40 to i32 %110 = inttoptr i64 %42 to i8* %111 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %112 = load i64, i64* %111, align 16 %113 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %114 = load i64, i64* %113, align 8 %115 = trunc i64 %114 to i32 %116 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %117 = bitcast i64* %116 to %struct.sys_desc_table** %118 = load %struct.sys_desc_table*, %struct.sys_desc_table** %117, align 16 %119 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %120 = load i64, i64* %119, align 8 %121 = trunc i64 %120 to i32 %122 = call i32 @__sys_sendto(i32 %109, i8* %110, i64 %112, i32 %115, %struct.sys_desc_table* %118, i32 %121) #83 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_recv ------------- Path:  Function:__ia32_compat_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = or i32 %14, -2147483648 %16 = tail call i32 @__sys_recvfrom(i32 %12, i8* %13, i64 %9, i32 %15, %struct.sys_desc_table* null, i32* null) #83 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_recvfrom ------------- Path:  Function:__ia32_compat_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %3 to i32 %19 = inttoptr i64 %6 to i8* %20 = trunc i64 %11 to i32 %21 = inttoptr i64 %14 to %struct.sys_desc_table* %22 = inttoptr i64 %17 to i32* %23 = or i32 %20, -2147483648 %24 = tail call i32 @__sys_recvfrom(i32 %18, i8* %19, i64 %9, i32 %23, %struct.sys_desc_table* %21, i32* %22) #83 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %270, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %18 = zext i8 %16 to i64 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %18) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %270 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 114 %29 = load %struct.audit_context*, %struct.audit_context** %28, align 8 %30 = icmp eq %struct.audit_context* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %23, 0 br i1 %36, label %83, label %37 %38 = zext i8 %23 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %84) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %17, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %8, label %267 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %257 ] %178 = zext i32 %92 to i64 %179 = inttoptr i64 %178 to i8* %180 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %181 = load i32, i32* %180, align 8 %182 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 3 %183 = load i32, i32* %182, align 4 %184 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 4 %185 = load i32, i32* %184, align 16 %186 = zext i32 %185 to i64 %187 = inttoptr i64 %186 to %struct.sys_desc_table* %188 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 5 %189 = load i32, i32* %188, align 4 %190 = zext i32 %189 to i64 %191 = inttoptr i64 %190 to i32* %192 = zext i32 %181 to i64 %193 = or i32 %183, -2147483648 %194 = call i32 @__sys_recvfrom(i32 %90, i8* %179, i64 %192, i32 %193, %struct.sys_desc_table* %187, i32* %191) #83 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_sys_recv ------------- Path:  Function:__ia32_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = tail call i32 @__sys_recvfrom(i32 %12, i8* %13, i64 %9, i32 %14, %struct.sys_desc_table* null, i32* null) #83 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_sys_recvfrom ------------- Path:  Function:__ia32_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %3 to i32 %19 = inttoptr i64 %6 to i8* %20 = trunc i64 %11 to i32 %21 = inttoptr i64 %14 to %struct.sys_desc_table* %22 = inttoptr i64 %17 to i32* %23 = tail call i32 @__sys_recvfrom(i32 %18, i8* %19, i64 %9, i32 %20, %struct.sys_desc_table* %21, i32* %22) #83 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __x64_sys_recv ------------- Path:  Function:__x64_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %10 to i32 %13 = tail call i32 @__sys_recvfrom(i32 %11, i8* %6, i64 %8, i32 %12, %struct.sys_desc_table* null, i32* null) #83 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __x64_sys_recvfrom ------------- Path:  Function:__x64_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to %struct.sys_desc_table** %13 = load %struct.sys_desc_table*, %struct.sys_desc_table** %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %15 = bitcast i64* %14 to i32** %16 = load i32*, i32** %15, align 8 %17 = trunc i64 %3 to i32 %18 = trunc i64 %10 to i32 %19 = tail call i32 @__sys_recvfrom(i32 %17, i8* %6, i64 %8, i32 %18, %struct.sys_desc_table* %13, i32* %16) #83 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __se_sys_socketcall 2 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #83 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %18 = zext i8 %16 to i64 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %18) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct* %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 114 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 8 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %17) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %17, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %133 = trunc i64 %40 to i32 %134 = inttoptr i64 %42 to i8* %135 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %136 = load i64, i64* %135, align 16 %137 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %138 = load i64, i64* %137, align 8 %139 = trunc i64 %138 to i32 %140 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %141 = bitcast i64* %140 to %struct.sys_desc_table** %142 = load %struct.sys_desc_table*, %struct.sys_desc_table** %141, align 16 %143 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %144 = bitcast i64* %143 to i32** %145 = load i32*, i32** %144, align 8 %146 = call i32 @__sys_recvfrom(i32 %133, i8* %134, i64 %136, i32 %139, %struct.sys_desc_table* %142, i32* %145) #83 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __se_sys_socketcall 2 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #83 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %18 = zext i8 %16 to i64 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %18) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct* %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 114 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 8 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %17) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %17, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %133 = trunc i64 %40 to i32 %134 = inttoptr i64 %42 to i8* %135 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %136 = load i64, i64* %135, align 16 %137 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %138 = load i64, i64* %137, align 8 %139 = trunc i64 %138 to i32 %140 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %141 = bitcast i64* %140 to %struct.sys_desc_table** %142 = load %struct.sys_desc_table*, %struct.sys_desc_table** %141, align 16 %143 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %144 = bitcast i64* %143 to i32** %145 = load i32*, i32** %144, align 8 %146 = call i32 @__sys_recvfrom(i32 %133, i8* %134, i64 %136, i32 %139, %struct.sys_desc_table* %142, i32* %145) #83 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %154 = trunc i64 %1 to i32 %155 = trunc i64 %4 to i32 %156 = icmp ne i64 %2, 0 %157 = icmp ne i64 %3, 0 %158 = and i1 %156, %157 br i1 %158, label %159, label %171 %160 = inttoptr i64 %2 to i8* %161 = bitcast %struct.iovec* %9 to i8* %162 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %10, i64 0, i32 0 %163 = call i32 @import_single_range(i32 1, i8* nonnull %160, i64 %3, %struct.iovec* nonnull %9, %struct.iov_iter* nonnull %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %154 = trunc i64 %1 to i32 %155 = trunc i64 %4 to i32 %156 = icmp ne i64 %2, 0 %157 = icmp ne i64 %3, 0 %158 = and i1 %156, %157 br i1 %158, label %159, label %171 %160 = inttoptr i64 %2 to i8* %161 = bitcast %struct.iovec* %9 to i8* %162 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %10, i64 0, i32 0 %163 = call i32 @import_single_range(i32 1, i8* nonnull %160, i64 %3, %struct.iovec* nonnull %9, %struct.iov_iter* nonnull %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_instantiate_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %52 = inttoptr i64 %9 to i8* %53 = tail call i64 @keyctl_instantiate_key(i32 %17, i8* %52, i64 %12, i32 %20) #83 Function:keyctl_instantiate_key %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.iov_iter, align 8 %7 = icmp ne i8* %1, null %8 = icmp ne i64 %2, 0 %9 = and i1 %7, %8 br i1 %9, label %10, label %21 %11 = bitcast %struct.iovec* %5 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %13 = call i32 @import_single_range(i32 1, i8* nonnull %1, i64 %2, %struct.iovec* nonnull %5, %struct.iov_iter* nonnull %6) #83 ------------- Good: 55 Bad: 21 Ignored: 13 Check Use of Function:sync_file_ioctl Check Use of Function:wiphy_sysfs_exit Check Use of Function:hidraw_ioctl Check Use of Function:complete_walk Check Use of Function:ieee80211_if_add Check Use of Function:security_inode_removexattr Check Use of Function:cache_ioctl_pipefs Check Use of Function:ieee80211_stop_tx_ba_cb Check Use of Function:random_ioctl Check Use of Function:rtc_dev_compat_ioctl Check Use of Function:proc_reg_compat_ioctl Check Use of Function:igmp6_late_cleanup Check Use of Function:evdev_ioctl Check Use of Function:pps_cdev_ioctl Use: =BAD PATH= Call Stack: 0 pps_cdev_compat_ioctl ------------- Path:  Function:pps_cdev_compat_ioctl %4 = alloca %struct.pps_fdata_compat, align 4 %5 = alloca %struct.pps_fdata, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.pps_device** %8 = load %struct.pps_device*, %struct.pps_device** %7, align 8 %9 = inttoptr i64 %2 to i8* %10 = and i32 %1, -1073676289 %11 = or i32 %10, 524288 %12 = icmp eq i32 %11, -1073188700 br i1 %12, label %13, label %52 %53 = tail call i64 @pps_cdev_ioctl(%struct.file* %0, i32 %11, i64 %2) #84 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:ieee80211_key_free Check Use of Function:hung_up_tty_compat_ioctl Check Use of Function:mm_trace_rss_stat Check Use of Function:nvram_misc_ioctl Check Use of Function:ieee80211_vif_copy_chanctx_to_vlans Check Use of Function:snd_timer_user_ioctl Check Use of Function:drv_event_callback.74675 Check Use of Function:cfg80211_unregister_wdev Check Use of Function:__drm_atomic_state_free Check Use of Function:rpc_pipe_ioctl Check Use of Function:take_dentry_name_snapshot Check Use of Function:find_extend_vma Use: =BAD PATH= Call Stack: 0 __get_user_pages 1 faultin_vma_page_range 2 madvise_populate 3 do_madvise 4 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #83 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %224, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #83 ------------- Use: =BAD PATH= Call Stack: 0 __get_user_pages 1 faultin_vma_page_range 2 madvise_populate 3 do_madvise 4 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #83 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %224, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #83 ------------- Good: 50 Bad: 2 Ignored: 24 Check Use of Function:autofs_root_ioctl Check Use of Function:strscpy_pad Check Use of Function:ext4_ioctl Use: =BAD PATH= Call Stack: 0 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %84 [ i32 -2147195389, label %5 i32 1074030084, label %6 i32 1074030087, label %7 i32 -2147191295, label %8 i32 1074034178, label %9 i32 -2147195387, label %10 i32 1074030086, label %11 i32 1076127240, label %12 i32 -1071094257, label %80 i32 1074292240, label %80 i32 -1072146311, label %80 i32 26130, label %80 i32 -2146671085, label %80 i32 1074816532, label %80 i32 1074554389, label %80 i32 -1073125866, label %80 i32 -1068472809, label %80 i32 -1069521384, label %80 i32 -1069521383, label %80 i32 -1065327078, label %80 i32 -2146408933, label %80 i32 -2147198851, label %80 i32 -1061136325, label %80 i32 1082156677, label %80 i32 -1073453434, label %80 i32 -1071094137, label %80 i32 26152, label %80 i32 1074030121, label %80 i32 -1071618518, label %80 i32 1074030123, label %80 ] %81 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %11 ], [ -2146933243, %10 ], [ 1074296322, %9 ], [ -2146929151, %8 ], [ 1074292231, %7 ], [ 1074292228, %6 ], [ -2146933245, %5 ] %82 = and i64 %2, 4294967295 %83 = tail call i64 @ext4_ioctl(%struct.file.194122* %0, i32 %81, i64 %82) #83 ------------- Good: 0 Bad: 1 Ignored: 1 Check Use of Function:pci_config_pm_runtime_put Check Use of Function:selinux_netlbl_err Check Use of Function:scsi_autopm_put_host Check Use of Function:efivar_validate Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.701531* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.701481** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.701481**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.701481* %14 = getelementptr inbounds %struct.task_struct.701481, %struct.task_struct.701481* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %77 = icmp eq i64 %2, 2084 br i1 %77, label %78, label %134 %79 = getelementptr inbounds i8, i8* %1, i64 2080 %80 = bitcast i8* %79 to i32* %81 = load i32, i32* %80, align 1 %82 = getelementptr inbounds i8, i8* %1, i64 1024 %83 = bitcast i8* %82 to i64* %84 = load i64, i64* %83, align 1 %85 = getelementptr inbounds i8, i8* %1, i64 1032 %86 = bitcast i8* %85 to i64* %87 = load i64, i64* %86, align 1 %88 = bitcast i8* %1 to i16* %89 = getelementptr inbounds i8, i8* %1, i64 1040 %90 = bitcast i8* %89 to i64* %91 = load i64, i64* %90, align 1 %92 = getelementptr inbounds i8, i8* %1, i64 1048 %93 = bitcast %struct.efivar_entry.701531* %0 to i8* %94 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %93, i64 1024) #6 %95 = icmp eq i32 %94, 0 br i1 %95, label %96, label %111 %97 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 1 %98 = bitcast %struct.uuid_t* %97 to i64* %99 = load i64, i64* %98, align 1 %100 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %101 = bitcast i8* %100 to i64* %102 = load i64, i64* %101, align 1 %103 = bitcast { i64, i64 }* %4 to i8* %104 = bitcast { i64, i64 }* %5 to i8* %105 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 0 store i64 %84, i64* %105, align 8 %106 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 1 store i64 %87, i64* %106, align 8 %107 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 0 store i64 %99, i64* %107, align 8 %108 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 1 store i64 %102, i64* %108, align 8 %109 = call i32 @bcmp(i8* nonnull dereferenceable(16) %103, i8* nonnull dereferenceable(16) %104, i64 16) #6 %110 = icmp eq i32 %109, 0 br i1 %110, label %113, label %111 %114 = icmp eq i64 %91, 0 %115 = icmp eq i32 %81, 0 %116 = or i1 %115, %114 br i1 %116, label %117, label %119 %120 = icmp ult i32 %81, 128 br i1 %120, label %121, label %123 %122 = tail call zeroext i1 @efivar_validate(i64 %84, i64 %87, i16* nonnull %88, i8* %92, i64 %91) #84 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.701531* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.701481** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.701481**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.701481* %14 = getelementptr inbounds %struct.task_struct.701481, %struct.task_struct.701481* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %19 = icmp eq i64 %2, 2076 br i1 %19, label %20, label %134 %21 = getelementptr inbounds i8, i8* %1, i64 2072 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 1 %24 = getelementptr inbounds i8, i8* %1, i64 1024 %25 = bitcast i8* %24 to i64* %26 = load i64, i64* %25, align 1 %27 = getelementptr inbounds i8, i8* %1, i64 1032 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 1 %30 = bitcast i8* %1 to i16* %31 = getelementptr inbounds i8, i8* %1, i64 1040 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 1 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds i8, i8* %1, i64 1044 %36 = bitcast %struct.efivar_entry.701531* %0 to i8* %37 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %36, i64 1024) #6 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %54 %40 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 1 %41 = bitcast %struct.uuid_t* %40 to i64* %42 = load i64, i64* %41, align 1 %43 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 1 %46 = bitcast { i64, i64 }* %6 to i8* %47 = bitcast { i64, i64 }* %7 to i8* %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %26, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %29, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %42, i64* %50, align 8 %51 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %45, i64* %51, align 8 %52 = call i32 @bcmp(i8* nonnull dereferenceable(16) %46, i8* nonnull dereferenceable(16) %47, i64 16) #6 %53 = icmp eq i32 %52, 0 br i1 %53, label %56, label %54 %57 = icmp eq i32 %33, 0 %58 = icmp eq i32 %23, 0 %59 = or i1 %58, %57 br i1 %59, label %60, label %62 %63 = icmp ult i32 %23, 128 br i1 %63, label %64, label %66 %65 = tail call zeroext i1 @efivar_validate(i64 %26, i64 %29, i16* nonnull %30, i8* %35, i64 %34) #84 ------------- Good: 3 Bad: 2 Ignored: 1 Check Use of Function:security_inode_create Check Use of Function:randomize_stack_top Check Use of Function:__init_swait_queue_head Use: =BAD PATH= Call Stack: 0 rdmsr_safe_on_cpu 1 msr_read ------------- Path:  Function:msr_read %5 = alloca [2 x i32], align 4 %6 = bitcast [2 x i32]* %5 to i8* %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 13 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1048575 %14 = and i64 %2, 7 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %44 %17 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 0 %18 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 1 %19 = icmp eq i64 %2, 0 br i1 %19, label %42, label %20 %21 = bitcast i8* %1 to i32* br label %22 %23 = phi i64 [ %34, %32 ], [ 0, %20 ] %24 = phi i64 [ %35, %32 ], [ %2, %20 ] %25 = phi i32* [ %33, %32 ], [ %21, %20 ] %26 = call i32 @rdmsr_safe_on_cpu(i32 %13, i32 %8, i32* nonnull %17, i32* %18) #83 Function:rdmsr_safe_on_cpu %5 = alloca %struct.msr_info_completion, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.msr_info_completion* %5 to i8* %8 = bitcast %struct.__call_single_data* %6 to i8* %9 = bitcast %struct.__call_single_data* %6 to i8* %10 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 store void (i8*)* @__rdmsr_safe_on_cpu, void (i8*)** %10, align 16 %11 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %12 = bitcast i8** %11 to %struct.msr_info_completion** store %struct.msr_info_completion* %5, %struct.msr_info_completion** %12, align 8 %13 = getelementptr inbounds %struct.msr_info_completion, %struct.msr_info_completion* %5, i64 0, i32 1, i32 1 %14 = bitcast %struct.msr_info_completion* %5 to i8* call void @__init_swait_queue_head(%struct.swait_queue_head* %13, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.1.29701, i64 0, i64 0), %struct.lockdep_map* nonnull @init_completion.__key.29702) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_io_destroy 1 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #83 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.18152, i64 0, i64 0), %struct.lockdep_map* nonnull @init_completion.__key.18153) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_io_destroy 1 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #83 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.18152, i64 0, i64 0), %struct.lockdep_map* nonnull @init_completion.__key.18153) #83 ------------- Use: =BAD PATH= Call Stack: 0 cpuid_read ------------- Path:  Function:cpuid_read %5 = alloca %struct.cpuid_regs_done, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.cpuid_regs_done* %5 to i8* %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %9, i64 0, i32 13 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1048575 %13 = and i64 %2, 15 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %57 %16 = load i64, i64* %3, align 8 %17 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1 %18 = getelementptr inbounds %struct.completion, %struct.completion* %17, i64 0, i32 0 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %19, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.4.3515, i64 0, i64 0), %struct.lockdep_map* nonnull @init_completion.__key) #83 ------------- Use: =BAD PATH= Call Stack: 0 flush_workqueue 1 md_open ------------- Path:  Function:md_open %3 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, -1048576 %6 = icmp eq i32 %5, 9437184 %7 = and i32 %4, -64 %8 = select i1 %6, i32 %4, i32 %7 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #83 %9 = load i8*, i8** bitcast (%struct.list_head* @all_mddevs to i8**), align 8 %10 = icmp eq i8* %9, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %10, label %24, label %11 %12 = phi i8* [ %19, %17 ], [ %9, %2 ] %13 = getelementptr i8, i8* %12, i64 -952 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, %8 br i1 %16, label %21, label %17 %22 = getelementptr i8, i8* %12, i64 -968 %23 = icmp eq i8* %22, null br i1 %23, label %24, label %25 %26 = getelementptr i8, i8* %12, i64 -448 %27 = bitcast i8* %26 to i32* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !4 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #83 %28 = getelementptr i8, i8* %12, i64 -896 %29 = bitcast i8* %28 to %struct.gendisk.687208** %30 = load %struct.gendisk.687208*, %struct.gendisk.687208** %29, align 8 %31 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 17 %32 = load %struct.gendisk.687208*, %struct.gendisk.687208** %31, align 8 %33 = icmp eq %struct.gendisk.687208* %30, %32 br i1 %33, label %90, label %34 %35 = bitcast i8* %26 to %struct.kuid_t* %36 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %35, %struct.spinlock* nonnull @all_mddevs_lock) #83 %37 = icmp eq i32 %36, 0 br i1 %37, label %82, label %38 %83 = getelementptr i8, i8* %12, i64 -336 %84 = bitcast i8* %83 to i64* %85 = load volatile i64, i64* %84, align 8 %86 = and i64 %85, 1 %87 = icmp eq i64 %86, 0 br i1 %87, label %162, label %88 %89 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %89) #83 Function:flush_workqueue %2 = alloca %struct.wq_flusher, align 8 %3 = bitcast %struct.wq_flusher* %2 to i8* %4 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0 %5 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 0 store %struct.list_head* %4, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 1 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 1 store i32 -1, i32* %7, align 8 %8 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.completion, %struct.completion* %8, i64 0, i32 0 store i32 0, i32* %9, align 8 %10 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %10, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.38.5909, i64 0, i64 0), %struct.lockdep_map* nonnull @init_completion.__key.5910) #83 ------------- Use: =BAD PATH= Call Stack: 0 flush_workqueue 1 md_ioctl 2 md_compat_ioctl ------------- Path:  Function:md_compat_ioctl switch i32 %2, label %5 [ i32 2338, label %7 i32 2344, label %7 i32 2345, label %7 i32 1074006315, label %7 ] %8 = phi i64 [ %6, %5 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ] %9 = tail call i32 @md_ioctl(%struct.block_device.687185* %0, i32 %1, i32 %2, i64 %8) #83 Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1042 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 17 %29 = load %struct.gendisk.687208*, %struct.gendisk.687208** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %375 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %328 i32 2344, label %328 i32 2338, label %345 ] tail call void @__rcu_read_lock() #83 %329 = getelementptr inbounds %struct.mddev, %struct.mddev* %32, i64 0, i32 4 br label %330 %331 = phi %struct.list_head* [ %329, %328 ], [ %333, %335 ] %332 = getelementptr %struct.list_head, %struct.list_head* %331, i64 0, i32 0 %333 = load volatile %struct.list_head*, %struct.list_head** %332, align 8 %334 = icmp eq %struct.list_head* %333, %329 br i1 %334, label %343, label %335 %336 = getelementptr inbounds %struct.list_head, %struct.list_head* %333, i64 17 %337 = bitcast %struct.list_head* %336 to i64* %338 = load volatile i64, i64* %337, align 8 %339 = and i64 %338, 1 %340 = icmp eq i64 %339, 0 br i1 %340, label %330, label %341 %342 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_rdev_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %342) #83 Function:flush_workqueue %2 = alloca %struct.wq_flusher, align 8 %3 = bitcast %struct.wq_flusher* %2 to i8* %4 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0 %5 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 0 store %struct.list_head* %4, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 1 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 1 store i32 -1, i32* %7, align 8 %8 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.completion, %struct.completion* %8, i64 0, i32 0 store i32 0, i32* %9, align 8 %10 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %10, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.38.5909, i64 0, i64 0), %struct.lockdep_map* nonnull @init_completion.__key.5910) #83 ------------- Use: =BAD PATH= Call Stack: 0 flush_workqueue 1 md_ioctl ------------- Path:  Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1042 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 17 %29 = load %struct.gendisk.687208*, %struct.gendisk.687208** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %375 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %328 i32 2344, label %328 i32 2338, label %345 ] tail call void @__rcu_read_lock() #83 %329 = getelementptr inbounds %struct.mddev, %struct.mddev* %32, i64 0, i32 4 br label %330 %331 = phi %struct.list_head* [ %329, %328 ], [ %333, %335 ] %332 = getelementptr %struct.list_head, %struct.list_head* %331, i64 0, i32 0 %333 = load volatile %struct.list_head*, %struct.list_head** %332, align 8 %334 = icmp eq %struct.list_head* %333, %329 br i1 %334, label %343, label %335 %336 = getelementptr inbounds %struct.list_head, %struct.list_head* %333, i64 17 %337 = bitcast %struct.list_head* %336 to i64* %338 = load volatile i64, i64* %337, align 8 %339 = and i64 %338, 1 %340 = icmp eq i64 %339, 0 br i1 %340, label %330, label %341 %342 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_rdev_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %342) #83 Function:flush_workqueue %2 = alloca %struct.wq_flusher, align 8 %3 = bitcast %struct.wq_flusher* %2 to i8* %4 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0 %5 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 0 store %struct.list_head* %4, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 1 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 1 store i32 -1, i32* %7, align 8 %8 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.completion, %struct.completion* %8, i64 0, i32 0 store i32 0, i32* %9, align 8 %10 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %10, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.38.5909, i64 0, i64 0), %struct.lockdep_map* nonnull @init_completion.__key.5910) #83 ------------- Good: 348 Bad: 7 Ignored: 243 Check Use of Function:blk_rq_map_kern Check Use of Function:ip_tunnel_bind_dev Check Use of Function:io_rsrc_node_switch Check Use of Function:new_inode Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_create ------------- Path:  Function:ramfs_create %6 = or i16 %3, -32768 %7 = getelementptr inbounds %struct.inode.205526, %struct.inode.205526* %1, i64 0, i32 8 %8 = load %struct.super_block.205509*, %struct.super_block.205509** %7, align 8 %9 = tail call %struct.inode.205526* @ramfs_get_inode(%struct.super_block.205509* %8, %struct.inode.205526* %1, i16 zeroext %6, i32 0) #83 Function:ramfs_get_inode %5 = tail call %struct.inode.205526* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode.205526* (%struct.super_block.205509*)*)(%struct.super_block.205509* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_symlink ------------- Path:  Function:ramfs_symlink %5 = getelementptr inbounds %struct.inode.205526, %struct.inode.205526* %1, i64 0, i32 8 %6 = load %struct.super_block.205509*, %struct.super_block.205509** %5, align 8 %7 = tail call %struct.inode.205526* @ramfs_get_inode(%struct.super_block.205509* %6, %struct.inode.205526* %1, i16 zeroext -24065, i32 0) #83 Function:ramfs_get_inode %5 = tail call %struct.inode.205526* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode.205526* (%struct.super_block.205509*)*)(%struct.super_block.205509* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_mkdir ------------- Path:  Function:ramfs_mkdir %5 = or i16 %3, 16384 %6 = getelementptr inbounds %struct.inode.205526, %struct.inode.205526* %1, i64 0, i32 8 %7 = load %struct.super_block.205509*, %struct.super_block.205509** %6, align 8 %8 = tail call %struct.inode.205526* @ramfs_get_inode(%struct.super_block.205509* %7, %struct.inode.205526* %1, i16 zeroext %5, i32 0) #83 Function:ramfs_get_inode %5 = tail call %struct.inode.205526* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode.205526* (%struct.super_block.205509*)*)(%struct.super_block.205509* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_mknod ------------- Path:  Function:ramfs_mknod %6 = getelementptr inbounds %struct.inode.205526, %struct.inode.205526* %1, i64 0, i32 8 %7 = load %struct.super_block.205509*, %struct.super_block.205509** %6, align 8 %8 = tail call %struct.inode.205526* @ramfs_get_inode(%struct.super_block.205509* %7, %struct.inode.205526* %1, i16 zeroext %3, i32 %4) #83 Function:ramfs_get_inode %5 = tail call %struct.inode.205526* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode.205526* (%struct.super_block.205509*)*)(%struct.super_block.205509* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_tmpfile ------------- Path:  Function:ramfs_tmpfile %5 = getelementptr inbounds %struct.inode.205526, %struct.inode.205526* %1, i64 0, i32 8 %6 = load %struct.super_block.205509*, %struct.super_block.205509** %5, align 8 %7 = tail call %struct.inode.205526* @ramfs_get_inode(%struct.super_block.205509* %6, %struct.inode.205526* %1, i16 zeroext %3, i32 0) #83 Function:ramfs_get_inode %5 = tail call %struct.inode.205526* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode.205526* (%struct.super_block.205509*)*)(%struct.super_block.205509* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_pid_make_inode 1 proc_pid_lookup 2 proc_root_lookup ------------- Path:  Function:proc_root_lookup %4 = tail call %struct.dentry* bitcast (%struct.dentry.176040* (%struct.dentry.176040*, i32)* @proc_pid_lookup to %struct.dentry* (%struct.dentry*, i32)*)(%struct.dentry* %1, i32 %2) #83 Function:proc_pid_lookup %3 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %0, i64 0, i32 4 %4 = tail call i32 @name_to_int(%struct.qstr* %3) #83 %5 = icmp eq i32 %4, -1 br i1 %5, label %57, label %6 %7 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %0, i64 0, i32 9 %8 = load %struct.super_block.176036*, %struct.super_block.176036** %7, align 8 %9 = getelementptr inbounds %struct.super_block.176036, %struct.super_block.176036* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.proc_fs_info.176208** %11 = load %struct.proc_fs_info.176208*, %struct.proc_fs_info.176208** %10, align 16 %12 = getelementptr inbounds %struct.proc_fs_info.176208, %struct.proc_fs_info.176208* %11, i64 0, i32 0 %13 = load %struct.pid_namespace.175865*, %struct.pid_namespace.175865** %12, align 8 tail call void @__rcu_read_lock() #83 %14 = tail call %struct.task_struct.176180* bitcast (%struct.task_struct* (i32, %struct.pid_namespace*)* @find_task_by_pid_ns to %struct.task_struct.176180* (i32, %struct.pid_namespace.175865*)*)(i32 %4, %struct.pid_namespace.175865* %13) #83 %15 = icmp eq %struct.task_struct.176180* %14, null br i1 %15, label %56, label %16 %17 = getelementptr inbounds %struct.task_struct.176180, %struct.task_struct.176180* %14, i64 0, i32 3 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !5, !misexpect !6 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !7, !misexpect !6 %26 = phi i32 [ 2, %16 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %26) #83 br label %27 tail call void @__rcu_read_unlock() #83 %28 = getelementptr inbounds %struct.proc_fs_info.176208, %struct.proc_fs_info.176208* %11, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 4 br i1 %30, label %31, label %33 %32 = tail call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @ptrace_may_access to i1 (%struct.task_struct.176180*, i32)*)(%struct.task_struct.176180* nonnull %14, i32 9) #83 br i1 %32, label %33, label %46 %34 = load %struct.super_block.176036*, %struct.super_block.176036** %7, align 8 %35 = tail call %struct.inode.176051* @proc_pid_make_inode(%struct.super_block.176036* %34, %struct.task_struct.176180* nonnull %14, i16 zeroext 16749) #83 Function:proc_pid_make_inode %4 = tail call %struct.inode.176051* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode.176051* (%struct.super_block.176036*)*)(%struct.super_block.176036* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_sys_make_inode 1 proc_sys_lookup ------------- Path:  Function:proc_sys_lookup %4 = alloca %struct.ctl_table_header*, align 8 %5 = alloca %struct.ctl_table*, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 2 %8 = bitcast %struct.list_head* %7 to %struct.ctl_table_header** %9 = load %struct.ctl_table_header*, %struct.ctl_table_header** %8, align 8 %10 = icmp eq %struct.ctl_table_header* %9, null %11 = select i1 %10, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %9 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #83 %12 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %11, i64 0, i32 1 %13 = load %struct.completion*, %struct.completion** %12, align 8 %14 = icmp eq %struct.completion* %13, null br i1 %14, label %15, label %19, !prof !4, !misexpect !5 %20 = phi %struct.ctl_table_header* [ %11, %15 ], [ inttoptr (i64 -2 to %struct.ctl_table_header*), %3 ] tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #83 %21 = bitcast %struct.ctl_table_header** %4 to i8* store %struct.ctl_table_header* null, %struct.ctl_table_header** %4, align 8 %22 = bitcast %struct.ctl_table** %5 to i8* %23 = icmp ugt %struct.ctl_table_header* %20, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %23, label %24, label %26 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %28 = load i8*, i8** %27, align 8 %29 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %30 = bitcast %struct.anon.1* %29 to %struct.static_call_site* %31 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %30, i64 0, i32 1 %32 = load i32, i32* %31, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #83 %33 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %20, i64 1 %34 = bitcast %struct.ctl_table_header* %33 to %struct.rb_node** %35 = load %struct.rb_node*, %struct.rb_node** %34, align 8 %36 = icmp eq %struct.rb_node* %35, null br i1 %36, label %80, label %37 %38 = phi %struct.rb_node* [ %71, %69 ], [ %35, %26 ] %39 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %38, i64 1 %40 = bitcast %struct.rb_node* %39 to %struct.ctl_table_header** %41 = load %struct.ctl_table_header*, %struct.ctl_table_header** %40, align 8 %42 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %41, i64 0, i32 0, i32 0, i32 0 %43 = load %struct.ctl_table*, %struct.ctl_table** %42, align 8 %44 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %41, i64 0, i32 6 %45 = bitcast %struct.ctl_node** %44 to i64* %46 = load i64, i64* %45, align 8 %47 = ptrtoint %struct.rb_node* %38 to i64 %48 = sub i64 %47, %46 %49 = ashr exact i64 %48, 5 %50 = getelementptr %struct.ctl_table, %struct.ctl_table* %43, i64 %49 %51 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %50, i64 0, i32 0 %52 = load i8*, i8** %51, align 8 %53 = tail call i64 @strlen(i8* %52) #83 %54 = trunc i64 %53 to i32 %55 = icmp slt i32 %32, %54 %56 = select i1 %55, i32 %32, i32 %54 %57 = sext i32 %56 to i64 %58 = tail call i32 @memcmp(i8* %28, i8* %52, i64 %57) #83 %59 = icmp eq i32 %58, 0 %60 = sub i32 %32, %54 %61 = select i1 %59, i32 %60, i32 %58 %62 = icmp slt i32 %61, 0 br i1 %62, label %63, label %65 %66 = icmp eq i32 %61, 0 br i1 %66, label %73, label %67 %74 = ptrtoint %struct.ctl_table_header* %41 to i64 %75 = icmp eq %struct.ctl_table* %50, null br i1 %75, label %80, label %76 %77 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %41, i64 0, i32 1 %78 = load %struct.completion*, %struct.completion** %77, align 8 %79 = icmp eq %struct.completion* %78, null br i1 %79, label %81, label %80, !prof !4, !misexpect !5 %82 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %41, i64 0, i32 0, i32 0, i32 1 %83 = load i32, i32* %82, align 8 %84 = add i32 %83, 1 store i32 %84, i32* %82, align 8 %85 = bitcast %struct.ctl_table_header** %4 to i64* store i64 %74, i64* %85, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #83 store %struct.ctl_table* %50, %struct.ctl_table** %5, align 8 %86 = getelementptr %struct.ctl_table, %struct.ctl_table* %43, i64 %49, i32 3 %87 = load i16, i16* %86, align 4 %88 = and i16 %87, -4096 %89 = icmp eq i16 %88, -24576 br i1 %89, label %90, label %100 %91 = call fastcc i32 @sysctl_follow_link(%struct.ctl_table_header** nonnull %4, %struct.ctl_table** nonnull %5) #84 %92 = icmp eq i32 %91, 0 br i1 %92, label %97, label %93 %98 = load %struct.ctl_table_header*, %struct.ctl_table_header** %4, align 8 %99 = load %struct.ctl_table*, %struct.ctl_table** %5, align 8 br label %100 %101 = phi %struct.ctl_table_header* [ %98, %97 ], [ %41, %81 ] %102 = phi %struct.ctl_table* [ %99, %97 ], [ %50, %81 ] %103 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %104 = load %struct.super_block*, %struct.super_block** %103, align 8 %105 = icmp eq %struct.ctl_table_header* %101, null %106 = select i1 %105, %struct.ctl_table_header* %20, %struct.ctl_table_header* %101 %107 = tail call fastcc %struct.inode* @proc_sys_make_inode(%struct.super_block* %104, %struct.ctl_table_header* %106, %struct.ctl_table* %102) #84 Function:proc_sys_make_inode %4 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %1, i64 0, i32 3 %5 = load %struct.ctl_table_root*, %struct.ctl_table_root** %4, align 8 %6 = tail call %struct.inode* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 mqueue_get_inode 1 mqueue_create_attr 2 mqueue_create ------------- Path:  Function:mqueue_create %6 = tail call i32 @mqueue_create_attr(%struct.dentry* %2, i16 zeroext %3, i8* null) #83 Function:mqueue_create_attr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %5 = load %struct.dentry*, %struct.dentry** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %5, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = bitcast i8* %2 to %struct.mq_attr* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @mq_lock, i64 0, i32 0, i32 0)) #83 %9 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.ipc_namespace** %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 16 %14 = icmp eq %struct.ipc_namespace* %13, null br i1 %14, label %65, label %15 %16 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 24, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #83 br label %26 %27 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 15 %28 = load i32, i32* %27, align 8 %29 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 16 %30 = load i32, i32* %29, align 4 %31 = icmp ult i32 %28, %30 br i1 %31, label %36, label %32 %33 = tail call zeroext i1 @capable(i32 24) #83 br i1 %33, label %34, label %66 %35 = load i32, i32* %27, align 8 br label %36 %37 = phi i32 [ %35, %34 ], [ %28, %26 ] %38 = add i32 %37, 1 store i32 %38, i32* %27, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @mq_lock, i64 0, i32 0, i32 0)) #83 %39 = load %struct.super_block*, %struct.super_block** %9, align 8 %40 = tail call fastcc %struct.inode* @mqueue_get_inode(%struct.super_block* %39, %struct.ipc_namespace* nonnull %13, i16 zeroext %1, %struct.mq_attr* %8) #84 Function:mqueue_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __ia32_compat_sys_ia32_mmap ------------- Path:  Function:__ia32_compat_sys_ia32_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #83 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = lshr i64 %3, 26 %59 = trunc i64 %58 to i32 %60 = and i32 %59, 63 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %63 = load i32, i32* @default_hstate_idx, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %64 br label %70 %71 = phi %struct.hstate* [ %69, %66 ], [ %65, %62 ] %72 = icmp eq %struct.hstate* %71, null br i1 %72, label %95, label %73 %74 = getelementptr inbounds %struct.hstate, %struct.hstate* %71, i64 0, i32 3 %75 = load i32, i32* %74, align 8 %76 = zext i32 %75 to i64 %77 = shl i64 4096, %76 %78 = add i64 %1, -1 %79 = add i64 %78, %77 %80 = sub i64 0, %77 %81 = and i64 %79, %80 %82 = tail call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14899, i64 0, i64 0), i64 %81, i64 2097152, i32 2, i32 %60) #83 Function:hugetlb_file_setup %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %11 %12 = zext i32 %4 to i64 %13 = shl nuw i64 1, %12 %14 = tail call %struct.hstate* @size_to_hstate(i64 %13) #83 br label %15 %16 = phi %struct.hstate* [ %14, %11 ], [ %10, %7 ] %17 = icmp eq %struct.hstate* %16, null br i1 %17, label %84, label %18 %19 = ptrtoint %struct.hstate* %16 to i64 %20 = sub i64 %19, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %21 = sdiv exact i64 %20, 2208 %22 = trunc i64 %21 to i32 %23 = icmp slt i32 %22, 0 br i1 %23, label %84, label %24 %25 = and i64 %21, 4294967295 %26 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %25 %27 = load %struct.vfsmount*, %struct.vfsmount** %26, align 8 %28 = icmp eq %struct.vfsmount* %27, null br i1 %28, label %84, label %29 %30 = icmp eq i32 %3, 1 br i1 %30, label %31, label %54 %32 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %33 = tail call zeroext i1 @capable(i32 14) #83 br i1 %33, label %54, label %34 %55 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %27, i64 0, i32 1 %56 = load %struct.super_block*, %struct.super_block** %55, align 8 %57 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %56, %struct.inode* null, i16 zeroext -32257, i32 0) #85 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = lshr i64 %3, 26 %59 = trunc i64 %58 to i32 %60 = and i32 %59, 63 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %63 = load i32, i32* @default_hstate_idx, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %64 br label %70 %71 = phi %struct.hstate* [ %69, %66 ], [ %65, %62 ] %72 = icmp eq %struct.hstate* %71, null br i1 %72, label %95, label %73 %74 = getelementptr inbounds %struct.hstate, %struct.hstate* %71, i64 0, i32 3 %75 = load i32, i32* %74, align 8 %76 = zext i32 %75 to i64 %77 = shl i64 4096, %76 %78 = add i64 %1, -1 %79 = add i64 %78, %77 %80 = sub i64 0, %77 %81 = and i64 %79, %80 %82 = tail call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14899, i64 0, i64 0), i64 %81, i64 2097152, i32 2, i32 %60) #83 Function:hugetlb_file_setup %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %11 %12 = zext i32 %4 to i64 %13 = shl nuw i64 1, %12 %14 = tail call %struct.hstate* @size_to_hstate(i64 %13) #83 br label %15 %16 = phi %struct.hstate* [ %14, %11 ], [ %10, %7 ] %17 = icmp eq %struct.hstate* %16, null br i1 %17, label %84, label %18 %19 = ptrtoint %struct.hstate* %16 to i64 %20 = sub i64 %19, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %21 = sdiv exact i64 %20, 2208 %22 = trunc i64 %21 to i32 %23 = icmp slt i32 %22, 0 br i1 %23, label %84, label %24 %25 = and i64 %21, 4294967295 %26 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %25 %27 = load %struct.vfsmount*, %struct.vfsmount** %26, align 8 %28 = icmp eq %struct.vfsmount* %27, null br i1 %28, label %84, label %29 %30 = icmp eq i32 %3, 1 br i1 %30, label %31, label %54 %32 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %33 = tail call zeroext i1 @capable(i32 14) #83 br i1 %33, label %54, label %34 %55 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %27, i64 0, i32 1 %56 = load %struct.super_block*, %struct.super_block** %55, align 8 %57 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %56, %struct.inode* null, i16 zeroext -32257, i32 0) #85 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = lshr i64 %3, 26 %59 = trunc i64 %58 to i32 %60 = and i32 %59, 63 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %63 = load i32, i32* @default_hstate_idx, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %64 br label %70 %71 = phi %struct.hstate* [ %69, %66 ], [ %65, %62 ] %72 = icmp eq %struct.hstate* %71, null br i1 %72, label %95, label %73 %74 = getelementptr inbounds %struct.hstate, %struct.hstate* %71, i64 0, i32 3 %75 = load i32, i32* %74, align 8 %76 = zext i32 %75 to i64 %77 = shl i64 4096, %76 %78 = add i64 %1, -1 %79 = add i64 %78, %77 %80 = sub i64 0, %77 %81 = and i64 %79, %80 %82 = tail call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14899, i64 0, i64 0), i64 %81, i64 2097152, i32 2, i32 %60) #83 Function:hugetlb_file_setup %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %11 %12 = zext i32 %4 to i64 %13 = shl nuw i64 1, %12 %14 = tail call %struct.hstate* @size_to_hstate(i64 %13) #83 br label %15 %16 = phi %struct.hstate* [ %14, %11 ], [ %10, %7 ] %17 = icmp eq %struct.hstate* %16, null br i1 %17, label %84, label %18 %19 = ptrtoint %struct.hstate* %16 to i64 %20 = sub i64 %19, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %21 = sdiv exact i64 %20, 2208 %22 = trunc i64 %21 to i32 %23 = icmp slt i32 %22, 0 br i1 %23, label %84, label %24 %25 = and i64 %21, 4294967295 %26 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %25 %27 = load %struct.vfsmount*, %struct.vfsmount** %26, align 8 %28 = icmp eq %struct.vfsmount* %27, null br i1 %28, label %84, label %29 %30 = icmp eq i32 %3, 1 br i1 %30, label %31, label %54 %32 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %33 = tail call zeroext i1 @capable(i32 14) #83 br i1 %33, label %54, label %34 %55 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %27, i64 0, i32 1 %56 = load %struct.super_block*, %struct.super_block** %55, align 8 %57 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %56, %struct.inode* null, i16 zeroext -32257, i32 0) #85 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = lshr i64 %3, 26 %59 = trunc i64 %58 to i32 %60 = and i32 %59, 63 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %63 = load i32, i32* @default_hstate_idx, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %64 br label %70 %71 = phi %struct.hstate* [ %69, %66 ], [ %65, %62 ] %72 = icmp eq %struct.hstate* %71, null br i1 %72, label %95, label %73 %74 = getelementptr inbounds %struct.hstate, %struct.hstate* %71, i64 0, i32 3 %75 = load i32, i32* %74, align 8 %76 = zext i32 %75 to i64 %77 = shl i64 4096, %76 %78 = add i64 %1, -1 %79 = add i64 %78, %77 %80 = sub i64 0, %77 %81 = and i64 %79, %80 %82 = tail call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14899, i64 0, i64 0), i64 %81, i64 2097152, i32 2, i32 %60) #83 Function:hugetlb_file_setup %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %11 %12 = zext i32 %4 to i64 %13 = shl nuw i64 1, %12 %14 = tail call %struct.hstate* @size_to_hstate(i64 %13) #83 br label %15 %16 = phi %struct.hstate* [ %14, %11 ], [ %10, %7 ] %17 = icmp eq %struct.hstate* %16, null br i1 %17, label %84, label %18 %19 = ptrtoint %struct.hstate* %16 to i64 %20 = sub i64 %19, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %21 = sdiv exact i64 %20, 2208 %22 = trunc i64 %21 to i32 %23 = icmp slt i32 %22, 0 br i1 %23, label %84, label %24 %25 = and i64 %21, 4294967295 %26 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %25 %27 = load %struct.vfsmount*, %struct.vfsmount** %26, align 8 %28 = icmp eq %struct.vfsmount* %27, null br i1 %28, label %84, label %29 %30 = icmp eq i32 %3, 1 br i1 %30, label %31, label %54 %32 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %33 = tail call zeroext i1 @capable(i32 14) #83 br i1 %33, label %54, label %34 %55 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %27, i64 0, i32 1 %56 = load %struct.super_block*, %struct.super_block** %55, align 8 %57 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %56, %struct.inode* null, i16 zeroext -32257, i32 0) #85 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = lshr i64 %3, 26 %59 = trunc i64 %58 to i32 %60 = and i32 %59, 63 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %63 = load i32, i32* @default_hstate_idx, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %64 br label %70 %71 = phi %struct.hstate* [ %69, %66 ], [ %65, %62 ] %72 = icmp eq %struct.hstate* %71, null br i1 %72, label %95, label %73 %74 = getelementptr inbounds %struct.hstate, %struct.hstate* %71, i64 0, i32 3 %75 = load i32, i32* %74, align 8 %76 = zext i32 %75 to i64 %77 = shl i64 4096, %76 %78 = add i64 %1, -1 %79 = add i64 %78, %77 %80 = sub i64 0, %77 %81 = and i64 %79, %80 %82 = tail call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14899, i64 0, i64 0), i64 %81, i64 2097152, i32 2, i32 %60) #83 Function:hugetlb_file_setup %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %11 %12 = zext i32 %4 to i64 %13 = shl nuw i64 1, %12 %14 = tail call %struct.hstate* @size_to_hstate(i64 %13) #83 br label %15 %16 = phi %struct.hstate* [ %14, %11 ], [ %10, %7 ] %17 = icmp eq %struct.hstate* %16, null br i1 %17, label %84, label %18 %19 = ptrtoint %struct.hstate* %16 to i64 %20 = sub i64 %19, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %21 = sdiv exact i64 %20, 2208 %22 = trunc i64 %21 to i32 %23 = icmp slt i32 %22, 0 br i1 %23, label %84, label %24 %25 = and i64 %21, 4294967295 %26 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %25 %27 = load %struct.vfsmount*, %struct.vfsmount** %26, align 8 %28 = icmp eq %struct.vfsmount* %27, null br i1 %28, label %84, label %29 %30 = icmp eq i32 %3, 1 br i1 %30, label %31, label %54 %32 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %33 = tail call zeroext i1 @capable(i32 14) #83 br i1 %33, label %54, label %34 %55 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %27, i64 0, i32 1 %56 = load %struct.super_block*, %struct.super_block** %55, align 8 %57 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %56, %struct.inode* null, i16 zeroext -32257, i32 0) #85 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_create ------------- Path:  Function:hugetlbfs_create %6 = or i16 %3, -32768 %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %8, %struct.inode* %1, i16 zeroext %6, i32 0) #83 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_symlink ------------- Path:  Function:hugetlbfs_symlink %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %6, %struct.inode* %1, i16 zeroext -24065, i32 0) #83 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_mkdir ------------- Path:  Function:hugetlbfs_mkdir %5 = or i16 %3, 16384 %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %5, i32 0) #83 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_mknod ------------- Path:  Function:hugetlbfs_mknod %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %3, i32 %4) #83 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_tmpfile ------------- Path:  Function:hugetlbfs_tmpfile %5 = or i16 %3, -32768 %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %5, i32 0) #83 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 autofs_get_inode 1 autofs_dir_mkdir ------------- Path:  Function:autofs_dir_mkdir %5 = getelementptr inbounds %struct.inode.257672, %struct.inode.257672* %1, i64 0, i32 8 %6 = load %struct.super_block.257652*, %struct.super_block.257652** %5, align 8 %7 = getelementptr inbounds %struct.super_block.257652, %struct.super_block.257652* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.autofs_sb_info.257683** %9 = load %struct.autofs_sb_info.257683*, %struct.autofs_sb_info.257683** %8, align 16 %10 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %2, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.autofs_info.257684** %12 = load %struct.autofs_info.257684*, %struct.autofs_info.257684** %11, align 8 %13 = getelementptr inbounds %struct.autofs_sb_info.257683, %struct.autofs_sb_info.257683* %9, i64 0, i32 8 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 1 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %98 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.257640** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.257640**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.257640* %20 = getelementptr inbounds %struct.task_struct.257640, %struct.task_struct.257640* %19, i64 0, i32 104 %21 = load %struct.signal_struct.257569*, %struct.signal_struct.257569** %20, align 8 %22 = getelementptr %struct.signal_struct.257569, %struct.signal_struct.257569* %21, i64 0, i32 22, i64 2 %23 = load %struct.pid*, %struct.pid** %22, align 8 %24 = getelementptr inbounds %struct.autofs_sb_info.257683, %struct.autofs_sb_info.257683* %9, i64 0, i32 3 %25 = load %struct.pid*, %struct.pid** %24, align 8 %26 = icmp eq %struct.pid* %23, %25 br i1 %26, label %27, label %98 %28 = icmp eq %struct.autofs_info.257684* %12, null br i1 %28, label %29, label %30, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.autofs_info*)* @autofs_clean_ino to void (%struct.autofs_info.257684*)*)(%struct.autofs_info.257684* nonnull %12) #83 %31 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %2, i64 0, i32 9 %32 = load %struct.super_block.257652*, %struct.super_block.257652** %31, align 8 %33 = getelementptr inbounds %struct.super_block.257652, %struct.super_block.257652* %32, i64 0, i32 28 %34 = bitcast i8** %33 to %struct.autofs_sb_info.257683** %35 = load %struct.autofs_sb_info.257683*, %struct.autofs_sb_info.257683** %34, align 16 %36 = load %struct.autofs_info.257684*, %struct.autofs_info.257684** %11, align 8 %37 = getelementptr inbounds %struct.autofs_sb_info.257683, %struct.autofs_sb_info.257683* %35, i64 0, i32 16, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %37) #83 %38 = getelementptr inbounds %struct.autofs_info.257684, %struct.autofs_info.257684* %36, i64 0, i32 4 %39 = getelementptr inbounds %struct.autofs_info.257684, %struct.autofs_info.257684* %36, i64 0, i32 4, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = getelementptr inbounds %struct.list_head, %struct.list_head* %40, i64 0, i32 0 store volatile %struct.list_head* %42, %struct.list_head** %44, align 8 store volatile %struct.list_head* %38, %struct.list_head** %41, align 8 store %struct.list_head* %38, %struct.list_head** %39, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %37) #83 %45 = load %struct.super_block.257652*, %struct.super_block.257652** %5, align 8 %46 = or i16 %3, 16384 %47 = tail call %struct.inode.257672* bitcast (%struct.inode* (%struct.super_block*, i16)* @autofs_get_inode to %struct.inode.257672* (%struct.super_block.257652*, i16)*)(%struct.super_block.257652* %45, i16 zeroext %46) #83 Function:autofs_get_inode %3 = tail call %struct.inode* bitcast (%struct.inode.148552* (%struct.super_block.148536*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #83 ------------- Good: 70 Bad: 19 Ignored: 60 Check Use of Function:nlmsg_notify Check Use of Function:generic_file_write_iter Check Use of Function:ieee80211_deliver_skb Check Use of Function:cfg80211_abandon_assoc Check Use of Function:amd_set_subcaches Check Use of Function:copy_thread Check Use of Function:vfs_clean_context Check Use of Function:unpin_user_page Check Use of Function:kill_ioctx Use: =BAD PATH= Call Stack: 0 __se_sys_io_destroy 1 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #83 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.18152, i64 0, i64 0), %struct.lockdep_map* nonnull @init_completion.__key.18153) #83 %10 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %10, align 8 %11 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %14, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_io_destroy 1 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #83 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %39, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.18152, i64 0, i64 0), %struct.lockdep_map* nonnull @init_completion.__key.18153) #83 %10 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %10, align 8 %11 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %14, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #83 ------------- Good: 2 Bad: 2 Ignored: 1 Check Use of Function:_raw_write_unlock_irq Check Use of Function:__ptrace_link Check Use of Function:drv_mgd_complete_tx Check Use of Function:scsi_try_bus_reset Check Use of Function:wait_for_owner_exiting Check Use of Function:ipip6_dellink Check Use of Function:cfg80211_chandef_valid Check Use of Function:efivar_entry_iter_begin Check Use of Function:hung_up_tty_ioctl Check Use of Function:loop_control_ioctl Check Use of Function:d_add Use: =BAD PATH= Call Stack: 0 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.static_call_site* %6 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 9 %11 = load %struct.super_block.151751*, %struct.super_block.151751** %10, align 8 %12 = getelementptr inbounds %struct.super_block.151751, %struct.super_block.151751* %11, i64 0, i32 40 %13 = load %struct.dentry_operations.151784*, %struct.dentry_operations.151784** %12, align 64 %14 = icmp eq %struct.dentry_operations.151784* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.148048*, %struct.inode.148060*)* @d_add to void (%struct.dentry.151783*, %struct.inode.151779*)*)(%struct.dentry.151783* %1, %struct.inode.151779* null) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.static_call_site* %6 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 9 %11 = load %struct.super_block.151751*, %struct.super_block.151751** %10, align 8 %12 = getelementptr inbounds %struct.super_block.151751, %struct.super_block.151751* %11, i64 0, i32 40 %13 = load %struct.dentry_operations.151784*, %struct.dentry_operations.151784** %12, align 64 %14 = icmp eq %struct.dentry_operations.151784* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.148048*, %struct.inode.148060*)* @d_add to void (%struct.dentry.151783*, %struct.inode.151779*)*)(%struct.dentry.151783* %1, %struct.inode.151779* null) #83 ------------- Good: 20 Bad: 2 Ignored: 2 Check Use of Function:ieee80211_release_reorder_frame Check Use of Function:vfs_create_mount Check Use of Function:snd_hwdep_ioctl Use: =BAD PATH= Call Stack: 0 snd_hwdep_ioctl_compat ------------- Path:  Function:snd_hwdep_ioctl_compat %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.snd_hwdep** %7 = load %struct.snd_hwdep*, %struct.snd_hwdep** %6, align 8 %8 = and i64 %2, 4294967295 switch i32 %1, label %79 [ i32 -2147203072, label %9 i32 -2133047295, label %9 i32 -2143270910, label %9 i32 1079003139, label %11 ] %10 = tail call i64 @snd_hwdep_ioctl(%struct.file* %0, i32 %1, i64 %8) #83 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:exportfs_decode_fh Check Use of Function:sched_post_fork Check Use of Function:exit_thread Check Use of Function:d_exchange Check Use of Function:credit_entropy_bits Check Use of Function:get_seccomp_filter Check Use of Function:auditd_reset Check Use of Function:lock_two_nondirectories Check Use of Function:mddev_unlock Check Use of Function:user_disable_single_step Check Use of Function:drm_connector_free Check Use of Function:rtnl_create_link Check Use of Function:get_net_ns_by_id Check Use of Function:ring_buffer_write Check Use of Function:reset_palette Check Use of Function:cfg80211_rx_unexpected_4addr_frame Check Use of Function:ieee80211_mgd_quiesce Check Use of Function:do_truncate Check Use of Function:alloc_pid Check Use of Function:device_reset Check Use of Function:sta_info_get Check Use of Function:cgroup_post_fork Check Use of Function:__SCT__tp_func_task_newtask Check Use of Function:__SCT__tp_func_drv_return_void Check Use of Function:__SCT__tp_func_azx_resume Check Use of Function:kernfs_iop_lookup Check Use of Function:drm_framebuffer_lookup Check Use of Function:kernel_power_off Check Use of Function:vt_reset_unicode Check Use of Function:access_process_vm Check Use of Function:ieee80211_set_mon_options Check Use of Function:cfg80211_rdev_free_coalesce Check Use of Function:create_new_namespaces Check Use of Function:kernfs_vfs_xattr_get Check Use of Function:cgroup_can_fork Check Use of Function:intel_irq_postinstall Check Use of Function:vfs_rmdir Check Use of Function:__ipv6_dev_ac_inc Check Use of Function:rtc_dev_ioctl Use: =BAD PATH= Call Stack: 0 rtc_dev_compat_ioctl ------------- Path:  Function:rtc_dev_compat_ioctl %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.rtc_device.677879** %6 = load %struct.rtc_device.677879*, %struct.rtc_device.677879** %5, align 8 %7 = trunc i64 %2 to i32 %8 = and i64 %2, 4294967295 switch i32 %1, label %61 [ i32 -2147192821, label %9 i32 1074032652, label %20 i32 1074032654, label %38 ] %62 = tail call i64 @rtc_dev_ioctl(%struct.file* %0, i32 %1, i64 %8) #84 ------------- Good: 1 Bad: 1 Ignored: 3 Check Use of Function:proc_reg_unlocked_ioctl Check Use of Function:serial8250_config_port Check Use of Function:ttm_bo_vm_access Check Use of Function:ieee80211_data_to_8023_exthdr Check Use of Function:nv_set_loopback Check Use of Function:exit_task_namespaces Check Use of Function:e1000_irq_enable Check Use of Function:strndup_user Use: =BAD PATH= Call Stack: 0 dma_buf_ioctl ------------- Path:  Function:dma_buf_ioctl %4 = alloca %struct.anon.1, align 8 %5 = bitcast %struct.anon.1* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.dma_buf** %8 = load %struct.dma_buf*, %struct.dma_buf** %7, align 8 switch i32 %1, label %82 [ i32 1074291200, label %9 i32 1074029057, label %58 i32 1074291201, label %58 ] %59 = inttoptr i64 %2 to i8* %60 = tail call i8* @strndup_user(i8* %59, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_pkey_params_get 1 keyctl_pkey_verify 2 __se_sys_keyctl 3 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %267 = inttoptr i64 %1 to %struct.keyctl_pkey_params* %268 = inttoptr i64 %2 to i8* %269 = inttoptr i64 %3 to i8* %270 = inttoptr i64 %4 to i8* %271 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %267, i8* %268, i8* %269, i8* %270) #83 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.238522, align 8 %8 = bitcast %struct.kernel_pkey_params.238522* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.238522, %struct.kernel_pkey_params.238522* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.25653, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #83 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.238522* nonnull %7) #83 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.238522* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.238522, %struct.kernel_pkey_params.238522* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.25653, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_pkey_params_get 1 keyctl_pkey_verify 2 __se_sys_keyctl 3 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %267 = inttoptr i64 %1 to %struct.keyctl_pkey_params* %268 = inttoptr i64 %2 to i8* %269 = inttoptr i64 %3 to i8* %270 = inttoptr i64 %4 to i8* %271 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %267, i8* %268, i8* %269, i8* %270) #83 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.238522, align 8 %8 = bitcast %struct.kernel_pkey_params.238522* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.238522, %struct.kernel_pkey_params.238522* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.25653, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #83 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.238522* nonnull %7) #83 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.238522* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.238522, %struct.kernel_pkey_params.238522* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.25653, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_pkey_params_get 1 keyctl_pkey_verify 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %91 = inttoptr i64 %6 to %struct.keyctl_pkey_params* %92 = inttoptr i64 %9 to i8* %93 = inttoptr i64 %12 to i8* %94 = inttoptr i64 %15 to i8* %95 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %91, i8* %92, i8* %93, i8* %94) #83 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.238522, align 8 %8 = bitcast %struct.kernel_pkey_params.238522* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.238522, %struct.kernel_pkey_params.238522* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.25653, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #83 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.238522* nonnull %7) #83 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.238522* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.238522, %struct.kernel_pkey_params.238522* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.25653, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_join_session_keyring 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %24 = inttoptr i64 %6 to i8* %25 = tail call i64 @keyctl_join_session_keyring(i8* %24) #83 Function:keyctl_join_session_keyring %2 = icmp eq i8* %0, null br i1 %2, label %11, label %3 %4 = tail call i8* @strndup_user(i8* nonnull %0, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_search 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %41 = inttoptr i64 %9 to i8* %42 = inttoptr i64 %12 to i8* %43 = tail call i64 @keyctl_keyring_search(i32 %17, i8* %41, i8* %42, i32 %20) #83 Function:keyctl_keyring_search %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 32) #83 %8 = trunc i64 %7 to i32 %9 = icmp slt i32 %8, 0 br i1 %9, label %16, label %10 %11 = add nsw i32 %8, -1 %12 = icmp ugt i32 %11, 30 br i1 %12, label %16, label %13 %14 = load i8, i8* %6, align 16 %15 = icmp eq i8 %14, 46 br i1 %15, label %16, label %20 %21 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %21, align 1 %22 = call i8* @strndup_user(i8* %2, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_search 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %111 = trunc i64 %1 to i32 %112 = inttoptr i64 %2 to i8* %113 = inttoptr i64 %3 to i8* %114 = trunc i64 %4 to i32 %115 = tail call i64 @keyctl_keyring_search(i32 %111, i8* %112, i8* %113, i32 %114) #83 Function:keyctl_keyring_search %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 32) #83 %8 = trunc i64 %7 to i32 %9 = icmp slt i32 %8, 0 br i1 %9, label %16, label %10 %11 = add nsw i32 %8, -1 %12 = icmp ugt i32 %11, 30 br i1 %12, label %16, label %13 %14 = load i8, i8* %6, align 16 %15 = icmp eq i8 %14, 46 br i1 %15, label %16, label %20 %21 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %21, align 1 %22 = call i8* @strndup_user(i8* %2, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_search 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %111 = trunc i64 %1 to i32 %112 = inttoptr i64 %2 to i8* %113 = inttoptr i64 %3 to i8* %114 = trunc i64 %4 to i32 %115 = tail call i64 @keyctl_keyring_search(i32 %111, i8* %112, i8* %113, i32 %114) #83 Function:keyctl_keyring_search %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 32) #83 %8 = trunc i64 %7 to i32 %9 = icmp slt i32 %8, 0 br i1 %9, label %16, label %10 %11 = add nsw i32 %8, -1 %12 = icmp ugt i32 %11, 30 br i1 %12, label %16, label %13 %14 = load i8, i8* %6, align 16 %15 = icmp eq i8 %14, 46 br i1 %15, label %16, label %20 %21 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %21, align 1 %22 = call i8* @strndup_user(i8* %2, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %27 = icmp eq i64 %1, 0 br i1 %27, label %37, label %28 %29 = inttoptr i64 %1 to i8* %30 = tail call i8* @strndup_user(i8* nonnull %29, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %27 = icmp eq i64 %1, 0 br i1 %27, label %37, label %28 %29 = inttoptr i64 %1 to i8* %30 = tail call i8* @strndup_user(i8* nonnull %29, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_request_key 1 __ia32_sys_request_key ------------- Path:  Function:__ia32_sys_request_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_request_key(i64 %4, i64 %7, i64 %10, i64 %13) #83 Function:__se_sys_request_key %5 = alloca [32 x i8], align 16 %6 = inttoptr i64 %0 to i8* %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %3 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %11 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %6, i64 32) #83 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %20, label %14 %15 = add nsw i32 %12, -1 %16 = icmp ugt i32 %15, 30 br i1 %16, label %20, label %17 %18 = load i8, i8* %10, align 16 %19 = icmp eq i8 %18, 46 br i1 %19, label %20, label %24 %25 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %25, align 1 %26 = call i8* @strndup_user(i8* %7, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_request_key 1 __x64_sys_request_key ------------- Path:  Function:__x64_sys_request_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_request_key(i64 %3, i64 %5, i64 %7, i64 %9) #83 Function:__se_sys_request_key %5 = alloca [32 x i8], align 16 %6 = inttoptr i64 %0 to i8* %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %3 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %11 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %6, i64 32) #83 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %20, label %14 %15 = add nsw i32 %12, -1 %16 = icmp ugt i32 %15, 30 br i1 %16, label %20, label %17 %18 = load i8, i8* %10, align 16 %19 = icmp eq i8 %18, 46 br i1 %19, label %20, label %24 %25 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %25, align 1 %26 = call i8* @strndup_user(i8* %7, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __ia32_sys_mount ------------- Path:  Function:__ia32_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_mount(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #83 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __x64_sys_mount ------------- Path:  Function:__x64_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_mount(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #83 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __ia32_sys_mount ------------- Path:  Function:__ia32_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_mount(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __x64_sys_mount ------------- Path:  Function:__x64_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_mount(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #83 ------------- Good: 10 Bad: 20 Ignored: 5 Check Use of Function:filename_parentat Check Use of Function:scsi_try_host_reset Check Use of Function:put_io_context Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 blk_finish_plug 4 __se_sys_io_submit 5 __ia32_sys_io_submit ------------- Path:  Function:__ia32_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_io_submit(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %74, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %74, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 64 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #83 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %4) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 blk_finish_plug 4 __se_sys_io_submit 5 __x64_sys_io_submit ------------- Path:  Function:__x64_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_io_submit(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %74, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %74, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 64 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #83 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %4) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 blk_finish_plug 4 do_madvise 5 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %210 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %211 = load %struct.mm_struct*, %struct.mm_struct** %210, align 8 %212 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %213 = load i64, i64* %212, align 8 switch i32 %3, label %254 [ i32 0, label %214 i32 2, label %216 i32 1, label %219 i32 10, label %222 i32 11, label %224 i32 18, label %229 i32 19, label %238 i32 16, label %240 i32 17, label %242 i32 15, label %250 i32 14, label %250 ] %243 = and i64 %213, 4194304 %244 = icmp ne i64 %243, 0 %245 = and i64 %213, 268715008 %246 = icmp eq i64 %245, 0 %247 = or i1 %244, %246 br i1 %247, label %248, label %329 %330 = phi i32 [ -12, %53 ], [ %328, %327 ], [ -22, %242 ], [ -12, %284 ], [ -12, %273 ], [ -22, %229 ], [ -22, %224 ], [ -22, %141 ], [ -22, %136 ], [ %81, %312 ], [ -12, %78 ], [ %81, %310 ], [ -12, %323 ] call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 blk_finish_plug 4 do_madvise 5 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %210 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %211 = load %struct.mm_struct*, %struct.mm_struct** %210, align 8 %212 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %213 = load i64, i64* %212, align 8 switch i32 %3, label %254 [ i32 0, label %214 i32 2, label %216 i32 1, label %219 i32 10, label %222 i32 11, label %224 i32 18, label %229 i32 19, label %238 i32 16, label %240 i32 17, label %242 i32 15, label %250 i32 14, label %250 ] %243 = and i64 %213, 4194304 %244 = icmp ne i64 %243, 0 %245 = and i64 %213, 268715008 %246 = icmp eq i64 %245, 0 %247 = or i1 %244, %246 br i1 %247, label %248, label %329 %330 = phi i32 [ -12, %53 ], [ %328, %327 ], [ -22, %242 ], [ -12, %284 ], [ -12, %273 ], [ -22, %229 ], [ -22, %224 ], [ -22, %141 ], [ -22, %136 ], [ %81, %312 ], [ -12, %78 ], [ %81, %310 ], [ -12, %323 ] call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 blk_finish_plug 4 __ia32_compat_sys_io_submit ------------- Path:  Function:__ia32_compat_sys_io_submit %2 = alloca %struct.blk_plug, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %6 to i32 %11 = inttoptr i64 %9 to i32* %12 = bitcast %struct.blk_plug* %2 to i8* %13 = icmp sgt i32 %10, -1 br i1 %13, label %14, label %82, !prof !4, !misexpect !5 %15 = and i64 %4, 4294967295 %16 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %15) #83 %17 = icmp eq %struct.kioctx* %16, null br i1 %17, label %82, label %18, !prof !6, !misexpect !5 %19 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %16, i64 0, i32 7 %20 = load i32, i32* %19, align 64 %21 = icmp ult i32 %20, %10 %22 = select i1 %21, i32 %20, i32 %10 %23 = icmp sgt i32 %22, 2 br i1 %23, label %24, label %25 %26 = icmp sgt i32 %22, 0 br i1 %26, label %27, label %57 %28 = zext i32 %22 to i64 br label %29 %30 = phi i64 [ 0, %27 ], [ %46, %45 ] %32 = getelementptr i32, i32* %11, i64 %30 %33 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %32, i64 4, i64 %31) #6, !srcloc !7 %34 = extractvalue { i32*, i32, i64 } %33, 0 %35 = extractvalue { i32*, i32, i64 } %33, 2 %36 = ptrtoint i32* %34 to i64 %37 = and i64 %36, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %51, !prof !4, !misexpect !5 %40 = extractvalue { i32*, i32, i64 } %33, 1 %41 = zext i32 %40 to i64 %42 = inttoptr i64 %41 to %struct.iocb* %43 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %16, %struct.iocb* %42, i1 zeroext true) #83 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %48 %46 = add nuw nsw i64 %30, 1 %47 = icmp eq i64 %46, %28 br i1 %47, label %53, label %29 %54 = phi i32 [ %49, %48 ], [ %52, %51 ], [ %22, %45 ] %55 = phi i64 [ %50, %48 ], [ -14, %51 ], [ 0, %45 ] br i1 %23, label %56, label %57 call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %2) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 bio_poll 4 iocb_bio_iopoll ------------- Path:  Function:iocb_bio_iopoll tail call void @__rcu_read_lock() #83 %4 = getelementptr inbounds %struct.kiocb.290504, %struct.kiocb.290504* %0, i64 0, i32 3 %5 = load volatile i8*, i8** %4, align 8 %6 = bitcast i8* %5 to %struct.bio.290594* %7 = icmp eq i8* %5, null br i1 %7, label %15, label %8 %9 = getelementptr inbounds i8, i8* %5, i64 8 %10 = bitcast i8* %9 to %struct.block_device.290586** %11 = load %struct.block_device.290586*, %struct.block_device.290586** %10, align 8 %12 = icmp eq %struct.block_device.290586* %11, null br i1 %12, label %15, label %13 %14 = tail call i32 @bio_poll(%struct.bio.290594* nonnull %6, %struct.io_comp_batch.290810* %1, i32 %2) #84 Function:bio_poll %4 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %5 = load %struct.block_device.290586*, %struct.block_device.290586** %4, align 8 %6 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %5, i64 0, i32 18 %7 = load %struct.request_queue.290802*, %struct.request_queue.290802** %6, align 8 %8 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 9 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, -1 br i1 %10, label %54, label %11 %12 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %7, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 65536 %15 = icmp eq i64 %14, 0 br i1 %15, label %54, label %16 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.290793* %19 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %18, i64 0, i32 129 %20 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %19, align 8 %21 = icmp eq %struct.blk_plug.290756* %20, null br i1 %21, label %23, label %22 tail call void @blk_flush_plug(%struct.blk_plug.290756* nonnull %20, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_free_request 1 blk_mq_free_plug_rqs 2 blk_flush_plug 3 wakeup_flusher_threads 4 ksys_sync 5 __do_sys_sync ------------- Path:  Function:__do_sys_sync tail call void @ksys_sync() #83 Function:ksys_sync %1 = alloca i32, align 4 %2 = alloca i32, align 4 %3 = bitcast i32* %1 to i8* store i32 0, i32* %1, align 4 %4 = bitcast i32* %2 to i8* store i32 1, i32* %2, align 4 tail call void @wakeup_flusher_threads(i32 2) #83 Function:wakeup_flusher_threads %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 129 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, null br i1 %6, label %17, label %7 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 0 %9 = load %struct.request*, %struct.request** %8, align 8 %10 = icmp eq %struct.request* %9, null br i1 %10, label %11, label %16 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 7 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %17, label %16 tail call void bitcast (void (%struct.blk_plug.290756*, i1)* @blk_flush_plug to void (%struct.blk_plug*, i1)*)(%struct.blk_plug* nonnull %5, i1 zeroext true) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 br label %49 %50 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 1 %51 = load %struct.request.290809*, %struct.request.290809** %50, align 8 %52 = icmp eq %struct.request.290809* %51, null br i1 %52, label %54, label %53, !prof !4, !misexpect !5 call void bitcast (void (%struct.blk_plug.295036*)* @blk_mq_free_plug_rqs to void (%struct.blk_plug.290756*)*)(%struct.blk_plug.290756* %0) #83 Function:blk_mq_free_plug_rqs %2 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 1 %3 = icmp eq %struct.request.294838** %2, null br i1 %3, label %15, label %4 %5 = bitcast %struct.request.294838** %2 to i64* %6 = load %struct.request.294838*, %struct.request.294838** %2, align 8 %7 = icmp eq %struct.request.294838* %6, null br i1 %7, label %15, label %8 %9 = phi %struct.request.294838* [ %13, %8 ], [ %6, %4 ] %10 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %9, i64 0, i32 12 %11 = bitcast %struct.sysv_shm* %10 to i64* %12 = load i64, i64* %11, align 8 store i64 %12, i64* %5, align 8 tail call void @blk_mq_free_request(%struct.request.294838* nonnull %9) #83 Function:blk_mq_free_request %2 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 0 %3 = load %struct.request_queue.294830*, %struct.request_queue.294830** %2, align 8 %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 4 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 4096 %9 = icmp eq i32 %8, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %3, i64 0, i32 1 %12 = load %struct.elevator_queue.294809*, %struct.elevator_queue.294809** %11, align 8 %13 = getelementptr inbounds %struct.elevator_queue.294809, %struct.elevator_queue.294809* %12, i64 0, i32 0 %14 = load %struct.elevator_type.294808*, %struct.elevator_type.294808** %13, align 8 %15 = getelementptr inbounds %struct.elevator_type.294808, %struct.elevator_type.294808* %14, i64 0, i32 1, i32 12 %16 = load void (%struct.request.294838*)*, void (%struct.request.294838*)** %15, align 8 %17 = icmp eq void (%struct.request.294838*)* %16, null br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 26 %21 = bitcast %union.anon.83.294835* %20 to %struct.io_cq.294802** %22 = load %struct.io_cq.294802*, %struct.io_cq.294802** %21, align 8 %23 = icmp eq %struct.io_cq.294802* %22, null br i1 %23, label %27, label %24 %25 = getelementptr inbounds %struct.io_cq.294802, %struct.io_cq.294802* %22, i64 0, i32 1 %26 = load %struct.io_context.294799*, %struct.io_context.294799** %25, align 8 tail call void bitcast (void (%struct.io_context.290227*)* @put_io_context to void (%struct.io_context.294799*)*)(%struct.io_context.294799* %26) #83 ------------- Good: 133 Bad: 7 Ignored: 186 Check Use of Function:dm_ctl_ioctl Use: =BAD PATH= Call Stack: 0 dm_compat_ctl_ioctl ------------- Path:  Function:dm_compat_ctl_ioctl %4 = and i64 %2, 4294967295 %5 = tail call i64 @dm_ctl_ioctl(%struct.file.690524* %0, i32 %1, i64 %4) #83 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:serial_do_unlink Check Use of Function:uts_proc_notify Check Use of Function:mount_too_revealing Check Use of Function:__netif_set_xps_queue Check Use of Function:set_blocksize Check Use of Function:dev_uc_del Check Use of Function:dev_mc_del Check Use of Function:inode_owner_or_capable Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 5 %5 = load %struct.inode.190029*, %struct.inode.190029** %4, align 8 %6 = getelementptr inbounds %struct.iattr.190018, %struct.iattr.190018* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %5, i64 0, i32 8 %9 = load %struct.super_block.190011*, %struct.super_block.190011** %8, align 8 %10 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info.190078** %12 = load %struct.ext4_sb_info.190078*, %struct.ext4_sb_info.190078** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info.190078, %struct.ext4_sb_info.190078* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %388, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %388, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %388, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.190016*, %struct.iattr.190018*)*)(%struct.user_namespace* %0, %struct.dentry.190016* %1, %struct.iattr.190018* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 5 %5 = load %struct.inode.190029*, %struct.inode.190029** %4, align 8 %6 = getelementptr inbounds %struct.iattr.190018, %struct.iattr.190018* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %5, i64 0, i32 8 %9 = load %struct.super_block.190011*, %struct.super_block.190011** %8, align 8 %10 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info.190078** %12 = load %struct.ext4_sb_info.190078*, %struct.ext4_sb_info.190078** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info.190078, %struct.ext4_sb_info.190078* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %388, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %388, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %388, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.190016*, %struct.iattr.190018*)*)(%struct.user_namespace* %0, %struct.dentry.190016* %1, %struct.iattr.190018* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 5 %5 = load %struct.inode.190029*, %struct.inode.190029** %4, align 8 %6 = getelementptr inbounds %struct.iattr.190018, %struct.iattr.190018* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %5, i64 0, i32 8 %9 = load %struct.super_block.190011*, %struct.super_block.190011** %8, align 8 %10 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info.190078** %12 = load %struct.ext4_sb_info.190078*, %struct.ext4_sb_info.190078** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info.190078, %struct.ext4_sb_info.190078* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %388, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %388, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %388, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.190016*, %struct.iattr.190018*)*)(%struct.user_namespace* %0, %struct.dentry.190016* %1, %struct.iattr.190018* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %1, i64 0, i32 5 %5 = load %struct.inode.176051*, %struct.inode.176051** %4, align 8 %6 = getelementptr inbounds %struct.iattr.176193, %struct.iattr.176193* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace.176192*, %struct.dentry.176040*, %struct.iattr.176193*)*)(%struct.user_namespace.176192* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.176192*), %struct.dentry.176040* %1, %struct.iattr.176193* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %1, i64 0, i32 5 %5 = load %struct.inode.176051*, %struct.inode.176051** %4, align 8 %6 = getelementptr inbounds %struct.iattr.176193, %struct.iattr.176193* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace.176192*, %struct.dentry.176040*, %struct.iattr.176193*)*)(%struct.user_namespace.176192* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.176192*), %struct.dentry.176040* %1, %struct.iattr.176193* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %4 = getelementptr inbounds %struct.dentry.207468, %struct.dentry.207468* %1, i64 0, i32 9 %5 = load %struct.super_block.207463*, %struct.super_block.207463** %4, align 8 %6 = getelementptr inbounds %struct.super_block.207463, %struct.super_block.207463* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.msdos_sb_info.207528** %8 = load %struct.msdos_sb_info.207528*, %struct.msdos_sb_info.207528** %7, align 16 %9 = getelementptr inbounds %struct.dentry.207468, %struct.dentry.207468* %1, i64 0, i32 5 %10 = load %struct.inode.207480*, %struct.inode.207480** %9, align 8 %11 = getelementptr inbounds %struct.iattr.207470, %struct.iattr.207470* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 65920 %14 = icmp eq i32 %13, 0 br i1 %14, label %39, label %15 %16 = getelementptr inbounds %struct.msdos_sb_info.207528, %struct.msdos_sb_info.207528* %8, i64 0, i32 19, i32 11 %17 = load i16, i16* %16, align 2 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.207452** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.207452**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.207452* %20 = getelementptr inbounds %struct.task_struct.207452, %struct.task_struct.207452* %19, i64 0, i32 94 %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = getelementptr inbounds %struct.cred, %struct.cred* %21, i64 0, i32 7, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.inode.207480, %struct.inode.207480* %10, i64 0, i32 2, i32 0 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %23, %25 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.inode.207480, %struct.inode.207480* %10, i64 0, i32 3, i32 0 %29 = load i32, i32* %28, align 8 %30 = tail call i32 @in_group_p(i32 %29) #83 %31 = icmp eq i32 %30, 0 %32 = lshr i16 %17, 3 %33 = select i1 %31, i16 %17, i16 %32 %34 = and i16 %33, 2 %35 = icmp eq i16 %34, 0 br i1 %35, label %39, label %36 %40 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.207468*, %struct.iattr.207470*)*)(%struct.user_namespace* %0, %struct.dentry.207468* %1, %struct.iattr.207470* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %4 = getelementptr inbounds %struct.dentry.207468, %struct.dentry.207468* %1, i64 0, i32 9 %5 = load %struct.super_block.207463*, %struct.super_block.207463** %4, align 8 %6 = getelementptr inbounds %struct.super_block.207463, %struct.super_block.207463* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.msdos_sb_info.207528** %8 = load %struct.msdos_sb_info.207528*, %struct.msdos_sb_info.207528** %7, align 16 %9 = getelementptr inbounds %struct.dentry.207468, %struct.dentry.207468* %1, i64 0, i32 5 %10 = load %struct.inode.207480*, %struct.inode.207480** %9, align 8 %11 = getelementptr inbounds %struct.iattr.207470, %struct.iattr.207470* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 65920 %14 = icmp eq i32 %13, 0 br i1 %14, label %39, label %15 %16 = getelementptr inbounds %struct.msdos_sb_info.207528, %struct.msdos_sb_info.207528* %8, i64 0, i32 19, i32 11 %17 = load i16, i16* %16, align 2 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.207452** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.207452**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.207452* %20 = getelementptr inbounds %struct.task_struct.207452, %struct.task_struct.207452* %19, i64 0, i32 94 %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = getelementptr inbounds %struct.cred, %struct.cred* %21, i64 0, i32 7, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.inode.207480, %struct.inode.207480* %10, i64 0, i32 2, i32 0 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %23, %25 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.inode.207480, %struct.inode.207480* %10, i64 0, i32 3, i32 0 %29 = load i32, i32* %28, align 8 %30 = tail call i32 @in_group_p(i32 %29) #83 %31 = icmp eq i32 %30, 0 %32 = lshr i16 %17, 3 %33 = select i1 %31, i16 %17, i16 %32 %34 = and i16 %33, 2 %35 = icmp eq i16 %34, 0 br i1 %35, label %39, label %36 %40 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.207468*, %struct.iattr.207470*)*)(%struct.user_namespace* %0, %struct.dentry.207468* %1, %struct.iattr.207470* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr ------------- Path:  Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 5 %5 = load %struct.inode.151779*, %struct.inode.151779** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)*)(%struct.user_namespace* %0, %struct.dentry.151783* %1, %struct.iattr.151770* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 sockfs_setattr ------------- Path:  Function:sockfs_setattr %4 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 5 %5 = load %struct.inode.151779*, %struct.inode.151779** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)*)(%struct.user_namespace* %0, %struct.dentry.151783* %1, %struct.iattr.151770* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 5 %5 = load %struct.inode.151779*, %struct.inode.151779** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)*)(%struct.user_namespace* %0, %struct.dentry.151783* %1, %struct.iattr.151770* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 5 %5 = load %struct.inode.151779*, %struct.inode.151779** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)*)(%struct.user_namespace* %0, %struct.dentry.151783* %1, %struct.iattr.151770* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 5 %5 = load %struct.inode.151779*, %struct.inode.151779** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)*)(%struct.user_namespace* %0, %struct.dentry.151783* %1, %struct.iattr.151770* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 5 %5 = load %struct.inode.190029*, %struct.inode.190029** %4, align 8 %6 = getelementptr inbounds %struct.iattr.190018, %struct.iattr.190018* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %5, i64 0, i32 8 %9 = load %struct.super_block.190011*, %struct.super_block.190011** %8, align 8 %10 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info.190078** %12 = load %struct.ext4_sb_info.190078*, %struct.ext4_sb_info.190078** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info.190078, %struct.ext4_sb_info.190078* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %388, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %388, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %388, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.190016*, %struct.iattr.190018*)*)(%struct.user_namespace* %0, %struct.dentry.190016* %1, %struct.iattr.190018* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 5 %5 = load %struct.inode.190029*, %struct.inode.190029** %4, align 8 %6 = getelementptr inbounds %struct.iattr.190018, %struct.iattr.190018* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %5, i64 0, i32 8 %9 = load %struct.super_block.190011*, %struct.super_block.190011** %8, align 8 %10 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info.190078** %12 = load %struct.ext4_sb_info.190078*, %struct.ext4_sb_info.190078** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info.190078, %struct.ext4_sb_info.190078* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %388, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %388, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %388, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.190016*, %struct.iattr.190018*)*)(%struct.user_namespace* %0, %struct.dentry.190016* %1, %struct.iattr.190018* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 5 %5 = load %struct.inode.190029*, %struct.inode.190029** %4, align 8 %6 = getelementptr inbounds %struct.iattr.190018, %struct.iattr.190018* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %5, i64 0, i32 8 %9 = load %struct.super_block.190011*, %struct.super_block.190011** %8, align 8 %10 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info.190078** %12 = load %struct.ext4_sb_info.190078*, %struct.ext4_sb_info.190078** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info.190078, %struct.ext4_sb_info.190078* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %388, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %388, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %388, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.190016*, %struct.iattr.190018*)*)(%struct.user_namespace* %0, %struct.dentry.190016* %1, %struct.iattr.190018* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %1, i64 0, i32 5 %5 = load %struct.inode.176051*, %struct.inode.176051** %4, align 8 %6 = getelementptr inbounds %struct.iattr.176193, %struct.iattr.176193* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace.176192*, %struct.dentry.176040*, %struct.iattr.176193*)*)(%struct.user_namespace.176192* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.176192*), %struct.dentry.176040* %1, %struct.iattr.176193* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.176040, %struct.dentry.176040* %1, i64 0, i32 5 %5 = load %struct.inode.176051*, %struct.inode.176051** %4, align 8 %6 = getelementptr inbounds %struct.iattr.176193, %struct.iattr.176193* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace.176192*, %struct.dentry.176040*, %struct.iattr.176193*)*)(%struct.user_namespace.176192* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.176192*), %struct.dentry.176040* %1, %struct.iattr.176193* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %4 = getelementptr inbounds %struct.dentry.207468, %struct.dentry.207468* %1, i64 0, i32 9 %5 = load %struct.super_block.207463*, %struct.super_block.207463** %4, align 8 %6 = getelementptr inbounds %struct.super_block.207463, %struct.super_block.207463* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.msdos_sb_info.207528** %8 = load %struct.msdos_sb_info.207528*, %struct.msdos_sb_info.207528** %7, align 16 %9 = getelementptr inbounds %struct.dentry.207468, %struct.dentry.207468* %1, i64 0, i32 5 %10 = load %struct.inode.207480*, %struct.inode.207480** %9, align 8 %11 = getelementptr inbounds %struct.iattr.207470, %struct.iattr.207470* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 65920 %14 = icmp eq i32 %13, 0 br i1 %14, label %39, label %15 %16 = getelementptr inbounds %struct.msdos_sb_info.207528, %struct.msdos_sb_info.207528* %8, i64 0, i32 19, i32 11 %17 = load i16, i16* %16, align 2 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.207452** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.207452**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.207452* %20 = getelementptr inbounds %struct.task_struct.207452, %struct.task_struct.207452* %19, i64 0, i32 94 %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = getelementptr inbounds %struct.cred, %struct.cred* %21, i64 0, i32 7, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.inode.207480, %struct.inode.207480* %10, i64 0, i32 2, i32 0 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %23, %25 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.inode.207480, %struct.inode.207480* %10, i64 0, i32 3, i32 0 %29 = load i32, i32* %28, align 8 %30 = tail call i32 @in_group_p(i32 %29) #83 %31 = icmp eq i32 %30, 0 %32 = lshr i16 %17, 3 %33 = select i1 %31, i16 %17, i16 %32 %34 = and i16 %33, 2 %35 = icmp eq i16 %34, 0 br i1 %35, label %39, label %36 %40 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.207468*, %struct.iattr.207470*)*)(%struct.user_namespace* %0, %struct.dentry.207468* %1, %struct.iattr.207470* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %4 = getelementptr inbounds %struct.dentry.207468, %struct.dentry.207468* %1, i64 0, i32 9 %5 = load %struct.super_block.207463*, %struct.super_block.207463** %4, align 8 %6 = getelementptr inbounds %struct.super_block.207463, %struct.super_block.207463* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.msdos_sb_info.207528** %8 = load %struct.msdos_sb_info.207528*, %struct.msdos_sb_info.207528** %7, align 16 %9 = getelementptr inbounds %struct.dentry.207468, %struct.dentry.207468* %1, i64 0, i32 5 %10 = load %struct.inode.207480*, %struct.inode.207480** %9, align 8 %11 = getelementptr inbounds %struct.iattr.207470, %struct.iattr.207470* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 65920 %14 = icmp eq i32 %13, 0 br i1 %14, label %39, label %15 %16 = getelementptr inbounds %struct.msdos_sb_info.207528, %struct.msdos_sb_info.207528* %8, i64 0, i32 19, i32 11 %17 = load i16, i16* %16, align 2 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.207452** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.207452**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.207452* %20 = getelementptr inbounds %struct.task_struct.207452, %struct.task_struct.207452* %19, i64 0, i32 94 %21 = load %struct.cred*, %struct.cred** %20, align 8 %22 = getelementptr inbounds %struct.cred, %struct.cred* %21, i64 0, i32 7, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.inode.207480, %struct.inode.207480* %10, i64 0, i32 2, i32 0 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %23, %25 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.inode.207480, %struct.inode.207480* %10, i64 0, i32 3, i32 0 %29 = load i32, i32* %28, align 8 %30 = tail call i32 @in_group_p(i32 %29) #83 %31 = icmp eq i32 %30, 0 %32 = lshr i16 %17, 3 %33 = select i1 %31, i16 %17, i16 %32 %34 = and i16 %33, 2 %35 = icmp eq i16 %34, 0 br i1 %35, label %39, label %36 %40 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.207468*, %struct.iattr.207470*)*)(%struct.user_namespace* %0, %struct.dentry.207468* %1, %struct.iattr.207470* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr ------------- Path:  Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 5 %5 = load %struct.inode.151779*, %struct.inode.151779** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)*)(%struct.user_namespace* %0, %struct.dentry.151783* %1, %struct.iattr.151770* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 sockfs_setattr ------------- Path:  Function:sockfs_setattr %4 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 5 %5 = load %struct.inode.151779*, %struct.inode.151779** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)*)(%struct.user_namespace* %0, %struct.dentry.151783* %1, %struct.iattr.151770* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 5 %5 = load %struct.inode.151779*, %struct.inode.151779** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)*)(%struct.user_namespace* %0, %struct.dentry.151783* %1, %struct.iattr.151770* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 5 %5 = load %struct.inode.151779*, %struct.inode.151779** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)*)(%struct.user_namespace* %0, %struct.dentry.151783* %1, %struct.iattr.151770* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 5 %5 = load %struct.inode.151779*, %struct.inode.151779** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.151783*, %struct.iattr.151770*)*)(%struct.user_namespace* %0, %struct.dentry.151783* %1, %struct.iattr.151770* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #83 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %5 = load %struct.inode.148792*, %struct.inode.148792** %4, align 8 %6 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, %12 br i1 %15, label %16, label %30 %31 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %7, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %7, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 4 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %49 = inttoptr i64 %48 to %struct.task_struct.148904* %50 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %49, i64 0, i32 94 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 7, i32 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, %47 %55 = icmp eq i32 %47, %45 %56 = and i1 %55, %54 br i1 %56, label %67, label %57 %68 = and i32 %7, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 8 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148904** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148904**)) #11, !srcloc !4 %76 = inttoptr i64 %75 to %struct.task_struct.148904* %77 = getelementptr inbounds %struct.task_struct.148904, %struct.task_struct.148904* %76, i64 0, i32 94 %78 = load %struct.cred*, %struct.cred** %77, align 8 %79 = getelementptr inbounds %struct.cred, %struct.cred* %78, i64 0, i32 7, i32 0 %80 = load i32, i32* %79, align 4 %81 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 2, i32 0 %82 = load i32, i32* %81, align 4 %83 = icmp eq i32 %80, %82 br i1 %83, label %84, label %90 %85 = tail call i32 @in_group_p(i32 %72) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %100 %88 = load i32, i32* %73, align 8 %89 = icmp eq i32 %88, %72 br i1 %89, label %100, label %90 %91 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.148792*, i32)*)(%struct.user_namespace* %0, %struct.inode.148792* %5, i32 0) #83 br i1 %91, label %100, label %92 %93 = icmp eq i32 %74, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 8 %96 = load %struct.super_block.148777*, %struct.super_block.148777** %95, align 8 %97 = getelementptr inbounds %struct.super_block.148777, %struct.super_block.148777* %96, i64 0, i32 49 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 16 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #83 br i1 %99, label %100, label %130 %101 = and i32 %7, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %5, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #83 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %7, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug.289471, align 8 %4 = getelementptr inbounds %struct.kiocb.289133, %struct.kiocb.289133* %0, i64 0, i32 0 %5 = load %struct.file.289341*, %struct.file.289341** %4, align 8 %6 = getelementptr inbounds %struct.file.289341, %struct.file.289341* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.block_device.289220** %8 = load %struct.block_device.289220*, %struct.block_device.289220** %7, align 8 %9 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %8, i64 0, i32 7 %10 = load %struct.inode.289534*, %struct.inode.289534** %9, align 8 %11 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %8, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = shl i64 %12, 9 %14 = bitcast %struct.blk_plug.289471* %3 to i8* %15 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %8, i64 0, i32 4 %16 = load i8, i8* %15, align 8, !range !4 %17 = icmp eq i8 %16, 0 br i1 %17, label %18, label %83 %19 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %8, i64 0, i32 17 %20 = load %struct.gendisk.289218*, %struct.gendisk.289218** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.289218, %struct.gendisk.289218* %20, i64 0, i32 7 %22 = load %struct.block_device.289220*, %struct.block_device.289220** %21, align 8 %23 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %22, i64 0, i32 4 %24 = load i8, i8* %23, align 8, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %83 %27 = getelementptr inbounds %struct.gendisk.289218, %struct.gendisk.289218* %20, i64 0, i32 12 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 2 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %83 %32 = getelementptr inbounds %struct.inode.289534, %struct.inode.289534* %10, i64 0, i32 4 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 256 %35 = icmp eq i32 %34, 0 br i1 %35, label %41, label %36 %37 = getelementptr inbounds %struct.inode.289534, %struct.inode.289534* %10, i64 0, i32 13 %38 = load i32, i32* %37, align 4 %39 = tail call i32 @is_hibernate_resume_dev(i32 %38) #83 %40 = icmp eq i32 %39, 0 br i1 %40, label %83, label %41 %42 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %43 = load i64, i64* %42, align 8 %44 = icmp eq i64 %43, 0 br i1 %44, label %83, label %45 %46 = getelementptr inbounds %struct.kiocb.289133, %struct.kiocb.289133* %0, i64 0, i32 1 %47 = load i64, i64* %46, align 8 %48 = icmp sgt i64 %13, %47 br i1 %48, label %49, label %83 %50 = getelementptr inbounds %struct.kiocb.289133, %struct.kiocb.289133* %0, i64 0, i32 4 %51 = load i32, i32* %50, align 8 %52 = and i32 %51, 131080 %53 = icmp eq i32 %52, 8 br i1 %53, label %83, label %54 %55 = sub i64 %13, %47 %56 = icmp ugt i64 %43, %55 br i1 %56, label %57, label %59 %58 = sub i64 %43, %55 store i64 %55, i64* %42, align 8 br label %59 %60 = phi i64 [ %58, %57 ], [ 0, %54 ] call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug.289471*)*)(%struct.blk_plug.289471* nonnull %3) #83 %61 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.289133*, %struct.iov_iter*)*)(%struct.kiocb.289133* %0, %struct.iov_iter* %1) #83 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = tail call %struct.backing_dev_info* @inode_to_bdi(%struct.inode* %8) #83 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 131 store %struct.backing_dev_info* %9, %struct.backing_dev_info** %12, align 8 %13 = tail call i32 bitcast (i32 (%struct.file.148466*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #83 Function:file_remove_privs %2 = alloca %struct.iattr.148543, align 8 %3 = getelementptr inbounds %struct.file.148466, %struct.file.148466* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.148541*, %struct.dentry.148541** %3, align 8 %5 = getelementptr inbounds %struct.dentry.148541, %struct.dentry.148541* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.148541* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.148466, %struct.file.148466* %0, i64 0, i32 2 %20 = load %struct.inode.148552*, %struct.inode.148552** %19, align 8 %21 = getelementptr inbounds %struct.inode.148552, %struct.inode.148552* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.148552, %struct.inode.148552* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.148541, %struct.dentry.148541* %18, i64 0, i32 5 %32 = load %struct.inode.148552*, %struct.inode.148552** %31, align 8 %33 = getelementptr inbounds %struct.inode.148552, %struct.inode.148552* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.148552, %struct.inode.148552* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #83 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.148541*)*)(%struct.dentry.148541* %18) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.148466, %struct.file.148466* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.148537*, %struct.vfsmount.148537** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.148537, %struct.vfsmount.148537* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.148543* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.148543, %struct.iattr.148543* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.148782*, %struct.iattr.148905*, %struct.inode.148792**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.148541*, %struct.iattr.148543*, %struct.inode.148552**)*)(%struct.user_namespace* %68, %struct.dentry.148541* %18, %struct.iattr.148543* nonnull %2, %struct.inode.148552** null) #83 Function:notify_change %5 = getelementptr inbounds %struct.dentry.148782, %struct.dentry.148782* %1, i64 0, i32 5 %6 = load %struct.inode.148792*, %struct.inode.148792** %5, align 8 %7 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.148905, %struct.iattr.148905* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16922, i64 0, i64 0), i32 319, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "270:\0A\09.pushsection .discard.reachable\0A\09.long 270b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.148792, %struct.inode.148792* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.148792*)*)(%struct.user_namespace* %0, %struct.inode.148792* %6) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %103 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %104 = load %struct.mm_struct*, %struct.mm_struct** %103, align 8 store %struct.vm_area_struct* %74, %struct.vm_area_struct** %11, align 8 %105 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %106 = load i64, i64* %105, align 8 %107 = and i64 %106, 4203520 %108 = icmp eq i64 %107, 0 br i1 %108, label %109, label %134 %110 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 12 %111 = load %struct.vm_operations_struct*, %struct.vm_operations_struct** %110, align 8 %112 = icmp eq %struct.vm_operations_struct* %111, null br i1 %112, label %131, label %113 %114 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 14 %115 = load %struct.file*, %struct.file** %114, align 8 %116 = icmp eq %struct.file* %115, null br i1 %116, label %134, label %117 %118 = getelementptr inbounds %struct.file, %struct.file* %115, i64 0, i32 2 %119 = load %struct.inode*, %struct.inode** %118, align 8 %120 = call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.inode* %119) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %103 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %104 = load %struct.mm_struct*, %struct.mm_struct** %103, align 8 store %struct.vm_area_struct* %74, %struct.vm_area_struct** %11, align 8 %105 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %106 = load i64, i64* %105, align 8 %107 = and i64 %106, 4203520 %108 = icmp eq i64 %107, 0 br i1 %108, label %109, label %134 %110 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 12 %111 = load %struct.vm_operations_struct*, %struct.vm_operations_struct** %110, align 8 %112 = icmp eq %struct.vm_operations_struct* %111, null br i1 %112, label %131, label %113 %114 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 14 %115 = load %struct.file*, %struct.file** %114, align 8 %116 = icmp eq %struct.file* %115, null br i1 %116, label %134, label %117 %118 = getelementptr inbounds %struct.file, %struct.file* %115, i64 0, i32 2 %119 = load %struct.inode*, %struct.inode** %118, align 8 %120 = call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.inode* %119) #83 ------------- Use: =BAD PATH= Call Stack: 0 set_posix_acl 1 posix_acl_xattr_set ------------- Path:  Function:posix_acl_xattr_set %9 = icmp eq i8* %5, null br i1 %9, label %16, label %10 %17 = phi %struct.posix_acl* [ %11, %10 ], [ null, %8 ] %18 = getelementptr inbounds %struct.xattr_handler, %struct.xattr_handler* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = tail call i32 @set_posix_acl(%struct.user_namespace* %1, %struct.inode* %3, i32 %19, %struct.posix_acl* %17) #83 Function:set_posix_acl %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 10 %8 = load i64, i64* %7, align 16 %9 = and i64 %8, 65536 %10 = icmp eq i64 %9, 0 br i1 %10, label %86, label %11 %12 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 7 %13 = load %struct.inode_operations*, %struct.inode_operations** %12, align 8 %14 = getelementptr inbounds %struct.inode_operations, %struct.inode_operations* %13, i64 0, i32 20 %15 = load i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)*, i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)** %14, align 32 %16 = icmp eq i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)* %15, null br i1 %16, label %86, label %17 %18 = icmp eq i32 %2, 16384 br i1 %18, label %19, label %27 %20 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, 16384 br i1 %23, label %27, label %24 %28 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode*)*)(%struct.user_namespace* %0, %struct.inode* %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 set_posix_acl 1 posix_acl_xattr_set ------------- Path:  Function:posix_acl_xattr_set %9 = icmp eq i8* %5, null br i1 %9, label %16, label %10 %17 = phi %struct.posix_acl* [ %11, %10 ], [ null, %8 ] %18 = getelementptr inbounds %struct.xattr_handler, %struct.xattr_handler* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = tail call i32 @set_posix_acl(%struct.user_namespace* %1, %struct.inode* %3, i32 %19, %struct.posix_acl* %17) #83 Function:set_posix_acl %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 10 %8 = load i64, i64* %7, align 16 %9 = and i64 %8, 65536 %10 = icmp eq i64 %9, 0 br i1 %10, label %86, label %11 %12 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 7 %13 = load %struct.inode_operations*, %struct.inode_operations** %12, align 8 %14 = getelementptr inbounds %struct.inode_operations, %struct.inode_operations* %13, i64 0, i32 20 %15 = load i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)*, i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)** %14, align 32 %16 = icmp eq i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)* %15, null br i1 %16, label %86, label %17 %18 = icmp eq i32 %2, 16384 br i1 %18, label %19, label %27 %20 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, 16384 br i1 %23, label %27, label %24 %28 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.148552*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode*)*)(%struct.user_namespace* %0, %struct.inode* %1) #83 ------------- Good: 52 Bad: 47 Ignored: 107 Check Use of Function:drm_event_cancel_free Check Use of Function:init_chmod Check Use of Function:task_join_group_stop Check Use of Function:anon_inode_getfile_secure Check Use of Function:__SCT__might_resched Use: =BAD PATH= Call Stack: 0 xprt_request_dequeue_xprt 1 xprt_release 2 rpc_put_task_async 3 rpc_sleep_on 4 nfs4_setup_sequence 5 nfs4_proc_unlink_rpc_prepare ------------- Path:  Function:nfs4_proc_unlink_rpc_prepare %3 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %1, i64 0, i32 2 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 9 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 0 %11 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %10, align 8 %12 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %1, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %1, i64 0, i32 1, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.233190* %11, %struct.nfs4_sequence_args.233141* %12, %struct.nfs4_sequence_res.233143* %13, %struct.rpc_task* %0) #83 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 36 %6 = load %struct.nfs4_session.233138*, %struct.nfs4_session.233138** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.233143, %struct.nfs4_sequence_res.233143* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %10, label %66 %11 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 33 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = icmp eq %struct.nfs4_session.233138* %6, null %14 = getelementptr inbounds %struct.nfs4_session.233138, %struct.nfs4_session.233138* %6, i64 0, i32 6 %15 = select i1 %13, %struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot_table.233139* %14 %16 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %16) #83 %17 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 15 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 1 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %27 = tail call %struct.nfs4_slot.233140* @nfs4_alloc_slot(%struct.nfs4_slot_table.233139* %15) #83 %28 = icmp ugt %struct.nfs4_slot.233140* %27, inttoptr (i64 -4096 to %struct.nfs4_slot.233140*) br i1 %28, label %29, label %33 %30 = icmp eq %struct.nfs4_slot.233140* %27, inttoptr (i64 -12 to %struct.nfs4_slot.233140*) %31 = getelementptr inbounds %struct.nfs4_sequence_args.233141, %struct.nfs4_sequence_args.233141* %1, i64 0, i32 1 %32 = load i8, i8* %31, align 8 br i1 %30, label %71, label %80 %81 = phi i8 [ %23, %21 ], [ %32, %29 ] %82 = and i8 %81, 2 %83 = icmp eq i8 %82, 0 %84 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 4 br i1 %83, label %86, label %85 tail call void @rpc_sleep_on(%struct.rpc_wait_queue* %84, %struct.rpc_task* %3, void (%struct.rpc_task*)* null) #83 Function:rpc_sleep_on %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.54.70790, i64 0, i64 0), i32 416, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "1991:\0A\09.pushsection .discard.reachable\0A\09.long 1991b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 1 store i32 -5, i32* %9, align 4 tail call void @rpc_put_task_async(%struct.rpc_task* %1) #83 Function:rpc_put_task_async %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 17 %3 = load %struct.workqueue_struct*, %struct.workqueue_struct** %2, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 0, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %4, i32* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %55, label %8 tail call void @xprt_release(%struct.rpc_task* %0) #83 Function:xprt_release %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 16 %3 = load %struct.rpc_rqst*, %struct.rpc_rqst** %2, align 8 %4 = icmp eq %struct.rpc_rqst* %3, null br i1 %4, label %5, label %21 %22 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 0 %23 = load %struct.rpc_xprt*, %struct.rpc_xprt** %22, align 8 tail call void @xprt_request_dequeue_xprt(%struct.rpc_task* %0) #84 Function:xprt_request_dequeue_xprt %2 = alloca %struct.wait_bit_queue_entry, align 8 %3 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 16 %4 = load %struct.rpc_rqst*, %struct.rpc_rqst** %3, align 8 %5 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 0 %6 = load %struct.rpc_xprt*, %struct.rpc_xprt** %5, align 8 %7 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %19 %12 = load volatile i64, i64* %7, align 8 %13 = and i64 %12, 16 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 27, i32 0 %17 = load volatile i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %103, label %19 %20 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %6, i64 0, i32 35, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = load %struct.rpc_rqst*, %struct.rpc_rqst** %3, align 8 %22 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 3, i64* %7) #6, !srcloc !4 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %65, label %25 %66 = load %struct.rpc_rqst*, %struct.rpc_rqst** %3, align 8 %67 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 4, i64* %7) #6, !srcloc !4 %68 = and i8 %67, 1 %69 = icmp eq i8 %68, 0 br i1 %69, label %75, label %70 %76 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 27, i32 0 %77 = load volatile i32, i32* %76, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %102, label %79 %80 = bitcast i64* %7 to i8* %81 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 27 %82 = bitcast %struct.kuid_t* %81 to i8* %83 = bitcast %struct.wait_bit_queue_entry* %2 to i8* %84 = getelementptr inbounds %struct.wait_bit_queue_entry, %struct.wait_bit_queue_entry* %2, i64 0, i32 1 br label %85 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %80, i32 32, i8* %80) #6, !srcloc !6 call void @_raw_spin_unlock(%struct.raw_spinlock* %20) #83 %86 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 xprt_request_dequeue_xprt 1 xprt_release 2 rpc_put_task_async 3 rpc_sleep_on 4 nfs4_setup_sequence 5 nfs4_proc_rename_rpc_prepare ------------- Path:  Function:nfs4_proc_rename_rpc_prepare %3 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %1, i64 0, i32 3 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 0 %11 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %10, align 8 %12 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %1, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %1, i64 0, i32 1, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.233190* %11, %struct.nfs4_sequence_args.233141* %12, %struct.nfs4_sequence_res.233143* %13, %struct.rpc_task* %0) #83 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 36 %6 = load %struct.nfs4_session.233138*, %struct.nfs4_session.233138** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.233143, %struct.nfs4_sequence_res.233143* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %10, label %66 %11 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 33 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = icmp eq %struct.nfs4_session.233138* %6, null %14 = getelementptr inbounds %struct.nfs4_session.233138, %struct.nfs4_session.233138* %6, i64 0, i32 6 %15 = select i1 %13, %struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot_table.233139* %14 %16 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %16) #83 %17 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 15 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 1 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %27 = tail call %struct.nfs4_slot.233140* @nfs4_alloc_slot(%struct.nfs4_slot_table.233139* %15) #83 %28 = icmp ugt %struct.nfs4_slot.233140* %27, inttoptr (i64 -4096 to %struct.nfs4_slot.233140*) br i1 %28, label %29, label %33 %30 = icmp eq %struct.nfs4_slot.233140* %27, inttoptr (i64 -12 to %struct.nfs4_slot.233140*) %31 = getelementptr inbounds %struct.nfs4_sequence_args.233141, %struct.nfs4_sequence_args.233141* %1, i64 0, i32 1 %32 = load i8, i8* %31, align 8 br i1 %30, label %71, label %80 %81 = phi i8 [ %23, %21 ], [ %32, %29 ] %82 = and i8 %81, 2 %83 = icmp eq i8 %82, 0 %84 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 4 br i1 %83, label %86, label %85 tail call void @rpc_sleep_on(%struct.rpc_wait_queue* %84, %struct.rpc_task* %3, void (%struct.rpc_task*)* null) #83 Function:rpc_sleep_on %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.54.70790, i64 0, i64 0), i32 416, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "1991:\0A\09.pushsection .discard.reachable\0A\09.long 1991b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 1 store i32 -5, i32* %9, align 4 tail call void @rpc_put_task_async(%struct.rpc_task* %1) #83 Function:rpc_put_task_async %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 17 %3 = load %struct.workqueue_struct*, %struct.workqueue_struct** %2, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 0, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %4, i32* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %55, label %8 tail call void @xprt_release(%struct.rpc_task* %0) #83 Function:xprt_release %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 16 %3 = load %struct.rpc_rqst*, %struct.rpc_rqst** %2, align 8 %4 = icmp eq %struct.rpc_rqst* %3, null br i1 %4, label %5, label %21 %22 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 0 %23 = load %struct.rpc_xprt*, %struct.rpc_xprt** %22, align 8 tail call void @xprt_request_dequeue_xprt(%struct.rpc_task* %0) #84 Function:xprt_request_dequeue_xprt %2 = alloca %struct.wait_bit_queue_entry, align 8 %3 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 16 %4 = load %struct.rpc_rqst*, %struct.rpc_rqst** %3, align 8 %5 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 0 %6 = load %struct.rpc_xprt*, %struct.rpc_xprt** %5, align 8 %7 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %19 %12 = load volatile i64, i64* %7, align 8 %13 = and i64 %12, 16 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 27, i32 0 %17 = load volatile i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %103, label %19 %20 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %6, i64 0, i32 35, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = load %struct.rpc_rqst*, %struct.rpc_rqst** %3, align 8 %22 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 3, i64* %7) #6, !srcloc !4 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %65, label %25 %66 = load %struct.rpc_rqst*, %struct.rpc_rqst** %3, align 8 %67 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 4, i64* %7) #6, !srcloc !4 %68 = and i8 %67, 1 %69 = icmp eq i8 %68, 0 br i1 %69, label %75, label %70 %76 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 27, i32 0 %77 = load volatile i32, i32* %76, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %102, label %79 %80 = bitcast i64* %7 to i8* %81 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 27 %82 = bitcast %struct.kuid_t* %81 to i8* %83 = bitcast %struct.wait_bit_queue_entry* %2 to i8* %84 = getelementptr inbounds %struct.wait_bit_queue_entry, %struct.wait_bit_queue_entry* %2, i64 0, i32 1 br label %85 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %80, i32 32, i8* %80) #6, !srcloc !6 call void @_raw_spin_unlock(%struct.raw_spinlock* %20) #83 %86 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 xprt_request_dequeue_xprt 1 xprt_release 2 rpc_put_task_async 3 rpc_sleep_on 4 nfs4_setup_sequence 5 nfs4_proc_pgio_rpc_prepare ------------- Path:  Function:nfs4_proc_pgio_rpc_prepare %3 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 0 %11 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %10, align 8 %12 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 0 %13 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.233190* %11, %struct.nfs4_sequence_args.233141* %12, %struct.nfs4_sequence_res.233143* %13, %struct.rpc_task* %0) #83 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 36 %6 = load %struct.nfs4_session.233138*, %struct.nfs4_session.233138** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.233143, %struct.nfs4_sequence_res.233143* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %10, label %66 %11 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 33 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = icmp eq %struct.nfs4_session.233138* %6, null %14 = getelementptr inbounds %struct.nfs4_session.233138, %struct.nfs4_session.233138* %6, i64 0, i32 6 %15 = select i1 %13, %struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot_table.233139* %14 %16 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %16) #83 %17 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 15 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 1 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %27 = tail call %struct.nfs4_slot.233140* @nfs4_alloc_slot(%struct.nfs4_slot_table.233139* %15) #83 %28 = icmp ugt %struct.nfs4_slot.233140* %27, inttoptr (i64 -4096 to %struct.nfs4_slot.233140*) br i1 %28, label %29, label %33 %30 = icmp eq %struct.nfs4_slot.233140* %27, inttoptr (i64 -12 to %struct.nfs4_slot.233140*) %31 = getelementptr inbounds %struct.nfs4_sequence_args.233141, %struct.nfs4_sequence_args.233141* %1, i64 0, i32 1 %32 = load i8, i8* %31, align 8 br i1 %30, label %71, label %80 %81 = phi i8 [ %23, %21 ], [ %32, %29 ] %82 = and i8 %81, 2 %83 = icmp eq i8 %82, 0 %84 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 4 br i1 %83, label %86, label %85 tail call void @rpc_sleep_on(%struct.rpc_wait_queue* %84, %struct.rpc_task* %3, void (%struct.rpc_task*)* null) #83 Function:rpc_sleep_on %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.54.70790, i64 0, i64 0), i32 416, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "1991:\0A\09.pushsection .discard.reachable\0A\09.long 1991b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 1 store i32 -5, i32* %9, align 4 tail call void @rpc_put_task_async(%struct.rpc_task* %1) #83 Function:rpc_put_task_async %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 17 %3 = load %struct.workqueue_struct*, %struct.workqueue_struct** %2, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 0, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %4, i32* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %55, label %8 tail call void @xprt_release(%struct.rpc_task* %0) #83 Function:xprt_release %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 16 %3 = load %struct.rpc_rqst*, %struct.rpc_rqst** %2, align 8 %4 = icmp eq %struct.rpc_rqst* %3, null br i1 %4, label %5, label %21 %22 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 0 %23 = load %struct.rpc_xprt*, %struct.rpc_xprt** %22, align 8 tail call void @xprt_request_dequeue_xprt(%struct.rpc_task* %0) #84 Function:xprt_request_dequeue_xprt %2 = alloca %struct.wait_bit_queue_entry, align 8 %3 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 16 %4 = load %struct.rpc_rqst*, %struct.rpc_rqst** %3, align 8 %5 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 0 %6 = load %struct.rpc_xprt*, %struct.rpc_xprt** %5, align 8 %7 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %19 %12 = load volatile i64, i64* %7, align 8 %13 = and i64 %12, 16 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 27, i32 0 %17 = load volatile i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %103, label %19 %20 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %6, i64 0, i32 35, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = load %struct.rpc_rqst*, %struct.rpc_rqst** %3, align 8 %22 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 3, i64* %7) #6, !srcloc !4 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %65, label %25 %66 = load %struct.rpc_rqst*, %struct.rpc_rqst** %3, align 8 %67 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 4, i64* %7) #6, !srcloc !4 %68 = and i8 %67, 1 %69 = icmp eq i8 %68, 0 br i1 %69, label %75, label %70 %76 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 27, i32 0 %77 = load volatile i32, i32* %76, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %102, label %79 %80 = bitcast i64* %7 to i8* %81 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 27 %82 = bitcast %struct.kuid_t* %81 to i8* %83 = bitcast %struct.wait_bit_queue_entry* %2 to i8* %84 = getelementptr inbounds %struct.wait_bit_queue_entry, %struct.wait_bit_queue_entry* %2, i64 0, i32 1 br label %85 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %80, i32 32, i8* %80) #6, !srcloc !6 call void @_raw_spin_unlock(%struct.raw_spinlock* %20) #83 %86 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 xprt_request_dequeue_xprt 1 xprt_release 2 rpc_put_task_async 3 rpc_sleep_on 4 nfs4_setup_sequence 5 nfs4_proc_commit_rpc_prepare ------------- Path:  Function:nfs4_proc_commit_rpc_prepare %3 = getelementptr inbounds %struct.nfs_commit_data.233181, %struct.nfs_commit_data.233181* %1, i64 0, i32 1 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 0 %11 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %10, align 8 %12 = getelementptr inbounds %struct.nfs_commit_data.233181, %struct.nfs_commit_data.233181* %1, i64 0, i32 8, i32 0 %13 = getelementptr inbounds %struct.nfs_commit_data.233181, %struct.nfs_commit_data.233181* %1, i64 0, i32 9, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.233190* %11, %struct.nfs4_sequence_args.233141* %12, %struct.nfs4_sequence_res.233143* %13, %struct.rpc_task* %0) #83 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 36 %6 = load %struct.nfs4_session.233138*, %struct.nfs4_session.233138** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.233143, %struct.nfs4_sequence_res.233143* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %10, label %66 %11 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 33 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = icmp eq %struct.nfs4_session.233138* %6, null %14 = getelementptr inbounds %struct.nfs4_session.233138, %struct.nfs4_session.233138* %6, i64 0, i32 6 %15 = select i1 %13, %struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot_table.233139* %14 %16 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %16) #83 %17 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 15 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 1 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %27 = tail call %struct.nfs4_slot.233140* @nfs4_alloc_slot(%struct.nfs4_slot_table.233139* %15) #83 %28 = icmp ugt %struct.nfs4_slot.233140* %27, inttoptr (i64 -4096 to %struct.nfs4_slot.233140*) br i1 %28, label %29, label %33 %30 = icmp eq %struct.nfs4_slot.233140* %27, inttoptr (i64 -12 to %struct.nfs4_slot.233140*) %31 = getelementptr inbounds %struct.nfs4_sequence_args.233141, %struct.nfs4_sequence_args.233141* %1, i64 0, i32 1 %32 = load i8, i8* %31, align 8 br i1 %30, label %71, label %80 %81 = phi i8 [ %23, %21 ], [ %32, %29 ] %82 = and i8 %81, 2 %83 = icmp eq i8 %82, 0 %84 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 4 br i1 %83, label %86, label %85 tail call void @rpc_sleep_on(%struct.rpc_wait_queue* %84, %struct.rpc_task* %3, void (%struct.rpc_task*)* null) #83 Function:rpc_sleep_on %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.54.70790, i64 0, i64 0), i32 416, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "1991:\0A\09.pushsection .discard.reachable\0A\09.long 1991b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %9 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %1, i64 0, i32 1 store i32 -5, i32* %9, align 4 tail call void @rpc_put_task_async(%struct.rpc_task* %1) #83 Function:rpc_put_task_async %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 17 %3 = load %struct.workqueue_struct*, %struct.workqueue_struct** %2, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 0, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %4, i32* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %55, label %8 tail call void @xprt_release(%struct.rpc_task* %0) #83 Function:xprt_release %2 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 16 %3 = load %struct.rpc_rqst*, %struct.rpc_rqst** %2, align 8 %4 = icmp eq %struct.rpc_rqst* %3, null br i1 %4, label %5, label %21 %22 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %3, i64 0, i32 0 %23 = load %struct.rpc_xprt*, %struct.rpc_xprt** %22, align 8 tail call void @xprt_request_dequeue_xprt(%struct.rpc_task* %0) #84 Function:xprt_request_dequeue_xprt %2 = alloca %struct.wait_bit_queue_entry, align 8 %3 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 16 %4 = load %struct.rpc_rqst*, %struct.rpc_rqst** %3, align 8 %5 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 0 %6 = load %struct.rpc_xprt*, %struct.rpc_xprt** %5, align 8 %7 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 6 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %19 %12 = load volatile i64, i64* %7, align 8 %13 = and i64 %12, 16 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 27, i32 0 %17 = load volatile i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %103, label %19 %20 = getelementptr inbounds %struct.rpc_xprt, %struct.rpc_xprt* %6, i64 0, i32 35, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = load %struct.rpc_rqst*, %struct.rpc_rqst** %3, align 8 %22 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 3, i64* %7) #6, !srcloc !4 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %65, label %25 %66 = load %struct.rpc_rqst*, %struct.rpc_rqst** %3, align 8 %67 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, i64 4, i64* %7) #6, !srcloc !4 %68 = and i8 %67, 1 %69 = icmp eq i8 %68, 0 br i1 %69, label %75, label %70 %76 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 27, i32 0 %77 = load volatile i32, i32* %76, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %102, label %79 %80 = bitcast i64* %7 to i8* %81 = getelementptr inbounds %struct.rpc_rqst, %struct.rpc_rqst* %4, i64 0, i32 27 %82 = bitcast %struct.kuid_t* %81 to i8* %83 = bitcast %struct.wait_bit_queue_entry* %2 to i8* %84 = getelementptr inbounds %struct.wait_bit_queue_entry, %struct.wait_bit_queue_entry* %2, i64 0, i32 1 br label %85 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %80, i32 32, i8* %80) #6, !srcloc !6 call void @_raw_spin_unlock(%struct.raw_spinlock* %20) #83 %86 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_unix_gc 1 unix_dgram_sendmsg ------------- Path:  Function:unix_dgram_sendmsg %4 = alloca i32, align 4 %5 = alloca %struct.scm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %9 = load %struct.net*, %struct.net** %8, align 8 %10 = bitcast %struct.msghdr* %1 to %struct.sockaddr_un** %11 = load %struct.sockaddr_un*, %struct.sockaddr_un** %10, align 8 %12 = bitcast i32* %4 to i8* %13 = bitcast %struct.scm_cookie* %5 to i8* tail call void @wait_for_unix_gc() #83 Function:wait_for_unix_gc %1 = alloca %struct.wait_queue_entry, align 8 %2 = load i32, i32* @unix_tot_inflight, align 4 %3 = icmp ugt i32 %2, 16000 br i1 %3, label %4, label %7 %5 = load i1, i1* @gc_in_progress, align 1 br i1 %5, label %7, label %6 tail call void @unix_gc() #83 br label %7 %8 = tail call i32 @__SCT__might_resched() #84 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_unix_gc 1 unix_dgram_sendmsg 2 unix_seqpacket_sendmsg ------------- Path:  Function:unix_seqpacket_sendmsg %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 52 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %13, label %9, !prof !4, !misexpect !5 %14 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 %16 = icmp eq i8 %15, 1 br i1 %16, label %17, label %24 %18 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %19 = load i32, i32* %18, align 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %22, label %21 %23 = tail call i32 @unix_dgram_sendmsg(%struct.socket* %0, %struct.msghdr* %1, i64 %2) #83 Function:unix_dgram_sendmsg %4 = alloca i32, align 4 %5 = alloca %struct.scm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %9 = load %struct.net*, %struct.net** %8, align 8 %10 = bitcast %struct.msghdr* %1 to %struct.sockaddr_un** %11 = load %struct.sockaddr_un*, %struct.sockaddr_un** %10, align 8 %12 = bitcast i32* %4 to i8* %13 = bitcast %struct.scm_cookie* %5 to i8* tail call void @wait_for_unix_gc() #83 Function:wait_for_unix_gc %1 = alloca %struct.wait_queue_entry, align 8 %2 = load i32, i32* @unix_tot_inflight, align 4 %3 = icmp ugt i32 %2, 16000 br i1 %3, label %4, label %7 %5 = load i1, i1* @gc_in_progress, align 1 br i1 %5, label %7, label %6 tail call void @unix_gc() #83 br label %7 %8 = tail call i32 @__SCT__might_resched() #84 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_unix_gc 1 unix_stream_sendmsg ------------- Path:  Function:unix_stream_sendmsg %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca %struct.scm_cookie, align 8 %7 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %8 = load %struct.sock*, %struct.sock** %7, align 8 %9 = bitcast i32* %5 to i8* %10 = bitcast %struct.scm_cookie* %6 to i8* tail call void @wait_for_unix_gc() #83 Function:wait_for_unix_gc %1 = alloca %struct.wait_queue_entry, align 8 %2 = load i32, i32* @unix_tot_inflight, align 4 %3 = icmp ugt i32 %2, 16000 br i1 %3, label %4, label %7 %5 = load i1, i1* @gc_in_progress, align 1 br i1 %5, label %7, label %6 tail call void @unix_gc() #83 br label %7 %8 = tail call i32 @__SCT__might_resched() #84 ------------- Use: =BAD PATH= Call Stack: 0 sock_no_sendpage ------------- Path:  Function:sock_no_sendpage %6 = alloca %struct.msghdr, align 8 %7 = alloca %struct.iovec, align 8 %8 = bitcast %struct.msghdr* %6 to i8* %9 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %6, i64 0, i32 6 store i32 %4, i32* %9, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 sock_no_sendpage ------------- Path:  Function:sock_no_sendpage %6 = alloca %struct.msghdr, align 8 %7 = alloca %struct.iovec, align 8 %8 = bitcast %struct.msghdr* %6 to i8* %9 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %6, i64 0, i32 6 store i32 %4, i32* %9, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 sock_no_sendpage ------------- Path:  Function:sock_no_sendpage %6 = alloca %struct.msghdr, align 8 %7 = alloca %struct.iovec, align 8 %8 = bitcast %struct.msghdr* %6 to i8* %9 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %6, i64 0, i32 6 store i32 %4, i32* %9, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 sock_no_sendpage ------------- Path:  Function:sock_no_sendpage %6 = alloca %struct.msghdr, align 8 %7 = alloca %struct.iovec, align 8 %8 = bitcast %struct.msghdr* %6 to i8* %9 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %6, i64 0, i32 6 store i32 %4, i32* %9, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 sock_no_sendpage ------------- Path:  Function:sock_no_sendpage %6 = alloca %struct.msghdr, align 8 %7 = alloca %struct.iovec, align 8 %8 = bitcast %struct.msghdr* %6 to i8* %9 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %6, i64 0, i32 6 store i32 %4, i32* %9, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 sock_no_sendpage 1 kernel_sendpage 2 sock_sendpage ------------- Path:  Function:sock_sendpage %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.socket** %9 = load %struct.socket*, %struct.socket** %8, align 8 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %11 = load i32, i32* %10, align 8 %12 = lshr i32 %11, 5 %13 = and i32 %12, 64 %14 = or i32 %13, %5 %15 = tail call i32 @kernel_sendpage(%struct.socket* %9, %struct.page* %1, i32 %2, i64 %3, i32 %14) #83 Function:kernel_sendpage %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 5 %7 = load %struct.proto_ops*, %struct.proto_ops** %6, align 32 %8 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %7, i64 0, i32 20 %9 = load i64 (%struct.socket*, %struct.page*, i32, i64, i32)*, i64 (%struct.socket*, %struct.page*, i32, i64, i32)** %8, align 8 %10 = icmp eq i64 (%struct.socket*, %struct.page*, i32, i64, i32)* %9, null br i1 %10, label %46, label %11 %47 = tail call i64 @sock_no_sendpage(%struct.socket* %0, %struct.page* %1, i32 %2, i64 %3, i32 %4) #83 Function:sock_no_sendpage %6 = alloca %struct.msghdr, align 8 %7 = alloca %struct.iovec, align 8 %8 = bitcast %struct.msghdr* %6 to i8* %9 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %6, i64 0, i32 6 store i32 %4, i32* %9, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 md_ioctl 1 md_compat_ioctl ------------- Path:  Function:md_compat_ioctl switch i32 %2, label %5 [ i32 2338, label %7 i32 2344, label %7 i32 2345, label %7 i32 1074006315, label %7 ] %8 = phi i64 [ %6, %5 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ] %9 = tail call i32 @md_ioctl(%struct.block_device.687185* %0, i32 %1, i32 %2, i64 %8) #83 Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1042 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 17 %29 = load %struct.gendisk.687208*, %struct.gendisk.687208** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %375 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %328 i32 2344, label %328 i32 2338, label %345 ] %346 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 md_ioctl ------------- Path:  Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1042 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 17 %29 = load %struct.gendisk.687208*, %struct.gendisk.687208** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %375 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %328 i32 2344, label %328 i32 2338, label %345 ] %346 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 pps_cdev_pps_fetch 1 pps_cdev_ioctl 2 pps_cdev_compat_ioctl ------------- Path:  Function:pps_cdev_compat_ioctl %4 = alloca %struct.pps_fdata_compat, align 4 %5 = alloca %struct.pps_fdata, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.pps_device** %8 = load %struct.pps_device*, %struct.pps_device** %7, align 8 %9 = inttoptr i64 %2 to i8* %10 = and i32 %1, -1073676289 %11 = or i32 %10, 524288 %12 = icmp eq i32 %11, -1073188700 br i1 %12, label %13, label %52 %53 = tail call i64 @pps_cdev_ioctl(%struct.file* %0, i32 %11, i64 %2) #84 Function:pps_cdev_ioctl %4 = alloca %struct.pps_kparams, align 8 %5 = alloca %struct.pps_fdata, align 8 %6 = alloca %struct.kernel_symbol, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.pps_device** %9 = load %struct.pps_device*, %struct.pps_device** %8, align 8 %10 = bitcast %struct.pps_kparams* %4 to i8* %11 = inttoptr i64 %2 to i8* switch i32 %1, label %136 [ i32 -2146930527, label %12 i32 1074294946, label %19 i32 -2146930525, label %59 i32 -1073188700, label %69 i32 1074294949, label %103 ] %70 = bitcast %struct.pps_fdata* %5 to i8* %71 = call i64 @_copy_from_user(i8* nonnull %70, i8* %11, i64 64) #83 %72 = trunc i64 %71 to i32 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %79 %75 = call fastcc i32 @pps_cdev_pps_fetch(%struct.pps_device* %9, %struct.pps_fdata* nonnull %5) #84 Function:pps_cdev_pps_fetch %3 = alloca %struct.wait_queue_entry, align 8 %4 = alloca %struct.wait_queue_entry, align 8 %5 = getelementptr inbounds %struct.pps_device, %struct.pps_device* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.pps_fdata, %struct.pps_fdata* %1, i64 0, i32 1, i32 2 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 1 %10 = icmp eq i32 %9, 0 br i1 %10, label %32, label %11 %33 = getelementptr inbounds %struct.pps_fdata, %struct.pps_fdata* %1, i64 0, i32 1, i32 0 %34 = load i64, i64* %33, align 8 %35 = mul i64 %34, 1000 %36 = getelementptr inbounds %struct.pps_fdata, %struct.pps_fdata* %1, i64 0, i32 1, i32 1 %37 = load i32, i32* %36, align 8 %38 = sdiv i32 %37, 1000000 %39 = sext i32 %38 to i64 %40 = add i64 %35, %39 %41 = icmp eq i64 %40, 0 br i1 %41, label %79, label %42 %43 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 pps_cdev_pps_fetch 1 pps_cdev_ioctl ------------- Path:  Function:pps_cdev_ioctl %4 = alloca %struct.pps_kparams, align 8 %5 = alloca %struct.pps_fdata, align 8 %6 = alloca %struct.kernel_symbol, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.pps_device** %9 = load %struct.pps_device*, %struct.pps_device** %8, align 8 %10 = bitcast %struct.pps_kparams* %4 to i8* %11 = inttoptr i64 %2 to i8* switch i32 %1, label %136 [ i32 -2146930527, label %12 i32 1074294946, label %19 i32 -2146930525, label %59 i32 -1073188700, label %69 i32 1074294949, label %103 ] %70 = bitcast %struct.pps_fdata* %5 to i8* %71 = call i64 @_copy_from_user(i8* nonnull %70, i8* %11, i64 64) #83 %72 = trunc i64 %71 to i32 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %79 %75 = call fastcc i32 @pps_cdev_pps_fetch(%struct.pps_device* %9, %struct.pps_fdata* nonnull %5) #84 Function:pps_cdev_pps_fetch %3 = alloca %struct.wait_queue_entry, align 8 %4 = alloca %struct.wait_queue_entry, align 8 %5 = getelementptr inbounds %struct.pps_device, %struct.pps_device* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.pps_fdata, %struct.pps_fdata* %1, i64 0, i32 1, i32 2 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 1 %10 = icmp eq i32 %9, 0 br i1 %10, label %32, label %11 %33 = getelementptr inbounds %struct.pps_fdata, %struct.pps_fdata* %1, i64 0, i32 1, i32 0 %34 = load i64, i64* %33, align 8 %35 = mul i64 %34, 1000 %36 = getelementptr inbounds %struct.pps_fdata, %struct.pps_fdata* %1, i64 0, i32 1, i32 1 %37 = load i32, i32* %36, align 8 %38 = sdiv i32 %37, 1000000 %39 = sext i32 %38 to i64 %40 = add i64 %35, %39 %41 = icmp eq i64 %40, 0 br i1 %41, label %79, label %42 %43 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 pps_cdev_pps_fetch 1 pps_cdev_ioctl 2 pps_cdev_compat_ioctl ------------- Path:  Function:pps_cdev_compat_ioctl %4 = alloca %struct.pps_fdata_compat, align 4 %5 = alloca %struct.pps_fdata, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.pps_device** %8 = load %struct.pps_device*, %struct.pps_device** %7, align 8 %9 = inttoptr i64 %2 to i8* %10 = and i32 %1, -1073676289 %11 = or i32 %10, 524288 %12 = icmp eq i32 %11, -1073188700 br i1 %12, label %13, label %52 %53 = tail call i64 @pps_cdev_ioctl(%struct.file* %0, i32 %11, i64 %2) #84 Function:pps_cdev_ioctl %4 = alloca %struct.pps_kparams, align 8 %5 = alloca %struct.pps_fdata, align 8 %6 = alloca %struct.kernel_symbol, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.pps_device** %9 = load %struct.pps_device*, %struct.pps_device** %8, align 8 %10 = bitcast %struct.pps_kparams* %4 to i8* %11 = inttoptr i64 %2 to i8* switch i32 %1, label %136 [ i32 -2146930527, label %12 i32 1074294946, label %19 i32 -2146930525, label %59 i32 -1073188700, label %69 i32 1074294949, label %103 ] %70 = bitcast %struct.pps_fdata* %5 to i8* %71 = call i64 @_copy_from_user(i8* nonnull %70, i8* %11, i64 64) #83 %72 = trunc i64 %71 to i32 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %79 %75 = call fastcc i32 @pps_cdev_pps_fetch(%struct.pps_device* %9, %struct.pps_fdata* nonnull %5) #84 Function:pps_cdev_pps_fetch %3 = alloca %struct.wait_queue_entry, align 8 %4 = alloca %struct.wait_queue_entry, align 8 %5 = getelementptr inbounds %struct.pps_device, %struct.pps_device* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.pps_fdata, %struct.pps_fdata* %1, i64 0, i32 1, i32 2 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 1 %10 = icmp eq i32 %9, 0 br i1 %10, label %32, label %11 %12 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 pps_cdev_pps_fetch 1 pps_cdev_ioctl ------------- Path:  Function:pps_cdev_ioctl %4 = alloca %struct.pps_kparams, align 8 %5 = alloca %struct.pps_fdata, align 8 %6 = alloca %struct.kernel_symbol, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.pps_device** %9 = load %struct.pps_device*, %struct.pps_device** %8, align 8 %10 = bitcast %struct.pps_kparams* %4 to i8* %11 = inttoptr i64 %2 to i8* switch i32 %1, label %136 [ i32 -2146930527, label %12 i32 1074294946, label %19 i32 -2146930525, label %59 i32 -1073188700, label %69 i32 1074294949, label %103 ] %70 = bitcast %struct.pps_fdata* %5 to i8* %71 = call i64 @_copy_from_user(i8* nonnull %70, i8* %11, i64 64) #83 %72 = trunc i64 %71 to i32 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %79 %75 = call fastcc i32 @pps_cdev_pps_fetch(%struct.pps_device* %9, %struct.pps_fdata* nonnull %5) #84 Function:pps_cdev_pps_fetch %3 = alloca %struct.wait_queue_entry, align 8 %4 = alloca %struct.wait_queue_entry, align 8 %5 = getelementptr inbounds %struct.pps_device, %struct.pps_device* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.pps_fdata, %struct.pps_fdata* %1, i64 0, i32 1, i32 2 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 1 %10 = icmp eq i32 %9, 0 br i1 %10, label %32, label %11 %12 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 evdev_read ------------- Path:  Function:evdev_read %5 = alloca %struct.input_event, align 8 %6 = alloca %struct.wait_queue_entry, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.evdev_client** %9 = load %struct.evdev_client*, %struct.evdev_client** %8, align 8 %10 = getelementptr inbounds %struct.evdev_client, %struct.evdev_client* %9, i64 0, i32 6 %11 = load %struct.evdev*, %struct.evdev** %10, align 8 %12 = bitcast %struct.input_event* %5 to i8* %13 = icmp eq i64 %2, 0 br i1 %13, label %23, label %14 %24 = getelementptr inbounds %struct.evdev, %struct.evdev* %11, i64 0, i32 8 %25 = load i8, i8* %24, align 8, !range !5 %26 = icmp eq i8 %25, 0 br i1 %26, label %135, label %27 %28 = getelementptr inbounds %struct.evdev_client, %struct.evdev_client* %9, i64 0, i32 9 %29 = getelementptr inbounds %struct.evdev_client, %struct.evdev_client* %9, i64 0, i32 2 %30 = getelementptr inbounds %struct.evdev_client, %struct.evdev_client* %9, i64 0, i32 1 %31 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %32 = getelementptr inbounds %struct.evdev_client, %struct.evdev_client* %9, i64 0, i32 3, i32 0, i32 0 %33 = getelementptr inbounds %struct.evdev_client, %struct.evdev_client* %9, i64 0, i32 11 %34 = bitcast %struct.wait_queue_entry* %6 to i8* %35 = getelementptr inbounds %struct.evdev_client, %struct.evdev_client* %9, i64 0, i32 4 br label %36 %37 = load i8, i8* %28, align 4, !range !5 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %135 %40 = load i32, i32* %29, align 8 %41 = load i32, i32* %30, align 4 %42 = icmp eq i32 %40, %41 br i1 %42, label %43, label %48 br i1 %13, label %135, label %49 %50 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct* %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %51, i64 0, i32 0, i32 2 %53 = load i32, i32* %52, align 8 %54 = and i32 %53, 2 %55 = icmp eq i32 %54, 0 %56 = select i1 %55, i64 24, i64 16 %57 = icmp ugt i64 %56, %2 br i1 %57, label %87, label %58 %88 = load i32, i32* %31, align 8 %89 = and i32 %88, 2048 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %128 %92 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 scsi_block_when_processing_errors 1 sg_write ------------- Path:  Function:sg_write %5 = alloca %struct.sg_header, align 4 %6 = alloca [252 x i8], align 16 %7 = bitcast %struct.sg_header* %5 to i8* %8 = getelementptr inbounds [252 x i8], [252 x i8]* %6, i64 0, i64 0 %9 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 12 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.289864** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.289864**)) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct.289864* %13 = getelementptr inbounds %struct.task_struct.289864, %struct.task_struct.289864* %12, i64 0, i32 93 %14 = load %struct.cred*, %struct.cred** %13, align 32 %15 = icmp eq %struct.cred* %10, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 16 %24 = bitcast i8** %23 to %struct.sg_fd** %25 = load %struct.sg_fd*, %struct.sg_fd** %24, align 8 %26 = icmp eq %struct.sg_fd* %25, null br i1 %26, label %194, label %27 %28 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %25, i64 0, i32 1 %29 = load %struct.sg_device*, %struct.sg_device** %28, align 8 %30 = icmp eq %struct.sg_device* %29, null br i1 %30, label %194, label %31 %32 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %29, i64 0, i32 7, i32 0 %33 = load volatile i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %194 %36 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %45 %41 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %29, i64 0, i32 0 %42 = load %struct.scsi_device.615267*, %struct.scsi_device.615267** %41, align 8 %43 = tail call i32 bitcast (i32 (%struct.scsi_device.608549*)* @scsi_block_when_processing_errors to i32 (%struct.scsi_device.615267*)*)(%struct.scsi_device.615267* %42) #83 Function:scsi_block_when_processing_errors %2 = alloca %struct.wait_queue_entry, align 8 %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 scsi_block_when_processing_errors 1 sd_release ------------- Path:  Function:sd_release %3 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %0, i64 0, i32 10 %4 = bitcast i8** %3 to %struct.scsi_disk** %5 = load %struct.scsi_disk*, %struct.scsi_disk** %4, align 8 %6 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %5, i64 0, i32 1 %7 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %6, align 8 %8 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %5, i64 0, i32 5, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %11, label %22 %12 = getelementptr inbounds %struct.scsi_device.613577, %struct.scsi_device.613577* %7, i64 0, i32 41 %13 = bitcast i48* %12 to i64* %14 = load i64, i64* %13, align 4 %15 = and i64 %14, 1 %16 = icmp eq i64 %15, 0 br i1 %16, label %22, label %17 %18 = tail call i32 bitcast (i32 (%struct.scsi_device.608549*)* @scsi_block_when_processing_errors to i32 (%struct.scsi_device.613577*)*)(%struct.scsi_device.613577* %7) #83 Function:scsi_block_when_processing_errors %2 = alloca %struct.wait_queue_entry, align 8 %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 scsi_block_when_processing_errors 1 sg_ioctl ------------- Path:  Function:sg_ioctl %4 = alloca %struct.sg_request*, align 8 %5 = alloca %struct.wait_queue_entry, align 8 %6 = alloca %struct.sg_scsi_id, align 4 %7 = inttoptr i64 %2 to i8* %8 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.sg_fd** %10 = load %struct.sg_fd*, %struct.sg_fd** %9, align 8 %11 = icmp eq %struct.sg_fd* %10, null br i1 %11, label %781, label %12 %13 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %10, i64 0, i32 1 %14 = load %struct.sg_device*, %struct.sg_device** %13, align 8 %15 = icmp eq %struct.sg_device* %14, null br i1 %15, label %781, label %16 %17 = inttoptr i64 %2 to i32* %18 = bitcast %struct.sg_request** %4 to i8* %19 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 3 %22 = icmp ne i32 %21, 2 %23 = zext i1 %22 to i32 switch i32 %1, label %758 [ i32 8837, label %24 i32 8705, label %97 i32 8706, label %121 i32 8825, label %768 i32 8826, label %125 i32 8822, label %133 i32 8827, label %172 i32 8828, label %188 i32 8829, label %232 i32 8831, label %271 i32 8821, label %281 i32 8818, label %414 i32 8817, label %435 i32 8816, label %451 i32 8839, label %462 i32 8840, label %477 i32 8835, label %488 i32 8834, label %507 i32 8841, label %515 i32 8838, label %527 i32 8707, label %656 i32 1, label %679 i32 8830, label %690 i32 4711, label %705 i32 -1069018509, label %722 i32 4724, label %733 i32 4725, label %740 i32 4726, label %747 i32 21378, label %754 i32 21382, label %754 i32 21381, label %754 i32 8709, label %754 i32 8836, label %754 ] %25 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 7, i32 0 %26 = load volatile i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %768 %29 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 0 %30 = load %struct.scsi_device.615267*, %struct.scsi_device.615267** %29, align 8 %31 = tail call i32 bitcast (i32 (%struct.scsi_device.608549*)* @scsi_block_when_processing_errors to i32 (%struct.scsi_device.615267*)*)(%struct.scsi_device.615267* %30) #83 Function:scsi_block_when_processing_errors %2 = alloca %struct.wait_queue_entry, align 8 %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 scsi_block_when_processing_errors 1 scsi_ioctl_block_when_processing_errors 2 sd_ioctl ------------- Path:  Function:sd_ioctl %5 = getelementptr inbounds %struct.block_device.613266, %struct.block_device.613266* %0, i64 0, i32 17 %6 = load %struct.gendisk.613289*, %struct.gendisk.613289** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.scsi_disk** %9 = load %struct.scsi_disk*, %struct.scsi_disk** %8, align 8 %10 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 1 %11 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %10, align 8 %12 = inttoptr i64 %3 to i8* %13 = getelementptr inbounds %struct.block_device.613266, %struct.block_device.613266* %0, i64 0, i32 15 %14 = load i8, i8* %13, align 8 %15 = icmp eq i8 %14, 0 br i1 %15, label %18, label %16 %19 = and i32 %1, 64 %20 = icmp ne i32 %19, 0 %21 = tail call i32 bitcast (i32 (%struct.scsi_device.607757*, i32, i1)* @scsi_ioctl_block_when_processing_errors to i32 (%struct.scsi_device.613577*, i32, i1)*)(%struct.scsi_device.613577* %11, i32 %2, i1 zeroext %20) #83 Function:scsi_ioctl_block_when_processing_errors %4 = icmp ne i32 %1, 8836 %5 = xor i1 %2, true %6 = or i1 %4, %5 br i1 %6, label %19, label %7 %20 = tail call i32 bitcast (i32 (%struct.scsi_device.608549*)* @scsi_block_when_processing_errors to i32 (%struct.scsi_device.607757*)*)(%struct.scsi_device.607757* %0) #83 Function:scsi_block_when_processing_errors %2 = alloca %struct.wait_queue_entry, align 8 %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 pci_config_pm_runtime_get 2 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.313800* %9 = trunc i64 %5 to i32 %10 = tail call i32 @security_locked_down(i32 6) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 232, i32 0, i32 0, i32 0 %16 = load i32, i32* %15, align 8 %17 = sext i32 %16 to i64 %18 = icmp slt i64 %17, %4 br i1 %18, label %122, label %19 %20 = add i64 %5, %4 %21 = icmp ugt i64 %20, %17 %22 = trunc i64 %4 to i32 %23 = sub i32 %16, %22 %24 = zext i32 %23 to i64 %25 = select i1 %21, i32 %23, i32 %9 %26 = select i1 %21, i64 %24, i64 %5 tail call void @pci_config_pm_runtime_get(%struct.pci_dev.313800* %8) #83 Function:pci_config_pm_runtime_get %2 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 46 %3 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 46, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = icmp eq %struct.device* %4, null br i1 %5, label %8, label %6 %7 = tail call i32 @__pm_runtime_resume(%struct.device* nonnull %4, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 pci_config_pm_runtime_get 2 proc_bus_pci_write ------------- Path:  Function:proc_bus_pci_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = tail call i8* @PDE_DATA(%struct.inode* %6) #83 %8 = bitcast i8* %7 to %struct.pci_dev.322187* %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds i8, i8* %7, i64 928 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 8 %14 = tail call i32 @security_locked_down(i32 6) #83 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = icmp sgt i32 %13, %10 br i1 %19, label %20, label %124 %21 = sext i32 %13 to i64 %22 = icmp ugt i64 %21, %2 %23 = select i1 %22, i64 %2, i64 %21 %24 = shl i64 %9, 32 %25 = ashr exact i64 %24, 32 %26 = add i64 %23, %25 %27 = icmp ugt i64 %26, %21 %28 = sub i32 %13, %10 %29 = sext i32 %28 to i64 %30 = select i1 %27, i64 %29, i64 %23 %31 = trunc i64 %30 to i32 %32 = shl i64 %30, 32 %33 = ashr exact i64 %32, 32 %34 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %35 = ptrtoint i8* %1 to i64 %36 = add i64 %33, %35 %37 = icmp ult i64 %36, %33 %38 = icmp ugt i64 %36, %34 %39 = or i1 %37, %38 br i1 %39, label %124, label %40, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_config_pm_runtime_get to void (%struct.pci_dev.322187*)*)(%struct.pci_dev.322187* %8) #83 Function:pci_config_pm_runtime_get %2 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 46 %3 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %0, i64 0, i32 46, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = icmp eq %struct.device* %4, null br i1 %5, label %8, label %6 %7 = tail call i32 @__pm_runtime_resume(%struct.device* nonnull %4, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 reset_store ------------- Path:  Function:reset_store %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #83 %8 = icmp sgt i32 %7, -1 %9 = load i64, i64* %5, align 8 %10 = icmp eq i64 %9, 1 %11 = and i1 %8, %10 br i1 %11, label %12, label %21 %13 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %14 = bitcast %struct.irq_domain** %13 to %struct.pci_dev.313800* %15 = call i32 @__pm_runtime_resume(%struct.device* %0, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 d3cold_allowed_store ------------- Path:  Function:d3cold_allowed_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %7 = bitcast %struct.irq_domain** %6 to %struct.pci_dev.313800* %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #83 %10 = icmp slt i32 %9, 0 br i1 %10, label %24, label %11 %12 = load i64, i64* %5, align 8 %13 = icmp eq i64 %12, 0 %14 = getelementptr inbounds %struct.pci_dev.313800, %struct.pci_dev.313800* %7, i64 0, i32 33 %15 = bitcast i24* %14 to i32* %16 = load i32, i32* %15, align 2 %17 = select i1 %13, i32 0, i32 2048 %18 = and i32 %16, -2049 %19 = or i32 %18, %17 store i32 %19, i32* %15, align 2 br i1 %13, label %21, label %20 call void @pci_d3cold_disable(%struct.pci_dev.313800* %7) #83 br label %22 %23 = call i32 @__pm_runtime_resume(%struct.device* %0, i32 0) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 intel_runtime_pm_get 2 intel_huc_check_status 3 i915_getparam_ioctl ------------- Path:  Function:i915_getparam_ioctl %4 = alloca i32, align 4 %5 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.408067* %6 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 0, i32 2 %7 = bitcast %struct.device** %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 66 %10 = bitcast %struct.drm_property.373206** %9 to %struct.intel_gt.408001* %11 = getelementptr inbounds %struct.drm_i915_private.408067, %struct.drm_i915_private.408067* %5, i64 0, i32 108, i32 34, i32 5 %12 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %13 = bitcast i8* %1 to i32* %14 = load i32, i32* %13, align 8 switch i32 %14, label %152 [ i32 1, label %166 i32 2, label %166 i32 3, label %166 i32 14, label %166 i32 4, label %15 i32 32, label %20 i32 6, label %24 i32 7, label %27 i32 10, label %33 i32 11, label %37 i32 22, label %41 i32 31, label %45 i32 17, label %49 i32 27, label %56 i32 18, label %59 i32 20, label %63 i32 23, label %68 i32 28, label %78 i32 33, label %80 i32 34, label %83 i32 35, label %88 i32 36, label %99 i32 38, label %100 i32 39, label %107 i32 42, label %111 i32 40, label %116 i32 41, label %118 i32 30, label %121 i32 5, label %121 i32 8, label %121 i32 9, label %121 i32 12, label %121 i32 13, label %121 i32 15, label %121 i32 16, label %121 i32 19, label %121 i32 21, label %121 i32 24, label %121 i32 25, label %121 i32 26, label %121 i32 29, label %121 i32 37, label %121 i32 43, label %121 i32 44, label %121 i32 45, label %121 i32 48, label %121 i32 49, label %121 i32 53, label %121 i32 55, label %121 i32 56, label %121 i32 50, label %122 i32 46, label %124 i32 47, label %129 i32 51, label %139 i32 52, label %143 i32 54, label %150 ] %112 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 18, i32 30, i32 63 %113 = bitcast %struct.drm_property.373206** %112 to %struct.intel_huc.407980* %114 = tail call i32 bitcast (i32 (%struct.intel_huc.432594*)* @intel_huc_check_status to i32 (%struct.intel_huc.407980*)*)(%struct.intel_huc.407980* %113) #83 Function:intel_huc_check_status %2 = getelementptr inbounds %struct.intel_huc.432594, %struct.intel_huc.432594* %0, i64 0, i32 0, i32 1, i32 0 %3 = load i32, i32* %2, align 4 %4 = add i32 %3, 1 %5 = icmp ult i32 %4, 6 br i1 %5, label %34, label %6 %35 = trunc i32 %4 to i8 %36 = lshr i8 53, %35 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %6, label %39 %7 = getelementptr %struct.intel_huc.432594, %struct.intel_huc.432594* %0, i64 -3, i32 1 %8 = getelementptr inbounds %struct.i915_vma.432346*, %struct.i915_vma.432346** %7, i64 1 %9 = bitcast %struct.i915_vma.432346** %8 to %struct.intel_uncore.432250** %10 = load %struct.intel_uncore.432250*, %struct.intel_uncore.432250** %9, align 8 %11 = getelementptr inbounds %struct.intel_uncore.432250, %struct.intel_uncore.432250* %10, i64 0, i32 2 %12 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %11, align 8 %13 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %12) #83 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device*, %struct.device** %2, align 8 %4 = tail call i32 @__pm_runtime_resume(%struct.device* %3, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 intel_runtime_pm_get 2 intel_guc_slpc_set_min_freq 3 intel_rps_set_min_frequency 4 gt_min_freq_mhz_store ------------- Path:  Function:gt_min_freq_mhz_store %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds i8, i8* %7, i64 16 %9 = bitcast i8* %8 to %struct.drm_i915_private.412466** %10 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %9, align 8 %11 = bitcast i32* %5 to i8* %12 = call i32 @kstrtouint(i8* %2, i32 0, i32* nonnull %5) #83 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = getelementptr inbounds %struct.drm_i915_private.412466, %struct.drm_i915_private.412466* %10, i64 0, i32 108, i32 19 %18 = load i32, i32* %5, align 4 %19 = call i32 @intel_rps_set_min_frequency(%struct.intel_rps* %17, i32 %18) #83 Function:intel_rps_set_min_frequency %3 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -13, i32 26, i32 1 %4 = getelementptr inbounds i64, i64* %3, i64 143 %5 = bitcast i64* %4 to %struct.intel_guc_slpc.436060* %6 = getelementptr inbounds i64, i64* %3, i64 3 %7 = bitcast i64* %6 to %struct.intel_uc.436096* %8 = getelementptr inbounds %struct.intel_uc.436096, %struct.intel_uc.436096* %7, i64 0, i32 1, i32 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 %10 = icmp sgt i32 %9, 4 br i1 %10, label %11, label %21 %12 = getelementptr inbounds %struct.intel_uc.436096, %struct.intel_uc.436096* %7, i64 0, i32 1, i32 13 %13 = load i8, i8* %12, align 1, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %16 = getelementptr inbounds %struct.intel_uc.436096, %struct.intel_uc.436096* %7, i64 0, i32 1, i32 3, i32 3 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp eq i8 %17, 0 br i1 %18, label %21, label %19 %20 = tail call i32 @intel_guc_slpc_set_min_freq(%struct.intel_guc_slpc.436060* %5, i32 %1) #83 Function:intel_guc_slpc_set_min_freq %3 = alloca [4 x i32], align 16 %4 = getelementptr %struct.intel_guc_slpc.436060, %struct.intel_guc_slpc.436060* %0, i64 -28, i32 1 %5 = getelementptr %struct.slpc_shared_data*, %struct.slpc_shared_data** %4, i64 -4 %6 = bitcast %struct.slpc_shared_data** %5 to %struct.drm_i915_private.436298** %7 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %6, align 8 %8 = getelementptr inbounds %struct.intel_guc_slpc.436060, %struct.intel_guc_slpc.436060* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = icmp ugt i32 %9, %1 br i1 %10, label %44, label %11 %12 = getelementptr inbounds %struct.intel_guc_slpc.436060, %struct.intel_guc_slpc.436060* %0, i64 0, i32 5 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, %1 br i1 %14, label %44, label %15 %16 = getelementptr inbounds %struct.intel_guc_slpc.436060, %struct.intel_guc_slpc.436060* %0, i64 0, i32 8 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, %1 br i1 %18, label %44, label %19 %20 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %7, i64 0, i32 106 %21 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %20) #83 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device*, %struct.device** %2, align 8 %4 = tail call i32 @__pm_runtime_resume(%struct.device* %3, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 intel_runtime_pm_get 2 intel_guc_slpc_set_max_freq 3 intel_rps_set_max_frequency 4 gt_max_freq_mhz_store ------------- Path:  Function:gt_max_freq_mhz_store %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds i8, i8* %7, i64 16 %9 = bitcast i8* %8 to %struct.drm_i915_private.412466** %10 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %9, align 8 %11 = bitcast i32* %5 to i8* %12 = call i32 @kstrtouint(i8* %2, i32 0, i32* nonnull %5) #83 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = getelementptr inbounds %struct.drm_i915_private.412466, %struct.drm_i915_private.412466* %10, i64 0, i32 108, i32 19 %18 = load i32, i32* %5, align 4 %19 = call i32 @intel_rps_set_max_frequency(%struct.intel_rps* %17, i32 %18) #83 Function:intel_rps_set_max_frequency %3 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -13, i32 26, i32 1 %4 = getelementptr inbounds i64, i64* %3, i64 143 %5 = bitcast i64* %4 to %struct.intel_guc_slpc.436060* %6 = getelementptr inbounds i64, i64* %3, i64 3 %7 = bitcast i64* %6 to %struct.intel_uc.436096* %8 = getelementptr inbounds %struct.intel_uc.436096, %struct.intel_uc.436096* %7, i64 0, i32 1, i32 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 %10 = icmp sgt i32 %9, 4 br i1 %10, label %11, label %21 %12 = getelementptr inbounds %struct.intel_uc.436096, %struct.intel_uc.436096* %7, i64 0, i32 1, i32 13 %13 = load i8, i8* %12, align 1, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %16 = getelementptr inbounds %struct.intel_uc.436096, %struct.intel_uc.436096* %7, i64 0, i32 1, i32 3, i32 3 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp eq i8 %17, 0 br i1 %18, label %21, label %19 %20 = tail call i32 @intel_guc_slpc_set_max_freq(%struct.intel_guc_slpc.436060* %5, i32 %1) #83 Function:intel_guc_slpc_set_max_freq %3 = alloca [4 x i32], align 16 %4 = getelementptr %struct.intel_guc_slpc.436060, %struct.intel_guc_slpc.436060* %0, i64 -28, i32 1 %5 = getelementptr %struct.slpc_shared_data*, %struct.slpc_shared_data** %4, i64 -4 %6 = bitcast %struct.slpc_shared_data** %5 to %struct.drm_i915_private.436298** %7 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %6, align 8 %8 = getelementptr inbounds %struct.intel_guc_slpc.436060, %struct.intel_guc_slpc.436060* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = icmp ugt i32 %9, %1 br i1 %10, label %44, label %11 %12 = getelementptr inbounds %struct.intel_guc_slpc.436060, %struct.intel_guc_slpc.436060* %0, i64 0, i32 5 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, %1 br i1 %14, label %44, label %15 %16 = getelementptr inbounds %struct.intel_guc_slpc.436060, %struct.intel_guc_slpc.436060* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = icmp ugt i32 %17, %1 br i1 %18, label %44, label %19 %20 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %7, i64 0, i32 106 %21 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %20) #83 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device*, %struct.device** %2, align 8 %4 = tail call i32 @__pm_runtime_resume(%struct.device* %3, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 intel_runtime_pm_get 2 intel_guc_global_policies_update 3 i915_param_uint_write ------------- Path:  Function:i915_param_uint_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = load i8*, i8** %9, align 8 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 %13 = tail call i32 @kstrtouint_from_user(i8* %1, i64 %2, i32 0, i32* %11) #83 %14 = icmp eq i32 %13, 0 br i1 %14, label %22, label %15 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %24 = load %struct.dentry*, %struct.dentry** %23, align 8 %25 = getelementptr inbounds %struct.dentry, %struct.dentry* %24, i64 0, i32 4, i32 1 %26 = load i8*, i8** %25, align 8 %27 = call i32 @strcmp(i8* %26, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.24.40812, i64 0, i64 0)) #84 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %47 %30 = getelementptr i8, i8* %10, i64 25708 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp sgt i32 %32, 4 br i1 %33, label %34, label %47 %35 = getelementptr i8, i8* %10, i64 27009 %36 = load i8, i8* %35, align 1, !range !4 %37 = icmp eq i8 %36, 0 br i1 %37, label %47, label %38 %39 = getelementptr i8, i8* %10, i64 25704 %40 = bitcast i8* %39 to %struct.intel_guc.426421* %41 = call i32 @intel_guc_global_policies_update(%struct.intel_guc.426421* %40) #83 Function:intel_guc_global_policies_update %2 = alloca i64, align 8 %3 = alloca [2 x i32], align 4 %4 = getelementptr inbounds %struct.intel_guc.426421, %struct.intel_guc.426421* %0, i64 0, i32 17 %5 = load %struct.__guc_ads_blob*, %struct.__guc_ads_blob** %4, align 8 %6 = icmp eq %struct.__guc_ads_blob* %5, null br i1 %6, label %68, label %7 %8 = getelementptr %struct.intel_guc.426421, %struct.intel_guc.426421* %0, i64 -1, i32 27 %9 = bitcast %struct.mutex* %8 to %struct.drm_i915_private.426623** %10 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %9, align 8 %11 = getelementptr inbounds %struct.__guc_ads_blob, %struct.__guc_ads_blob* %5, i64 0, i32 1, i32 1 store i32 500000, i32* %11, align 1 %12 = getelementptr inbounds %struct.__guc_ads_blob, %struct.__guc_ads_blob* %5, i64 0, i32 1, i32 3 store i32 15, i32* %12, align 1 %13 = getelementptr inbounds %struct.__guc_ads_blob, %struct.__guc_ads_blob* %5, i64 0, i32 1, i32 4 store i32 0, i32* %13, align 1 %14 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %10, i64 0, i32 2, i32 20 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, 2 %17 = zext i1 %16 to i32 store i32 %17, i32* %13, align 1 %18 = getelementptr inbounds %struct.__guc_ads_blob, %struct.__guc_ads_blob* %5, i64 0, i32 1, i32 2 store i32 1, i32* %18, align 1 %19 = getelementptr inbounds %struct.intel_guc.426421, %struct.intel_guc.426421* %0, i64 0, i32 0, i32 1, i32 0 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 9 br i1 %21, label %22, label %68 %23 = getelementptr inbounds %struct.intel_guc.426421, %struct.intel_guc.426421* %0, i64 0, i32 2, i32 1 %24 = load i8, i8* %23, align 8, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %68, label %26 %27 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %9, align 8 %28 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %27, i64 0, i32 106 %29 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %28) #83 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device*, %struct.device** %2, align 8 %4 = tail call i32 @__pm_runtime_resume(%struct.device* %3, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 intel_runtime_pm_get 2 i915_gem_object_release_mmap_gtt 3 __i915_gem_object_pages_fini 4 i915_gem_flush_free_objects 5 __i915_gem_object_create_user_ext 6 i915_gem_create_ext_ioctl ------------- Path:  Function:i915_gem_create_ext_ioctl %4 = alloca %struct.create_ext.473307, align 8 %5 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.473291* %6 = bitcast %struct.create_ext.473307* %4 to i8* %7 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 1 %8 = bitcast [4 x %struct.intel_memory_region.473294*]* %7 to i8* %9 = bitcast %struct.create_ext.473307* %4 to %struct.drm_device.373290** store %struct.drm_device.373290* %0, %struct.drm_device.373290** %9, align 8 %10 = getelementptr inbounds i8, i8* %1, i64 12 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %61 %15 = getelementptr inbounds i8, i8* %1, i64 16 %16 = bitcast i8* %15 to %struct.i915_user_extension** %17 = load %struct.i915_user_extension*, %struct.i915_user_extension** %16, align 8 %18 = call i32 @i915_user_extensions(%struct.i915_user_extension* %17, i32 (%struct.i915_user_extension*, i8*)** getelementptr inbounds ([2 x i32 (%struct.i915_user_extension*, i8*)*], [2 x i32 (%struct.i915_user_extension*, i8*)*]* @create_extensions.42261, i64 0, i64 0), i32 2, i8* nonnull %6) #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %61 %21 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %27 %28 = phi i32 [ %22, %20 ], [ 1, %24 ] %29 = bitcast i8* %1 to i64* %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 1, i64 0 %32 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 3 %33 = load i64, i64* %32, align 8 %34 = trunc i64 %33 to i32 %35 = call fastcc %struct.drm_i915_gem_object.473306* @__i915_gem_object_create_user_ext(%struct.drm_i915_private.473291* %5, i64 %30, %struct.intel_memory_region.473294** %31, i32 %28, i32 %34) #84 Function:__i915_gem_object_create_user_ext %6 = bitcast %struct.intel_memory_region.473294** %2 to i8* %7 = load %struct.intel_memory_region.473294*, %struct.intel_memory_region.473294** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.436298*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.473291*)*)(%struct.drm_i915_private.473291* %0) #83 Function:i915_gem_flush_free_objects %2 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %0, i64 0, i32 68, i32 6, i32 0 %3 = tail call %struct.llist_node* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.llist_node** %2, %struct.llist_node* null, %struct.llist_node** %2) #6, !srcloc !4 %4 = icmp eq %struct.llist_node* %3, null br i1 %4, label %29, label %5, !prof !5, !misexpect !6 %6 = getelementptr %struct.llist_node, %struct.llist_node* %3, i64 -66 %7 = icmp eq %struct.llist_node* %6, inttoptr (i64 -528 to %struct.llist_node*) br i1 %7, label %29, label %8 %9 = bitcast %struct.llist_node* %6 to %struct.drm_i915_gem_object.436033* br label %10 %11 = phi %struct.drm_i915_gem_object.436033* [ %16, %27 ], [ %9, %8 ] %12 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 7 %13 = bitcast %union.anon.26* %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 -528 %16 = bitcast i8* %15 to %struct.drm_i915_gem_object.436033* %17 = tail call i32 @__SCT__might_resched() #83 %18 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 1 %19 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %18, align 8 %20 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %19, i64 0, i32 10 %21 = load void (%struct.drm_i915_gem_object.436033*)*, void (%struct.drm_i915_gem_object.436033*)** %20, align 8 %22 = icmp eq void (%struct.drm_i915_gem_object.436033*)* %21, null br i1 %22, label %24, label %23 tail call void @__i915_gem_object_pages_fini(%struct.drm_i915_gem_object.436033* %11) #83 Function:__i915_gem_object_pages_fini %2 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 2, i32 1 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %4 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %5 = icmp eq %struct.list_head* %4, %2 br i1 %5, label %34, label %6 %7 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 2, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #83 %8 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %9 = icmp eq %struct.list_head* %8, %2 %10 = getelementptr %struct.list_head, %struct.list_head* %8, i64 -36, i32 1 %11 = icmp eq %struct.list_head** %10, null %12 = or i1 %9, %11 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %7) #83 br i1 %12, label %34, label %13 %14 = phi %struct.list_head* [ %29, %28 ], [ %8, %6 ] %15 = getelementptr %struct.list_head, %struct.list_head* %14, i64 -36, i32 1 %16 = getelementptr inbounds %struct.list_head*, %struct.list_head** %15, i64 35 %17 = bitcast %struct.list_head** %16 to %struct.seqcount_spinlock* %18 = bitcast %struct.list_head** %16 to i32* %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 -1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 1 br i1 %20, label %26, label %21 %22 = add i32 %19, -1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %25, !prof !5, !misexpect !6 tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #83 %29 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %30 = icmp eq %struct.list_head* %29, %2 %31 = getelementptr %struct.list_head, %struct.list_head* %29, i64 -36, i32 1 %32 = icmp eq %struct.list_head** %31, null %33 = or i1 %30, %32 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %7) #83 br i1 %33, label %34, label %13 %35 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 8 %36 = load i32, i32* %35, align 8 %37 = icmp eq i32 %36, 0 br i1 %37, label %39, label %38 tail call void @i915_gem_object_release_mmap_gtt(%struct.drm_i915_gem_object.436033* %0) #83 Function:i915_gem_object_release_mmap_gtt %2 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 0, i32 0, i32 0, i32 2 %3 = bitcast %struct.drm_device.373290** %2 to %struct.drm_i915_private.436298** %4 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %3, align 8 %5 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %4, i64 0, i32 106 %6 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %5) #83 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device*, %struct.device** %2, align 8 %4 = tail call i32 @__pm_runtime_resume(%struct.device* %3, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 intel_runtime_pm_get 2 i915_gem_object_release_mmap_gtt 3 __i915_gem_object_pages_fini 4 i915_gem_flush_free_objects 5 __i915_gem_object_create_user_ext 6 i915_gem_create_ioctl ------------- Path:  Function:i915_gem_create_ioctl %4 = alloca %struct.intel_memory_region.473294*, align 8 %5 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.473291* %6 = bitcast %struct.intel_memory_region.473294** %4 to i8* %7 = tail call %struct.intel_memory_region.473294* bitcast (%struct.intel_memory_region.415924* (%struct.drm_i915_private.415921*, i32)* @intel_memory_region_by_type to %struct.intel_memory_region.473294* (%struct.drm_i915_private.473291*, i32)*)(%struct.drm_i915_private.473291* %5, i32 0) #83 store %struct.intel_memory_region.473294* %7, %struct.intel_memory_region.473294** %4, align 8 %8 = bitcast i8* %1 to i64* %9 = load i64, i64* %8, align 8 %10 = call fastcc %struct.drm_i915_gem_object.473306* @__i915_gem_object_create_user_ext(%struct.drm_i915_private.473291* %5, i64 %9, %struct.intel_memory_region.473294** nonnull %4, i32 1, i32 0) #83 Function:__i915_gem_object_create_user_ext %6 = bitcast %struct.intel_memory_region.473294** %2 to i8* %7 = load %struct.intel_memory_region.473294*, %struct.intel_memory_region.473294** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.436298*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.473291*)*)(%struct.drm_i915_private.473291* %0) #83 Function:i915_gem_flush_free_objects %2 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %0, i64 0, i32 68, i32 6, i32 0 %3 = tail call %struct.llist_node* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.llist_node** %2, %struct.llist_node* null, %struct.llist_node** %2) #6, !srcloc !4 %4 = icmp eq %struct.llist_node* %3, null br i1 %4, label %29, label %5, !prof !5, !misexpect !6 %6 = getelementptr %struct.llist_node, %struct.llist_node* %3, i64 -66 %7 = icmp eq %struct.llist_node* %6, inttoptr (i64 -528 to %struct.llist_node*) br i1 %7, label %29, label %8 %9 = bitcast %struct.llist_node* %6 to %struct.drm_i915_gem_object.436033* br label %10 %11 = phi %struct.drm_i915_gem_object.436033* [ %16, %27 ], [ %9, %8 ] %12 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 7 %13 = bitcast %union.anon.26* %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 -528 %16 = bitcast i8* %15 to %struct.drm_i915_gem_object.436033* %17 = tail call i32 @__SCT__might_resched() #83 %18 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 1 %19 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %18, align 8 %20 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %19, i64 0, i32 10 %21 = load void (%struct.drm_i915_gem_object.436033*)*, void (%struct.drm_i915_gem_object.436033*)** %20, align 8 %22 = icmp eq void (%struct.drm_i915_gem_object.436033*)* %21, null br i1 %22, label %24, label %23 tail call void @__i915_gem_object_pages_fini(%struct.drm_i915_gem_object.436033* %11) #83 Function:__i915_gem_object_pages_fini %2 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 2, i32 1 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %4 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %5 = icmp eq %struct.list_head* %4, %2 br i1 %5, label %34, label %6 %7 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 2, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #83 %8 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %9 = icmp eq %struct.list_head* %8, %2 %10 = getelementptr %struct.list_head, %struct.list_head* %8, i64 -36, i32 1 %11 = icmp eq %struct.list_head** %10, null %12 = or i1 %9, %11 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %7) #83 br i1 %12, label %34, label %13 %14 = phi %struct.list_head* [ %29, %28 ], [ %8, %6 ] %15 = getelementptr %struct.list_head, %struct.list_head* %14, i64 -36, i32 1 %16 = getelementptr inbounds %struct.list_head*, %struct.list_head** %15, i64 35 %17 = bitcast %struct.list_head** %16 to %struct.seqcount_spinlock* %18 = bitcast %struct.list_head** %16 to i32* %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 -1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 1 br i1 %20, label %26, label %21 %22 = add i32 %19, -1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %25, !prof !5, !misexpect !6 tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #83 %29 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %30 = icmp eq %struct.list_head* %29, %2 %31 = getelementptr %struct.list_head, %struct.list_head* %29, i64 -36, i32 1 %32 = icmp eq %struct.list_head** %31, null %33 = or i1 %30, %32 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %7) #83 br i1 %33, label %34, label %13 %35 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 8 %36 = load i32, i32* %35, align 8 %37 = icmp eq i32 %36, 0 br i1 %37, label %39, label %38 tail call void @i915_gem_object_release_mmap_gtt(%struct.drm_i915_gem_object.436033* %0) #83 Function:i915_gem_object_release_mmap_gtt %2 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 0, i32 0, i32 0, i32 2 %3 = bitcast %struct.drm_device.373290** %2 to %struct.drm_i915_private.436298** %4 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %3, align 8 %5 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %4, i64 0, i32 106 %6 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %5) #83 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device*, %struct.device** %2, align 8 %4 = tail call i32 @__pm_runtime_resume(%struct.device* %3, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 intel_runtime_pm_get 2 i915_ipc_status_write ------------- Path:  Function:i915_ipc_status_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_i915_private.428426** %11 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %10, align 8 %12 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %13 = icmp slt i32 %12, 0 br i1 %13, label %14, label %16 %17 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %11, i64 0, i32 106 %18 = call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %17) #83 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device*, %struct.device** %2, align 8 %4 = tail call i32 @__pm_runtime_resume(%struct.device* %3, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 intel_runtime_pm_get 2 i915_gpu_info_open ------------- Path:  Function:i915_gpu_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.426623** %5 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %5, i64 0, i32 106 %7 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %6) #83 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device*, %struct.device** %2, align 8 %4 = tail call i32 @__pm_runtime_resume(%struct.device* %3, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 intel_runtime_pm_get 2 i915_reg_read_ioctl ------------- Path:  Function:i915_reg_read_ioctl %4 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 30, i32 3, i32 1 %5 = bitcast %struct.raw_spinlock* %4 to %struct.intel_uncore.422493* %6 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %7 = bitcast %struct.mutex* %6 to i8* %8 = load i8, i8* %7, align 8 %9 = add i8 %8, -4 %10 = icmp ugt i8 %9, 8 br i1 %10, label %62, label %11 %12 = bitcast i8* %1 to i64* %13 = load i64, i64* %12, align 8 %14 = and i64 %13, -8 %15 = icmp eq i64 %14, 9048 br i1 %15, label %16, label %62 %17 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 1, i32 1 %18 = bitcast i64* %17 to %struct.intel_runtime_pm* %19 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %18) #83 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device*, %struct.device** %2, align 8 %4 = tail call i32 @__pm_runtime_resume(%struct.device* %3, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 intel_runtime_pm_get 2 media_rc6_residency_ms_show ------------- Path:  Function:media_rc6_residency_ms_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.412466** %8 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.412466, %struct.drm_i915_private.412466* %8, i64 0, i32 106 %10 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %9) #83 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device*, %struct.device** %2, align 8 %4 = tail call i32 @__pm_runtime_resume(%struct.device* %3, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 intel_runtime_pm_get 2 rc6pp_residency_ms_show ------------- Path:  Function:rc6pp_residency_ms_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.412466** %8 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.412466, %struct.drm_i915_private.412466* %8, i64 0, i32 106 %10 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %9) #83 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device*, %struct.device** %2, align 8 %4 = tail call i32 @__pm_runtime_resume(%struct.device* %3, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 intel_runtime_pm_get 2 rc6p_residency_ms_show ------------- Path:  Function:rc6p_residency_ms_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.412466** %8 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.412466, %struct.drm_i915_private.412466* %8, i64 0, i32 106 %10 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %9) #83 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device*, %struct.device** %2, align 8 %4 = tail call i32 @__pm_runtime_resume(%struct.device* %3, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 intel_runtime_pm_get 2 rc6_residency_ms_show ------------- Path:  Function:rc6_residency_ms_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.412466** %8 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.412466, %struct.drm_i915_private.412466* %8, i64 0, i32 106 %10 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %9) #83 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device*, %struct.device** %2, align 8 %4 = tail call i32 @__pm_runtime_resume(%struct.device* %3, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 dev_pm_qos_update_flags 2 pm_qos_no_power_off_store ------------- Path:  Function:pm_qos_no_power_off_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 @kstrtoint(i8* %2, i32 0, i32* nonnull %5) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %18 %10 = load i32, i32* %5, align 4 %11 = icmp ult i32 %10, 2 br i1 %11, label %12, label %18 %13 = icmp ne i32 %10, 0 %14 = call i32 bitcast (i32 (%struct.device*, i32, i1)* @dev_pm_qos_update_flags to i32 (%struct.device.597927*, i32, i1)*)(%struct.device.597927* %0, i32 1, i1 zeroext %13) #83 Function:dev_pm_qos_update_flags %4 = tail call i32 @__pm_runtime_resume(%struct.device* %0, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 ahci_show_em_supported ------------- Path:  Function:ahci_show_em_supported %4 = getelementptr %struct.device.615416, %struct.device.615416* %0, i64 -2, i32 10, i32 1, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 255 %6 = bitcast %struct.list_head** %5 to %struct.ata_port** %7 = load %struct.ata_port*, %struct.ata_port** %6, align 8 %8 = getelementptr inbounds %struct.ata_port, %struct.ata_port* %7, i64 0, i32 31 %9 = load %struct.ata_host*, %struct.ata_host** %8, align 8 %10 = getelementptr inbounds %struct.ata_host, %struct.ata_host* %9, i64 0, i32 5 %11 = bitcast i8** %10 to %struct.ahci_host_priv** %12 = load %struct.ahci_host_priv*, %struct.ahci_host_priv** %11, align 8 %13 = getelementptr inbounds %struct.ahci_host_priv, %struct.ahci_host_priv* %12, i64 0, i32 3 %14 = load i8*, i8** %13, align 8 %15 = getelementptr inbounds %struct.ata_port, %struct.ata_port* %7, i64 0, i32 32 %16 = load %struct.device.615416*, %struct.device.615416** %15, align 64 %17 = tail call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.615416*, i32)*)(%struct.device.615416* %16, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 ahci_store_em_buffer ------------- Path:  Function:ahci_store_em_buffer %5 = getelementptr %struct.device.615416, %struct.device.615416* %0, i64 -2, i32 10, i32 1, i32 1 %6 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 255 %7 = bitcast %struct.list_head** %6 to %struct.ata_port** %8 = load %struct.ata_port*, %struct.ata_port** %7, align 8 %9 = getelementptr inbounds %struct.ata_port, %struct.ata_port* %8, i64 0, i32 31 %10 = load %struct.ata_host*, %struct.ata_host** %9, align 8 %11 = getelementptr inbounds %struct.ata_host, %struct.ata_host* %10, i64 0, i32 5 %12 = bitcast i8** %11 to %struct.ahci_host_priv** %13 = load %struct.ahci_host_priv*, %struct.ahci_host_priv** %12, align 8 %14 = getelementptr inbounds %struct.ahci_host_priv, %struct.ahci_host_priv* %13, i64 0, i32 3 %15 = load i8*, i8** %14, align 8 %16 = getelementptr inbounds %struct.ahci_host_priv, %struct.ahci_host_priv* %13, i64 0, i32 11 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr i8, i8* %15, i64 %18 %20 = getelementptr inbounds %struct.ata_port, %struct.ata_port* %8, i64 0, i32 3 %21 = load i64, i64* %20, align 8 %22 = and i64 %21, 2097152 %23 = icmp eq i64 %22, 0 br i1 %23, label %95, label %24 %25 = getelementptr inbounds %struct.ahci_host_priv, %struct.ahci_host_priv* %13, i64 0, i32 13 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8 %28 = icmp ne i32 %27, 0 %29 = and i64 %3, 3 %30 = icmp eq i64 %29, 0 %31 = and i1 %30, %28 br i1 %31, label %32, label %95 %33 = getelementptr inbounds %struct.ahci_host_priv, %struct.ahci_host_priv* %13, i64 0, i32 12 %34 = load i32, i32* %33, align 8 %35 = zext i32 %34 to i64 %36 = icmp ult i64 %35, %3 br i1 %36, label %95, label %37 %38 = getelementptr inbounds %struct.ata_port, %struct.ata_port* %8, i64 0, i32 32 %39 = load %struct.device.615416*, %struct.device.615416** %38, align 64 %40 = tail call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.615416*, i32)*)(%struct.device.615416* %39, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 ahci_read_em_buffer ------------- Path:  Function:ahci_read_em_buffer %4 = getelementptr %struct.device.615416, %struct.device.615416* %0, i64 -2, i32 10, i32 1, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 255 %6 = bitcast %struct.list_head** %5 to %struct.ata_port** %7 = load %struct.ata_port*, %struct.ata_port** %6, align 8 %8 = getelementptr inbounds %struct.ata_port, %struct.ata_port* %7, i64 0, i32 31 %9 = load %struct.ata_host*, %struct.ata_host** %8, align 8 %10 = getelementptr inbounds %struct.ata_host, %struct.ata_host* %9, i64 0, i32 5 %11 = bitcast i8** %10 to %struct.ahci_host_priv** %12 = load %struct.ahci_host_priv*, %struct.ahci_host_priv** %11, align 8 %13 = getelementptr inbounds %struct.ahci_host_priv, %struct.ahci_host_priv* %12, i64 0, i32 3 %14 = load i8*, i8** %13, align 8 %15 = getelementptr inbounds %struct.ahci_host_priv, %struct.ahci_host_priv* %12, i64 0, i32 11 %16 = load i32, i32* %15, align 4 %17 = zext i32 %16 to i64 %18 = getelementptr i8, i8* %14, i64 %17 %19 = getelementptr inbounds %struct.ata_port, %struct.ata_port* %7, i64 0, i32 32 %20 = load %struct.device.615416*, %struct.device.615416** %19, align 64 %21 = tail call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.615416*, i32)*)(%struct.device.615416* %20, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 blk_queue_enter 2 bio_poll 3 iocb_bio_iopoll ------------- Path:  Function:iocb_bio_iopoll tail call void @__rcu_read_lock() #83 %4 = getelementptr inbounds %struct.kiocb.290504, %struct.kiocb.290504* %0, i64 0, i32 3 %5 = load volatile i8*, i8** %4, align 8 %6 = bitcast i8* %5 to %struct.bio.290594* %7 = icmp eq i8* %5, null br i1 %7, label %15, label %8 %9 = getelementptr inbounds i8, i8* %5, i64 8 %10 = bitcast i8* %9 to %struct.block_device.290586** %11 = load %struct.block_device.290586*, %struct.block_device.290586** %10, align 8 %12 = icmp eq %struct.block_device.290586* %11, null br i1 %12, label %15, label %13 %14 = tail call i32 @bio_poll(%struct.bio.290594* nonnull %6, %struct.io_comp_batch.290810* %1, i32 %2) #84 Function:bio_poll %4 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %5 = load %struct.block_device.290586*, %struct.block_device.290586** %4, align 8 %6 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %5, i64 0, i32 18 %7 = load %struct.request_queue.290802*, %struct.request_queue.290802** %6, align 8 %8 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 9 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, -1 br i1 %10, label %54, label %11 %12 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %7, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 65536 %15 = icmp eq i64 %14, 0 br i1 %15, label %54, label %16 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.290793* %19 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %18, i64 0, i32 129 %20 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %19, align 8 %21 = icmp eq %struct.blk_plug.290756* %20, null br i1 %21, label %23, label %22 %24 = tail call i32 @blk_queue_enter(%struct.request_queue.290802* %7, i32 1) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 %71 = load i32, i32* %14, align 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %85 %74 = load %struct.device.290570*, %struct.device.290570** %15, align 8 %75 = icmp eq %struct.device.290570* %74, null br i1 %75, label %112, label %76 %77 = load volatile i32, i32* %8, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %112, label %79 br i1 %5, label %83, label %80 %84 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.290570*, i32)*)(%struct.device.290570* nonnull %74, i32 1) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 blk_queue_enter 2 blk_mq_alloc_request 3 scsi_alloc_request 4 scsi_ioctl 5 sg_ioctl ------------- Path:  Function:sg_ioctl %4 = alloca %struct.sg_request*, align 8 %5 = alloca %struct.wait_queue_entry, align 8 %6 = alloca %struct.sg_scsi_id, align 4 %7 = inttoptr i64 %2 to i8* %8 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.sg_fd** %10 = load %struct.sg_fd*, %struct.sg_fd** %9, align 8 %11 = icmp eq %struct.sg_fd* %10, null br i1 %11, label %781, label %12 %13 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %10, i64 0, i32 1 %14 = load %struct.sg_device*, %struct.sg_device** %13, align 8 %15 = icmp eq %struct.sg_device* %14, null br i1 %15, label %781, label %16 %17 = inttoptr i64 %2 to i32* %18 = bitcast %struct.sg_request** %4 to i8* %19 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 3 %22 = icmp ne i32 %21, 2 %23 = zext i1 %22 to i32 switch i32 %1, label %758 [ i32 8837, label %24 i32 8705, label %97 i32 8706, label %121 i32 8825, label %768 i32 8826, label %125 i32 8822, label %133 i32 8827, label %172 i32 8828, label %188 i32 8829, label %232 i32 8831, label %271 i32 8821, label %281 i32 8818, label %414 i32 8817, label %435 i32 8816, label %451 i32 8839, label %462 i32 8840, label %477 i32 8835, label %488 i32 8834, label %507 i32 8841, label %515 i32 8838, label %527 i32 8707, label %656 i32 1, label %679 i32 8830, label %690 i32 4711, label %705 i32 -1069018509, label %722 i32 4724, label %733 i32 4725, label %740 i32 4726, label %747 i32 21378, label %754 i32 21382, label %754 i32 21381, label %754 i32 8709, label %754 i32 8836, label %754 ] %25 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 7, i32 0 %26 = load volatile i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %768 %29 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 0 %30 = load %struct.scsi_device.615267*, %struct.scsi_device.615267** %29, align 8 %31 = tail call i32 bitcast (i32 (%struct.scsi_device.608549*)* @scsi_block_when_processing_errors to i32 (%struct.scsi_device.615267*)*)(%struct.scsi_device.615267* %30) #83 %32 = icmp eq i32 %31, 0 br i1 %32, label %768, label %33 %34 = call fastcc i64 @sg_new_write(%struct.sg_fd* nonnull %10, %struct.file.289897* %0, i8* %7, i64 88, i32 %23, i32 1, %struct.sg_request** nonnull %4) #83 %35 = trunc i64 %34 to i32 %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %40 %38 = shl i64 %34, 32 %39 = ashr exact i64 %38, 32 br label %770 %771 = phi i64 [ %753, %747 ], [ %746, %740 ], [ %739, %733 ], [ %732, %722 ], [ %721, %705 ], [ %700, %698 ], [ %689, %683 ], [ %678, %660 ], [ %526, %515 ], [ %514, %507 ], [ %499, %497 ], [ %487, %477 ], [ %472, %470 ], [ %461, %451 ], [ %445, %443 ], [ %434, %414 ], [ %292, %290 ], [ %280, %271 ], [ %270, %262 ], [ %218, %209 ], [ %231, %224 ], [ %182, %180 ], [ %171, %170 ], [ %132, %125 ], [ %124, %121 ], [ %108, %106 ], [ %39, %37 ], [ %94, %87 ], [ %79, %95 ], [ %655, %654 ], [ %767, %759 ] %772 = trunc i64 %771 to i32 %773 = icmp eq i32 %772, -515 br i1 %773, label %774, label %781 %775 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 0 %776 = load %struct.scsi_device.615267*, %struct.scsi_device.615267** %775, align 8 %777 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 8 %778 = load i32, i32* %777, align 4 %779 = call i32 bitcast (i32 (%struct.scsi_device.607757*, %struct.gendisk.607492*, i32, i32, i8*)* @scsi_ioctl to i32 (%struct.scsi_device.615267*, %struct.gendisk.289686*, i32, i32, i8*)*)(%struct.scsi_device.615267* %776, %struct.gendisk.289686* null, i32 %778, i32 %1, i8* %7) #83 Function:scsi_ioctl %6 = alloca %struct.static_call_site, align 4 %7 = alloca [16 x i8], align 16 %8 = alloca %struct.compat_cdrom_generic_command, align 4 %9 = alloca %struct.compat_cdrom_generic_command, align 4 %10 = alloca [3 x i8], align 1 %11 = alloca %struct.cdrom_generic_command, align 8 %12 = alloca %struct.sg_io_hdr, align 8 %13 = alloca %struct.sg_io_hdr, align 8 %14 = alloca %struct.scsi_sense_hdr, align 1 %15 = getelementptr inbounds %struct.scsi_device.607757, %struct.scsi_device.607757* %0, i64 0, i32 1 %16 = load %struct.request_queue.607499*, %struct.request_queue.607499** %15, align 8 %17 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %14, i64 0, i32 0 %18 = add i32 %3, -1 %19 = icmp ult i32 %18, 6 br i1 %19, label %20, label %25 switch i32 %3, label %535 [ i32 8834, label %26 i32 8705, label %33 i32 8706, label %48 i32 8818, label %54 i32 8821, label %71 i32 8707, label %93 i32 8837, label %100 i32 1, label %113 i32 21395, label %240 i32 21273, label %376 i32 21257, label %380 i32 21378, label %384 i32 21382, label %413 i32 21381, label %424 i32 21376, label %465 i32 21377, label %485 i32 2, label %501 i32 5, label %503 i32 6, label %507 i32 21383, label %511 i32 8836, label %532 ] %114 = bitcast i8* %4 to %struct.file_handle* %115 = icmp eq i8* %4, null br i1 %115, label %558, label %116 %118 = bitcast i8* %4 to i32* %119 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %118, i64 4, i64 %117) #6, !srcloc !10 %120 = extractvalue { i32*, i32, i64 } %119, 0 %121 = extractvalue { i32*, i32, i64 } %119, 1 %122 = extractvalue { i32*, i32, i64 } %119, 2 %123 = ptrtoint i32* %120 to i64 %124 = and i64 %123, 4294967295 %125 = icmp eq i64 %124, 0 br i1 %125, label %126, label %558, !prof !11, !misexpect !12 %128 = getelementptr inbounds i8, i8* %4, i64 4 %129 = bitcast i8* %128 to i32* %130 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %129, i64 4, i64 %127) #6, !srcloc !13 %131 = extractvalue { i32*, i32, i64 } %130, 0 %132 = extractvalue { i32*, i32, i64 } %130, 1 %133 = extractvalue { i32*, i32, i64 } %130, 2 %134 = ptrtoint i32* %131 to i64 %135 = and i64 %134, 4294967295 %136 = icmp eq i64 %135, 0 br i1 %136, label %137, label %558, !prof !11, !misexpect !12 %138 = zext i32 %121 to i64 %139 = icmp ugt i32 %121, 4096 br i1 %139, label %558, label %140 %141 = zext i32 %132 to i64 %142 = icmp ugt i32 %132, 4096 br i1 %142, label %558, label %143 %145 = getelementptr inbounds i8, i8* %4, i64 8 %146 = tail call { i8*, i8, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i8* %145, i64 1, i64 %144) #6, !srcloc !14 %147 = extractvalue { i8*, i8, i64 } %146, 0 %148 = extractvalue { i8*, i8, i64 } %146, 1 %149 = extractvalue { i8*, i8, i64 } %146, 2 %150 = ptrtoint i8* %147 to i64 %151 = and i64 %150, 4294967295 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %558, !prof !11, !misexpect !12 %154 = icmp ugt i32 %121, %132 %155 = select i1 %154, i32 %121, i32 %132 %156 = icmp eq i32 %155, 0 br i1 %156, label %161, label %157 %158 = zext i32 %155 to i64 %159 = tail call noalias align 8 i8* @__kmalloc(i64 %158, i32 1060288) #85 %160 = icmp eq i8* %159, null br i1 %160, label %558, label %161 %162 = phi i8* [ %159, %157 ], [ null, %153 ] %163 = icmp eq i32 %121, 0 %164 = select i1 %163, i32 34, i32 35 %165 = tail call %struct.request.607506* @scsi_alloc_request(%struct.request_queue.607499* %16, i32 %164, i32 0) #84 Function:scsi_alloc_request %4 = tail call %struct.request.607506* bitcast (%struct.request.294838* (%struct.request_queue.294830*, i32, i32)* @blk_mq_alloc_request to %struct.request.607506* (%struct.request_queue.607499*, i32, i32)*)(%struct.request_queue.607499* %0, i32 %1, i32 %2) #83 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.294797, align 8 %5 = bitcast %struct.blk_mq_alloc_data.294797* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 0 store %struct.request_queue.294830* %0, %struct.request_queue.294830** %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 1 store i32 %2, i32* %7, align 8 %8 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 2 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 3 store i32 %1, i32* %9, align 8 %10 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 4 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 5 store i32 1, i32* %11, align 8 %12 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 6 %13 = bitcast %struct.request.294838*** %12 to i8* %14 = tail call i32 bitcast (i32 (%struct.request_queue.290802*, i32)* @blk_queue_enter to i32 (%struct.request_queue.294830*, i32)*)(%struct.request_queue.294830* %0, i32 %2) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 %71 = load i32, i32* %14, align 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %85 %74 = load %struct.device.290570*, %struct.device.290570** %15, align 8 %75 = icmp eq %struct.device.290570* %74, null br i1 %75, label %112, label %76 %77 = load volatile i32, i32* %8, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %112, label %79 br i1 %5, label %83, label %80 %84 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.290570*, i32)*)(%struct.device.290570* nonnull %74, i32 1) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 blk_queue_enter 2 blk_mq_alloc_request 3 __scsi_execute 4 sd_pr_command 5 sd_pr_register ------------- Path:  Function:sd_pr_register %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %10 %7 = icmp eq i32 %3, 0 %8 = select i1 %7, i8 0, i8 6 %9 = tail call fastcc i32 @sd_pr_command(%struct.block_device.613266* %0, i8 zeroext %8, i64 %1, i64 %2, i8 zeroext 0, i8 zeroext 1) #83 Function:sd_pr_command %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = alloca [16 x i8], align 16 %9 = alloca [24 x i8], align 16 %10 = getelementptr inbounds %struct.block_device.613266, %struct.block_device.613266* %0, i64 0, i32 17 %11 = load %struct.gendisk.613289*, %struct.gendisk.613289** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %11, i64 0, i32 10 %13 = bitcast i8** %12 to %struct.scsi_disk** %14 = load %struct.scsi_disk*, %struct.scsi_disk** %13, align 8 %15 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 1 %16 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %15, align 8 %17 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %18 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %19 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 0 %20 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 16 %21 = bitcast i8* %20 to i64* store i64 0, i64* %21, align 16 store i8 95, i8* %18, align 16 %22 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 1 store i8 %1, i8* %22, align 1 %23 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 2 store i8 %4, i8* %23, align 2 %24 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 5 %25 = bitcast i8* %24 to i32* store i32 402653184, i32* %25, align 1 %27 = bitcast [24 x i8]* %9 to i64* store i64 %26, i64* %27, align 16 %28 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 8 %30 = bitcast i8* %28 to i64* store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 20 store i8 %5, i8* %31, align 4 %32 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 8 %33 = load i32, i32* %32, align 8 %34 = call i32 bitcast (i32 (%struct.scsi_device.608973*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)* @__scsi_execute to i32 (%struct.scsi_device.613577*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)*)(%struct.scsi_device.613577* %16, i8* nonnull %18, i32 1, i8* nonnull %19, i32 24, i8* null, %struct.scsi_sense_hdr* nonnull %7, i32 30000, i32 %33, i64 0, i32 0, i32* null) #83 Function:__scsi_execute %13 = getelementptr inbounds %struct.scsi_device.608973, %struct.scsi_device.608973* %0, i64 0, i32 1 %14 = load %struct.request_queue.607499*, %struct.request_queue.607499** %13, align 8 %15 = icmp eq i32 %2, 1 %16 = select i1 %15, i32 35, i32 34 %17 = lshr i32 %10, 13 %18 = and i32 %17, 4 %19 = tail call %struct.request.607506* bitcast (%struct.request.294838* (%struct.request_queue.294830*, i32, i32)* @blk_mq_alloc_request to %struct.request.607506* (%struct.request_queue.607499*, i32, i32)*)(%struct.request_queue.607499* %14, i32 %16, i32 %18) #83 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.294797, align 8 %5 = bitcast %struct.blk_mq_alloc_data.294797* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 0 store %struct.request_queue.294830* %0, %struct.request_queue.294830** %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 1 store i32 %2, i32* %7, align 8 %8 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 2 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 3 store i32 %1, i32* %9, align 8 %10 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 4 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 5 store i32 1, i32* %11, align 8 %12 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 6 %13 = bitcast %struct.request.294838*** %12 to i8* %14 = tail call i32 bitcast (i32 (%struct.request_queue.290802*, i32)* @blk_queue_enter to i32 (%struct.request_queue.294830*, i32)*)(%struct.request_queue.294830* %0, i32 %2) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 %71 = load i32, i32* %14, align 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %85 %74 = load %struct.device.290570*, %struct.device.290570** %15, align 8 %75 = icmp eq %struct.device.290570* %74, null br i1 %75, label %112, label %76 %77 = load volatile i32, i32* %8, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %112, label %79 br i1 %5, label %83, label %80 %84 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.290570*, i32)*)(%struct.device.290570* nonnull %74, i32 1) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 blk_queue_enter 2 blk_mq_alloc_request 3 __scsi_execute 4 sd_pr_command 5 sd_pr_reserve ------------- Path:  Function:sd_pr_reserve %5 = icmp eq i32 %3, 0 br i1 %5, label %6, label %15 %7 = add i32 %2, -1 %8 = icmp ult i32 %7, 6 %9 = zext i32 %7 to i48 %10 = shl nuw nsw i48 %9, 3 %11 = lshr i48 8826258785025, %10 %12 = trunc i48 %11 to i8 %13 = select i1 %8, i8 %12, i8 0 %14 = tail call fastcc i32 @sd_pr_command(%struct.block_device.613266* %0, i8 zeroext 1, i64 %1, i64 0, i8 zeroext %13, i8 zeroext 0) #83 Function:sd_pr_command %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = alloca [16 x i8], align 16 %9 = alloca [24 x i8], align 16 %10 = getelementptr inbounds %struct.block_device.613266, %struct.block_device.613266* %0, i64 0, i32 17 %11 = load %struct.gendisk.613289*, %struct.gendisk.613289** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %11, i64 0, i32 10 %13 = bitcast i8** %12 to %struct.scsi_disk** %14 = load %struct.scsi_disk*, %struct.scsi_disk** %13, align 8 %15 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 1 %16 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %15, align 8 %17 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %18 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %19 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 0 %20 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 16 %21 = bitcast i8* %20 to i64* store i64 0, i64* %21, align 16 store i8 95, i8* %18, align 16 %22 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 1 store i8 %1, i8* %22, align 1 %23 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 2 store i8 %4, i8* %23, align 2 %24 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 5 %25 = bitcast i8* %24 to i32* store i32 402653184, i32* %25, align 1 %27 = bitcast [24 x i8]* %9 to i64* store i64 %26, i64* %27, align 16 %28 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 8 %30 = bitcast i8* %28 to i64* store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 20 store i8 %5, i8* %31, align 4 %32 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 8 %33 = load i32, i32* %32, align 8 %34 = call i32 bitcast (i32 (%struct.scsi_device.608973*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)* @__scsi_execute to i32 (%struct.scsi_device.613577*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)*)(%struct.scsi_device.613577* %16, i8* nonnull %18, i32 1, i8* nonnull %19, i32 24, i8* null, %struct.scsi_sense_hdr* nonnull %7, i32 30000, i32 %33, i64 0, i32 0, i32* null) #83 Function:__scsi_execute %13 = getelementptr inbounds %struct.scsi_device.608973, %struct.scsi_device.608973* %0, i64 0, i32 1 %14 = load %struct.request_queue.607499*, %struct.request_queue.607499** %13, align 8 %15 = icmp eq i32 %2, 1 %16 = select i1 %15, i32 35, i32 34 %17 = lshr i32 %10, 13 %18 = and i32 %17, 4 %19 = tail call %struct.request.607506* bitcast (%struct.request.294838* (%struct.request_queue.294830*, i32, i32)* @blk_mq_alloc_request to %struct.request.607506* (%struct.request_queue.607499*, i32, i32)*)(%struct.request_queue.607499* %14, i32 %16, i32 %18) #83 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.294797, align 8 %5 = bitcast %struct.blk_mq_alloc_data.294797* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 0 store %struct.request_queue.294830* %0, %struct.request_queue.294830** %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 1 store i32 %2, i32* %7, align 8 %8 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 2 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 3 store i32 %1, i32* %9, align 8 %10 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 4 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 5 store i32 1, i32* %11, align 8 %12 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 6 %13 = bitcast %struct.request.294838*** %12 to i8* %14 = tail call i32 bitcast (i32 (%struct.request_queue.290802*, i32)* @blk_queue_enter to i32 (%struct.request_queue.294830*, i32)*)(%struct.request_queue.294830* %0, i32 %2) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 %71 = load i32, i32* %14, align 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %85 %74 = load %struct.device.290570*, %struct.device.290570** %15, align 8 %75 = icmp eq %struct.device.290570* %74, null br i1 %75, label %112, label %76 %77 = load volatile i32, i32* %8, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %112, label %79 br i1 %5, label %83, label %80 %84 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.290570*, i32)*)(%struct.device.290570* nonnull %74, i32 1) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 blk_queue_enter 2 blk_mq_alloc_request 3 __scsi_execute 4 sd_pr_command 5 sd_pr_release ------------- Path:  Function:sd_pr_release %4 = add i32 %2, -1 %5 = icmp ult i32 %4, 6 %6 = zext i32 %4 to i48 %7 = shl nuw nsw i48 %6, 3 %8 = lshr i48 8826258785025, %7 %9 = trunc i48 %8 to i8 %10 = select i1 %5, i8 %9, i8 0 %11 = tail call fastcc i32 @sd_pr_command(%struct.block_device.613266* %0, i8 zeroext 2, i64 %1, i64 0, i8 zeroext %10, i8 zeroext 0) #83 Function:sd_pr_command %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = alloca [16 x i8], align 16 %9 = alloca [24 x i8], align 16 %10 = getelementptr inbounds %struct.block_device.613266, %struct.block_device.613266* %0, i64 0, i32 17 %11 = load %struct.gendisk.613289*, %struct.gendisk.613289** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %11, i64 0, i32 10 %13 = bitcast i8** %12 to %struct.scsi_disk** %14 = load %struct.scsi_disk*, %struct.scsi_disk** %13, align 8 %15 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 1 %16 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %15, align 8 %17 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %18 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %19 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 0 %20 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 16 %21 = bitcast i8* %20 to i64* store i64 0, i64* %21, align 16 store i8 95, i8* %18, align 16 %22 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 1 store i8 %1, i8* %22, align 1 %23 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 2 store i8 %4, i8* %23, align 2 %24 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 5 %25 = bitcast i8* %24 to i32* store i32 402653184, i32* %25, align 1 %27 = bitcast [24 x i8]* %9 to i64* store i64 %26, i64* %27, align 16 %28 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 8 %30 = bitcast i8* %28 to i64* store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 20 store i8 %5, i8* %31, align 4 %32 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 8 %33 = load i32, i32* %32, align 8 %34 = call i32 bitcast (i32 (%struct.scsi_device.608973*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)* @__scsi_execute to i32 (%struct.scsi_device.613577*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)*)(%struct.scsi_device.613577* %16, i8* nonnull %18, i32 1, i8* nonnull %19, i32 24, i8* null, %struct.scsi_sense_hdr* nonnull %7, i32 30000, i32 %33, i64 0, i32 0, i32* null) #83 Function:__scsi_execute %13 = getelementptr inbounds %struct.scsi_device.608973, %struct.scsi_device.608973* %0, i64 0, i32 1 %14 = load %struct.request_queue.607499*, %struct.request_queue.607499** %13, align 8 %15 = icmp eq i32 %2, 1 %16 = select i1 %15, i32 35, i32 34 %17 = lshr i32 %10, 13 %18 = and i32 %17, 4 %19 = tail call %struct.request.607506* bitcast (%struct.request.294838* (%struct.request_queue.294830*, i32, i32)* @blk_mq_alloc_request to %struct.request.607506* (%struct.request_queue.607499*, i32, i32)*)(%struct.request_queue.607499* %14, i32 %16, i32 %18) #83 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.294797, align 8 %5 = bitcast %struct.blk_mq_alloc_data.294797* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 0 store %struct.request_queue.294830* %0, %struct.request_queue.294830** %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 1 store i32 %2, i32* %7, align 8 %8 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 2 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 3 store i32 %1, i32* %9, align 8 %10 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 4 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 5 store i32 1, i32* %11, align 8 %12 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 6 %13 = bitcast %struct.request.294838*** %12 to i8* %14 = tail call i32 bitcast (i32 (%struct.request_queue.290802*, i32)* @blk_queue_enter to i32 (%struct.request_queue.294830*, i32)*)(%struct.request_queue.294830* %0, i32 %2) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 %71 = load i32, i32* %14, align 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %85 %74 = load %struct.device.290570*, %struct.device.290570** %15, align 8 %75 = icmp eq %struct.device.290570* %74, null br i1 %75, label %112, label %76 %77 = load volatile i32, i32* %8, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %112, label %79 br i1 %5, label %83, label %80 %84 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.290570*, i32)*)(%struct.device.290570* nonnull %74, i32 1) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 blk_queue_enter 2 blk_mq_alloc_request 3 __scsi_execute 4 sd_pr_command 5 sd_pr_preempt ------------- Path:  Function:sd_pr_preempt %6 = add i32 %3, -1 %7 = icmp ult i32 %6, 6 %8 = zext i32 %6 to i48 %9 = shl nuw nsw i48 %8, 3 %10 = lshr i48 8826258785025, %9 %11 = trunc i48 %10 to i8 %12 = select i1 %7, i8 %11, i8 0 %13 = select i1 %4, i8 5, i8 4 %14 = tail call fastcc i32 @sd_pr_command(%struct.block_device.613266* %0, i8 zeroext %13, i64 %1, i64 %2, i8 zeroext %12, i8 zeroext 0) #83 Function:sd_pr_command %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = alloca [16 x i8], align 16 %9 = alloca [24 x i8], align 16 %10 = getelementptr inbounds %struct.block_device.613266, %struct.block_device.613266* %0, i64 0, i32 17 %11 = load %struct.gendisk.613289*, %struct.gendisk.613289** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %11, i64 0, i32 10 %13 = bitcast i8** %12 to %struct.scsi_disk** %14 = load %struct.scsi_disk*, %struct.scsi_disk** %13, align 8 %15 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 1 %16 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %15, align 8 %17 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %18 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %19 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 0 %20 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 16 %21 = bitcast i8* %20 to i64* store i64 0, i64* %21, align 16 store i8 95, i8* %18, align 16 %22 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 1 store i8 %1, i8* %22, align 1 %23 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 2 store i8 %4, i8* %23, align 2 %24 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 5 %25 = bitcast i8* %24 to i32* store i32 402653184, i32* %25, align 1 %27 = bitcast [24 x i8]* %9 to i64* store i64 %26, i64* %27, align 16 %28 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 8 %30 = bitcast i8* %28 to i64* store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 20 store i8 %5, i8* %31, align 4 %32 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 8 %33 = load i32, i32* %32, align 8 %34 = call i32 bitcast (i32 (%struct.scsi_device.608973*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)* @__scsi_execute to i32 (%struct.scsi_device.613577*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)*)(%struct.scsi_device.613577* %16, i8* nonnull %18, i32 1, i8* nonnull %19, i32 24, i8* null, %struct.scsi_sense_hdr* nonnull %7, i32 30000, i32 %33, i64 0, i32 0, i32* null) #83 Function:__scsi_execute %13 = getelementptr inbounds %struct.scsi_device.608973, %struct.scsi_device.608973* %0, i64 0, i32 1 %14 = load %struct.request_queue.607499*, %struct.request_queue.607499** %13, align 8 %15 = icmp eq i32 %2, 1 %16 = select i1 %15, i32 35, i32 34 %17 = lshr i32 %10, 13 %18 = and i32 %17, 4 %19 = tail call %struct.request.607506* bitcast (%struct.request.294838* (%struct.request_queue.294830*, i32, i32)* @blk_mq_alloc_request to %struct.request.607506* (%struct.request_queue.607499*, i32, i32)*)(%struct.request_queue.607499* %14, i32 %16, i32 %18) #83 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.294797, align 8 %5 = bitcast %struct.blk_mq_alloc_data.294797* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 0 store %struct.request_queue.294830* %0, %struct.request_queue.294830** %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 1 store i32 %2, i32* %7, align 8 %8 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 2 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 3 store i32 %1, i32* %9, align 8 %10 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 4 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 5 store i32 1, i32* %11, align 8 %12 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 6 %13 = bitcast %struct.request.294838*** %12 to i8* %14 = tail call i32 bitcast (i32 (%struct.request_queue.290802*, i32)* @blk_queue_enter to i32 (%struct.request_queue.294830*, i32)*)(%struct.request_queue.294830* %0, i32 %2) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 %71 = load i32, i32* %14, align 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %85 %74 = load %struct.device.290570*, %struct.device.290570** %15, align 8 %75 = icmp eq %struct.device.290570* %74, null br i1 %75, label %112, label %76 %77 = load volatile i32, i32* %8, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %112, label %79 br i1 %5, label %83, label %80 %84 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.290570*, i32)*)(%struct.device.290570* nonnull %74, i32 1) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 blk_queue_enter 2 blk_mq_alloc_request 3 __scsi_execute 4 sd_pr_command 5 sd_pr_clear ------------- Path:  Function:sd_pr_clear %3 = tail call fastcc i32 @sd_pr_command(%struct.block_device.613266* %0, i8 zeroext 3, i64 %1, i64 0, i8 zeroext 0, i8 zeroext 0) #83 Function:sd_pr_command %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = alloca [16 x i8], align 16 %9 = alloca [24 x i8], align 16 %10 = getelementptr inbounds %struct.block_device.613266, %struct.block_device.613266* %0, i64 0, i32 17 %11 = load %struct.gendisk.613289*, %struct.gendisk.613289** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %11, i64 0, i32 10 %13 = bitcast i8** %12 to %struct.scsi_disk** %14 = load %struct.scsi_disk*, %struct.scsi_disk** %13, align 8 %15 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 1 %16 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %15, align 8 %17 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %18 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %19 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 0 %20 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 16 %21 = bitcast i8* %20 to i64* store i64 0, i64* %21, align 16 store i8 95, i8* %18, align 16 %22 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 1 store i8 %1, i8* %22, align 1 %23 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 2 store i8 %4, i8* %23, align 2 %24 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 5 %25 = bitcast i8* %24 to i32* store i32 402653184, i32* %25, align 1 %27 = bitcast [24 x i8]* %9 to i64* store i64 %26, i64* %27, align 16 %28 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 8 %30 = bitcast i8* %28 to i64* store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 20 store i8 %5, i8* %31, align 4 %32 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 8 %33 = load i32, i32* %32, align 8 %34 = call i32 bitcast (i32 (%struct.scsi_device.608973*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)* @__scsi_execute to i32 (%struct.scsi_device.613577*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)*)(%struct.scsi_device.613577* %16, i8* nonnull %18, i32 1, i8* nonnull %19, i32 24, i8* null, %struct.scsi_sense_hdr* nonnull %7, i32 30000, i32 %33, i64 0, i32 0, i32* null) #83 Function:__scsi_execute %13 = getelementptr inbounds %struct.scsi_device.608973, %struct.scsi_device.608973* %0, i64 0, i32 1 %14 = load %struct.request_queue.607499*, %struct.request_queue.607499** %13, align 8 %15 = icmp eq i32 %2, 1 %16 = select i1 %15, i32 35, i32 34 %17 = lshr i32 %10, 13 %18 = and i32 %17, 4 %19 = tail call %struct.request.607506* bitcast (%struct.request.294838* (%struct.request_queue.294830*, i32, i32)* @blk_mq_alloc_request to %struct.request.607506* (%struct.request_queue.607499*, i32, i32)*)(%struct.request_queue.607499* %14, i32 %16, i32 %18) #83 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.294797, align 8 %5 = bitcast %struct.blk_mq_alloc_data.294797* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 0 store %struct.request_queue.294830* %0, %struct.request_queue.294830** %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 1 store i32 %2, i32* %7, align 8 %8 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 2 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 3 store i32 %1, i32* %9, align 8 %10 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 4 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 5 store i32 1, i32* %11, align 8 %12 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 6 %13 = bitcast %struct.request.294838*** %12 to i8* %14 = tail call i32 bitcast (i32 (%struct.request_queue.290802*, i32)* @blk_queue_enter to i32 (%struct.request_queue.294830*, i32)*)(%struct.request_queue.294830* %0, i32 %2) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 %71 = load i32, i32* %14, align 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %85 %74 = load %struct.device.290570*, %struct.device.290570** %15, align 8 %75 = icmp eq %struct.device.290570* %74, null br i1 %75, label %112, label %76 %77 = load volatile i32, i32* %8, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %112, label %79 br i1 %5, label %83, label %80 %84 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.290570*, i32)*)(%struct.device.290570* nonnull %74, i32 1) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_resume 1 ahci_show_port_cmd ------------- Path:  Function:ahci_show_port_cmd %4 = getelementptr %struct.device.615416, %struct.device.615416* %0, i64 -2, i32 10, i32 1, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 255 %6 = bitcast %struct.list_head** %5 to %struct.ata_port** %7 = load %struct.ata_port*, %struct.ata_port** %6, align 8 %8 = getelementptr inbounds %struct.ata_port, %struct.ata_port* %7, i64 0, i32 31 %9 = load %struct.ata_host*, %struct.ata_host** %8, align 8 %10 = getelementptr inbounds %struct.ata_port, %struct.ata_port* %7, i64 0, i32 7 %11 = load i32, i32* %10, align 4 %12 = getelementptr inbounds %struct.ata_host, %struct.ata_host* %9, i64 0, i32 5 %13 = bitcast i8** %12 to %struct.ahci_host_priv** %14 = load %struct.ahci_host_priv*, %struct.ahci_host_priv** %13, align 8 %15 = getelementptr inbounds %struct.ahci_host_priv, %struct.ahci_host_priv* %14, i64 0, i32 3 %16 = load i8*, i8** %15, align 8 %17 = getelementptr i8, i8* %16, i64 256 %18 = shl i32 %11, 7 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %17, i64 %19 %21 = getelementptr inbounds %struct.ata_port, %struct.ata_port* %7, i64 0, i32 32 %22 = load %struct.device.615416*, %struct.device.615416** %21, align 64 %23 = tail call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.615416*, i32)*)(%struct.device.615416* %22, i32 4) #83 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_suspend 1 __intel_runtime_pm_put 2 intel_runtime_pm_put_unchecked 3 __intel_wakeref_put_last 4 intel_gt_pm_debugfs_forcewake_user_release 5 i915_forcewake_release ------------- Path:  Function:i915_forcewake_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.426623** %5 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %5, i64 0, i32 108 %7 = tail call i32 @intel_gt_pm_debugfs_forcewake_user_release(%struct.intel_gt.426438* %6) #83 Function:intel_gt_pm_debugfs_forcewake_user_release %2 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %0, i64 0, i32 0 %3 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %2, align 8 %4 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %3, i64 0, i32 3, i32 0 %5 = load i8, i8* %4, align 8 %6 = icmp ugt i8 %5, 5 br i1 %6, label %7, label %10 %8 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %0, i64 0, i32 1 %9 = load %struct.intel_uncore.426297*, %struct.intel_uncore.426297** %8, align 8 tail call void bitcast (void (%struct.intel_uncore.422493*)* @intel_uncore_forcewake_user_put to void (%struct.intel_uncore.426297*)*)(%struct.intel_uncore.426297* %9) #83 br label %10 %11 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %0, i64 0, i32 8 %12 = tail call i32 @__SCT__might_resched() #83 %13 = getelementptr inbounds %struct.intel_wakeref, %struct.intel_wakeref* %11, i64 0, i32 0, i32 0 %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 1 br i1 %15, label %26, label %16, !prof !4, !misexpect !5 %17 = phi i32 [ %24, %23 ], [ %14, %10 ] %18 = add i32 %17, -1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %13, i32 %18, i32* %13, i32 %17) #6, !srcloc !6 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %27, !prof !4, !misexpect !5 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 1 br i1 %25, label %26, label %16, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.intel_wakeref.422513*, i64)* @__intel_wakeref_put_last to void (%struct.intel_wakeref*, i64)*)(%struct.intel_wakeref* %11, i64 0) #83 Function:__intel_wakeref_put_last %3 = and i64 %1, 1 %4 = icmp eq i64 %3, 0 br i1 %4, label %5, label %9 %6 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 1 %7 = tail call i32 @mutex_trylock(%struct.mutex* %6) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 0, i32 0 %16 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32* %15) #6, !srcloc !4 %17 = and i8 %16, 1 %18 = icmp eq i8 %17, 0 br i1 %18, label %32, label %19, !prof !5, !misexpect !6 %20 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 4 %21 = load %struct.intel_wakeref_ops.422508*, %struct.intel_wakeref_ops.422508** %20, align 8 %22 = getelementptr inbounds %struct.intel_wakeref_ops.422508, %struct.intel_wakeref_ops.422508* %21, i64 0, i32 1 %23 = bitcast {}** %22 to i32 (%struct.intel_wakeref.422513*)** %24 = load i32 (%struct.intel_wakeref.422513*)*, i32 (%struct.intel_wakeref.422513*)** %23, align 8 %25 = tail call i32 %24(%struct.intel_wakeref.422513* %0) #83 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %32, !prof !7, !misexpect !8 %28 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 2 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 3 %30 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %29, align 8 tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %30) #83 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #83 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.40501, i64 0, i64 0)) #83 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.40502, i64 0, i64 0), i32 97, i32 2313, i64 12) #6, !srcloc !7 tail call void asm sideeffect "381:\0A\09.pushsection .discard.reachable\0A\09.long 381b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.40503, i64 0, i64 0)) #83 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.40502, i64 0, i64 0), i32 105, i32 2313, i64 12) #6, !srcloc !9 tail call void asm sideeffect "382:\0A\09.pushsection .discard.reachable\0A\09.long 382b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.40506, i64 0, i64 0)) #83 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.40502, i64 0, i64 0), i32 113, i32 2313, i64 12) #6, !srcloc !11 tail call void asm sideeffect "383:\0A\09.pushsection .discard.reachable\0A\09.long 383b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !13 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !14 %39 = tail call i64 @ktime_get_mono_fast_ns() #83 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #83 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %20 = tail call i32 @__SCT__might_resched() #84 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_suspend 1 __intel_runtime_pm_put 2 intel_runtime_pm_put_unchecked 3 __intel_wakeref_put_last 4 forcewake_user_release ------------- Path:  Function:forcewake_user_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.intel_gt.426438** %5 = load %struct.intel_gt.426438*, %struct.intel_gt.426438** %4, align 8 %6 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %5, i64 0, i32 0 %7 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %6, align 8 %8 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %7, i64 0, i32 3, i32 0 %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 5 br i1 %10, label %11, label %14 %12 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %5, i64 0, i32 1 %13 = load %struct.intel_uncore.426297*, %struct.intel_uncore.426297** %12, align 8 tail call void bitcast (void (%struct.intel_uncore.422493*)* @intel_uncore_forcewake_user_put to void (%struct.intel_uncore.426297*)*)(%struct.intel_uncore.426297* %13) #83 br label %14 %15 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %5, i64 0, i32 8 %16 = tail call i32 @__SCT__might_resched() #83 %17 = getelementptr inbounds %struct.intel_wakeref, %struct.intel_wakeref* %15, i64 0, i32 0, i32 0 %18 = load volatile i32, i32* %17, align 4 %19 = icmp eq i32 %18, 1 br i1 %19, label %30, label %20, !prof !4, !misexpect !5 %21 = phi i32 [ %28, %27 ], [ %18, %14 ] %22 = add i32 %21, -1 %23 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 %22, i32* %17, i32 %21) #6, !srcloc !6 %24 = extractvalue { i8, i32 } %23, 0 %25 = and i8 %24, 1 %26 = icmp eq i8 %25, 0 br i1 %26, label %27, label %31, !prof !4, !misexpect !5 %28 = extractvalue { i8, i32 } %23, 1 %29 = icmp eq i32 %28, 1 br i1 %29, label %30, label %20, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.intel_wakeref.422513*, i64)* @__intel_wakeref_put_last to void (%struct.intel_wakeref*, i64)*)(%struct.intel_wakeref* %15, i64 0) #83 Function:__intel_wakeref_put_last %3 = and i64 %1, 1 %4 = icmp eq i64 %3, 0 br i1 %4, label %5, label %9 %6 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 1 %7 = tail call i32 @mutex_trylock(%struct.mutex* %6) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %15 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 0, i32 0 %16 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32* %15) #6, !srcloc !4 %17 = and i8 %16, 1 %18 = icmp eq i8 %17, 0 br i1 %18, label %32, label %19, !prof !5, !misexpect !6 %20 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 4 %21 = load %struct.intel_wakeref_ops.422508*, %struct.intel_wakeref_ops.422508** %20, align 8 %22 = getelementptr inbounds %struct.intel_wakeref_ops.422508, %struct.intel_wakeref_ops.422508* %21, i64 0, i32 1 %23 = bitcast {}** %22 to i32 (%struct.intel_wakeref.422513*)** %24 = load i32 (%struct.intel_wakeref.422513*)*, i32 (%struct.intel_wakeref.422513*)** %23, align 8 %25 = tail call i32 %24(%struct.intel_wakeref.422513* %0) #83 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %32, !prof !7, !misexpect !8 %28 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 2 store i32 0, i32* %28, align 8 %29 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 3 %30 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %29, align 8 tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %30) #83 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #83 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.40501, i64 0, i64 0)) #83 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.40502, i64 0, i64 0), i32 97, i32 2313, i64 12) #6, !srcloc !7 tail call void asm sideeffect "381:\0A\09.pushsection .discard.reachable\0A\09.long 381b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.40503, i64 0, i64 0)) #83 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.40502, i64 0, i64 0), i32 105, i32 2313, i64 12) #6, !srcloc !9 tail call void asm sideeffect "382:\0A\09.pushsection .discard.reachable\0A\09.long 382b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.40506, i64 0, i64 0)) #83 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.40502, i64 0, i64 0), i32 113, i32 2313, i64 12) #6, !srcloc !11 tail call void asm sideeffect "383:\0A\09.pushsection .discard.reachable\0A\09.long 383b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !13 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !14 %39 = tail call i64 @ktime_get_mono_fast_ns() #83 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #83 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %20 = tail call i32 @__SCT__might_resched() #84 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_object_wait 1 i915_gem_wait_ioctl ------------- Path:  Function:i915_gem_wait_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %85 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 8 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file.490674, %struct.drm_file.490674* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.490854* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = tail call i64 @ktime_get() #83 %42 = getelementptr inbounds i8, i8* %1, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %53, label %46 %54 = phi i64 [ %52, %48 ], [ 9223372036854775807, %40 ], [ 0, %46 ] %55 = tail call i32 @i915_gem_object_wait(%struct.drm_i915_gem_object.490854* nonnull %14, i32 7, i64 %54) #84 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_object_wait 1 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %396, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %396, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %396, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %385 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %385, label %75 %76 = getelementptr inbounds i8, i8* %36, i64 584 %77 = bitcast i8* %76 to i64* %78 = load i64, i64* %77, align 8 %79 = and i64 %78, 64 %80 = icmp eq i64 %79, 0 br i1 %80, label %81, label %385 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pwrite to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pwrite_ioctl, %82)) #6 to label %102 [label %82], !srcloc !10 %103 = getelementptr inbounds i8, i8* %36, i64 440 %104 = bitcast i8* %103 to %struct.drm_i915_gem_object_ops.436016** %105 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %104, align 8 %106 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %105, i64 0, i32 6 %107 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %106, align 8 %108 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %107, null br i1 %108, label %112, label %109 %113 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 5, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_object_wait 1 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %331, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %331, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %331, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %320 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %320, label %75 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pread to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pread_ioctl, %76)) #6 to label %96 [label %76], !srcloc !10 %97 = getelementptr inbounds i8, i8* %36, i64 440 %98 = bitcast i8* %97 to %struct.drm_i915_gem_object_ops.436016** %99 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %98, align 8 %100 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %99, i64 0, i32 5 %101 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %100, align 8 %102 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %101, null br i1 %102, label %106, label %103 %107 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 1, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_flush_free_objects 1 __i915_gem_object_create_user_ext 2 i915_gem_create_ext_ioctl ------------- Path:  Function:i915_gem_create_ext_ioctl %4 = alloca %struct.create_ext.473307, align 8 %5 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.473291* %6 = bitcast %struct.create_ext.473307* %4 to i8* %7 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 1 %8 = bitcast [4 x %struct.intel_memory_region.473294*]* %7 to i8* %9 = bitcast %struct.create_ext.473307* %4 to %struct.drm_device.373290** store %struct.drm_device.373290* %0, %struct.drm_device.373290** %9, align 8 %10 = getelementptr inbounds i8, i8* %1, i64 12 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %61 %15 = getelementptr inbounds i8, i8* %1, i64 16 %16 = bitcast i8* %15 to %struct.i915_user_extension** %17 = load %struct.i915_user_extension*, %struct.i915_user_extension** %16, align 8 %18 = call i32 @i915_user_extensions(%struct.i915_user_extension* %17, i32 (%struct.i915_user_extension*, i8*)** getelementptr inbounds ([2 x i32 (%struct.i915_user_extension*, i8*)*], [2 x i32 (%struct.i915_user_extension*, i8*)*]* @create_extensions.42261, i64 0, i64 0), i32 2, i8* nonnull %6) #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %61 %21 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %27 %28 = phi i32 [ %22, %20 ], [ 1, %24 ] %29 = bitcast i8* %1 to i64* %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 1, i64 0 %32 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 3 %33 = load i64, i64* %32, align 8 %34 = trunc i64 %33 to i32 %35 = call fastcc %struct.drm_i915_gem_object.473306* @__i915_gem_object_create_user_ext(%struct.drm_i915_private.473291* %5, i64 %30, %struct.intel_memory_region.473294** %31, i32 %28, i32 %34) #84 Function:__i915_gem_object_create_user_ext %6 = bitcast %struct.intel_memory_region.473294** %2 to i8* %7 = load %struct.intel_memory_region.473294*, %struct.intel_memory_region.473294** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.436298*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.473291*)*)(%struct.drm_i915_private.473291* %0) #83 Function:i915_gem_flush_free_objects %2 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %0, i64 0, i32 68, i32 6, i32 0 %3 = tail call %struct.llist_node* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.llist_node** %2, %struct.llist_node* null, %struct.llist_node** %2) #6, !srcloc !4 %4 = icmp eq %struct.llist_node* %3, null br i1 %4, label %29, label %5, !prof !5, !misexpect !6 %6 = getelementptr %struct.llist_node, %struct.llist_node* %3, i64 -66 %7 = icmp eq %struct.llist_node* %6, inttoptr (i64 -528 to %struct.llist_node*) br i1 %7, label %29, label %8 %9 = bitcast %struct.llist_node* %6 to %struct.drm_i915_gem_object.436033* br label %10 %11 = phi %struct.drm_i915_gem_object.436033* [ %16, %27 ], [ %9, %8 ] %12 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 7 %13 = bitcast %union.anon.26* %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 -528 %16 = bitcast i8* %15 to %struct.drm_i915_gem_object.436033* %17 = tail call i32 @__SCT__might_resched() #83 tail call void @__i915_gem_object_pages_fini(%struct.drm_i915_gem_object.436033* %11) #83 tail call void @__i915_gem_free_object(%struct.drm_i915_gem_object.436033* %11) #83 %25 = getelementptr %union.anon.26, %union.anon.26* %12, i64 0, i32 0 tail call void @call_rcu(%struct.callback_head* %25, void (%struct.callback_head*)* nonnull @__i915_gem_free_object_rcu) #83 %26 = tail call i32 @__SCT__cond_resched() #83 br label %27 %28 = icmp eq i8* %15, inttoptr (i64 -528 to i8*) br i1 %28, label %29, label %10 %11 = phi %struct.drm_i915_gem_object.436033* [ %16, %27 ], [ %9, %8 ] %12 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 7 %13 = bitcast %union.anon.26* %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 -528 %16 = bitcast i8* %15 to %struct.drm_i915_gem_object.436033* %17 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_flush_free_objects 1 __i915_gem_object_create_user_ext 2 i915_gem_create_ioctl ------------- Path:  Function:i915_gem_create_ioctl %4 = alloca %struct.intel_memory_region.473294*, align 8 %5 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.473291* %6 = bitcast %struct.intel_memory_region.473294** %4 to i8* %7 = tail call %struct.intel_memory_region.473294* bitcast (%struct.intel_memory_region.415924* (%struct.drm_i915_private.415921*, i32)* @intel_memory_region_by_type to %struct.intel_memory_region.473294* (%struct.drm_i915_private.473291*, i32)*)(%struct.drm_i915_private.473291* %5, i32 0) #83 store %struct.intel_memory_region.473294* %7, %struct.intel_memory_region.473294** %4, align 8 %8 = bitcast i8* %1 to i64* %9 = load i64, i64* %8, align 8 %10 = call fastcc %struct.drm_i915_gem_object.473306* @__i915_gem_object_create_user_ext(%struct.drm_i915_private.473291* %5, i64 %9, %struct.intel_memory_region.473294** nonnull %4, i32 1, i32 0) #83 Function:__i915_gem_object_create_user_ext %6 = bitcast %struct.intel_memory_region.473294** %2 to i8* %7 = load %struct.intel_memory_region.473294*, %struct.intel_memory_region.473294** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.436298*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.473291*)*)(%struct.drm_i915_private.473291* %0) #83 Function:i915_gem_flush_free_objects %2 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %0, i64 0, i32 68, i32 6, i32 0 %3 = tail call %struct.llist_node* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.llist_node** %2, %struct.llist_node* null, %struct.llist_node** %2) #6, !srcloc !4 %4 = icmp eq %struct.llist_node* %3, null br i1 %4, label %29, label %5, !prof !5, !misexpect !6 %6 = getelementptr %struct.llist_node, %struct.llist_node* %3, i64 -66 %7 = icmp eq %struct.llist_node* %6, inttoptr (i64 -528 to %struct.llist_node*) br i1 %7, label %29, label %8 %9 = bitcast %struct.llist_node* %6 to %struct.drm_i915_gem_object.436033* br label %10 %11 = phi %struct.drm_i915_gem_object.436033* [ %16, %27 ], [ %9, %8 ] %12 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 7 %13 = bitcast %union.anon.26* %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 -528 %16 = bitcast i8* %15 to %struct.drm_i915_gem_object.436033* %17 = tail call i32 @__SCT__might_resched() #83 tail call void @__i915_gem_object_pages_fini(%struct.drm_i915_gem_object.436033* %11) #83 tail call void @__i915_gem_free_object(%struct.drm_i915_gem_object.436033* %11) #83 %25 = getelementptr %union.anon.26, %union.anon.26* %12, i64 0, i32 0 tail call void @call_rcu(%struct.callback_head* %25, void (%struct.callback_head*)* nonnull @__i915_gem_free_object_rcu) #83 %26 = tail call i32 @__SCT__cond_resched() #83 br label %27 %28 = icmp eq i8* %15, inttoptr (i64 -528 to i8*) br i1 %28, label %29, label %10 %11 = phi %struct.drm_i915_gem_object.436033* [ %16, %27 ], [ %9, %8 ] %12 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 7 %13 = bitcast %union.anon.26* %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 -528 %16 = bitcast i8* %15 to %struct.drm_i915_gem_object.436033* %17 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 intel_gt_terminally_wedged 1 i915_gem_throttle_ioctl ------------- Path:  Function:i915_gem_throttle_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.i915_gem_engines_iter, align 8 %6 = load volatile i64, i64* @jiffies, align 64 %7 = add i64 %6, -20 %8 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 19 %9 = bitcast i8** %8 to %struct.drm_i915_file_private.436064** %10 = load %struct.drm_i915_file_private.436064*, %struct.drm_i915_file_private.436064** %9, align 8 %11 = bitcast i64* %4 to i8* %12 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 66 %13 = bitcast %struct.drm_property.373206** %12 to %struct.intel_gt.436116* %14 = tail call i32 @intel_gt_terminally_wedged(%struct.intel_gt.436116* %13) #83 Function:intel_gt_terminally_wedged %2 = alloca %struct.wait_queue_entry, align 8 %3 = tail call i32 @__SCT__might_resched() #83 %4 = getelementptr inbounds %struct.intel_gt.436116, %struct.intel_gt.436116* %0, i64 0, i32 13, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %7, label %43 %8 = load volatile i64, i64* %4, align 8 %9 = and i64 %8, 2305843009213693952 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %43 %12 = load volatile i64, i64* %4, align 8 %13 = and i64 %12, 4611686018427387904 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 intel_gt_terminally_wedged 1 i915_gem_context_create_ioctl ------------- Path:  Function:i915_gem_context_create_ioctl %4 = alloca %struct.create_ext, align 8 %5 = alloca i32, align 4 %6 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.436298* %7 = bitcast %struct.create_ext* %4 to i8* %8 = bitcast i32* %5 to i8* %9 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 25 %10 = bitcast %struct.spinlock* %9 to i8* %11 = load i8, i8* %10, align 4 %12 = and i8 %11, 1 %13 = icmp eq i8 %12, 0 br i1 %13, label %161, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 4 %16 = bitcast i8* %15 to i32* %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 4 br i1 %18, label %19, label %161 %20 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 66 %21 = bitcast %struct.drm_property.373206** %20 to %struct.intel_gt.436116* %22 = tail call i32 @intel_gt_terminally_wedged(%struct.intel_gt.436116* %21) #83 Function:intel_gt_terminally_wedged %2 = alloca %struct.wait_queue_entry, align 8 %3 = tail call i32 @__SCT__might_resched() #83 %4 = getelementptr inbounds %struct.intel_gt.436116, %struct.intel_gt.436116* %0, i64 0, i32 13, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %7, label %43 %8 = load volatile i64, i64* %4, align 8 %9 = and i64 %8, 2305843009213693952 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %43 %12 = load volatile i64, i64* %4, align 8 %13 = and i64 %12, 4611686018427387904 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 intel_gt_terminally_wedged 1 i915_gem_throttle_ioctl ------------- Path:  Function:i915_gem_throttle_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.i915_gem_engines_iter, align 8 %6 = load volatile i64, i64* @jiffies, align 64 %7 = add i64 %6, -20 %8 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 19 %9 = bitcast i8** %8 to %struct.drm_i915_file_private.436064** %10 = load %struct.drm_i915_file_private.436064*, %struct.drm_i915_file_private.436064** %9, align 8 %11 = bitcast i64* %4 to i8* %12 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 66 %13 = bitcast %struct.drm_property.373206** %12 to %struct.intel_gt.436116* %14 = tail call i32 @intel_gt_terminally_wedged(%struct.intel_gt.436116* %13) #83 Function:intel_gt_terminally_wedged %2 = alloca %struct.wait_queue_entry, align 8 %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 intel_gt_terminally_wedged 1 i915_gem_context_create_ioctl ------------- Path:  Function:i915_gem_context_create_ioctl %4 = alloca %struct.create_ext, align 8 %5 = alloca i32, align 4 %6 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.436298* %7 = bitcast %struct.create_ext* %4 to i8* %8 = bitcast i32* %5 to i8* %9 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 25 %10 = bitcast %struct.spinlock* %9 to i8* %11 = load i8, i8* %10, align 4 %12 = and i8 %11, 1 %13 = icmp eq i8 %12, 0 br i1 %13, label %161, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 4 %16 = bitcast i8* %15 to i32* %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 4 br i1 %18, label %19, label %161 %20 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 66 %21 = bitcast %struct.drm_property.373206** %20 to %struct.intel_gt.436116* %22 = tail call i32 @intel_gt_terminally_wedged(%struct.intel_gt.436116* %21) #83 Function:intel_gt_terminally_wedged %2 = alloca %struct.wait_queue_entry, align 8 %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 forcewake_user_open ------------- Path:  Function:forcewake_user_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.intel_gt.426438** %5 = load %struct.intel_gt.426438*, %struct.intel_gt.426438** %4, align 8 %6 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %5, i64 0, i32 9, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %7 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %5, i64 0, i32 8 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 forcewake_user_release ------------- Path:  Function:forcewake_user_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.intel_gt.426438** %5 = load %struct.intel_gt.426438*, %struct.intel_gt.426438** %4, align 8 %6 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %5, i64 0, i32 0 %7 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %6, align 8 %8 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %7, i64 0, i32 3, i32 0 %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 5 br i1 %10, label %11, label %14 %12 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %5, i64 0, i32 1 %13 = load %struct.intel_uncore.426297*, %struct.intel_uncore.426297** %12, align 8 tail call void bitcast (void (%struct.intel_uncore.422493*)* @intel_uncore_forcewake_user_put to void (%struct.intel_uncore.426297*)*)(%struct.intel_uncore.426297* %13) #83 br label %14 %15 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %5, i64 0, i32 8 %16 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 intel_gt_pm_debugfs_forcewake_user_release 1 i915_forcewake_release ------------- Path:  Function:i915_forcewake_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.426623** %5 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %5, i64 0, i32 108 %7 = tail call i32 @intel_gt_pm_debugfs_forcewake_user_release(%struct.intel_gt.426438* %6) #83 Function:intel_gt_pm_debugfs_forcewake_user_release %2 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %0, i64 0, i32 0 %3 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %2, align 8 %4 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %3, i64 0, i32 3, i32 0 %5 = load i8, i8* %4, align 8 %6 = icmp ugt i8 %5, 5 br i1 %6, label %7, label %10 %8 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %0, i64 0, i32 1 %9 = load %struct.intel_uncore.426297*, %struct.intel_uncore.426297** %8, align 8 tail call void bitcast (void (%struct.intel_uncore.422493*)* @intel_uncore_forcewake_user_put to void (%struct.intel_uncore.426297*)*)(%struct.intel_uncore.426297* %9) #83 br label %10 %11 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %0, i64 0, i32 8 %12 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 intel_gt_pm_debugfs_forcewake_user_open 1 i915_forcewake_open ------------- Path:  Function:i915_forcewake_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.426623** %5 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %5, i64 0, i32 108 %7 = tail call i32 @intel_gt_pm_debugfs_forcewake_user_open(%struct.intel_gt.426438* %6) #83 Function:intel_gt_pm_debugfs_forcewake_user_open %2 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %0, i64 0, i32 9, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32* %2) #6, !srcloc !4 %3 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %0, i64 0, i32 8 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 intel_engine_set_heartbeat 1 heartbeat_store ------------- Path:  Function:heartbeat_store %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %7 = bitcast %struct.kobject* %6 to %struct.intel_engine_cs.412371** %8 = load %struct.intel_engine_cs.412371*, %struct.intel_engine_cs.412371** %7, align 8 %9 = bitcast i64* %5 to i8* %10 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = load i64, i64* %5, align 8 %16 = call i32 @jiffies_to_msecs(i64 9223372036854775807) #83 %17 = zext i32 %16 to i64 %18 = icmp ult i64 %15, %17 br i1 %18, label %19, label %25 %20 = load i64, i64* %5, align 8 %21 = call i32 bitcast (i32 (%struct.intel_engine_cs.440133*, i64)* @intel_engine_set_heartbeat to i32 (%struct.intel_engine_cs.412371*, i64)*)(%struct.intel_engine_cs.412371* %8, i64 %20) #83 Function:intel_engine_set_heartbeat %3 = alloca %struct.kuid_t, align 4 %4 = getelementptr inbounds %struct.intel_engine_cs.440133, %struct.intel_engine_cs.440133* %0, i64 0, i32 25 %5 = load %struct.intel_context.439902*, %struct.intel_context.439902** %4, align 8 %6 = icmp eq i64 %1, 0 br i1 %6, label %7, label %12 %8 = getelementptr inbounds %struct.intel_engine_cs.440133, %struct.intel_engine_cs.440133* %0, i64 0, i32 69 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %175, label %12 %13 = getelementptr inbounds %struct.intel_engine_cs.440133, %struct.intel_engine_cs.440133* %0, i64 0, i32 31 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_random_bytes 1 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = inttoptr i64 %4 to i8* %11 = trunc i64 %9 to i32 %12 = icmp ugt i32 %11, 7 %13 = and i32 %11, 6 %14 = icmp eq i32 %13, 6 %15 = or i1 %12, %14 br i1 %15, label %34, label %16 %17 = icmp ult i64 %7, 2147483647 %18 = select i1 %17, i64 %7, i64 2147483647 %19 = and i32 %11, 4 %20 = icmp ne i32 %19, 0 %21 = load i32, i32* @crng_init, align 4 %22 = icmp sgt i32 %21, 1 %23 = or i1 %20, %22 br i1 %23, label %32, label %24, !prof !4 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %34 %28 = tail call i32 @wait_for_random_bytes() #83 Function:wait_for_random_bytes %1 = alloca %struct.anon.115.363313, align 8 %2 = alloca %struct.wait_queue_entry, align 8 %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %79, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.wait_queue_entry* %2 to i8* %7 = bitcast %struct.anon.115.363313* %1 to i8* %8 = getelementptr inbounds %struct.anon.115.363313, %struct.anon.115.363313* %1, i64 0, i32 0 %9 = getelementptr inbounds %struct.anon.115.363313, %struct.anon.115.363313* %1, i64 0, i32 1 %10 = getelementptr inbounds %struct.anon.115.363313, %struct.anon.115.363313* %1, i64 0, i32 1, i32 0, i32 1 br label %11 %12 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_random_bytes 1 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %8 to i32 %10 = icmp ugt i32 %9, 7 %11 = and i32 %9, 6 %12 = icmp eq i32 %11, 6 %13 = or i1 %10, %12 br i1 %13, label %32, label %14 %15 = icmp ult i64 %6, 2147483647 %16 = select i1 %15, i64 %6, i64 2147483647 %17 = and i32 %9, 4 %18 = icmp ne i32 %17, 0 %19 = load i32, i32* @crng_init, align 4 %20 = icmp sgt i32 %19, 1 %21 = or i1 %18, %20 br i1 %21, label %30, label %22, !prof !4 %23 = and i32 %9, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %32 %26 = tail call i32 @wait_for_random_bytes() #83 Function:wait_for_random_bytes %1 = alloca %struct.anon.115.363313, align 8 %2 = alloca %struct.wait_queue_entry, align 8 %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %79, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.wait_queue_entry* %2 to i8* %7 = bitcast %struct.anon.115.363313* %1 to i8* %8 = getelementptr inbounds %struct.anon.115.363313, %struct.anon.115.363313* %1, i64 0, i32 0 %9 = getelementptr inbounds %struct.anon.115.363313, %struct.anon.115.363313* %1, i64 0, i32 1 %10 = getelementptr inbounds %struct.anon.115.363313, %struct.anon.115.363313* %1, i64 0, i32 1, i32 0, i32 1 br label %11 %12 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_random_bytes 1 random_read ------------- Path:  Function:random_read %5 = tail call i32 @wait_for_random_bytes() #83 Function:wait_for_random_bytes %1 = alloca %struct.anon.115.363313, align 8 %2 = alloca %struct.wait_queue_entry, align 8 %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %79, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.wait_queue_entry* %2 to i8* %7 = bitcast %struct.anon.115.363313* %1 to i8* %8 = getelementptr inbounds %struct.anon.115.363313, %struct.anon.115.363313* %1, i64 0, i32 0 %9 = getelementptr inbounds %struct.anon.115.363313, %struct.anon.115.363313* %1, i64 0, i32 1 %10 = getelementptr inbounds %struct.anon.115.363313, %struct.anon.115.363313* %1, i64 0, i32 1, i32 0, i32 1 br label %11 %12 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ldsem_down_read 1 tty_ldisc_ref_wait 2 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %20 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %21 = load %struct.inode*, %struct.inode** %20, align 8 %22 = icmp eq %struct.tty_struct* %13, null br i1 %22, label %23, label %29 %30 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %13, i64 0, i32 0 %31 = load i32, i32* %30, align 8 %32 = icmp eq i32 %31, 21505 br i1 %32, label %39, label %33 switch i32 %1, label %119 [ i32 21535, label %40 i32 21534, label %86 ] %120 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %13, i64 0, i32 4 %121 = load %struct.tty_operations*, %struct.tty_operations** %120, align 8 %122 = getelementptr inbounds %struct.tty_operations, %struct.tty_operations* %121, i64 0, i32 13 %123 = load i64 (%struct.tty_struct*, i32, i64)*, i64 (%struct.tty_struct*, i32, i64)** %122, align 8 %124 = icmp eq i64 (%struct.tty_struct*, i32, i64)* %123, null br i1 %124, label %132, label %125 %126 = tail call i64 %123(%struct.tty_struct* nonnull %13, i32 %1, i64 %2) #85 %127 = trunc i64 %126 to i32 %128 = icmp eq i32 %127, -515 br i1 %128, label %132, label %129 %133 = tail call %struct.tty_ldisc* bitcast (%struct.tty_ldisc.350998* (%struct.tty_struct.351000*)* @tty_ldisc_ref_wait to %struct.tty_ldisc* (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %13) #85 Function:tty_ldisc_ref_wait %2 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 6 %3 = tail call i32 @ldsem_down_read(%struct.ld_semaphore* %2, i64 9223372036854775807) #83 Function:ldsem_down_read %3 = alloca %struct.ldsem_waiter, align 8 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ldsem_down_read 1 tty_ldisc_ref_wait 2 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %20 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %21 = load %struct.inode*, %struct.inode** %20, align 8 %22 = icmp eq %struct.tty_struct* %13, null br i1 %22, label %23, label %29 %30 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %13, i64 0, i32 0 %31 = load i32, i32* %30, align 8 %32 = icmp eq i32 %31, 21505 br i1 %32, label %39, label %33 switch i32 %1, label %119 [ i32 21535, label %40 i32 21534, label %86 ] %120 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %13, i64 0, i32 4 %121 = load %struct.tty_operations*, %struct.tty_operations** %120, align 8 %122 = getelementptr inbounds %struct.tty_operations, %struct.tty_operations* %121, i64 0, i32 13 %123 = load i64 (%struct.tty_struct*, i32, i64)*, i64 (%struct.tty_struct*, i32, i64)** %122, align 8 %124 = icmp eq i64 (%struct.tty_struct*, i32, i64)* %123, null br i1 %124, label %132, label %125 %126 = tail call i64 %123(%struct.tty_struct* nonnull %13, i32 %1, i64 %2) #85 %127 = trunc i64 %126 to i32 %128 = icmp eq i32 %127, -515 br i1 %128, label %132, label %129 %133 = tail call %struct.tty_ldisc* bitcast (%struct.tty_ldisc.350998* (%struct.tty_struct.351000*)* @tty_ldisc_ref_wait to %struct.tty_ldisc* (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %13) #85 Function:tty_ldisc_ref_wait %2 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 6 %3 = tail call i32 @ldsem_down_read(%struct.ld_semaphore* %2, i64 9223372036854775807) #83 Function:ldsem_down_read %3 = alloca %struct.ldsem_waiter, align 8 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ldsem_down_read 1 tty_ldisc_ref_wait 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 %405 = trunc i64 %404 to i32 %406 = icmp eq i32 %405, -515 br i1 %406, label %410, label %407 %411 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 4 %412 = load %struct.tty_operations*, %struct.tty_operations** %411, align 8 %413 = getelementptr inbounds %struct.tty_operations, %struct.tty_operations* %412, i64 0, i32 12 %414 = load i32 (%struct.tty_struct*, i32, i64)*, i32 (%struct.tty_struct*, i32, i64)** %413, align 8 %415 = icmp eq i32 (%struct.tty_struct*, i32, i64)* %414, null br i1 %415, label %421, label %416 %417 = tail call i32 %414(%struct.tty_struct* nonnull %15, i32 %1, i64 %2) #84 %418 = icmp eq i32 %417, -515 br i1 %418, label %421, label %419 %422 = tail call %struct.tty_ldisc* bitcast (%struct.tty_ldisc.350998* (%struct.tty_struct.351000*)* @tty_ldisc_ref_wait to %struct.tty_ldisc* (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %15) #84 Function:tty_ldisc_ref_wait %2 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 6 %3 = tail call i32 @ldsem_down_read(%struct.ld_semaphore* %2, i64 9223372036854775807) #83 Function:ldsem_down_read %3 = alloca %struct.ldsem_waiter, align 8 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ldsem_down_read 1 tty_ldisc_ref_wait 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.353794*, %struct.tty_struct.353794*, %struct.file.353711*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #84 %405 = trunc i64 %404 to i32 %406 = icmp eq i32 %405, -515 br i1 %406, label %410, label %407 %411 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 4 %412 = load %struct.tty_operations*, %struct.tty_operations** %411, align 8 %413 = getelementptr inbounds %struct.tty_operations, %struct.tty_operations* %412, i64 0, i32 12 %414 = load i32 (%struct.tty_struct*, i32, i64)*, i32 (%struct.tty_struct*, i32, i64)** %413, align 8 %415 = icmp eq i32 (%struct.tty_struct*, i32, i64)* %414, null br i1 %415, label %421, label %416 %417 = tail call i32 %414(%struct.tty_struct* nonnull %15, i32 %1, i64 %2) #84 %418 = icmp eq i32 %417, -515 br i1 %418, label %421, label %419 %422 = tail call %struct.tty_ldisc* bitcast (%struct.tty_ldisc.350998* (%struct.tty_struct.351000*)* @tty_ldisc_ref_wait to %struct.tty_ldisc* (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %15) #84 Function:tty_ldisc_ref_wait %2 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 6 %3 = tail call i32 @ldsem_down_read(%struct.ld_semaphore* %2, i64 9223372036854775807) #83 Function:ldsem_down_read %3 = alloca %struct.ldsem_waiter, align 8 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ldsem_down_read 1 tty_ldisc_ref_wait 2 tty_poll ------------- Path:  Function:tty_poll %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = icmp eq %struct.tty_struct* %7, null br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %19 = load i32, i32* %18, align 8 %20 = icmp eq i32 %19, 21505 br i1 %20, label %27, label %21 %28 = tail call %struct.tty_ldisc* bitcast (%struct.tty_ldisc.350998* (%struct.tty_struct.351000*)* @tty_ldisc_ref_wait to %struct.tty_ldisc* (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #84 Function:tty_ldisc_ref_wait %2 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 6 %3 = tail call i32 @ldsem_down_read(%struct.ld_semaphore* %2, i64 9223372036854775807) #83 Function:ldsem_down_read %3 = alloca %struct.ldsem_waiter, align 8 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ldsem_down_read 1 tty_ldisc_ref_wait 2 tty_poll ------------- Path:  Function:tty_poll %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = icmp eq %struct.tty_struct* %7, null br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %19 = load i32, i32* %18, align 8 %20 = icmp eq i32 %19, 21505 br i1 %20, label %27, label %21 %28 = tail call %struct.tty_ldisc* bitcast (%struct.tty_ldisc.350998* (%struct.tty_struct.351000*)* @tty_ldisc_ref_wait to %struct.tty_ldisc* (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #84 Function:tty_ldisc_ref_wait %2 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 6 %3 = tail call i32 @ldsem_down_read(%struct.ld_semaphore* %2, i64 9223372036854775807) #83 Function:ldsem_down_read %3 = alloca %struct.ldsem_waiter, align 8 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ldsem_down_read 1 tty_ldisc_ref_wait 2 tty_read ------------- Path:  Function:tty_read %3 = alloca i8*, align 8 %4 = alloca [64 x i8], align 16 %5 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %6 = load %struct.file*, %struct.file** %5, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %6, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %6, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 %14 = icmp eq %struct.tty_struct* %13, null br i1 %14, label %15, label %21 %22 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %13, i64 0, i32 0 %23 = load i32, i32* %22, align 8 %24 = icmp eq i32 %23, 21505 br i1 %24, label %31, label %25 %32 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %13, i64 0, i32 16 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 2 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %109 %37 = tail call %struct.tty_ldisc* bitcast (%struct.tty_ldisc.350998* (%struct.tty_struct.351000*)* @tty_ldisc_ref_wait to %struct.tty_ldisc* (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %13) #84 Function:tty_ldisc_ref_wait %2 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 6 %3 = tail call i32 @ldsem_down_read(%struct.ld_semaphore* %2, i64 9223372036854775807) #83 Function:ldsem_down_read %3 = alloca %struct.ldsem_waiter, align 8 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ldsem_down_read 1 tty_ldisc_ref_wait 2 tty_read ------------- Path:  Function:tty_read %3 = alloca i8*, align 8 %4 = alloca [64 x i8], align 16 %5 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %6 = load %struct.file*, %struct.file** %5, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %6, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %6, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 %14 = icmp eq %struct.tty_struct* %13, null br i1 %14, label %15, label %21 %22 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %13, i64 0, i32 0 %23 = load i32, i32* %22, align 8 %24 = icmp eq i32 %23, 21505 br i1 %24, label %31, label %25 %32 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %13, i64 0, i32 16 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 2 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %109 %37 = tail call %struct.tty_ldisc* bitcast (%struct.tty_ldisc.350998* (%struct.tty_struct.351000*)* @tty_ldisc_ref_wait to %struct.tty_ldisc* (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %13) #84 Function:tty_ldisc_ref_wait %2 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 6 %3 = tail call i32 @ldsem_down_read(%struct.ld_semaphore* %2, i64 9223372036854775807) #83 Function:ldsem_down_read %3 = alloca %struct.ldsem_waiter, align 8 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ldsem_down_read 1 tty_ldisc_ref_wait 2 file_tty_write 3 redirected_tty_write ------------- Path:  Function:redirected_tty_write tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #83 %3 = load %struct.file*, %struct.file** @redirect, align 8 %4 = icmp eq %struct.file* %3, null br i1 %4, label %8, label %5 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #83 %9 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %10 = load %struct.file*, %struct.file** %9, align 8 %11 = tail call fastcc i64 @file_tty_write(%struct.file* %10, %struct.kiocb* %0, %struct.iov_iter* %1) #83 Function:file_tty_write %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct*, %struct.tty_struct** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq %struct.tty_struct* %8, null br i1 %11, label %12, label %18 %19 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %8, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 21505 br i1 %21, label %28, label %22 %29 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %8, i64 0, i32 4 %30 = load %struct.tty_operations*, %struct.tty_operations** %29, align 8 %31 = getelementptr inbounds %struct.tty_operations, %struct.tty_operations* %30, i64 0, i32 7 %32 = load i32 (%struct.tty_struct*, i8*, i32)*, i32 (%struct.tty_struct*, i8*, i32)** %31, align 8 %33 = icmp eq i32 (%struct.tty_struct*, i8*, i32)* %32, null br i1 %33, label %160, label %34 %35 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %8, i64 0, i32 16 %36 = load volatile i64, i64* %35, align 8 %37 = and i64 %36, 2 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %160 %40 = getelementptr inbounds %struct.tty_operations, %struct.tty_operations* %30, i64 0, i32 10 %41 = load i32 (%struct.tty_struct*)*, i32 (%struct.tty_struct*)** %40, align 8 %42 = icmp eq i32 (%struct.tty_struct*)* %41, null br i1 %42, label %43, label %54 %44 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %8, i64 0, i32 3 %45 = load %struct.tty_driver*, %struct.tty_driver** %44, align 8 %46 = icmp eq %struct.tty_driver* %45, null br i1 %46, label %50, label %47 %51 = phi i8* [ %49, %47 ], [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.1.35581, i64 0, i64 0), %43 ] %52 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %8, i64 0, i32 15, i64 0 %53 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.40.35587, i64 0, i64 0), i8* %51, i8* %52) #83 br label %54 %55 = tail call %struct.tty_ldisc* bitcast (%struct.tty_ldisc.350998* (%struct.tty_struct.351000*)* @tty_ldisc_ref_wait to %struct.tty_ldisc* (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %8) #84 Function:tty_ldisc_ref_wait %2 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 6 %3 = tail call i32 @ldsem_down_read(%struct.ld_semaphore* %2, i64 9223372036854775807) #83 Function:ldsem_down_read %3 = alloca %struct.ldsem_waiter, align 8 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ldsem_down_read 1 tty_ldisc_ref_wait 2 file_tty_write 3 tty_write ------------- Path:  Function:tty_write %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = tail call fastcc i64 @file_tty_write(%struct.file* %4, %struct.kiocb* %0, %struct.iov_iter* %1) #83 Function:file_tty_write %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct*, %struct.tty_struct** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq %struct.tty_struct* %8, null br i1 %11, label %12, label %18 %19 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %8, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 21505 br i1 %21, label %28, label %22 %29 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %8, i64 0, i32 4 %30 = load %struct.tty_operations*, %struct.tty_operations** %29, align 8 %31 = getelementptr inbounds %struct.tty_operations, %struct.tty_operations* %30, i64 0, i32 7 %32 = load i32 (%struct.tty_struct*, i8*, i32)*, i32 (%struct.tty_struct*, i8*, i32)** %31, align 8 %33 = icmp eq i32 (%struct.tty_struct*, i8*, i32)* %32, null br i1 %33, label %160, label %34 %35 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %8, i64 0, i32 16 %36 = load volatile i64, i64* %35, align 8 %37 = and i64 %36, 2 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %160 %40 = getelementptr inbounds %struct.tty_operations, %struct.tty_operations* %30, i64 0, i32 10 %41 = load i32 (%struct.tty_struct*)*, i32 (%struct.tty_struct*)** %40, align 8 %42 = icmp eq i32 (%struct.tty_struct*)* %41, null br i1 %42, label %43, label %54 %44 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %8, i64 0, i32 3 %45 = load %struct.tty_driver*, %struct.tty_driver** %44, align 8 %46 = icmp eq %struct.tty_driver* %45, null br i1 %46, label %50, label %47 %51 = phi i8* [ %49, %47 ], [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.1.35581, i64 0, i64 0), %43 ] %52 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %8, i64 0, i32 15, i64 0 %53 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.40.35587, i64 0, i64 0), i8* %51, i8* %52) #83 br label %54 %55 = tail call %struct.tty_ldisc* bitcast (%struct.tty_ldisc.350998* (%struct.tty_struct.351000*)* @tty_ldisc_ref_wait to %struct.tty_ldisc* (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %8) #84 Function:tty_ldisc_ref_wait %2 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 6 %3 = tail call i32 @ldsem_down_read(%struct.ld_semaphore* %2, i64 9223372036854775807) #83 Function:ldsem_down_read %3 = alloca %struct.ldsem_waiter, align 8 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 pci_init_reset_methods 1 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.313800* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.13.30582, i64 0, i64 0)) #83 br i1 %11, label %12, label %17 %18 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.80.30584, i64 0, i64 0)) #83 br i1 %18, label %19, label %20 tail call void @pci_init_reset_methods(%struct.pci_dev.313800* %8) #85 Function:pci_init_reset_methods %2 = alloca i16, align 2 %3 = alloca i8, align 1 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_try_issue_directly 1 blk_mq_submit_bio 2 __submit_bio 3 submit_bio_noacct 4 __blk_queue_split 5 blk_queue_split 6 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.688709*, align 8 store %struct.bio.688709* %0, %struct.bio.688709** %2, align 8 %3 = getelementptr inbounds %struct.bio.688709, %struct.bio.688709* %0, i64 0, i32 1 %4 = load %struct.block_device.688705*, %struct.block_device.688705** %3, align 8 %5 = getelementptr inbounds %struct.block_device.688705, %struct.block_device.688705* %4, i64 0, i32 17 %6 = load %struct.gendisk.688433*, %struct.gendisk.688433** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.688433, %struct.gendisk.688433* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 38 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #83 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = icmp eq i8* %13, null br i1 %15, label %16, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 1 %28 = icmp eq i64 %27, 0 %29 = getelementptr inbounds %struct.bio.688709, %struct.bio.688709* %0, i64 0, i32 2 %30 = load i32, i32* %29, align 8 br i1 %28, label %59, label %31, !prof !6, !misexpect !5 %60 = trunc i32 %30 to i8 switch i8 %60, label %63 [ i8 3, label %61 i8 5, label %61 i8 7, label %61 i8 9, label %61 ] call void bitcast (void (%struct.bio.289986**)* @blk_queue_split to void (%struct.bio.688709**)*)(%struct.bio.688709** nonnull %2) #83 Function:blk_queue_split %2 = alloca i32, align 4 %3 = load %struct.bio.289986*, %struct.bio.289986** %0, align 8 %4 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 1 %5 = load %struct.block_device.289982*, %struct.block_device.289982** %4, align 8 %6 = getelementptr inbounds %struct.block_device.289982, %struct.block_device.289982* %5, i64 0, i32 18 %7 = load %struct.request_queue.289873*, %struct.request_queue.289873** %6, align 8 %8 = bitcast i32* %2 to i8* %9 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i8 switch i8 %11, label %12 [ i8 3, label %29 i8 5, label %29 i8 9, label %29 i8 7, label %29 ] %13 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %7, i64 0, i32 32, i32 5 %14 = load i32, i32* %13, align 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %29 call void @__blk_queue_split(%struct.request_queue.289873* %7, %struct.bio.289986** %0, i32* nonnull %2) #83 Function:__blk_queue_split %4 = alloca %struct.bio_vec.289985, align 8 %5 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %6 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 2 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i8 switch i8 %8, label %80 [ i8 3, label %9 i8 5, label %9 i8 9, label %56 i8 7, label %68 ] %69 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 52 store i32 1, i32* %2, align 4 %70 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 32, i32 15 %71 = load i32, i32* %70, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %324, label %73 %74 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 8, i32 1 %75 = load i32, i32* %74, align 8 %76 = lshr i32 %75, 9 %77 = icmp ugt i32 %76, %71 br i1 %77, label %78, label %324 %79 = tail call %struct.bio.289986* @bio_split(%struct.bio.289986* %5, i32 %71, i32 3072, %struct.bio_set.289990* %69) #83 br label %290 %291 = phi %struct.bio.289986* [ %289, %288 ], [ %55, %38 ], [ %67, %66 ], [ %79, %78 ] %292 = icmp eq %struct.bio.289986* %291, null br i1 %292, label %324, label %293 %294 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %291, i64 0, i32 2 %295 = load i32, i32* %294, align 8 %296 = or i32 %295, 16384 store i32 %296, i32* %294, align 8 %297 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void @bio_chain(%struct.bio.289986* nonnull %291, %struct.bio.289986* %297) #83 %298 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %299 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %298, i64 0, i32 8, i32 0 %300 = load i64, i64* %299, align 8 %301 = trunc i64 %300 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %302)) #6 to label %322 [label %302], !srcloc !9 %323 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void bitcast (void (%struct.bio.290594*)* @submit_bio_noacct to void (%struct.bio.289986*)*)(%struct.bio.289986* %323) #83 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.290592], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.290793* %5 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %4, i64 0, i32 128 %6 = load %struct.bio_list.290592*, %struct.bio_list.290592** %5, align 16 %7 = icmp eq %struct.bio_list.290592* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %18 = load %struct.block_device.290586*, %struct.block_device.290586** %17, align 8 %19 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %18, i64 0, i32 17 %20 = load %struct.gendisk.290584*, %struct.gendisk.290584** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %22, i64 0, i32 0 %24 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %23, align 8 %25 = icmp eq void (%struct.bio.290594*)* %24, null %26 = bitcast [2 x %struct.bio_list.290592]* %2 to i8* br i1 %25, label %27, label %44 %45 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 0 %46 = load %struct.bio.290594*, %struct.bio.290594** %45, align 8 %47 = icmp eq %struct.bio.290594* %46, null br i1 %47, label %49, label %48, !prof !5, !misexpect !6 %50 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0 store %struct.bio_list.290592* %50, %struct.bio_list.290592** %5, align 16 %51 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1 %52 = bitcast %struct.bio_list.290592* %51 to i8* %53 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 0 %54 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 1 %55 = bitcast %struct.bio.290594** %54 to i64* %56 = getelementptr inbounds %struct.bio_list.290592, %struct.bio_list.290592* %51, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1, i32 1 %58 = bitcast %struct.bio.290594** %57 to i64* br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 %68 = phi %struct.bio.290594* [ %104, %99 ], [ %65, %59 ] %69 = phi i64 [ %103, %99 ], [ 0, %59 ] %70 = phi %struct.bio.290594* [ %102, %99 ], [ null, %59 ] %71 = phi i64 [ %101, %99 ], [ 0, %59 ] %72 = phi %struct.bio.290594* [ %100, %99 ], [ null, %59 ] %73 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 0 %74 = load %struct.bio.290594*, %struct.bio.290594** %73, align 8 store %struct.bio.290594* %74, %struct.bio.290594** %53, align 16 %75 = icmp eq %struct.bio.290594* %74, null br i1 %75, label %76, label %77 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %77 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 %78 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 1 %79 = load %struct.block_device.290586*, %struct.block_device.290586** %78, align 8 %80 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %79, i64 0, i32 18 %81 = load %struct.request_queue.290802*, %struct.request_queue.290802** %80, align 8 %82 = icmp eq %struct.request_queue.290802* %64, %81 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 br i1 %82, label %83, label %91 %92 = icmp eq i64 %71, 0 br i1 %92, label %96, label %93 %94 = inttoptr i64 %71 to %struct.bio.290594* %95 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %94, i64 0, i32 0 store %struct.bio.290594* %68, %struct.bio.290594** %95, align 8 br label %96 %97 = phi %struct.bio.290594* [ %72, %93 ], [ %68, %91 ] %98 = ptrtoint %struct.bio.290594* %68 to i64 br label %99 %100 = phi %struct.bio.290594* [ %72, %88 ], [ %97, %96 ] %101 = phi i64 [ %71, %88 ], [ %98, %96 ] %102 = phi %struct.bio.290594* [ %89, %88 ], [ %70, %96 ] %103 = phi i64 [ %90, %88 ], [ %69, %96 ] %104 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %105 = icmp eq %struct.bio.290594* %104, null br i1 %105, label %106, label %67 %107 = icmp eq %struct.bio.290594* %100, null br i1 %107, label %115, label %108 %109 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %110 = icmp eq %struct.bio.290594* %109, null br i1 %110, label %113, label %111 store %struct.bio.290594* %100, %struct.bio.290594** %53, align 16 br label %114 store i64 %101, i64* %55, align 8 br label %115 %116 = icmp eq %struct.bio.290594* %102, null br i1 %116, label %124, label %117 %118 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %119 = icmp eq %struct.bio.290594* %118, null br i1 %119, label %122, label %120 store %struct.bio.290594* %102, %struct.bio.290594** %53, align 16 br label %123 store i64 %103, i64* %55, align 8 br label %124 %125 = load %struct.bio.290594*, %struct.bio.290594** %56, align 16 %126 = icmp eq %struct.bio.290594* %125, null br i1 %126, label %135, label %127 %128 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %129 = icmp eq %struct.bio.290594* %128, null br i1 %129, label %132, label %130 store %struct.bio.290594* %125, %struct.bio.290594** %53, align 16 br label %133 %134 = load i64, i64* %58, align 8 store i64 %134, i64* %55, align 8 br label %135 %136 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %137 = icmp eq %struct.bio.290594* %136, null br i1 %137, label %144, label %138 %139 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %136, i64 0, i32 0 %140 = load %struct.bio.290594*, %struct.bio.290594** %139, align 8 store %struct.bio.290594* %140, %struct.bio.290594** %53, align 16 %141 = icmp eq %struct.bio.290594* %140, null br i1 %141, label %142, label %143 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %143 store %struct.bio.290594* null, %struct.bio.290594** %139, align 8 br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 Function:__submit_bio %2 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %3 = load %struct.block_device.290586*, %struct.block_device.290586** %2, align 8 %4 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 17 %5 = load %struct.gendisk.290584*, %struct.gendisk.290584** %4, align 8 %6 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %5, i64 0, i32 8 %7 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %6, align 8 %8 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %7, i64 0, i32 0 %9 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %8, align 8 %10 = icmp eq void (%struct.bio.290594*)* %9, null br i1 %10, label %11, label %12 tail call void bitcast (void (%struct.bio.294796*)* @blk_mq_submit_bio to void (%struct.bio.290594*)*)(%struct.bio.290594* %0) #83 Function:blk_mq_submit_bio %2 = alloca %struct.blk_mq_alloc_data.294797, align 8 %3 = alloca %struct.bio.294796*, align 8 %4 = alloca i8, align 1 %5 = alloca i32, align 4 store %struct.bio.294796* %0, %struct.bio.294796** %3, align 8 %6 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %0, i64 0, i32 1 %7 = load %struct.block_device.294788*, %struct.block_device.294788** %6, align 8 %8 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %7, i64 0, i32 18 %9 = load %struct.request_queue.294830*, %struct.request_queue.294830** %8, align 8 %10 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %0, i64 0, i32 2 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 255 %13 = icmp eq i32 %12, 0 %14 = and i32 %11, 395264 %15 = icmp ne i32 %14, 0 %16 = or i1 %13, %15 store i8 0, i8* %4, align 1 %17 = bitcast i32* %5 to i8* store i32 1, i32* %5, align 4 %18 = trunc i32 %11 to i8 switch i8 %18, label %19 [ i8 3, label %36 i8 5, label %36 i8 9, label %36 i8 7, label %36 ] %20 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 32, i32 5 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 call void bitcast (void (%struct.request_queue.289873*, %struct.bio.289986**, i32*)* @__blk_queue_split to void (%struct.request_queue.294830*, %struct.bio.294796**, i32*)*)(%struct.request_queue.294830* %9, %struct.bio.294796** nonnull %3, i32* nonnull %5) #83 %37 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 %38 = load i32, i32* %5, align 4 br label %39 %40 = phi i32 [ %38, %36 ], [ 1, %27 ] %41 = phi %struct.bio.294796* [ %37, %36 ], [ %0, %27 ] %42 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295073** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295073**)) #11, !srcloc !4 %43 = inttoptr i64 %42 to %struct.task_struct.295073* %44 = getelementptr inbounds %struct.task_struct.295073, %struct.task_struct.295073* %43, i64 0, i32 129 %45 = load %struct.blk_plug.295036*, %struct.blk_plug.295036** %44, align 8 %46 = icmp eq %struct.blk_plug.295036* %45, null br i1 %46, label %110, label %47 %48 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 1 %49 = load %struct.request.294838*, %struct.request.294838** %48, align 8 %50 = icmp eq %struct.request.294838* %49, null br i1 %50, label %110, label %51 %52 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 0 %53 = load %struct.request_queue.294830*, %struct.request_queue.294830** %52, align 8 %54 = icmp eq %struct.request_queue.294830* %53, %9 br i1 %54, label %55, label %110 %56 = call zeroext i1 bitcast (i1 (%struct.bio.290594*)* @submit_bio_checks to i1 (%struct.bio.294796*)*)(%struct.bio.294796* %41) #83 br i1 %56, label %57, label %541, !prof !5, !misexpect !6 %58 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 11 %59 = load volatile i64, i64* %58, align 8 %60 = and i64 %59, 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %71 %63 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %64 = load i32, i32* %63, align 8 %65 = and i32 %64, 409600 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %71 %68 = call zeroext i1 bitcast (i1 (%struct.request_queue.289873*, %struct.bio.289986*, i32, i8*)* @blk_attempt_plug_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32, i8*)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40, i8* nonnull %4) #83 br i1 %68, label %541, label %69 %70 = call zeroext i1 bitcast (i1 (%struct.request_queue.296452*, %struct.bio.296418*, i32)* @blk_mq_sched_bio_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40) #83 br i1 %70, label %541, label %71 %72 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %73 = load i32, i32* %72, align 8 %74 = and i32 %73, 16777216 %75 = icmp eq i32 %74, 0 %76 = and i32 %73, 255 %77 = icmp eq i32 %76, 0 %78 = zext i1 %77 to i32 %79 = select i1 %75, i32 %78, i32 2 %80 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 2 %81 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %80, align 8 %82 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 13 %83 = load i16, i16* %82, align 4 %84 = zext i16 %83 to i32 %85 = icmp eq i32 %79, %84 br i1 %85, label %86, label %110 %87 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 3 %88 = load i32, i32* %87, align 8 %89 = and i32 %88, 393216 %90 = icmp eq i32 %89, 0 %91 = and i32 %73, 393216 %92 = icmp ne i32 %91, 0 %93 = xor i1 %92, %90 br i1 %93, label %94, label %110 %111 = phi i1 [ true, %86 ], [ false, %51 ], [ false, %47 ], [ false, %39 ], [ true, %71 ] %112 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 1 %113 = load %struct.block_device.294788*, %struct.block_device.294788** %112, align 8 %114 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %113, i64 0, i32 18 %115 = load %struct.request_queue.294830*, %struct.request_queue.294830** %114, align 8 call void @__rcu_read_lock() #83 %116 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %115, i64 0, i32 2, i32 0 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 3 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %122, !prof !5, !misexpect !6 %123 = and i64 %117, 2 %124 = icmp eq i64 %123, 0 br i1 %124, label %125, label %147 %126 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %115, i64 0, i32 2, i32 1 %127 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %126, align 8 %128 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %127, i64 0, i32 0, i32 0 %129 = load volatile i64, i64* %128, align 8 %130 = icmp eq i64 %129, 0 br i1 %130, label %147, label %131, !prof !8, !misexpect !6 %132 = phi i64 [ %139, %138 ], [ %129, %125 ] %133 = add i64 %132, 1 %134 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %128, i64 %133, i64* %128, i64 %132) #6, !srcloc !9 %135 = extractvalue { i8, i64 } %134, 0 %136 = and i8 %135, 1 %137 = icmp eq i8 %136, 0 br i1 %137, label %138, label %141, !prof !8, !misexpect !6 %139 = extractvalue { i8, i64 } %134, 1 %140 = icmp eq i64 %139, 0 br i1 %140, label %147, label %131, !prof !8, !misexpect !6 call void @__rcu_read_unlock() #83 %148 = call i32 bitcast (i32 (%struct.request_queue.290802*, %struct.bio.290594*)* @__bio_queue_enter to i32 (%struct.request_queue.294830*, %struct.bio.294796*)*)(%struct.request_queue.294830* %115, %struct.bio.294796* %41) #83 %149 = icmp eq i32 %148, 0 br i1 %149, label %150, label %541, !prof !5, !misexpect !6 br i1 %111, label %153, label %151 %152 = call zeroext i1 bitcast (i1 (%struct.bio.290594*)* @submit_bio_checks to i1 (%struct.bio.294796*)*)(%struct.bio.294796* %41) #83 br i1 %152, label %153, label %209, !prof !5, !misexpect !6 %154 = bitcast %struct.blk_mq_alloc_data.294797* %2 to i8* %155 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 0 store %struct.request_queue.294830* %9, %struct.request_queue.294830** %155, align 8 %156 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 1 store i32 0, i32* %156, align 8 %157 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 2 store i32 0, i32* %157, align 4 %158 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 3 %159 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %160 = load i32, i32* %159, align 8 store i32 %160, i32* %158, align 8 %161 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 4 store i32 0, i32* %161, align 4 %162 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 5 store i32 1, i32* %162, align 8 %163 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 6 %164 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 11 %165 = bitcast %struct.request.294838*** %163 to i8* %166 = load volatile i64, i64* %164, align 8 %167 = and i64 %166, 8 %168 = icmp eq i64 %167, 0 %169 = and i32 %160, 409600 %170 = icmp eq i32 %169, 0 %171 = and i1 %170, %168 br i1 %171, label %172, label %176 %173 = call zeroext i1 bitcast (i1 (%struct.request_queue.289873*, %struct.bio.289986*, i32, i8*)* @blk_attempt_plug_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32, i8*)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40, i8* nonnull %4) #83 br i1 %173, label %207, label %174 %175 = call zeroext i1 bitcast (i1 (%struct.request_queue.296452*, %struct.bio.296418*, i32)* @blk_mq_sched_bio_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40) #83 br i1 %175, label %207, label %176 %177 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 4 %178 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %177, align 8 %179 = icmp eq %struct.rq_qos.294814* %178, null br i1 %179, label %185, label %180 %181 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 3 %182 = load i16, i16* %181, align 4 %183 = or i16 %182, 1024 store i16 %183, i16* %181, align 4 %184 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %177, align 8 call void bitcast (void (%struct.rq_qos.299433*, %struct.bio.299428*)* @__rq_qos_throttle to void (%struct.rq_qos.294814*, %struct.bio.294796*)*)(%struct.rq_qos.294814* %184, %struct.bio.294796* %41) #83 br label %185 br i1 %46, label %191, label %186 %187 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 2 %188 = load i16, i16* %187, align 8 %189 = zext i16 %188 to i32 store i32 %189, i32* %162, align 8 store i16 1, i16* %187, align 8 %190 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 1 store %struct.request.294838** %190, %struct.request.294838*** %163, align 8 br label %191 %192 = call fastcc %struct.request.294838* @__blk_mq_alloc_requests(%struct.blk_mq_alloc_data.294797* nonnull %2) #83 %193 = icmp eq %struct.request.294838* %192, null br i1 %193, label %194, label %208 br label %210 %211 = phi %struct.request.294838* [ %192, %208 ], [ %49, %94 ], [ %49, %105 ] %212 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_getrq to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_submit_bio, %213)) #6 to label %233 [label %213], !srcloc !10 %234 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 4 %235 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %234, align 8 %236 = icmp eq %struct.rq_qos.294814* %235, null br i1 %236, label %239, label %237 %240 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 %241 = load i32, i32* %5, align 4 %242 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 2 %243 = load i32, i32* %242, align 8 %244 = and i32 %243, 524288 %245 = icmp eq i32 %244, 0 br i1 %245, label %250, label %246 %247 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 3 %248 = load i32, i32* %247, align 8 %249 = or i32 %248, 1792 store i32 %249, i32* %247, align 8 br label %250 %251 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 8, i32 0 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 9 store i64 %252, i64* %253, align 8 %254 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 5 %255 = load i16, i16* %254, align 8 %256 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 19 store i16 %255, i16* %256, align 4 %257 = trunc i32 %241 to i16 %258 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 18 store i16 %257, i16* %258, align 2 %259 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 8, i32 1 %260 = load i32, i32* %259, align 8 %261 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 8 store i32 %260, i32* %261, align 4 %262 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 11 store %struct.bio.294796* %240, %struct.bio.294796** %262, align 8 %263 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 10 store %struct.bio.294796* %240, %struct.bio.294796** %263, align 8 %264 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 4 %265 = load i16, i16* %264, align 2 %266 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 20 store i16 %265, i16* %266, align 2 %267 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 1 %268 = load %struct.block_device.294788*, %struct.block_device.294788** %267, align 8 %269 = icmp eq %struct.block_device.294788* %268, null br i1 %269, label %276, label %270 %271 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %268, i64 0, i32 17 %272 = bitcast %struct.gendisk.294786** %271 to i64* %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 13 %275 = bitcast %struct.gendisk.294786** %274 to i64* store i64 %273, i64* %275, align 8 br label %276 %277 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 4 %278 = load i32, i32* %277, align 4 %279 = and i32 %278, 8192 %280 = icmp eq i32 %279, 0 br i1 %280, label %287, label %281 %288 = phi %struct.bio.294796* [ %240, %276 ], [ %240, %281 ], [ %286, %285 ] %289 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %288, i64 0, i32 2 %290 = load i32, i32* %289, align 8 %291 = and i32 %290, 393216 %292 = icmp eq i32 %291, 0 br i1 %292, label %294, label %293 br i1 %46, label %416, label %295 %417 = load i32, i32* %277, align 4 %418 = and i32 %417, 4194304 %419 = icmp eq i32 %418, 0 br i1 %419, label %420, label %427 %421 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 9 %422 = load i32, i32* %421, align 8 br label %529 %530 = phi i32 [ %422, %420 ], [ %297, %428 ] %531 = icmp ugt i32 %530, 1 %532 = and i1 %16, %531 %533 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 2 %534 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %533, align 8 br i1 %532, label %539, label %535 call fastcc void @blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.294739* %534, %struct.request.294838* nonnull %211) #84 Function:blk_mq_try_issue_directly %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %10, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_try_issue_directly 1 blk_mq_submit_bio 2 __submit_bio 3 submit_bio_noacct 4 __blk_queue_split 5 blk_queue_split 6 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.687194*, align 8 store %struct.bio.687194* %0, %struct.bio.687194** %2, align 8 %3 = getelementptr inbounds %struct.bio.687194, %struct.bio.687194* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.687194, %struct.bio.687194* %0, i64 0, i32 1 %8 = load %struct.block_device.687185*, %struct.block_device.687185** %7, align 8 %9 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %8, i64 0, i32 17 %10 = load %struct.gendisk.687208*, %struct.gendisk.687208** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.289986**)* @blk_queue_split to void (%struct.bio.687194**)*)(%struct.bio.687194** nonnull %2) #83 Function:blk_queue_split %2 = alloca i32, align 4 %3 = load %struct.bio.289986*, %struct.bio.289986** %0, align 8 %4 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 1 %5 = load %struct.block_device.289982*, %struct.block_device.289982** %4, align 8 %6 = getelementptr inbounds %struct.block_device.289982, %struct.block_device.289982* %5, i64 0, i32 18 %7 = load %struct.request_queue.289873*, %struct.request_queue.289873** %6, align 8 %8 = bitcast i32* %2 to i8* %9 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i8 switch i8 %11, label %12 [ i8 3, label %29 i8 5, label %29 i8 9, label %29 i8 7, label %29 ] %13 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %7, i64 0, i32 32, i32 5 %14 = load i32, i32* %13, align 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %29 call void @__blk_queue_split(%struct.request_queue.289873* %7, %struct.bio.289986** %0, i32* nonnull %2) #83 Function:__blk_queue_split %4 = alloca %struct.bio_vec.289985, align 8 %5 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %6 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 2 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i8 switch i8 %8, label %80 [ i8 3, label %9 i8 5, label %9 i8 9, label %56 i8 7, label %68 ] %69 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 52 store i32 1, i32* %2, align 4 %70 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 32, i32 15 %71 = load i32, i32* %70, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %324, label %73 %74 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 8, i32 1 %75 = load i32, i32* %74, align 8 %76 = lshr i32 %75, 9 %77 = icmp ugt i32 %76, %71 br i1 %77, label %78, label %324 %79 = tail call %struct.bio.289986* @bio_split(%struct.bio.289986* %5, i32 %71, i32 3072, %struct.bio_set.289990* %69) #83 br label %290 %291 = phi %struct.bio.289986* [ %289, %288 ], [ %55, %38 ], [ %67, %66 ], [ %79, %78 ] %292 = icmp eq %struct.bio.289986* %291, null br i1 %292, label %324, label %293 %294 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %291, i64 0, i32 2 %295 = load i32, i32* %294, align 8 %296 = or i32 %295, 16384 store i32 %296, i32* %294, align 8 %297 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void @bio_chain(%struct.bio.289986* nonnull %291, %struct.bio.289986* %297) #83 %298 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %299 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %298, i64 0, i32 8, i32 0 %300 = load i64, i64* %299, align 8 %301 = trunc i64 %300 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %302)) #6 to label %322 [label %302], !srcloc !9 %323 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void bitcast (void (%struct.bio.290594*)* @submit_bio_noacct to void (%struct.bio.289986*)*)(%struct.bio.289986* %323) #83 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.290592], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.290793* %5 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %4, i64 0, i32 128 %6 = load %struct.bio_list.290592*, %struct.bio_list.290592** %5, align 16 %7 = icmp eq %struct.bio_list.290592* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %18 = load %struct.block_device.290586*, %struct.block_device.290586** %17, align 8 %19 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %18, i64 0, i32 17 %20 = load %struct.gendisk.290584*, %struct.gendisk.290584** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %22, i64 0, i32 0 %24 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %23, align 8 %25 = icmp eq void (%struct.bio.290594*)* %24, null %26 = bitcast [2 x %struct.bio_list.290592]* %2 to i8* br i1 %25, label %27, label %44 %45 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 0 %46 = load %struct.bio.290594*, %struct.bio.290594** %45, align 8 %47 = icmp eq %struct.bio.290594* %46, null br i1 %47, label %49, label %48, !prof !5, !misexpect !6 %50 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0 store %struct.bio_list.290592* %50, %struct.bio_list.290592** %5, align 16 %51 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1 %52 = bitcast %struct.bio_list.290592* %51 to i8* %53 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 0 %54 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 1 %55 = bitcast %struct.bio.290594** %54 to i64* %56 = getelementptr inbounds %struct.bio_list.290592, %struct.bio_list.290592* %51, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1, i32 1 %58 = bitcast %struct.bio.290594** %57 to i64* br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 %68 = phi %struct.bio.290594* [ %104, %99 ], [ %65, %59 ] %69 = phi i64 [ %103, %99 ], [ 0, %59 ] %70 = phi %struct.bio.290594* [ %102, %99 ], [ null, %59 ] %71 = phi i64 [ %101, %99 ], [ 0, %59 ] %72 = phi %struct.bio.290594* [ %100, %99 ], [ null, %59 ] %73 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 0 %74 = load %struct.bio.290594*, %struct.bio.290594** %73, align 8 store %struct.bio.290594* %74, %struct.bio.290594** %53, align 16 %75 = icmp eq %struct.bio.290594* %74, null br i1 %75, label %76, label %77 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %77 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 %78 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 1 %79 = load %struct.block_device.290586*, %struct.block_device.290586** %78, align 8 %80 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %79, i64 0, i32 18 %81 = load %struct.request_queue.290802*, %struct.request_queue.290802** %80, align 8 %82 = icmp eq %struct.request_queue.290802* %64, %81 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 br i1 %82, label %83, label %91 %92 = icmp eq i64 %71, 0 br i1 %92, label %96, label %93 %94 = inttoptr i64 %71 to %struct.bio.290594* %95 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %94, i64 0, i32 0 store %struct.bio.290594* %68, %struct.bio.290594** %95, align 8 br label %96 %97 = phi %struct.bio.290594* [ %72, %93 ], [ %68, %91 ] %98 = ptrtoint %struct.bio.290594* %68 to i64 br label %99 %100 = phi %struct.bio.290594* [ %72, %88 ], [ %97, %96 ] %101 = phi i64 [ %71, %88 ], [ %98, %96 ] %102 = phi %struct.bio.290594* [ %89, %88 ], [ %70, %96 ] %103 = phi i64 [ %90, %88 ], [ %69, %96 ] %104 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %105 = icmp eq %struct.bio.290594* %104, null br i1 %105, label %106, label %67 %107 = icmp eq %struct.bio.290594* %100, null br i1 %107, label %115, label %108 %109 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %110 = icmp eq %struct.bio.290594* %109, null br i1 %110, label %113, label %111 store %struct.bio.290594* %100, %struct.bio.290594** %53, align 16 br label %114 store i64 %101, i64* %55, align 8 br label %115 %116 = icmp eq %struct.bio.290594* %102, null br i1 %116, label %124, label %117 %118 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %119 = icmp eq %struct.bio.290594* %118, null br i1 %119, label %122, label %120 store %struct.bio.290594* %102, %struct.bio.290594** %53, align 16 br label %123 store i64 %103, i64* %55, align 8 br label %124 %125 = load %struct.bio.290594*, %struct.bio.290594** %56, align 16 %126 = icmp eq %struct.bio.290594* %125, null br i1 %126, label %135, label %127 %128 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %129 = icmp eq %struct.bio.290594* %128, null br i1 %129, label %132, label %130 store %struct.bio.290594* %125, %struct.bio.290594** %53, align 16 br label %133 %134 = load i64, i64* %58, align 8 store i64 %134, i64* %55, align 8 br label %135 %136 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %137 = icmp eq %struct.bio.290594* %136, null br i1 %137, label %144, label %138 %139 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %136, i64 0, i32 0 %140 = load %struct.bio.290594*, %struct.bio.290594** %139, align 8 store %struct.bio.290594* %140, %struct.bio.290594** %53, align 16 %141 = icmp eq %struct.bio.290594* %140, null br i1 %141, label %142, label %143 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %143 store %struct.bio.290594* null, %struct.bio.290594** %139, align 8 br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 Function:__submit_bio %2 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %3 = load %struct.block_device.290586*, %struct.block_device.290586** %2, align 8 %4 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 17 %5 = load %struct.gendisk.290584*, %struct.gendisk.290584** %4, align 8 %6 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %5, i64 0, i32 8 %7 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %6, align 8 %8 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %7, i64 0, i32 0 %9 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %8, align 8 %10 = icmp eq void (%struct.bio.290594*)* %9, null br i1 %10, label %11, label %12 tail call void bitcast (void (%struct.bio.294796*)* @blk_mq_submit_bio to void (%struct.bio.290594*)*)(%struct.bio.290594* %0) #83 Function:blk_mq_submit_bio %2 = alloca %struct.blk_mq_alloc_data.294797, align 8 %3 = alloca %struct.bio.294796*, align 8 %4 = alloca i8, align 1 %5 = alloca i32, align 4 store %struct.bio.294796* %0, %struct.bio.294796** %3, align 8 %6 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %0, i64 0, i32 1 %7 = load %struct.block_device.294788*, %struct.block_device.294788** %6, align 8 %8 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %7, i64 0, i32 18 %9 = load %struct.request_queue.294830*, %struct.request_queue.294830** %8, align 8 %10 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %0, i64 0, i32 2 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 255 %13 = icmp eq i32 %12, 0 %14 = and i32 %11, 395264 %15 = icmp ne i32 %14, 0 %16 = or i1 %13, %15 store i8 0, i8* %4, align 1 %17 = bitcast i32* %5 to i8* store i32 1, i32* %5, align 4 %18 = trunc i32 %11 to i8 switch i8 %18, label %19 [ i8 3, label %36 i8 5, label %36 i8 9, label %36 i8 7, label %36 ] %20 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 32, i32 5 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 call void bitcast (void (%struct.request_queue.289873*, %struct.bio.289986**, i32*)* @__blk_queue_split to void (%struct.request_queue.294830*, %struct.bio.294796**, i32*)*)(%struct.request_queue.294830* %9, %struct.bio.294796** nonnull %3, i32* nonnull %5) #83 %37 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 %38 = load i32, i32* %5, align 4 br label %39 %40 = phi i32 [ %38, %36 ], [ 1, %27 ] %41 = phi %struct.bio.294796* [ %37, %36 ], [ %0, %27 ] %42 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295073** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295073**)) #11, !srcloc !4 %43 = inttoptr i64 %42 to %struct.task_struct.295073* %44 = getelementptr inbounds %struct.task_struct.295073, %struct.task_struct.295073* %43, i64 0, i32 129 %45 = load %struct.blk_plug.295036*, %struct.blk_plug.295036** %44, align 8 %46 = icmp eq %struct.blk_plug.295036* %45, null br i1 %46, label %110, label %47 %48 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 1 %49 = load %struct.request.294838*, %struct.request.294838** %48, align 8 %50 = icmp eq %struct.request.294838* %49, null br i1 %50, label %110, label %51 %52 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 0 %53 = load %struct.request_queue.294830*, %struct.request_queue.294830** %52, align 8 %54 = icmp eq %struct.request_queue.294830* %53, %9 br i1 %54, label %55, label %110 %56 = call zeroext i1 bitcast (i1 (%struct.bio.290594*)* @submit_bio_checks to i1 (%struct.bio.294796*)*)(%struct.bio.294796* %41) #83 br i1 %56, label %57, label %541, !prof !5, !misexpect !6 %58 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 11 %59 = load volatile i64, i64* %58, align 8 %60 = and i64 %59, 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %71 %63 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %64 = load i32, i32* %63, align 8 %65 = and i32 %64, 409600 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %71 %68 = call zeroext i1 bitcast (i1 (%struct.request_queue.289873*, %struct.bio.289986*, i32, i8*)* @blk_attempt_plug_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32, i8*)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40, i8* nonnull %4) #83 br i1 %68, label %541, label %69 %70 = call zeroext i1 bitcast (i1 (%struct.request_queue.296452*, %struct.bio.296418*, i32)* @blk_mq_sched_bio_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40) #83 br i1 %70, label %541, label %71 %72 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %73 = load i32, i32* %72, align 8 %74 = and i32 %73, 16777216 %75 = icmp eq i32 %74, 0 %76 = and i32 %73, 255 %77 = icmp eq i32 %76, 0 %78 = zext i1 %77 to i32 %79 = select i1 %75, i32 %78, i32 2 %80 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 2 %81 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %80, align 8 %82 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 13 %83 = load i16, i16* %82, align 4 %84 = zext i16 %83 to i32 %85 = icmp eq i32 %79, %84 br i1 %85, label %86, label %110 %87 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 3 %88 = load i32, i32* %87, align 8 %89 = and i32 %88, 393216 %90 = icmp eq i32 %89, 0 %91 = and i32 %73, 393216 %92 = icmp ne i32 %91, 0 %93 = xor i1 %92, %90 br i1 %93, label %94, label %110 %111 = phi i1 [ true, %86 ], [ false, %51 ], [ false, %47 ], [ false, %39 ], [ true, %71 ] %112 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 1 %113 = load %struct.block_device.294788*, %struct.block_device.294788** %112, align 8 %114 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %113, i64 0, i32 18 %115 = load %struct.request_queue.294830*, %struct.request_queue.294830** %114, align 8 call void @__rcu_read_lock() #83 %116 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %115, i64 0, i32 2, i32 0 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 3 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %122, !prof !5, !misexpect !6 %123 = and i64 %117, 2 %124 = icmp eq i64 %123, 0 br i1 %124, label %125, label %147 %126 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %115, i64 0, i32 2, i32 1 %127 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %126, align 8 %128 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %127, i64 0, i32 0, i32 0 %129 = load volatile i64, i64* %128, align 8 %130 = icmp eq i64 %129, 0 br i1 %130, label %147, label %131, !prof !8, !misexpect !6 %132 = phi i64 [ %139, %138 ], [ %129, %125 ] %133 = add i64 %132, 1 %134 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %128, i64 %133, i64* %128, i64 %132) #6, !srcloc !9 %135 = extractvalue { i8, i64 } %134, 0 %136 = and i8 %135, 1 %137 = icmp eq i8 %136, 0 br i1 %137, label %138, label %141, !prof !8, !misexpect !6 %139 = extractvalue { i8, i64 } %134, 1 %140 = icmp eq i64 %139, 0 br i1 %140, label %147, label %131, !prof !8, !misexpect !6 call void @__rcu_read_unlock() #83 %148 = call i32 bitcast (i32 (%struct.request_queue.290802*, %struct.bio.290594*)* @__bio_queue_enter to i32 (%struct.request_queue.294830*, %struct.bio.294796*)*)(%struct.request_queue.294830* %115, %struct.bio.294796* %41) #83 %149 = icmp eq i32 %148, 0 br i1 %149, label %150, label %541, !prof !5, !misexpect !6 br i1 %111, label %153, label %151 %152 = call zeroext i1 bitcast (i1 (%struct.bio.290594*)* @submit_bio_checks to i1 (%struct.bio.294796*)*)(%struct.bio.294796* %41) #83 br i1 %152, label %153, label %209, !prof !5, !misexpect !6 %154 = bitcast %struct.blk_mq_alloc_data.294797* %2 to i8* %155 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 0 store %struct.request_queue.294830* %9, %struct.request_queue.294830** %155, align 8 %156 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 1 store i32 0, i32* %156, align 8 %157 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 2 store i32 0, i32* %157, align 4 %158 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 3 %159 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %160 = load i32, i32* %159, align 8 store i32 %160, i32* %158, align 8 %161 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 4 store i32 0, i32* %161, align 4 %162 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 5 store i32 1, i32* %162, align 8 %163 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 6 %164 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 11 %165 = bitcast %struct.request.294838*** %163 to i8* %166 = load volatile i64, i64* %164, align 8 %167 = and i64 %166, 8 %168 = icmp eq i64 %167, 0 %169 = and i32 %160, 409600 %170 = icmp eq i32 %169, 0 %171 = and i1 %170, %168 br i1 %171, label %172, label %176 %173 = call zeroext i1 bitcast (i1 (%struct.request_queue.289873*, %struct.bio.289986*, i32, i8*)* @blk_attempt_plug_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32, i8*)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40, i8* nonnull %4) #83 br i1 %173, label %207, label %174 %175 = call zeroext i1 bitcast (i1 (%struct.request_queue.296452*, %struct.bio.296418*, i32)* @blk_mq_sched_bio_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40) #83 br i1 %175, label %207, label %176 %177 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 4 %178 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %177, align 8 %179 = icmp eq %struct.rq_qos.294814* %178, null br i1 %179, label %185, label %180 %181 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 3 %182 = load i16, i16* %181, align 4 %183 = or i16 %182, 1024 store i16 %183, i16* %181, align 4 %184 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %177, align 8 call void bitcast (void (%struct.rq_qos.299433*, %struct.bio.299428*)* @__rq_qos_throttle to void (%struct.rq_qos.294814*, %struct.bio.294796*)*)(%struct.rq_qos.294814* %184, %struct.bio.294796* %41) #83 br label %185 br i1 %46, label %191, label %186 %187 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 2 %188 = load i16, i16* %187, align 8 %189 = zext i16 %188 to i32 store i32 %189, i32* %162, align 8 store i16 1, i16* %187, align 8 %190 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 1 store %struct.request.294838** %190, %struct.request.294838*** %163, align 8 br label %191 %192 = call fastcc %struct.request.294838* @__blk_mq_alloc_requests(%struct.blk_mq_alloc_data.294797* nonnull %2) #83 %193 = icmp eq %struct.request.294838* %192, null br i1 %193, label %194, label %208 br label %210 %211 = phi %struct.request.294838* [ %192, %208 ], [ %49, %94 ], [ %49, %105 ] %212 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_getrq to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_submit_bio, %213)) #6 to label %233 [label %213], !srcloc !10 %234 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 4 %235 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %234, align 8 %236 = icmp eq %struct.rq_qos.294814* %235, null br i1 %236, label %239, label %237 %240 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 %241 = load i32, i32* %5, align 4 %242 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 2 %243 = load i32, i32* %242, align 8 %244 = and i32 %243, 524288 %245 = icmp eq i32 %244, 0 br i1 %245, label %250, label %246 %247 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 3 %248 = load i32, i32* %247, align 8 %249 = or i32 %248, 1792 store i32 %249, i32* %247, align 8 br label %250 %251 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 8, i32 0 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 9 store i64 %252, i64* %253, align 8 %254 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 5 %255 = load i16, i16* %254, align 8 %256 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 19 store i16 %255, i16* %256, align 4 %257 = trunc i32 %241 to i16 %258 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 18 store i16 %257, i16* %258, align 2 %259 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 8, i32 1 %260 = load i32, i32* %259, align 8 %261 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 8 store i32 %260, i32* %261, align 4 %262 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 11 store %struct.bio.294796* %240, %struct.bio.294796** %262, align 8 %263 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 10 store %struct.bio.294796* %240, %struct.bio.294796** %263, align 8 %264 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 4 %265 = load i16, i16* %264, align 2 %266 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 20 store i16 %265, i16* %266, align 2 %267 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 1 %268 = load %struct.block_device.294788*, %struct.block_device.294788** %267, align 8 %269 = icmp eq %struct.block_device.294788* %268, null br i1 %269, label %276, label %270 %271 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %268, i64 0, i32 17 %272 = bitcast %struct.gendisk.294786** %271 to i64* %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 13 %275 = bitcast %struct.gendisk.294786** %274 to i64* store i64 %273, i64* %275, align 8 br label %276 %277 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 4 %278 = load i32, i32* %277, align 4 %279 = and i32 %278, 8192 %280 = icmp eq i32 %279, 0 br i1 %280, label %287, label %281 %288 = phi %struct.bio.294796* [ %240, %276 ], [ %240, %281 ], [ %286, %285 ] %289 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %288, i64 0, i32 2 %290 = load i32, i32* %289, align 8 %291 = and i32 %290, 393216 %292 = icmp eq i32 %291, 0 br i1 %292, label %294, label %293 br i1 %46, label %416, label %295 %417 = load i32, i32* %277, align 4 %418 = and i32 %417, 4194304 %419 = icmp eq i32 %418, 0 br i1 %419, label %420, label %427 %421 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 9 %422 = load i32, i32* %421, align 8 br label %529 %530 = phi i32 [ %422, %420 ], [ %297, %428 ] %531 = icmp ugt i32 %530, 1 %532 = and i1 %16, %531 %533 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 2 %534 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %533, align 8 br i1 %532, label %539, label %535 call fastcc void @blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.294739* %534, %struct.request.294838* nonnull %211) #84 Function:blk_mq_try_issue_directly %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %10, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 get_task_io_context 1 set_task_ioprio 2 __se_sys_ioprio_set 3 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %154 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %154 tail call void @__rcu_read_lock() #83 switch i32 %4, label %151 [ i32 1, label %19 i32 2, label %31 i32 3, label %87 ] %88 = icmp eq i32 %5, -1 br i1 %88, label %151, label %89 %90 = icmp eq i32 %5, 0 br i1 %90, label %91, label %98 %99 = tail call %struct.user_struct* @find_user(i32 %5) #83 br label %100 %101 = phi %struct.user_struct* [ %99, %98 ], [ %97, %91 ] %102 = icmp eq %struct.user_struct* %101, null br i1 %102, label %151, label %103 %104 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct.2039, %struct.task_struct.2039* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.sched_class*, %struct.task_group*, [32 x i8], %struct.sched_statistics, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, i32, %struct.kuid_t, %struct.list_head, %struct.rcu_node*, i64, i8, i8, i32, %struct.list_head, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, i64, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.26, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lockdep_map, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [32 x i8], %struct.thread_struct }* @init_task to %struct.task_struct.2039*), i64 0, i32 44, i32 0), align 8 %105 = getelementptr %struct.list_head, %struct.list_head* %104, i64 -70, i32 1 %106 = icmp eq %struct.list_head** %105, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.sched_class*, %struct.task_group*, [32 x i8], %struct.sched_statistics, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, i32, %struct.kuid_t, %struct.list_head, %struct.rcu_node*, i64, i8, i8, i32, %struct.list_head, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, i64, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.26, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lockdep_map, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [32 x i8], %struct.thread_struct }* @init_task to %struct.list_head**) br i1 %106, label %148, label %113 %114 = phi %struct.list_head* [ %110, %107 ], [ %104, %103 ] %115 = phi i32 [ %108, %107 ], [ -3, %103 ] %116 = getelementptr %struct.list_head, %struct.list_head* %114, i64 -70, i32 1 %117 = getelementptr inbounds %struct.list_head*, %struct.list_head** %116, i64 241 %118 = bitcast %struct.list_head** %117 to %struct.signal_struct.1997** %119 = load %struct.signal_struct.1997*, %struct.signal_struct.1997** %118, align 8 %120 = getelementptr inbounds %struct.signal_struct.1997, %struct.signal_struct.1997* %119, i64 0, i32 3, i32 0 %121 = load volatile %struct.list_head*, %struct.list_head** %120, align 8 %122 = getelementptr inbounds %struct.signal_struct.1997, %struct.signal_struct.1997* %119, i64 0, i32 3 %123 = icmp eq %struct.list_head* %121, %122 br i1 %123, label %107, label %124 %125 = phi %struct.list_head* [ %144, %141 ], [ %121, %113 ] %126 = phi i32 [ %142, %141 ], [ %115, %113 ] %127 = getelementptr %struct.list_head, %struct.list_head* %125, i64 -98 %128 = bitcast %struct.list_head* %127 to %struct.task_struct.2039* tail call void @__rcu_read_lock() #83 %129 = getelementptr %struct.list_head, %struct.list_head* %125, i64 16 %130 = bitcast %struct.list_head* %129 to %struct.cred** %131 = load volatile %struct.cred*, %struct.cred** %130, align 32 %132 = getelementptr inbounds %struct.cred, %struct.cred* %131, i64 0, i32 1, i32 0 %133 = load i32, i32* %132, align 4 tail call void @__rcu_read_unlock() #83 %134 = icmp eq i32 %133, %5 br i1 %134, label %135, label %141 %136 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.2039*, i32, %struct.pid_namespace.1720*)*)(%struct.task_struct.2039* %128, i32 0, %struct.pid_namespace.1720* null) #83 %137 = icmp eq i32 %136, 0 br i1 %137, label %141, label %138 %139 = tail call i32 @set_task_ioprio(%struct.task_struct.2039* %128, i32 %6) #83 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.2039** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.2039**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.2039* %5 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %0, i64 0, i32 93 %8 = load volatile %struct.cred*, %struct.cred** %7, align 32 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #83 br i1 %19, label %21, label %20 tail call void @__rcu_read_unlock() #83 %22 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @security_task_setioprio to i32 (%struct.task_struct.2039*, i32)*)(%struct.task_struct.2039* %0, i32 %1) #83 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context.2012* bitcast (%struct.io_context.290227* (%struct.task_struct.290370*, i32, i32)* @get_task_io_context to %struct.io_context.2012* (%struct.task_struct.2039*, i32, i32)*)(%struct.task_struct.2039* %0, i32 2592, i32 -1) #83 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 get_task_io_context 1 set_task_ioprio 2 __se_sys_ioprio_set 3 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %154 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %154 tail call void @__rcu_read_lock() #83 switch i32 %4, label %151 [ i32 1, label %19 i32 2, label %31 i32 3, label %87 ] %88 = icmp eq i32 %5, -1 br i1 %88, label %151, label %89 %90 = icmp eq i32 %5, 0 br i1 %90, label %91, label %98 %99 = tail call %struct.user_struct* @find_user(i32 %5) #83 br label %100 %101 = phi %struct.user_struct* [ %99, %98 ], [ %97, %91 ] %102 = icmp eq %struct.user_struct* %101, null br i1 %102, label %151, label %103 %104 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct.2039, %struct.task_struct.2039* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.sched_class*, %struct.task_group*, [32 x i8], %struct.sched_statistics, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, i32, %struct.kuid_t, %struct.list_head, %struct.rcu_node*, i64, i8, i8, i32, %struct.list_head, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, i64, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.26, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lockdep_map, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [32 x i8], %struct.thread_struct }* @init_task to %struct.task_struct.2039*), i64 0, i32 44, i32 0), align 8 %105 = getelementptr %struct.list_head, %struct.list_head* %104, i64 -70, i32 1 %106 = icmp eq %struct.list_head** %105, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.sched_class*, %struct.task_group*, [32 x i8], %struct.sched_statistics, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, i32, %struct.kuid_t, %struct.list_head, %struct.rcu_node*, i64, i8, i8, i32, %struct.list_head, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, i64, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.26, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lockdep_map, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [32 x i8], %struct.thread_struct }* @init_task to %struct.list_head**) br i1 %106, label %148, label %113 %114 = phi %struct.list_head* [ %110, %107 ], [ %104, %103 ] %115 = phi i32 [ %108, %107 ], [ -3, %103 ] %116 = getelementptr %struct.list_head, %struct.list_head* %114, i64 -70, i32 1 %117 = getelementptr inbounds %struct.list_head*, %struct.list_head** %116, i64 241 %118 = bitcast %struct.list_head** %117 to %struct.signal_struct.1997** %119 = load %struct.signal_struct.1997*, %struct.signal_struct.1997** %118, align 8 %120 = getelementptr inbounds %struct.signal_struct.1997, %struct.signal_struct.1997* %119, i64 0, i32 3, i32 0 %121 = load volatile %struct.list_head*, %struct.list_head** %120, align 8 %122 = getelementptr inbounds %struct.signal_struct.1997, %struct.signal_struct.1997* %119, i64 0, i32 3 %123 = icmp eq %struct.list_head* %121, %122 br i1 %123, label %107, label %124 %125 = phi %struct.list_head* [ %144, %141 ], [ %121, %113 ] %126 = phi i32 [ %142, %141 ], [ %115, %113 ] %127 = getelementptr %struct.list_head, %struct.list_head* %125, i64 -98 %128 = bitcast %struct.list_head* %127 to %struct.task_struct.2039* tail call void @__rcu_read_lock() #83 %129 = getelementptr %struct.list_head, %struct.list_head* %125, i64 16 %130 = bitcast %struct.list_head* %129 to %struct.cred** %131 = load volatile %struct.cred*, %struct.cred** %130, align 32 %132 = getelementptr inbounds %struct.cred, %struct.cred* %131, i64 0, i32 1, i32 0 %133 = load i32, i32* %132, align 4 tail call void @__rcu_read_unlock() #83 %134 = icmp eq i32 %133, %5 br i1 %134, label %135, label %141 %136 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.2039*, i32, %struct.pid_namespace.1720*)*)(%struct.task_struct.2039* %128, i32 0, %struct.pid_namespace.1720* null) #83 %137 = icmp eq i32 %136, 0 br i1 %137, label %141, label %138 %139 = tail call i32 @set_task_ioprio(%struct.task_struct.2039* %128, i32 %6) #83 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.2039** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.2039**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.2039* %5 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %0, i64 0, i32 93 %8 = load volatile %struct.cred*, %struct.cred** %7, align 32 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #83 br i1 %19, label %21, label %20 tail call void @__rcu_read_unlock() #83 %22 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @security_task_setioprio to i32 (%struct.task_struct.2039*, i32)*)(%struct.task_struct.2039* %0, i32 %1) #83 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context.2012* bitcast (%struct.io_context.290227* (%struct.task_struct.290370*, i32, i32)* @get_task_io_context to %struct.io_context.2012* (%struct.task_struct.2039*, i32, i32)*)(%struct.task_struct.2039* %0, i32 2592, i32 -1) #83 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_enter 1 bio_poll 2 iocb_bio_iopoll ------------- Path:  Function:iocb_bio_iopoll tail call void @__rcu_read_lock() #83 %4 = getelementptr inbounds %struct.kiocb.290504, %struct.kiocb.290504* %0, i64 0, i32 3 %5 = load volatile i8*, i8** %4, align 8 %6 = bitcast i8* %5 to %struct.bio.290594* %7 = icmp eq i8* %5, null br i1 %7, label %15, label %8 %9 = getelementptr inbounds i8, i8* %5, i64 8 %10 = bitcast i8* %9 to %struct.block_device.290586** %11 = load %struct.block_device.290586*, %struct.block_device.290586** %10, align 8 %12 = icmp eq %struct.block_device.290586* %11, null br i1 %12, label %15, label %13 %14 = tail call i32 @bio_poll(%struct.bio.290594* nonnull %6, %struct.io_comp_batch.290810* %1, i32 %2) #84 Function:bio_poll %4 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %5 = load %struct.block_device.290586*, %struct.block_device.290586** %4, align 8 %6 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %5, i64 0, i32 18 %7 = load %struct.request_queue.290802*, %struct.request_queue.290802** %6, align 8 %8 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 9 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, -1 br i1 %10, label %54, label %11 %12 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %7, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 65536 %15 = icmp eq i64 %14, 0 br i1 %15, label %54, label %16 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.290793* %19 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %18, i64 0, i32 129 %20 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %19, align 8 %21 = icmp eq %struct.blk_plug.290756* %20, null br i1 %21, label %23, label %22 %24 = tail call i32 @blk_queue_enter(%struct.request_queue.290802* %7, i32 1) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_enter 1 blk_mq_alloc_request 2 scsi_alloc_request 3 scsi_ioctl 4 sg_ioctl ------------- Path:  Function:sg_ioctl %4 = alloca %struct.sg_request*, align 8 %5 = alloca %struct.wait_queue_entry, align 8 %6 = alloca %struct.sg_scsi_id, align 4 %7 = inttoptr i64 %2 to i8* %8 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.sg_fd** %10 = load %struct.sg_fd*, %struct.sg_fd** %9, align 8 %11 = icmp eq %struct.sg_fd* %10, null br i1 %11, label %781, label %12 %13 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %10, i64 0, i32 1 %14 = load %struct.sg_device*, %struct.sg_device** %13, align 8 %15 = icmp eq %struct.sg_device* %14, null br i1 %15, label %781, label %16 %17 = inttoptr i64 %2 to i32* %18 = bitcast %struct.sg_request** %4 to i8* %19 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 3 %22 = icmp ne i32 %21, 2 %23 = zext i1 %22 to i32 switch i32 %1, label %758 [ i32 8837, label %24 i32 8705, label %97 i32 8706, label %121 i32 8825, label %768 i32 8826, label %125 i32 8822, label %133 i32 8827, label %172 i32 8828, label %188 i32 8829, label %232 i32 8831, label %271 i32 8821, label %281 i32 8818, label %414 i32 8817, label %435 i32 8816, label %451 i32 8839, label %462 i32 8840, label %477 i32 8835, label %488 i32 8834, label %507 i32 8841, label %515 i32 8838, label %527 i32 8707, label %656 i32 1, label %679 i32 8830, label %690 i32 4711, label %705 i32 -1069018509, label %722 i32 4724, label %733 i32 4725, label %740 i32 4726, label %747 i32 21378, label %754 i32 21382, label %754 i32 21381, label %754 i32 8709, label %754 i32 8836, label %754 ] %25 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 7, i32 0 %26 = load volatile i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %768 %29 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 0 %30 = load %struct.scsi_device.615267*, %struct.scsi_device.615267** %29, align 8 %31 = tail call i32 bitcast (i32 (%struct.scsi_device.608549*)* @scsi_block_when_processing_errors to i32 (%struct.scsi_device.615267*)*)(%struct.scsi_device.615267* %30) #83 %32 = icmp eq i32 %31, 0 br i1 %32, label %768, label %33 %34 = call fastcc i64 @sg_new_write(%struct.sg_fd* nonnull %10, %struct.file.289897* %0, i8* %7, i64 88, i32 %23, i32 1, %struct.sg_request** nonnull %4) #83 %35 = trunc i64 %34 to i32 %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %40 %38 = shl i64 %34, 32 %39 = ashr exact i64 %38, 32 br label %770 %771 = phi i64 [ %753, %747 ], [ %746, %740 ], [ %739, %733 ], [ %732, %722 ], [ %721, %705 ], [ %700, %698 ], [ %689, %683 ], [ %678, %660 ], [ %526, %515 ], [ %514, %507 ], [ %499, %497 ], [ %487, %477 ], [ %472, %470 ], [ %461, %451 ], [ %445, %443 ], [ %434, %414 ], [ %292, %290 ], [ %280, %271 ], [ %270, %262 ], [ %218, %209 ], [ %231, %224 ], [ %182, %180 ], [ %171, %170 ], [ %132, %125 ], [ %124, %121 ], [ %108, %106 ], [ %39, %37 ], [ %94, %87 ], [ %79, %95 ], [ %655, %654 ], [ %767, %759 ] %772 = trunc i64 %771 to i32 %773 = icmp eq i32 %772, -515 br i1 %773, label %774, label %781 %775 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 0 %776 = load %struct.scsi_device.615267*, %struct.scsi_device.615267** %775, align 8 %777 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 8 %778 = load i32, i32* %777, align 4 %779 = call i32 bitcast (i32 (%struct.scsi_device.607757*, %struct.gendisk.607492*, i32, i32, i8*)* @scsi_ioctl to i32 (%struct.scsi_device.615267*, %struct.gendisk.289686*, i32, i32, i8*)*)(%struct.scsi_device.615267* %776, %struct.gendisk.289686* null, i32 %778, i32 %1, i8* %7) #83 Function:scsi_ioctl %6 = alloca %struct.static_call_site, align 4 %7 = alloca [16 x i8], align 16 %8 = alloca %struct.compat_cdrom_generic_command, align 4 %9 = alloca %struct.compat_cdrom_generic_command, align 4 %10 = alloca [3 x i8], align 1 %11 = alloca %struct.cdrom_generic_command, align 8 %12 = alloca %struct.sg_io_hdr, align 8 %13 = alloca %struct.sg_io_hdr, align 8 %14 = alloca %struct.scsi_sense_hdr, align 1 %15 = getelementptr inbounds %struct.scsi_device.607757, %struct.scsi_device.607757* %0, i64 0, i32 1 %16 = load %struct.request_queue.607499*, %struct.request_queue.607499** %15, align 8 %17 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %14, i64 0, i32 0 %18 = add i32 %3, -1 %19 = icmp ult i32 %18, 6 br i1 %19, label %20, label %25 switch i32 %3, label %535 [ i32 8834, label %26 i32 8705, label %33 i32 8706, label %48 i32 8818, label %54 i32 8821, label %71 i32 8707, label %93 i32 8837, label %100 i32 1, label %113 i32 21395, label %240 i32 21273, label %376 i32 21257, label %380 i32 21378, label %384 i32 21382, label %413 i32 21381, label %424 i32 21376, label %465 i32 21377, label %485 i32 2, label %501 i32 5, label %503 i32 6, label %507 i32 21383, label %511 i32 8836, label %532 ] %114 = bitcast i8* %4 to %struct.file_handle* %115 = icmp eq i8* %4, null br i1 %115, label %558, label %116 %118 = bitcast i8* %4 to i32* %119 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %118, i64 4, i64 %117) #6, !srcloc !10 %120 = extractvalue { i32*, i32, i64 } %119, 0 %121 = extractvalue { i32*, i32, i64 } %119, 1 %122 = extractvalue { i32*, i32, i64 } %119, 2 %123 = ptrtoint i32* %120 to i64 %124 = and i64 %123, 4294967295 %125 = icmp eq i64 %124, 0 br i1 %125, label %126, label %558, !prof !11, !misexpect !12 %128 = getelementptr inbounds i8, i8* %4, i64 4 %129 = bitcast i8* %128 to i32* %130 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %129, i64 4, i64 %127) #6, !srcloc !13 %131 = extractvalue { i32*, i32, i64 } %130, 0 %132 = extractvalue { i32*, i32, i64 } %130, 1 %133 = extractvalue { i32*, i32, i64 } %130, 2 %134 = ptrtoint i32* %131 to i64 %135 = and i64 %134, 4294967295 %136 = icmp eq i64 %135, 0 br i1 %136, label %137, label %558, !prof !11, !misexpect !12 %138 = zext i32 %121 to i64 %139 = icmp ugt i32 %121, 4096 br i1 %139, label %558, label %140 %141 = zext i32 %132 to i64 %142 = icmp ugt i32 %132, 4096 br i1 %142, label %558, label %143 %145 = getelementptr inbounds i8, i8* %4, i64 8 %146 = tail call { i8*, i8, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i8* %145, i64 1, i64 %144) #6, !srcloc !14 %147 = extractvalue { i8*, i8, i64 } %146, 0 %148 = extractvalue { i8*, i8, i64 } %146, 1 %149 = extractvalue { i8*, i8, i64 } %146, 2 %150 = ptrtoint i8* %147 to i64 %151 = and i64 %150, 4294967295 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %558, !prof !11, !misexpect !12 %154 = icmp ugt i32 %121, %132 %155 = select i1 %154, i32 %121, i32 %132 %156 = icmp eq i32 %155, 0 br i1 %156, label %161, label %157 %158 = zext i32 %155 to i64 %159 = tail call noalias align 8 i8* @__kmalloc(i64 %158, i32 1060288) #85 %160 = icmp eq i8* %159, null br i1 %160, label %558, label %161 %162 = phi i8* [ %159, %157 ], [ null, %153 ] %163 = icmp eq i32 %121, 0 %164 = select i1 %163, i32 34, i32 35 %165 = tail call %struct.request.607506* @scsi_alloc_request(%struct.request_queue.607499* %16, i32 %164, i32 0) #84 Function:scsi_alloc_request %4 = tail call %struct.request.607506* bitcast (%struct.request.294838* (%struct.request_queue.294830*, i32, i32)* @blk_mq_alloc_request to %struct.request.607506* (%struct.request_queue.607499*, i32, i32)*)(%struct.request_queue.607499* %0, i32 %1, i32 %2) #83 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.294797, align 8 %5 = bitcast %struct.blk_mq_alloc_data.294797* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 0 store %struct.request_queue.294830* %0, %struct.request_queue.294830** %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 1 store i32 %2, i32* %7, align 8 %8 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 2 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 3 store i32 %1, i32* %9, align 8 %10 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 4 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 5 store i32 1, i32* %11, align 8 %12 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 6 %13 = bitcast %struct.request.294838*** %12 to i8* %14 = tail call i32 bitcast (i32 (%struct.request_queue.290802*, i32)* @blk_queue_enter to i32 (%struct.request_queue.294830*, i32)*)(%struct.request_queue.294830* %0, i32 %2) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_enter 1 blk_mq_alloc_request 2 __scsi_execute 3 sd_pr_command 4 sd_pr_register ------------- Path:  Function:sd_pr_register %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %10 %7 = icmp eq i32 %3, 0 %8 = select i1 %7, i8 0, i8 6 %9 = tail call fastcc i32 @sd_pr_command(%struct.block_device.613266* %0, i8 zeroext %8, i64 %1, i64 %2, i8 zeroext 0, i8 zeroext 1) #83 Function:sd_pr_command %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = alloca [16 x i8], align 16 %9 = alloca [24 x i8], align 16 %10 = getelementptr inbounds %struct.block_device.613266, %struct.block_device.613266* %0, i64 0, i32 17 %11 = load %struct.gendisk.613289*, %struct.gendisk.613289** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %11, i64 0, i32 10 %13 = bitcast i8** %12 to %struct.scsi_disk** %14 = load %struct.scsi_disk*, %struct.scsi_disk** %13, align 8 %15 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 1 %16 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %15, align 8 %17 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %18 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %19 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 0 %20 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 16 %21 = bitcast i8* %20 to i64* store i64 0, i64* %21, align 16 store i8 95, i8* %18, align 16 %22 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 1 store i8 %1, i8* %22, align 1 %23 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 2 store i8 %4, i8* %23, align 2 %24 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 5 %25 = bitcast i8* %24 to i32* store i32 402653184, i32* %25, align 1 %27 = bitcast [24 x i8]* %9 to i64* store i64 %26, i64* %27, align 16 %28 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 8 %30 = bitcast i8* %28 to i64* store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 20 store i8 %5, i8* %31, align 4 %32 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 8 %33 = load i32, i32* %32, align 8 %34 = call i32 bitcast (i32 (%struct.scsi_device.608973*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)* @__scsi_execute to i32 (%struct.scsi_device.613577*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)*)(%struct.scsi_device.613577* %16, i8* nonnull %18, i32 1, i8* nonnull %19, i32 24, i8* null, %struct.scsi_sense_hdr* nonnull %7, i32 30000, i32 %33, i64 0, i32 0, i32* null) #83 Function:__scsi_execute %13 = getelementptr inbounds %struct.scsi_device.608973, %struct.scsi_device.608973* %0, i64 0, i32 1 %14 = load %struct.request_queue.607499*, %struct.request_queue.607499** %13, align 8 %15 = icmp eq i32 %2, 1 %16 = select i1 %15, i32 35, i32 34 %17 = lshr i32 %10, 13 %18 = and i32 %17, 4 %19 = tail call %struct.request.607506* bitcast (%struct.request.294838* (%struct.request_queue.294830*, i32, i32)* @blk_mq_alloc_request to %struct.request.607506* (%struct.request_queue.607499*, i32, i32)*)(%struct.request_queue.607499* %14, i32 %16, i32 %18) #83 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.294797, align 8 %5 = bitcast %struct.blk_mq_alloc_data.294797* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 0 store %struct.request_queue.294830* %0, %struct.request_queue.294830** %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 1 store i32 %2, i32* %7, align 8 %8 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 2 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 3 store i32 %1, i32* %9, align 8 %10 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 4 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 5 store i32 1, i32* %11, align 8 %12 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 6 %13 = bitcast %struct.request.294838*** %12 to i8* %14 = tail call i32 bitcast (i32 (%struct.request_queue.290802*, i32)* @blk_queue_enter to i32 (%struct.request_queue.294830*, i32)*)(%struct.request_queue.294830* %0, i32 %2) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_enter 1 blk_mq_alloc_request 2 __scsi_execute 3 sd_pr_command 4 sd_pr_reserve ------------- Path:  Function:sd_pr_reserve %5 = icmp eq i32 %3, 0 br i1 %5, label %6, label %15 %7 = add i32 %2, -1 %8 = icmp ult i32 %7, 6 %9 = zext i32 %7 to i48 %10 = shl nuw nsw i48 %9, 3 %11 = lshr i48 8826258785025, %10 %12 = trunc i48 %11 to i8 %13 = select i1 %8, i8 %12, i8 0 %14 = tail call fastcc i32 @sd_pr_command(%struct.block_device.613266* %0, i8 zeroext 1, i64 %1, i64 0, i8 zeroext %13, i8 zeroext 0) #83 Function:sd_pr_command %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = alloca [16 x i8], align 16 %9 = alloca [24 x i8], align 16 %10 = getelementptr inbounds %struct.block_device.613266, %struct.block_device.613266* %0, i64 0, i32 17 %11 = load %struct.gendisk.613289*, %struct.gendisk.613289** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %11, i64 0, i32 10 %13 = bitcast i8** %12 to %struct.scsi_disk** %14 = load %struct.scsi_disk*, %struct.scsi_disk** %13, align 8 %15 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 1 %16 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %15, align 8 %17 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %18 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %19 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 0 %20 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 16 %21 = bitcast i8* %20 to i64* store i64 0, i64* %21, align 16 store i8 95, i8* %18, align 16 %22 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 1 store i8 %1, i8* %22, align 1 %23 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 2 store i8 %4, i8* %23, align 2 %24 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 5 %25 = bitcast i8* %24 to i32* store i32 402653184, i32* %25, align 1 %27 = bitcast [24 x i8]* %9 to i64* store i64 %26, i64* %27, align 16 %28 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 8 %30 = bitcast i8* %28 to i64* store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 20 store i8 %5, i8* %31, align 4 %32 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 8 %33 = load i32, i32* %32, align 8 %34 = call i32 bitcast (i32 (%struct.scsi_device.608973*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)* @__scsi_execute to i32 (%struct.scsi_device.613577*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)*)(%struct.scsi_device.613577* %16, i8* nonnull %18, i32 1, i8* nonnull %19, i32 24, i8* null, %struct.scsi_sense_hdr* nonnull %7, i32 30000, i32 %33, i64 0, i32 0, i32* null) #83 Function:__scsi_execute %13 = getelementptr inbounds %struct.scsi_device.608973, %struct.scsi_device.608973* %0, i64 0, i32 1 %14 = load %struct.request_queue.607499*, %struct.request_queue.607499** %13, align 8 %15 = icmp eq i32 %2, 1 %16 = select i1 %15, i32 35, i32 34 %17 = lshr i32 %10, 13 %18 = and i32 %17, 4 %19 = tail call %struct.request.607506* bitcast (%struct.request.294838* (%struct.request_queue.294830*, i32, i32)* @blk_mq_alloc_request to %struct.request.607506* (%struct.request_queue.607499*, i32, i32)*)(%struct.request_queue.607499* %14, i32 %16, i32 %18) #83 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.294797, align 8 %5 = bitcast %struct.blk_mq_alloc_data.294797* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 0 store %struct.request_queue.294830* %0, %struct.request_queue.294830** %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 1 store i32 %2, i32* %7, align 8 %8 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 2 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 3 store i32 %1, i32* %9, align 8 %10 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 4 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 5 store i32 1, i32* %11, align 8 %12 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 6 %13 = bitcast %struct.request.294838*** %12 to i8* %14 = tail call i32 bitcast (i32 (%struct.request_queue.290802*, i32)* @blk_queue_enter to i32 (%struct.request_queue.294830*, i32)*)(%struct.request_queue.294830* %0, i32 %2) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_enter 1 blk_mq_alloc_request 2 __scsi_execute 3 sd_pr_command 4 sd_pr_release ------------- Path:  Function:sd_pr_release %4 = add i32 %2, -1 %5 = icmp ult i32 %4, 6 %6 = zext i32 %4 to i48 %7 = shl nuw nsw i48 %6, 3 %8 = lshr i48 8826258785025, %7 %9 = trunc i48 %8 to i8 %10 = select i1 %5, i8 %9, i8 0 %11 = tail call fastcc i32 @sd_pr_command(%struct.block_device.613266* %0, i8 zeroext 2, i64 %1, i64 0, i8 zeroext %10, i8 zeroext 0) #83 Function:sd_pr_command %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = alloca [16 x i8], align 16 %9 = alloca [24 x i8], align 16 %10 = getelementptr inbounds %struct.block_device.613266, %struct.block_device.613266* %0, i64 0, i32 17 %11 = load %struct.gendisk.613289*, %struct.gendisk.613289** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %11, i64 0, i32 10 %13 = bitcast i8** %12 to %struct.scsi_disk** %14 = load %struct.scsi_disk*, %struct.scsi_disk** %13, align 8 %15 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 1 %16 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %15, align 8 %17 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %18 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %19 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 0 %20 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 16 %21 = bitcast i8* %20 to i64* store i64 0, i64* %21, align 16 store i8 95, i8* %18, align 16 %22 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 1 store i8 %1, i8* %22, align 1 %23 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 2 store i8 %4, i8* %23, align 2 %24 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 5 %25 = bitcast i8* %24 to i32* store i32 402653184, i32* %25, align 1 %27 = bitcast [24 x i8]* %9 to i64* store i64 %26, i64* %27, align 16 %28 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 8 %30 = bitcast i8* %28 to i64* store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 20 store i8 %5, i8* %31, align 4 %32 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 8 %33 = load i32, i32* %32, align 8 %34 = call i32 bitcast (i32 (%struct.scsi_device.608973*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)* @__scsi_execute to i32 (%struct.scsi_device.613577*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)*)(%struct.scsi_device.613577* %16, i8* nonnull %18, i32 1, i8* nonnull %19, i32 24, i8* null, %struct.scsi_sense_hdr* nonnull %7, i32 30000, i32 %33, i64 0, i32 0, i32* null) #83 Function:__scsi_execute %13 = getelementptr inbounds %struct.scsi_device.608973, %struct.scsi_device.608973* %0, i64 0, i32 1 %14 = load %struct.request_queue.607499*, %struct.request_queue.607499** %13, align 8 %15 = icmp eq i32 %2, 1 %16 = select i1 %15, i32 35, i32 34 %17 = lshr i32 %10, 13 %18 = and i32 %17, 4 %19 = tail call %struct.request.607506* bitcast (%struct.request.294838* (%struct.request_queue.294830*, i32, i32)* @blk_mq_alloc_request to %struct.request.607506* (%struct.request_queue.607499*, i32, i32)*)(%struct.request_queue.607499* %14, i32 %16, i32 %18) #83 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.294797, align 8 %5 = bitcast %struct.blk_mq_alloc_data.294797* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 0 store %struct.request_queue.294830* %0, %struct.request_queue.294830** %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 1 store i32 %2, i32* %7, align 8 %8 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 2 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 3 store i32 %1, i32* %9, align 8 %10 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 4 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 5 store i32 1, i32* %11, align 8 %12 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 6 %13 = bitcast %struct.request.294838*** %12 to i8* %14 = tail call i32 bitcast (i32 (%struct.request_queue.290802*, i32)* @blk_queue_enter to i32 (%struct.request_queue.294830*, i32)*)(%struct.request_queue.294830* %0, i32 %2) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_enter 1 blk_mq_alloc_request 2 __scsi_execute 3 sd_pr_command 4 sd_pr_preempt ------------- Path:  Function:sd_pr_preempt %6 = add i32 %3, -1 %7 = icmp ult i32 %6, 6 %8 = zext i32 %6 to i48 %9 = shl nuw nsw i48 %8, 3 %10 = lshr i48 8826258785025, %9 %11 = trunc i48 %10 to i8 %12 = select i1 %7, i8 %11, i8 0 %13 = select i1 %4, i8 5, i8 4 %14 = tail call fastcc i32 @sd_pr_command(%struct.block_device.613266* %0, i8 zeroext %13, i64 %1, i64 %2, i8 zeroext %12, i8 zeroext 0) #83 Function:sd_pr_command %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = alloca [16 x i8], align 16 %9 = alloca [24 x i8], align 16 %10 = getelementptr inbounds %struct.block_device.613266, %struct.block_device.613266* %0, i64 0, i32 17 %11 = load %struct.gendisk.613289*, %struct.gendisk.613289** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %11, i64 0, i32 10 %13 = bitcast i8** %12 to %struct.scsi_disk** %14 = load %struct.scsi_disk*, %struct.scsi_disk** %13, align 8 %15 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 1 %16 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %15, align 8 %17 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %18 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %19 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 0 %20 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 16 %21 = bitcast i8* %20 to i64* store i64 0, i64* %21, align 16 store i8 95, i8* %18, align 16 %22 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 1 store i8 %1, i8* %22, align 1 %23 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 2 store i8 %4, i8* %23, align 2 %24 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 5 %25 = bitcast i8* %24 to i32* store i32 402653184, i32* %25, align 1 %27 = bitcast [24 x i8]* %9 to i64* store i64 %26, i64* %27, align 16 %28 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 8 %30 = bitcast i8* %28 to i64* store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 20 store i8 %5, i8* %31, align 4 %32 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 8 %33 = load i32, i32* %32, align 8 %34 = call i32 bitcast (i32 (%struct.scsi_device.608973*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)* @__scsi_execute to i32 (%struct.scsi_device.613577*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)*)(%struct.scsi_device.613577* %16, i8* nonnull %18, i32 1, i8* nonnull %19, i32 24, i8* null, %struct.scsi_sense_hdr* nonnull %7, i32 30000, i32 %33, i64 0, i32 0, i32* null) #83 Function:__scsi_execute %13 = getelementptr inbounds %struct.scsi_device.608973, %struct.scsi_device.608973* %0, i64 0, i32 1 %14 = load %struct.request_queue.607499*, %struct.request_queue.607499** %13, align 8 %15 = icmp eq i32 %2, 1 %16 = select i1 %15, i32 35, i32 34 %17 = lshr i32 %10, 13 %18 = and i32 %17, 4 %19 = tail call %struct.request.607506* bitcast (%struct.request.294838* (%struct.request_queue.294830*, i32, i32)* @blk_mq_alloc_request to %struct.request.607506* (%struct.request_queue.607499*, i32, i32)*)(%struct.request_queue.607499* %14, i32 %16, i32 %18) #83 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.294797, align 8 %5 = bitcast %struct.blk_mq_alloc_data.294797* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 0 store %struct.request_queue.294830* %0, %struct.request_queue.294830** %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 1 store i32 %2, i32* %7, align 8 %8 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 2 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 3 store i32 %1, i32* %9, align 8 %10 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 4 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 5 store i32 1, i32* %11, align 8 %12 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 6 %13 = bitcast %struct.request.294838*** %12 to i8* %14 = tail call i32 bitcast (i32 (%struct.request_queue.290802*, i32)* @blk_queue_enter to i32 (%struct.request_queue.294830*, i32)*)(%struct.request_queue.294830* %0, i32 %2) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_enter 1 blk_mq_alloc_request 2 __scsi_execute 3 sd_pr_command 4 sd_pr_clear ------------- Path:  Function:sd_pr_clear %3 = tail call fastcc i32 @sd_pr_command(%struct.block_device.613266* %0, i8 zeroext 3, i64 %1, i64 0, i8 zeroext 0, i8 zeroext 0) #83 Function:sd_pr_command %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = alloca [16 x i8], align 16 %9 = alloca [24 x i8], align 16 %10 = getelementptr inbounds %struct.block_device.613266, %struct.block_device.613266* %0, i64 0, i32 17 %11 = load %struct.gendisk.613289*, %struct.gendisk.613289** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %11, i64 0, i32 10 %13 = bitcast i8** %12 to %struct.scsi_disk** %14 = load %struct.scsi_disk*, %struct.scsi_disk** %13, align 8 %15 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 1 %16 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %15, align 8 %17 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %18 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %19 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 0 %20 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 16 %21 = bitcast i8* %20 to i64* store i64 0, i64* %21, align 16 store i8 95, i8* %18, align 16 %22 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 1 store i8 %1, i8* %22, align 1 %23 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 2 store i8 %4, i8* %23, align 2 %24 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 5 %25 = bitcast i8* %24 to i32* store i32 402653184, i32* %25, align 1 %27 = bitcast [24 x i8]* %9 to i64* store i64 %26, i64* %27, align 16 %28 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 8 %30 = bitcast i8* %28 to i64* store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds [24 x i8], [24 x i8]* %9, i64 0, i64 20 store i8 %5, i8* %31, align 4 %32 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %14, i64 0, i32 8 %33 = load i32, i32* %32, align 8 %34 = call i32 bitcast (i32 (%struct.scsi_device.608973*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)* @__scsi_execute to i32 (%struct.scsi_device.613577*, i8*, i32, i8*, i32, i8*, %struct.scsi_sense_hdr*, i32, i32, i64, i32, i32*)*)(%struct.scsi_device.613577* %16, i8* nonnull %18, i32 1, i8* nonnull %19, i32 24, i8* null, %struct.scsi_sense_hdr* nonnull %7, i32 30000, i32 %33, i64 0, i32 0, i32* null) #83 Function:__scsi_execute %13 = getelementptr inbounds %struct.scsi_device.608973, %struct.scsi_device.608973* %0, i64 0, i32 1 %14 = load %struct.request_queue.607499*, %struct.request_queue.607499** %13, align 8 %15 = icmp eq i32 %2, 1 %16 = select i1 %15, i32 35, i32 34 %17 = lshr i32 %10, 13 %18 = and i32 %17, 4 %19 = tail call %struct.request.607506* bitcast (%struct.request.294838* (%struct.request_queue.294830*, i32, i32)* @blk_mq_alloc_request to %struct.request.607506* (%struct.request_queue.607499*, i32, i32)*)(%struct.request_queue.607499* %14, i32 %16, i32 %18) #83 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.294797, align 8 %5 = bitcast %struct.blk_mq_alloc_data.294797* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 0 store %struct.request_queue.294830* %0, %struct.request_queue.294830** %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 1 store i32 %2, i32* %7, align 8 %8 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 2 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 3 store i32 %1, i32* %9, align 8 %10 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 4 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 5 store i32 1, i32* %11, align 8 %12 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %4, i64 0, i32 6 %13 = bitcast %struct.request.294838*** %12 to i8* %14 = tail call i32 bitcast (i32 (%struct.request_queue.290802*, i32)* @blk_queue_enter to i32 (%struct.request_queue.294830*, i32)*)(%struct.request_queue.294830* %0, i32 %2) #83 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %9 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 19 %10 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %11 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %10, i64 0, i32 0 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %16 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 11 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %19 call void @__rcu_read_lock() #83 %20 = load volatile i64, i64* %6, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !4, !misexpect !5 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %68 %29 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %7, align 8 %30 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %29, i64 0, i32 0, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %68, label %33, !prof !7, !misexpect !5 %34 = phi i64 [ %41, %40 ], [ %31, %28 ] %35 = add i64 %34, 1 %36 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !8 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !7, !misexpect !5 %41 = extractvalue { i8, i64 } %36, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %68, label %33, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 br i1 %13, label %69, label %116 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %70 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __bio_queue_enter 1 __submit_bio 2 submit_bio_noacct 3 __blk_queue_split 4 blk_queue_split 5 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.688709*, align 8 store %struct.bio.688709* %0, %struct.bio.688709** %2, align 8 %3 = getelementptr inbounds %struct.bio.688709, %struct.bio.688709* %0, i64 0, i32 1 %4 = load %struct.block_device.688705*, %struct.block_device.688705** %3, align 8 %5 = getelementptr inbounds %struct.block_device.688705, %struct.block_device.688705* %4, i64 0, i32 17 %6 = load %struct.gendisk.688433*, %struct.gendisk.688433** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.688433, %struct.gendisk.688433* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 38 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #83 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = icmp eq i8* %13, null br i1 %15, label %16, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 1 %28 = icmp eq i64 %27, 0 %29 = getelementptr inbounds %struct.bio.688709, %struct.bio.688709* %0, i64 0, i32 2 %30 = load i32, i32* %29, align 8 br i1 %28, label %59, label %31, !prof !6, !misexpect !5 %60 = trunc i32 %30 to i8 switch i8 %60, label %63 [ i8 3, label %61 i8 5, label %61 i8 7, label %61 i8 9, label %61 ] call void bitcast (void (%struct.bio.289986**)* @blk_queue_split to void (%struct.bio.688709**)*)(%struct.bio.688709** nonnull %2) #83 Function:blk_queue_split %2 = alloca i32, align 4 %3 = load %struct.bio.289986*, %struct.bio.289986** %0, align 8 %4 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 1 %5 = load %struct.block_device.289982*, %struct.block_device.289982** %4, align 8 %6 = getelementptr inbounds %struct.block_device.289982, %struct.block_device.289982* %5, i64 0, i32 18 %7 = load %struct.request_queue.289873*, %struct.request_queue.289873** %6, align 8 %8 = bitcast i32* %2 to i8* %9 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i8 switch i8 %11, label %12 [ i8 3, label %29 i8 5, label %29 i8 9, label %29 i8 7, label %29 ] %13 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %7, i64 0, i32 32, i32 5 %14 = load i32, i32* %13, align 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %29 call void @__blk_queue_split(%struct.request_queue.289873* %7, %struct.bio.289986** %0, i32* nonnull %2) #83 Function:__blk_queue_split %4 = alloca %struct.bio_vec.289985, align 8 %5 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %6 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 2 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i8 switch i8 %8, label %80 [ i8 3, label %9 i8 5, label %9 i8 9, label %56 i8 7, label %68 ] %69 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 52 store i32 1, i32* %2, align 4 %70 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 32, i32 15 %71 = load i32, i32* %70, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %324, label %73 %74 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 8, i32 1 %75 = load i32, i32* %74, align 8 %76 = lshr i32 %75, 9 %77 = icmp ugt i32 %76, %71 br i1 %77, label %78, label %324 %79 = tail call %struct.bio.289986* @bio_split(%struct.bio.289986* %5, i32 %71, i32 3072, %struct.bio_set.289990* %69) #83 br label %290 %291 = phi %struct.bio.289986* [ %289, %288 ], [ %55, %38 ], [ %67, %66 ], [ %79, %78 ] %292 = icmp eq %struct.bio.289986* %291, null br i1 %292, label %324, label %293 %294 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %291, i64 0, i32 2 %295 = load i32, i32* %294, align 8 %296 = or i32 %295, 16384 store i32 %296, i32* %294, align 8 %297 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void @bio_chain(%struct.bio.289986* nonnull %291, %struct.bio.289986* %297) #83 %298 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %299 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %298, i64 0, i32 8, i32 0 %300 = load i64, i64* %299, align 8 %301 = trunc i64 %300 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %302)) #6 to label %322 [label %302], !srcloc !9 %323 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void bitcast (void (%struct.bio.290594*)* @submit_bio_noacct to void (%struct.bio.289986*)*)(%struct.bio.289986* %323) #83 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.290592], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.290793* %5 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %4, i64 0, i32 128 %6 = load %struct.bio_list.290592*, %struct.bio_list.290592** %5, align 16 %7 = icmp eq %struct.bio_list.290592* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %18 = load %struct.block_device.290586*, %struct.block_device.290586** %17, align 8 %19 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %18, i64 0, i32 17 %20 = load %struct.gendisk.290584*, %struct.gendisk.290584** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %22, i64 0, i32 0 %24 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %23, align 8 %25 = icmp eq void (%struct.bio.290594*)* %24, null %26 = bitcast [2 x %struct.bio_list.290592]* %2 to i8* br i1 %25, label %27, label %44 %45 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 0 %46 = load %struct.bio.290594*, %struct.bio.290594** %45, align 8 %47 = icmp eq %struct.bio.290594* %46, null br i1 %47, label %49, label %48, !prof !5, !misexpect !6 %50 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0 store %struct.bio_list.290592* %50, %struct.bio_list.290592** %5, align 16 %51 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1 %52 = bitcast %struct.bio_list.290592* %51 to i8* %53 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 0 %54 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 1 %55 = bitcast %struct.bio.290594** %54 to i64* %56 = getelementptr inbounds %struct.bio_list.290592, %struct.bio_list.290592* %51, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1, i32 1 %58 = bitcast %struct.bio.290594** %57 to i64* br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 %68 = phi %struct.bio.290594* [ %104, %99 ], [ %65, %59 ] %69 = phi i64 [ %103, %99 ], [ 0, %59 ] %70 = phi %struct.bio.290594* [ %102, %99 ], [ null, %59 ] %71 = phi i64 [ %101, %99 ], [ 0, %59 ] %72 = phi %struct.bio.290594* [ %100, %99 ], [ null, %59 ] %73 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 0 %74 = load %struct.bio.290594*, %struct.bio.290594** %73, align 8 store %struct.bio.290594* %74, %struct.bio.290594** %53, align 16 %75 = icmp eq %struct.bio.290594* %74, null br i1 %75, label %76, label %77 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %77 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 %78 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 1 %79 = load %struct.block_device.290586*, %struct.block_device.290586** %78, align 8 %80 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %79, i64 0, i32 18 %81 = load %struct.request_queue.290802*, %struct.request_queue.290802** %80, align 8 %82 = icmp eq %struct.request_queue.290802* %64, %81 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 br i1 %82, label %83, label %91 %92 = icmp eq i64 %71, 0 br i1 %92, label %96, label %93 %94 = inttoptr i64 %71 to %struct.bio.290594* %95 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %94, i64 0, i32 0 store %struct.bio.290594* %68, %struct.bio.290594** %95, align 8 br label %96 %97 = phi %struct.bio.290594* [ %72, %93 ], [ %68, %91 ] %98 = ptrtoint %struct.bio.290594* %68 to i64 br label %99 %100 = phi %struct.bio.290594* [ %72, %88 ], [ %97, %96 ] %101 = phi i64 [ %71, %88 ], [ %98, %96 ] %102 = phi %struct.bio.290594* [ %89, %88 ], [ %70, %96 ] %103 = phi i64 [ %90, %88 ], [ %69, %96 ] %104 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %105 = icmp eq %struct.bio.290594* %104, null br i1 %105, label %106, label %67 %107 = icmp eq %struct.bio.290594* %100, null br i1 %107, label %115, label %108 %109 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %110 = icmp eq %struct.bio.290594* %109, null br i1 %110, label %113, label %111 store %struct.bio.290594* %100, %struct.bio.290594** %53, align 16 br label %114 store i64 %101, i64* %55, align 8 br label %115 %116 = icmp eq %struct.bio.290594* %102, null br i1 %116, label %124, label %117 %118 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %119 = icmp eq %struct.bio.290594* %118, null br i1 %119, label %122, label %120 store %struct.bio.290594* %102, %struct.bio.290594** %53, align 16 br label %123 store i64 %103, i64* %55, align 8 br label %124 %125 = load %struct.bio.290594*, %struct.bio.290594** %56, align 16 %126 = icmp eq %struct.bio.290594* %125, null br i1 %126, label %135, label %127 %128 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %129 = icmp eq %struct.bio.290594* %128, null br i1 %129, label %132, label %130 store %struct.bio.290594* %125, %struct.bio.290594** %53, align 16 br label %133 %134 = load i64, i64* %58, align 8 store i64 %134, i64* %55, align 8 br label %135 %136 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %137 = icmp eq %struct.bio.290594* %136, null br i1 %137, label %144, label %138 %139 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %136, i64 0, i32 0 %140 = load %struct.bio.290594*, %struct.bio.290594** %139, align 8 store %struct.bio.290594* %140, %struct.bio.290594** %53, align 16 %141 = icmp eq %struct.bio.290594* %140, null br i1 %141, label %142, label %143 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %143 store %struct.bio.290594* null, %struct.bio.290594** %139, align 8 br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 Function:__submit_bio %2 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %3 = load %struct.block_device.290586*, %struct.block_device.290586** %2, align 8 %4 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 17 %5 = load %struct.gendisk.290584*, %struct.gendisk.290584** %4, align 8 %6 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %5, i64 0, i32 8 %7 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %6, align 8 %8 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %7, i64 0, i32 0 %9 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %8, align 8 %10 = icmp eq void (%struct.bio.290594*)* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 18 %14 = load %struct.request_queue.290802*, %struct.request_queue.290802** %13, align 8 tail call void @__rcu_read_lock() #83 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %14, i64 0, i32 2, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 3 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %21, !prof !4, !misexpect !5 %22 = and i64 %16, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %65 %25 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %14, i64 0, i32 2, i32 1 %26 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %25, align 8 %27 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %65, label %30, !prof !7, !misexpect !5 %31 = phi i64 [ %38, %37 ], [ %28, %24 ] %32 = add i64 %31, 1 %33 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %27, i64 %32, i64* %27, i64 %31) #6, !srcloc !8 %34 = extractvalue { i8, i64 } %33, 0 %35 = and i8 %34, 1 %36 = icmp eq i8 %35, 0 br i1 %36, label %37, label %40, !prof !7, !misexpect !5 %38 = extractvalue { i8, i64 } %33, 1 %39 = icmp eq i64 %38, 0 br i1 %39, label %65, label %30, !prof !7, !misexpect !5 tail call void @__rcu_read_unlock() #83 %66 = tail call i32 @__bio_queue_enter(%struct.request_queue.290802* %14, %struct.bio.290594* %0) #83 Function:__bio_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %5 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %1, i64 0, i32 1 %10 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %1, i64 0, i32 2 %11 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %12 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %13 = bitcast %struct.wait_queue_entry* %3 to i8* %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %15 call void @__rcu_read_lock() #83 %16 = load volatile i64, i64* %4, align 8 %17 = and i64 %16, 3 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %21, !prof !4, !misexpect !5 %22 = and i64 %16, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %60 %25 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %5, align 8 %26 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %25, i64 0, i32 0, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %60, label %29, !prof !7, !misexpect !5 %30 = phi i64 [ %37, %36 ], [ %27, %24 ] %31 = add i64 %30, 1 %32 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %26, i64 %31, i64* %26, i64 %30) #6, !srcloc !8 %33 = extractvalue { i8, i64 } %32, 0 %34 = and i8 %33, 1 %35 = icmp eq i8 %34, 0 br i1 %35, label %36, label %39, !prof !7, !misexpect !5 %37 = extractvalue { i8, i64 } %32, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %60, label %29, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 %61 = load %struct.block_device.290586*, %struct.block_device.290586** %9, align 8 %62 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %61, i64 0, i32 17 %63 = load %struct.gendisk.290584*, %struct.gendisk.290584** %62, align 8 %64 = load i32, i32* %10, align 8 %65 = and i32 %64, 2097152 %66 = icmp eq i32 %65, 0 br i1 %66, label %77, label %67 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %78 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __bio_queue_enter 1 __submit_bio 2 submit_bio_noacct 3 __blk_queue_split 4 blk_queue_split 5 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.687194*, align 8 store %struct.bio.687194* %0, %struct.bio.687194** %2, align 8 %3 = getelementptr inbounds %struct.bio.687194, %struct.bio.687194* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.687194, %struct.bio.687194* %0, i64 0, i32 1 %8 = load %struct.block_device.687185*, %struct.block_device.687185** %7, align 8 %9 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %8, i64 0, i32 17 %10 = load %struct.gendisk.687208*, %struct.gendisk.687208** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.289986**)* @blk_queue_split to void (%struct.bio.687194**)*)(%struct.bio.687194** nonnull %2) #83 Function:blk_queue_split %2 = alloca i32, align 4 %3 = load %struct.bio.289986*, %struct.bio.289986** %0, align 8 %4 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 1 %5 = load %struct.block_device.289982*, %struct.block_device.289982** %4, align 8 %6 = getelementptr inbounds %struct.block_device.289982, %struct.block_device.289982* %5, i64 0, i32 18 %7 = load %struct.request_queue.289873*, %struct.request_queue.289873** %6, align 8 %8 = bitcast i32* %2 to i8* %9 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i8 switch i8 %11, label %12 [ i8 3, label %29 i8 5, label %29 i8 9, label %29 i8 7, label %29 ] %13 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %7, i64 0, i32 32, i32 5 %14 = load i32, i32* %13, align 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %29 call void @__blk_queue_split(%struct.request_queue.289873* %7, %struct.bio.289986** %0, i32* nonnull %2) #83 Function:__blk_queue_split %4 = alloca %struct.bio_vec.289985, align 8 %5 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %6 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 2 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i8 switch i8 %8, label %80 [ i8 3, label %9 i8 5, label %9 i8 9, label %56 i8 7, label %68 ] %69 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 52 store i32 1, i32* %2, align 4 %70 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 32, i32 15 %71 = load i32, i32* %70, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %324, label %73 %74 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 8, i32 1 %75 = load i32, i32* %74, align 8 %76 = lshr i32 %75, 9 %77 = icmp ugt i32 %76, %71 br i1 %77, label %78, label %324 %79 = tail call %struct.bio.289986* @bio_split(%struct.bio.289986* %5, i32 %71, i32 3072, %struct.bio_set.289990* %69) #83 br label %290 %291 = phi %struct.bio.289986* [ %289, %288 ], [ %55, %38 ], [ %67, %66 ], [ %79, %78 ] %292 = icmp eq %struct.bio.289986* %291, null br i1 %292, label %324, label %293 %294 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %291, i64 0, i32 2 %295 = load i32, i32* %294, align 8 %296 = or i32 %295, 16384 store i32 %296, i32* %294, align 8 %297 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void @bio_chain(%struct.bio.289986* nonnull %291, %struct.bio.289986* %297) #83 %298 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %299 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %298, i64 0, i32 8, i32 0 %300 = load i64, i64* %299, align 8 %301 = trunc i64 %300 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %302)) #6 to label %322 [label %302], !srcloc !9 %323 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void bitcast (void (%struct.bio.290594*)* @submit_bio_noacct to void (%struct.bio.289986*)*)(%struct.bio.289986* %323) #83 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.290592], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.290793* %5 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %4, i64 0, i32 128 %6 = load %struct.bio_list.290592*, %struct.bio_list.290592** %5, align 16 %7 = icmp eq %struct.bio_list.290592* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %18 = load %struct.block_device.290586*, %struct.block_device.290586** %17, align 8 %19 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %18, i64 0, i32 17 %20 = load %struct.gendisk.290584*, %struct.gendisk.290584** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %22, i64 0, i32 0 %24 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %23, align 8 %25 = icmp eq void (%struct.bio.290594*)* %24, null %26 = bitcast [2 x %struct.bio_list.290592]* %2 to i8* br i1 %25, label %27, label %44 %45 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 0 %46 = load %struct.bio.290594*, %struct.bio.290594** %45, align 8 %47 = icmp eq %struct.bio.290594* %46, null br i1 %47, label %49, label %48, !prof !5, !misexpect !6 %50 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0 store %struct.bio_list.290592* %50, %struct.bio_list.290592** %5, align 16 %51 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1 %52 = bitcast %struct.bio_list.290592* %51 to i8* %53 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 0 %54 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 1 %55 = bitcast %struct.bio.290594** %54 to i64* %56 = getelementptr inbounds %struct.bio_list.290592, %struct.bio_list.290592* %51, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1, i32 1 %58 = bitcast %struct.bio.290594** %57 to i64* br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 %68 = phi %struct.bio.290594* [ %104, %99 ], [ %65, %59 ] %69 = phi i64 [ %103, %99 ], [ 0, %59 ] %70 = phi %struct.bio.290594* [ %102, %99 ], [ null, %59 ] %71 = phi i64 [ %101, %99 ], [ 0, %59 ] %72 = phi %struct.bio.290594* [ %100, %99 ], [ null, %59 ] %73 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 0 %74 = load %struct.bio.290594*, %struct.bio.290594** %73, align 8 store %struct.bio.290594* %74, %struct.bio.290594** %53, align 16 %75 = icmp eq %struct.bio.290594* %74, null br i1 %75, label %76, label %77 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %77 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 %78 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 1 %79 = load %struct.block_device.290586*, %struct.block_device.290586** %78, align 8 %80 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %79, i64 0, i32 18 %81 = load %struct.request_queue.290802*, %struct.request_queue.290802** %80, align 8 %82 = icmp eq %struct.request_queue.290802* %64, %81 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 br i1 %82, label %83, label %91 %92 = icmp eq i64 %71, 0 br i1 %92, label %96, label %93 %94 = inttoptr i64 %71 to %struct.bio.290594* %95 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %94, i64 0, i32 0 store %struct.bio.290594* %68, %struct.bio.290594** %95, align 8 br label %96 %97 = phi %struct.bio.290594* [ %72, %93 ], [ %68, %91 ] %98 = ptrtoint %struct.bio.290594* %68 to i64 br label %99 %100 = phi %struct.bio.290594* [ %72, %88 ], [ %97, %96 ] %101 = phi i64 [ %71, %88 ], [ %98, %96 ] %102 = phi %struct.bio.290594* [ %89, %88 ], [ %70, %96 ] %103 = phi i64 [ %90, %88 ], [ %69, %96 ] %104 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %105 = icmp eq %struct.bio.290594* %104, null br i1 %105, label %106, label %67 %107 = icmp eq %struct.bio.290594* %100, null br i1 %107, label %115, label %108 %109 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %110 = icmp eq %struct.bio.290594* %109, null br i1 %110, label %113, label %111 store %struct.bio.290594* %100, %struct.bio.290594** %53, align 16 br label %114 store i64 %101, i64* %55, align 8 br label %115 %116 = icmp eq %struct.bio.290594* %102, null br i1 %116, label %124, label %117 %118 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %119 = icmp eq %struct.bio.290594* %118, null br i1 %119, label %122, label %120 store %struct.bio.290594* %102, %struct.bio.290594** %53, align 16 br label %123 store i64 %103, i64* %55, align 8 br label %124 %125 = load %struct.bio.290594*, %struct.bio.290594** %56, align 16 %126 = icmp eq %struct.bio.290594* %125, null br i1 %126, label %135, label %127 %128 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %129 = icmp eq %struct.bio.290594* %128, null br i1 %129, label %132, label %130 store %struct.bio.290594* %125, %struct.bio.290594** %53, align 16 br label %133 %134 = load i64, i64* %58, align 8 store i64 %134, i64* %55, align 8 br label %135 %136 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %137 = icmp eq %struct.bio.290594* %136, null br i1 %137, label %144, label %138 %139 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %136, i64 0, i32 0 %140 = load %struct.bio.290594*, %struct.bio.290594** %139, align 8 store %struct.bio.290594* %140, %struct.bio.290594** %53, align 16 %141 = icmp eq %struct.bio.290594* %140, null br i1 %141, label %142, label %143 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %143 store %struct.bio.290594* null, %struct.bio.290594** %139, align 8 br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 Function:__submit_bio %2 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %3 = load %struct.block_device.290586*, %struct.block_device.290586** %2, align 8 %4 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 17 %5 = load %struct.gendisk.290584*, %struct.gendisk.290584** %4, align 8 %6 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %5, i64 0, i32 8 %7 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %6, align 8 %8 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %7, i64 0, i32 0 %9 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %8, align 8 %10 = icmp eq void (%struct.bio.290594*)* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 18 %14 = load %struct.request_queue.290802*, %struct.request_queue.290802** %13, align 8 tail call void @__rcu_read_lock() #83 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %14, i64 0, i32 2, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 3 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %21, !prof !4, !misexpect !5 %22 = and i64 %16, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %65 %25 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %14, i64 0, i32 2, i32 1 %26 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %25, align 8 %27 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %65, label %30, !prof !7, !misexpect !5 %31 = phi i64 [ %38, %37 ], [ %28, %24 ] %32 = add i64 %31, 1 %33 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %27, i64 %32, i64* %27, i64 %31) #6, !srcloc !8 %34 = extractvalue { i8, i64 } %33, 0 %35 = and i8 %34, 1 %36 = icmp eq i8 %35, 0 br i1 %36, label %37, label %40, !prof !7, !misexpect !5 %38 = extractvalue { i8, i64 } %33, 1 %39 = icmp eq i64 %38, 0 br i1 %39, label %65, label %30, !prof !7, !misexpect !5 tail call void @__rcu_read_unlock() #83 %66 = tail call i32 @__bio_queue_enter(%struct.request_queue.290802* %14, %struct.bio.290594* %0) #83 Function:__bio_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 0 %5 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2, i32 1 %6 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 12, i32 0 %7 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 2 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %1, i64 0, i32 1 %10 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %1, i64 0, i32 2 %11 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 45 %12 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 18 %13 = bitcast %struct.wait_queue_entry* %3 to i8* %14 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %0, i64 0, i32 47 br label %15 call void @__rcu_read_lock() #83 %16 = load volatile i64, i64* %4, align 8 %17 = and i64 %16, 3 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %21, !prof !4, !misexpect !5 %22 = and i64 %16, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %60 %25 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %5, align 8 %26 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %25, i64 0, i32 0, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %60, label %29, !prof !7, !misexpect !5 %30 = phi i64 [ %37, %36 ], [ %27, %24 ] %31 = add i64 %30, 1 %32 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %26, i64 %31, i64* %26, i64 %30) #6, !srcloc !8 %33 = extractvalue { i8, i64 } %32, 0 %34 = and i8 %33, 1 %35 = icmp eq i8 %34, 0 br i1 %35, label %36, label %39, !prof !7, !misexpect !5 %37 = extractvalue { i8, i64 } %32, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %60, label %29, !prof !7, !misexpect !5 call void @__rcu_read_unlock() #83 %61 = load %struct.block_device.290586*, %struct.block_device.290586** %9, align 8 %62 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %61, i64 0, i32 17 %63 = load %struct.gendisk.290584*, %struct.gendisk.290584** %62, align 8 %64 = load i32, i32* %10, align 8 %65 = and i32 %64, 2097152 %66 = icmp eq i32 %65, 0 br i1 %66, label %77, label %67 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %78 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 submit_bio_checks 1 __submit_bio 2 submit_bio_noacct 3 __blk_queue_split 4 blk_queue_split 5 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.688709*, align 8 store %struct.bio.688709* %0, %struct.bio.688709** %2, align 8 %3 = getelementptr inbounds %struct.bio.688709, %struct.bio.688709* %0, i64 0, i32 1 %4 = load %struct.block_device.688705*, %struct.block_device.688705** %3, align 8 %5 = getelementptr inbounds %struct.block_device.688705, %struct.block_device.688705* %4, i64 0, i32 17 %6 = load %struct.gendisk.688433*, %struct.gendisk.688433** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.688433, %struct.gendisk.688433* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 38 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #83 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = icmp eq i8* %13, null br i1 %15, label %16, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 1 %28 = icmp eq i64 %27, 0 %29 = getelementptr inbounds %struct.bio.688709, %struct.bio.688709* %0, i64 0, i32 2 %30 = load i32, i32* %29, align 8 br i1 %28, label %59, label %31, !prof !6, !misexpect !5 %60 = trunc i32 %30 to i8 switch i8 %60, label %63 [ i8 3, label %61 i8 5, label %61 i8 7, label %61 i8 9, label %61 ] call void bitcast (void (%struct.bio.289986**)* @blk_queue_split to void (%struct.bio.688709**)*)(%struct.bio.688709** nonnull %2) #83 Function:blk_queue_split %2 = alloca i32, align 4 %3 = load %struct.bio.289986*, %struct.bio.289986** %0, align 8 %4 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 1 %5 = load %struct.block_device.289982*, %struct.block_device.289982** %4, align 8 %6 = getelementptr inbounds %struct.block_device.289982, %struct.block_device.289982* %5, i64 0, i32 18 %7 = load %struct.request_queue.289873*, %struct.request_queue.289873** %6, align 8 %8 = bitcast i32* %2 to i8* %9 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i8 switch i8 %11, label %12 [ i8 3, label %29 i8 5, label %29 i8 9, label %29 i8 7, label %29 ] %13 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %7, i64 0, i32 32, i32 5 %14 = load i32, i32* %13, align 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %29 call void @__blk_queue_split(%struct.request_queue.289873* %7, %struct.bio.289986** %0, i32* nonnull %2) #83 Function:__blk_queue_split %4 = alloca %struct.bio_vec.289985, align 8 %5 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %6 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 2 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i8 switch i8 %8, label %80 [ i8 3, label %9 i8 5, label %9 i8 9, label %56 i8 7, label %68 ] %69 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 52 store i32 1, i32* %2, align 4 %70 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 32, i32 15 %71 = load i32, i32* %70, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %324, label %73 %74 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 8, i32 1 %75 = load i32, i32* %74, align 8 %76 = lshr i32 %75, 9 %77 = icmp ugt i32 %76, %71 br i1 %77, label %78, label %324 %79 = tail call %struct.bio.289986* @bio_split(%struct.bio.289986* %5, i32 %71, i32 3072, %struct.bio_set.289990* %69) #83 br label %290 %291 = phi %struct.bio.289986* [ %289, %288 ], [ %55, %38 ], [ %67, %66 ], [ %79, %78 ] %292 = icmp eq %struct.bio.289986* %291, null br i1 %292, label %324, label %293 %294 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %291, i64 0, i32 2 %295 = load i32, i32* %294, align 8 %296 = or i32 %295, 16384 store i32 %296, i32* %294, align 8 %297 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void @bio_chain(%struct.bio.289986* nonnull %291, %struct.bio.289986* %297) #83 %298 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %299 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %298, i64 0, i32 8, i32 0 %300 = load i64, i64* %299, align 8 %301 = trunc i64 %300 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %302)) #6 to label %322 [label %302], !srcloc !9 %323 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void bitcast (void (%struct.bio.290594*)* @submit_bio_noacct to void (%struct.bio.289986*)*)(%struct.bio.289986* %323) #83 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.290592], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.290793* %5 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %4, i64 0, i32 128 %6 = load %struct.bio_list.290592*, %struct.bio_list.290592** %5, align 16 %7 = icmp eq %struct.bio_list.290592* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %18 = load %struct.block_device.290586*, %struct.block_device.290586** %17, align 8 %19 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %18, i64 0, i32 17 %20 = load %struct.gendisk.290584*, %struct.gendisk.290584** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %22, i64 0, i32 0 %24 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %23, align 8 %25 = icmp eq void (%struct.bio.290594*)* %24, null %26 = bitcast [2 x %struct.bio_list.290592]* %2 to i8* br i1 %25, label %27, label %44 %45 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 0 %46 = load %struct.bio.290594*, %struct.bio.290594** %45, align 8 %47 = icmp eq %struct.bio.290594* %46, null br i1 %47, label %49, label %48, !prof !5, !misexpect !6 %50 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0 store %struct.bio_list.290592* %50, %struct.bio_list.290592** %5, align 16 %51 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1 %52 = bitcast %struct.bio_list.290592* %51 to i8* %53 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 0 %54 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 1 %55 = bitcast %struct.bio.290594** %54 to i64* %56 = getelementptr inbounds %struct.bio_list.290592, %struct.bio_list.290592* %51, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1, i32 1 %58 = bitcast %struct.bio.290594** %57 to i64* br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 %68 = phi %struct.bio.290594* [ %104, %99 ], [ %65, %59 ] %69 = phi i64 [ %103, %99 ], [ 0, %59 ] %70 = phi %struct.bio.290594* [ %102, %99 ], [ null, %59 ] %71 = phi i64 [ %101, %99 ], [ 0, %59 ] %72 = phi %struct.bio.290594* [ %100, %99 ], [ null, %59 ] %73 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 0 %74 = load %struct.bio.290594*, %struct.bio.290594** %73, align 8 store %struct.bio.290594* %74, %struct.bio.290594** %53, align 16 %75 = icmp eq %struct.bio.290594* %74, null br i1 %75, label %76, label %77 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %77 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 %78 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 1 %79 = load %struct.block_device.290586*, %struct.block_device.290586** %78, align 8 %80 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %79, i64 0, i32 18 %81 = load %struct.request_queue.290802*, %struct.request_queue.290802** %80, align 8 %82 = icmp eq %struct.request_queue.290802* %64, %81 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 br i1 %82, label %83, label %91 %92 = icmp eq i64 %71, 0 br i1 %92, label %96, label %93 %94 = inttoptr i64 %71 to %struct.bio.290594* %95 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %94, i64 0, i32 0 store %struct.bio.290594* %68, %struct.bio.290594** %95, align 8 br label %96 %97 = phi %struct.bio.290594* [ %72, %93 ], [ %68, %91 ] %98 = ptrtoint %struct.bio.290594* %68 to i64 br label %99 %100 = phi %struct.bio.290594* [ %72, %88 ], [ %97, %96 ] %101 = phi i64 [ %71, %88 ], [ %98, %96 ] %102 = phi %struct.bio.290594* [ %89, %88 ], [ %70, %96 ] %103 = phi i64 [ %90, %88 ], [ %69, %96 ] %104 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %105 = icmp eq %struct.bio.290594* %104, null br i1 %105, label %106, label %67 %107 = icmp eq %struct.bio.290594* %100, null br i1 %107, label %115, label %108 %109 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %110 = icmp eq %struct.bio.290594* %109, null br i1 %110, label %113, label %111 store %struct.bio.290594* %100, %struct.bio.290594** %53, align 16 br label %114 store i64 %101, i64* %55, align 8 br label %115 %116 = icmp eq %struct.bio.290594* %102, null br i1 %116, label %124, label %117 %118 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %119 = icmp eq %struct.bio.290594* %118, null br i1 %119, label %122, label %120 store %struct.bio.290594* %102, %struct.bio.290594** %53, align 16 br label %123 store i64 %103, i64* %55, align 8 br label %124 %125 = load %struct.bio.290594*, %struct.bio.290594** %56, align 16 %126 = icmp eq %struct.bio.290594* %125, null br i1 %126, label %135, label %127 %128 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %129 = icmp eq %struct.bio.290594* %128, null br i1 %129, label %132, label %130 store %struct.bio.290594* %125, %struct.bio.290594** %53, align 16 br label %133 %134 = load i64, i64* %58, align 8 store i64 %134, i64* %55, align 8 br label %135 %136 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %137 = icmp eq %struct.bio.290594* %136, null br i1 %137, label %144, label %138 %139 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %136, i64 0, i32 0 %140 = load %struct.bio.290594*, %struct.bio.290594** %139, align 8 store %struct.bio.290594* %140, %struct.bio.290594** %53, align 16 %141 = icmp eq %struct.bio.290594* %140, null br i1 %141, label %142, label %143 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %143 store %struct.bio.290594* null, %struct.bio.290594** %139, align 8 br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 Function:__submit_bio %2 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %3 = load %struct.block_device.290586*, %struct.block_device.290586** %2, align 8 %4 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 17 %5 = load %struct.gendisk.290584*, %struct.gendisk.290584** %4, align 8 %6 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %5, i64 0, i32 8 %7 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %6, align 8 %8 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %7, i64 0, i32 0 %9 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %8, align 8 %10 = icmp eq void (%struct.bio.290594*)* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 18 %14 = load %struct.request_queue.290802*, %struct.request_queue.290802** %13, align 8 tail call void @__rcu_read_lock() #83 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %14, i64 0, i32 2, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 3 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %21, !prof !4, !misexpect !5 %22 = and i64 %16, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %65 %25 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %14, i64 0, i32 2, i32 1 %26 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %25, align 8 %27 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %65, label %30, !prof !7, !misexpect !5 %31 = phi i64 [ %38, %37 ], [ %28, %24 ] %32 = add i64 %31, 1 %33 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %27, i64 %32, i64* %27, i64 %31) #6, !srcloc !8 %34 = extractvalue { i8, i64 } %33, 0 %35 = and i8 %34, 1 %36 = icmp eq i8 %35, 0 br i1 %36, label %37, label %40, !prof !7, !misexpect !5 %38 = extractvalue { i8, i64 } %33, 1 %39 = icmp eq i64 %38, 0 br i1 %39, label %65, label %30, !prof !7, !misexpect !5 tail call void @__rcu_read_unlock() #83 %66 = tail call i32 @__bio_queue_enter(%struct.request_queue.290802* %14, %struct.bio.290594* %0) #83 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %96, !prof !4, !misexpect !5 %69 = tail call zeroext i1 @submit_bio_checks(%struct.bio.290594* %0) #83 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %4 = load %struct.block_device.290586*, %struct.block_device.290586** %3, align 8 %5 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %4, i64 0, i32 18 %6 = load %struct.request_queue.290802*, %struct.request_queue.290802** %5, align 8 %7 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 submit_bio_checks 1 __submit_bio 2 submit_bio_noacct 3 __blk_queue_split 4 blk_queue_split 5 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.687194*, align 8 store %struct.bio.687194* %0, %struct.bio.687194** %2, align 8 %3 = getelementptr inbounds %struct.bio.687194, %struct.bio.687194* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.687194, %struct.bio.687194* %0, i64 0, i32 1 %8 = load %struct.block_device.687185*, %struct.block_device.687185** %7, align 8 %9 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %8, i64 0, i32 17 %10 = load %struct.gendisk.687208*, %struct.gendisk.687208** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.289986**)* @blk_queue_split to void (%struct.bio.687194**)*)(%struct.bio.687194** nonnull %2) #83 Function:blk_queue_split %2 = alloca i32, align 4 %3 = load %struct.bio.289986*, %struct.bio.289986** %0, align 8 %4 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 1 %5 = load %struct.block_device.289982*, %struct.block_device.289982** %4, align 8 %6 = getelementptr inbounds %struct.block_device.289982, %struct.block_device.289982* %5, i64 0, i32 18 %7 = load %struct.request_queue.289873*, %struct.request_queue.289873** %6, align 8 %8 = bitcast i32* %2 to i8* %9 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i8 switch i8 %11, label %12 [ i8 3, label %29 i8 5, label %29 i8 9, label %29 i8 7, label %29 ] %13 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %7, i64 0, i32 32, i32 5 %14 = load i32, i32* %13, align 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %29 call void @__blk_queue_split(%struct.request_queue.289873* %7, %struct.bio.289986** %0, i32* nonnull %2) #83 Function:__blk_queue_split %4 = alloca %struct.bio_vec.289985, align 8 %5 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %6 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 2 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i8 switch i8 %8, label %80 [ i8 3, label %9 i8 5, label %9 i8 9, label %56 i8 7, label %68 ] %69 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 52 store i32 1, i32* %2, align 4 %70 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 32, i32 15 %71 = load i32, i32* %70, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %324, label %73 %74 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 8, i32 1 %75 = load i32, i32* %74, align 8 %76 = lshr i32 %75, 9 %77 = icmp ugt i32 %76, %71 br i1 %77, label %78, label %324 %79 = tail call %struct.bio.289986* @bio_split(%struct.bio.289986* %5, i32 %71, i32 3072, %struct.bio_set.289990* %69) #83 br label %290 %291 = phi %struct.bio.289986* [ %289, %288 ], [ %55, %38 ], [ %67, %66 ], [ %79, %78 ] %292 = icmp eq %struct.bio.289986* %291, null br i1 %292, label %324, label %293 %294 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %291, i64 0, i32 2 %295 = load i32, i32* %294, align 8 %296 = or i32 %295, 16384 store i32 %296, i32* %294, align 8 %297 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void @bio_chain(%struct.bio.289986* nonnull %291, %struct.bio.289986* %297) #83 %298 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %299 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %298, i64 0, i32 8, i32 0 %300 = load i64, i64* %299, align 8 %301 = trunc i64 %300 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %302)) #6 to label %322 [label %302], !srcloc !9 %323 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void bitcast (void (%struct.bio.290594*)* @submit_bio_noacct to void (%struct.bio.289986*)*)(%struct.bio.289986* %323) #83 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.290592], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.290793* %5 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %4, i64 0, i32 128 %6 = load %struct.bio_list.290592*, %struct.bio_list.290592** %5, align 16 %7 = icmp eq %struct.bio_list.290592* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %18 = load %struct.block_device.290586*, %struct.block_device.290586** %17, align 8 %19 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %18, i64 0, i32 17 %20 = load %struct.gendisk.290584*, %struct.gendisk.290584** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %22, i64 0, i32 0 %24 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %23, align 8 %25 = icmp eq void (%struct.bio.290594*)* %24, null %26 = bitcast [2 x %struct.bio_list.290592]* %2 to i8* br i1 %25, label %27, label %44 %45 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 0 %46 = load %struct.bio.290594*, %struct.bio.290594** %45, align 8 %47 = icmp eq %struct.bio.290594* %46, null br i1 %47, label %49, label %48, !prof !5, !misexpect !6 %50 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0 store %struct.bio_list.290592* %50, %struct.bio_list.290592** %5, align 16 %51 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1 %52 = bitcast %struct.bio_list.290592* %51 to i8* %53 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 0 %54 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 1 %55 = bitcast %struct.bio.290594** %54 to i64* %56 = getelementptr inbounds %struct.bio_list.290592, %struct.bio_list.290592* %51, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1, i32 1 %58 = bitcast %struct.bio.290594** %57 to i64* br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 %68 = phi %struct.bio.290594* [ %104, %99 ], [ %65, %59 ] %69 = phi i64 [ %103, %99 ], [ 0, %59 ] %70 = phi %struct.bio.290594* [ %102, %99 ], [ null, %59 ] %71 = phi i64 [ %101, %99 ], [ 0, %59 ] %72 = phi %struct.bio.290594* [ %100, %99 ], [ null, %59 ] %73 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 0 %74 = load %struct.bio.290594*, %struct.bio.290594** %73, align 8 store %struct.bio.290594* %74, %struct.bio.290594** %53, align 16 %75 = icmp eq %struct.bio.290594* %74, null br i1 %75, label %76, label %77 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %77 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 %78 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 1 %79 = load %struct.block_device.290586*, %struct.block_device.290586** %78, align 8 %80 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %79, i64 0, i32 18 %81 = load %struct.request_queue.290802*, %struct.request_queue.290802** %80, align 8 %82 = icmp eq %struct.request_queue.290802* %64, %81 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 br i1 %82, label %83, label %91 %92 = icmp eq i64 %71, 0 br i1 %92, label %96, label %93 %94 = inttoptr i64 %71 to %struct.bio.290594* %95 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %94, i64 0, i32 0 store %struct.bio.290594* %68, %struct.bio.290594** %95, align 8 br label %96 %97 = phi %struct.bio.290594* [ %72, %93 ], [ %68, %91 ] %98 = ptrtoint %struct.bio.290594* %68 to i64 br label %99 %100 = phi %struct.bio.290594* [ %72, %88 ], [ %97, %96 ] %101 = phi i64 [ %71, %88 ], [ %98, %96 ] %102 = phi %struct.bio.290594* [ %89, %88 ], [ %70, %96 ] %103 = phi i64 [ %90, %88 ], [ %69, %96 ] %104 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %105 = icmp eq %struct.bio.290594* %104, null br i1 %105, label %106, label %67 %107 = icmp eq %struct.bio.290594* %100, null br i1 %107, label %115, label %108 %109 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %110 = icmp eq %struct.bio.290594* %109, null br i1 %110, label %113, label %111 store %struct.bio.290594* %100, %struct.bio.290594** %53, align 16 br label %114 store i64 %101, i64* %55, align 8 br label %115 %116 = icmp eq %struct.bio.290594* %102, null br i1 %116, label %124, label %117 %118 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %119 = icmp eq %struct.bio.290594* %118, null br i1 %119, label %122, label %120 store %struct.bio.290594* %102, %struct.bio.290594** %53, align 16 br label %123 store i64 %103, i64* %55, align 8 br label %124 %125 = load %struct.bio.290594*, %struct.bio.290594** %56, align 16 %126 = icmp eq %struct.bio.290594* %125, null br i1 %126, label %135, label %127 %128 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %129 = icmp eq %struct.bio.290594* %128, null br i1 %129, label %132, label %130 store %struct.bio.290594* %125, %struct.bio.290594** %53, align 16 br label %133 %134 = load i64, i64* %58, align 8 store i64 %134, i64* %55, align 8 br label %135 %136 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %137 = icmp eq %struct.bio.290594* %136, null br i1 %137, label %144, label %138 %139 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %136, i64 0, i32 0 %140 = load %struct.bio.290594*, %struct.bio.290594** %139, align 8 store %struct.bio.290594* %140, %struct.bio.290594** %53, align 16 %141 = icmp eq %struct.bio.290594* %140, null br i1 %141, label %142, label %143 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %143 store %struct.bio.290594* null, %struct.bio.290594** %139, align 8 br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 Function:__submit_bio %2 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %3 = load %struct.block_device.290586*, %struct.block_device.290586** %2, align 8 %4 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 17 %5 = load %struct.gendisk.290584*, %struct.gendisk.290584** %4, align 8 %6 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %5, i64 0, i32 8 %7 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %6, align 8 %8 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %7, i64 0, i32 0 %9 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %8, align 8 %10 = icmp eq void (%struct.bio.290594*)* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 18 %14 = load %struct.request_queue.290802*, %struct.request_queue.290802** %13, align 8 tail call void @__rcu_read_lock() #83 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %14, i64 0, i32 2, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 3 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %21, !prof !4, !misexpect !5 %22 = and i64 %16, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %65 %25 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %14, i64 0, i32 2, i32 1 %26 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %25, align 8 %27 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %65, label %30, !prof !7, !misexpect !5 %31 = phi i64 [ %38, %37 ], [ %28, %24 ] %32 = add i64 %31, 1 %33 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %27, i64 %32, i64* %27, i64 %31) #6, !srcloc !8 %34 = extractvalue { i8, i64 } %33, 0 %35 = and i8 %34, 1 %36 = icmp eq i8 %35, 0 br i1 %36, label %37, label %40, !prof !7, !misexpect !5 %38 = extractvalue { i8, i64 } %33, 1 %39 = icmp eq i64 %38, 0 br i1 %39, label %65, label %30, !prof !7, !misexpect !5 tail call void @__rcu_read_unlock() #83 %66 = tail call i32 @__bio_queue_enter(%struct.request_queue.290802* %14, %struct.bio.290594* %0) #83 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %96, !prof !4, !misexpect !5 %69 = tail call zeroext i1 @submit_bio_checks(%struct.bio.290594* %0) #83 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %4 = load %struct.block_device.290586*, %struct.block_device.290586** %3, align 8 %5 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %4, i64 0, i32 18 %6 = load %struct.request_queue.290802*, %struct.request_queue.290802** %5, align 8 %7 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_key_construction 1 lookup_user_key 2 __se_sys_keyctl 3 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 store %struct.key.264821* %258, %struct.key.264821** %5, align 8 %259 = icmp ugt %struct.key.264821* %258, inttoptr (i64 -4096 to %struct.key.264821*) br i1 %259, label %260, label %262 %263 = ptrtoint %struct.key.264821* %258 to i64 %264 = bitcast %struct.key.264821* %258 to %struct.__key_reference_with_attributes* %265 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %258, i64 0, i32 15, i32 0 %266 = bitcast %struct.keyring_index_key.264817* %265 to i8* %267 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 2, i32 1 %268 = bitcast i8** %267 to i64* store i64 %263, i64* %268, align 8 call void @__rcu_read_lock() #83 %269 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 %270 = icmp ugt %struct.__key_reference_with_attributes* %269, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %270, label %271, label %308 %272 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %273 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %272, i64 0, i32 19 %274 = load %struct.key.264821*, %struct.key.264821** %273, align 8 %275 = icmp eq %struct.key.264821* %274, null br i1 %275, label %299, label %276 %277 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %278 = icmp eq %struct.cred.265010* %272, %277 br i1 %278, label %279, label %299 %280 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 0, i32 2 %281 = load %struct.key_type.265226*, %struct.key_type.265226** %280, align 8 %282 = icmp eq %struct.key_type.265226* %281, bitcast ({ i8*, i64, i32, i32 (i8*)*, i32 (%struct.key_preparsed_payload*)*, void (%struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key_match_data.265574*)*, void (%struct.key_match_data.265574*)*, void (%struct.key.265828*)*, void (%struct.key.265828*)*, void (%struct.key.265828*, %struct.seq_file.265818*)*, i64 (%struct.key.265828*, i8*, i64)*, i32 (%struct.key.265828*, i8*)*, %struct.key_restriction.265819* (i8*)*, i32 (%struct.kernel_pkey_params.265821*, %struct.kernel_pkey_query*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, %struct.list_head, %struct.lockdep_map }* @key_type_request_key_auth to %struct.key_type.265226*) br i1 %282, label %299, label %283 %284 = call i32 bitcast (i32 (%struct.key.237885*)* @key_validate to i32 (%struct.key.264821*)*)(%struct.key.264821* nonnull %274) #83 %285 = icmp eq i32 %284, 0 br i1 %285, label %286, label %299 %287 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %288 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %287, i64 0, i32 19 %289 = load %struct.key.264821*, %struct.key.264821** %288, align 8 %290 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %289, i64 0, i32 16, i32 0, i32 0, i64 0 %291 = bitcast i8** %290 to %struct.request_key_auth.265231** %292 = load %struct.request_key_auth.265231*, %struct.request_key_auth.265231** %291, align 8 %293 = getelementptr inbounds %struct.request_key_auth.265231, %struct.request_key_auth.265231* %292, i64 0, i32 3 %294 = bitcast %struct.cred.265010** %293 to i64* %295 = load i64, i64* %294, align 8 %296 = bitcast %struct.cred.265010** %13 to i64* store i64 %295, i64* %296, align 8 %297 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 store %struct.cred.265010* %272, %struct.cred.265010** %13, align 8 %298 = icmp ugt %struct.__key_reference_with_attributes* %297, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %298, label %299, label %308 %300 = phi %struct.__key_reference_with_attributes* [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %279 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %276 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %271 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %283 ], [ %297, %286 ] %301 = icmp eq %struct.__key_reference_with_attributes* %269, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %302 = icmp eq %struct.__key_reference_with_attributes* %300, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %303 = or i1 %301, %302 br i1 %303, label %304, label %305 call void @__rcu_read_unlock() #83 br label %313 %314 = phi %struct.__key_reference_with_attributes* [ %264, %308 ], [ %309, %311 ], [ %254, %251 ], [ %212, %208 ], [ %192, %188 ], [ %184, %180 ], [ %176, %172 ], [ %123, %119 ], [ %73, %69 ], [ %264, %304 ] %315 = icmp eq i32 %2, 7 br i1 %315, label %336, label %316 %317 = and i64 %1, 2 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %325 %320 = load %struct.key.264821*, %struct.key.264821** %5, align 8 %321 = call i32 bitcast (i32 (%struct.key.237885*, i1)* @wait_for_key_construction to i32 (%struct.key.264821*, i1)*)(%struct.key.264821* %320, i1 zeroext true) #83 Function:wait_for_key_construction %3 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %0, i64 0, i32 14 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_key_construction 1 lookup_user_key 2 __se_sys_keyctl 3 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 store %struct.key.264821* %258, %struct.key.264821** %5, align 8 %259 = icmp ugt %struct.key.264821* %258, inttoptr (i64 -4096 to %struct.key.264821*) br i1 %259, label %260, label %262 %263 = ptrtoint %struct.key.264821* %258 to i64 %264 = bitcast %struct.key.264821* %258 to %struct.__key_reference_with_attributes* %265 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %258, i64 0, i32 15, i32 0 %266 = bitcast %struct.keyring_index_key.264817* %265 to i8* %267 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 2, i32 1 %268 = bitcast i8** %267 to i64* store i64 %263, i64* %268, align 8 call void @__rcu_read_lock() #83 %269 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 %270 = icmp ugt %struct.__key_reference_with_attributes* %269, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %270, label %271, label %308 %272 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %273 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %272, i64 0, i32 19 %274 = load %struct.key.264821*, %struct.key.264821** %273, align 8 %275 = icmp eq %struct.key.264821* %274, null br i1 %275, label %299, label %276 %277 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %278 = icmp eq %struct.cred.265010* %272, %277 br i1 %278, label %279, label %299 %280 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 0, i32 2 %281 = load %struct.key_type.265226*, %struct.key_type.265226** %280, align 8 %282 = icmp eq %struct.key_type.265226* %281, bitcast ({ i8*, i64, i32, i32 (i8*)*, i32 (%struct.key_preparsed_payload*)*, void (%struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key_match_data.265574*)*, void (%struct.key_match_data.265574*)*, void (%struct.key.265828*)*, void (%struct.key.265828*)*, void (%struct.key.265828*, %struct.seq_file.265818*)*, i64 (%struct.key.265828*, i8*, i64)*, i32 (%struct.key.265828*, i8*)*, %struct.key_restriction.265819* (i8*)*, i32 (%struct.kernel_pkey_params.265821*, %struct.kernel_pkey_query*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, %struct.list_head, %struct.lockdep_map }* @key_type_request_key_auth to %struct.key_type.265226*) br i1 %282, label %299, label %283 %284 = call i32 bitcast (i32 (%struct.key.237885*)* @key_validate to i32 (%struct.key.264821*)*)(%struct.key.264821* nonnull %274) #83 %285 = icmp eq i32 %284, 0 br i1 %285, label %286, label %299 %287 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %288 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %287, i64 0, i32 19 %289 = load %struct.key.264821*, %struct.key.264821** %288, align 8 %290 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %289, i64 0, i32 16, i32 0, i32 0, i64 0 %291 = bitcast i8** %290 to %struct.request_key_auth.265231** %292 = load %struct.request_key_auth.265231*, %struct.request_key_auth.265231** %291, align 8 %293 = getelementptr inbounds %struct.request_key_auth.265231, %struct.request_key_auth.265231* %292, i64 0, i32 3 %294 = bitcast %struct.cred.265010** %293 to i64* %295 = load i64, i64* %294, align 8 %296 = bitcast %struct.cred.265010** %13 to i64* store i64 %295, i64* %296, align 8 %297 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 store %struct.cred.265010* %272, %struct.cred.265010** %13, align 8 %298 = icmp ugt %struct.__key_reference_with_attributes* %297, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %298, label %299, label %308 %300 = phi %struct.__key_reference_with_attributes* [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %279 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %276 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %271 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %283 ], [ %297, %286 ] %301 = icmp eq %struct.__key_reference_with_attributes* %269, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %302 = icmp eq %struct.__key_reference_with_attributes* %300, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %303 = or i1 %301, %302 br i1 %303, label %304, label %305 call void @__rcu_read_unlock() #83 br label %313 %314 = phi %struct.__key_reference_with_attributes* [ %264, %308 ], [ %309, %311 ], [ %254, %251 ], [ %212, %208 ], [ %192, %188 ], [ %184, %180 ], [ %176, %172 ], [ %123, %119 ], [ %73, %69 ], [ %264, %304 ] %315 = icmp eq i32 %2, 7 br i1 %315, label %336, label %316 %317 = and i64 %1, 2 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %325 %320 = load %struct.key.264821*, %struct.key.264821** %5, align 8 %321 = call i32 bitcast (i32 (%struct.key.237885*, i1)* @wait_for_key_construction to i32 (%struct.key.264821*, i1)*)(%struct.key.264821* %320, i1 zeroext true) #83 Function:wait_for_key_construction %3 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %0, i64 0, i32 14 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_key_construction 1 lookup_user_key 2 keyctl_keyring_move 3 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 store %struct.key.264821* %258, %struct.key.264821** %5, align 8 %259 = icmp ugt %struct.key.264821* %258, inttoptr (i64 -4096 to %struct.key.264821*) br i1 %259, label %260, label %262 %263 = ptrtoint %struct.key.264821* %258 to i64 %264 = bitcast %struct.key.264821* %258 to %struct.__key_reference_with_attributes* %265 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %258, i64 0, i32 15, i32 0 %266 = bitcast %struct.keyring_index_key.264817* %265 to i8* %267 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 2, i32 1 %268 = bitcast i8** %267 to i64* store i64 %263, i64* %268, align 8 call void @__rcu_read_lock() #83 %269 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 %270 = icmp ugt %struct.__key_reference_with_attributes* %269, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %270, label %271, label %308 %272 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %273 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %272, i64 0, i32 19 %274 = load %struct.key.264821*, %struct.key.264821** %273, align 8 %275 = icmp eq %struct.key.264821* %274, null br i1 %275, label %299, label %276 %277 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %278 = icmp eq %struct.cred.265010* %272, %277 br i1 %278, label %279, label %299 %280 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 0, i32 2 %281 = load %struct.key_type.265226*, %struct.key_type.265226** %280, align 8 %282 = icmp eq %struct.key_type.265226* %281, bitcast ({ i8*, i64, i32, i32 (i8*)*, i32 (%struct.key_preparsed_payload*)*, void (%struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key_match_data.265574*)*, void (%struct.key_match_data.265574*)*, void (%struct.key.265828*)*, void (%struct.key.265828*)*, void (%struct.key.265828*, %struct.seq_file.265818*)*, i64 (%struct.key.265828*, i8*, i64)*, i32 (%struct.key.265828*, i8*)*, %struct.key_restriction.265819* (i8*)*, i32 (%struct.kernel_pkey_params.265821*, %struct.kernel_pkey_query*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, %struct.list_head, %struct.lockdep_map }* @key_type_request_key_auth to %struct.key_type.265226*) br i1 %282, label %299, label %283 %284 = call i32 bitcast (i32 (%struct.key.237885*)* @key_validate to i32 (%struct.key.264821*)*)(%struct.key.264821* nonnull %274) #83 %285 = icmp eq i32 %284, 0 br i1 %285, label %286, label %299 %287 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %288 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %287, i64 0, i32 19 %289 = load %struct.key.264821*, %struct.key.264821** %288, align 8 %290 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %289, i64 0, i32 16, i32 0, i32 0, i64 0 %291 = bitcast i8** %290 to %struct.request_key_auth.265231** %292 = load %struct.request_key_auth.265231*, %struct.request_key_auth.265231** %291, align 8 %293 = getelementptr inbounds %struct.request_key_auth.265231, %struct.request_key_auth.265231* %292, i64 0, i32 3 %294 = bitcast %struct.cred.265010** %293 to i64* %295 = load i64, i64* %294, align 8 %296 = bitcast %struct.cred.265010** %13 to i64* store i64 %295, i64* %296, align 8 %297 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 store %struct.cred.265010* %272, %struct.cred.265010** %13, align 8 %298 = icmp ugt %struct.__key_reference_with_attributes* %297, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %298, label %299, label %308 %300 = phi %struct.__key_reference_with_attributes* [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %279 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %276 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %271 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %283 ], [ %297, %286 ] %301 = icmp eq %struct.__key_reference_with_attributes* %269, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %302 = icmp eq %struct.__key_reference_with_attributes* %300, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %303 = or i1 %301, %302 br i1 %303, label %304, label %305 call void @__rcu_read_unlock() #83 br label %313 %314 = phi %struct.__key_reference_with_attributes* [ %264, %308 ], [ %309, %311 ], [ %254, %251 ], [ %212, %208 ], [ %192, %188 ], [ %184, %180 ], [ %176, %172 ], [ %123, %119 ], [ %73, %69 ], [ %264, %304 ] %315 = icmp eq i32 %2, 7 br i1 %315, label %336, label %316 %317 = and i64 %1, 2 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %325 %320 = load %struct.key.264821*, %struct.key.264821** %5, align 8 %321 = call i32 bitcast (i32 (%struct.key.237885*, i1)* @wait_for_key_construction to i32 (%struct.key.264821*, i1)*)(%struct.key.264821* %320, i1 zeroext true) #83 Function:wait_for_key_construction %3 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %0, i64 0, i32 14 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_key_construction 1 lookup_user_key 2 __se_sys_add_key 3 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 store %struct.key.264821* %258, %struct.key.264821** %5, align 8 %259 = icmp ugt %struct.key.264821* %258, inttoptr (i64 -4096 to %struct.key.264821*) br i1 %259, label %260, label %262 %263 = ptrtoint %struct.key.264821* %258 to i64 %264 = bitcast %struct.key.264821* %258 to %struct.__key_reference_with_attributes* %265 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %258, i64 0, i32 15, i32 0 %266 = bitcast %struct.keyring_index_key.264817* %265 to i8* %267 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 2, i32 1 %268 = bitcast i8** %267 to i64* store i64 %263, i64* %268, align 8 call void @__rcu_read_lock() #83 %269 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 %270 = icmp ugt %struct.__key_reference_with_attributes* %269, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %270, label %271, label %308 %272 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %273 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %272, i64 0, i32 19 %274 = load %struct.key.264821*, %struct.key.264821** %273, align 8 %275 = icmp eq %struct.key.264821* %274, null br i1 %275, label %299, label %276 %277 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %278 = icmp eq %struct.cred.265010* %272, %277 br i1 %278, label %279, label %299 %280 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 0, i32 2 %281 = load %struct.key_type.265226*, %struct.key_type.265226** %280, align 8 %282 = icmp eq %struct.key_type.265226* %281, bitcast ({ i8*, i64, i32, i32 (i8*)*, i32 (%struct.key_preparsed_payload*)*, void (%struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key_match_data.265574*)*, void (%struct.key_match_data.265574*)*, void (%struct.key.265828*)*, void (%struct.key.265828*)*, void (%struct.key.265828*, %struct.seq_file.265818*)*, i64 (%struct.key.265828*, i8*, i64)*, i32 (%struct.key.265828*, i8*)*, %struct.key_restriction.265819* (i8*)*, i32 (%struct.kernel_pkey_params.265821*, %struct.kernel_pkey_query*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, %struct.list_head, %struct.lockdep_map }* @key_type_request_key_auth to %struct.key_type.265226*) br i1 %282, label %299, label %283 %284 = call i32 bitcast (i32 (%struct.key.237885*)* @key_validate to i32 (%struct.key.264821*)*)(%struct.key.264821* nonnull %274) #83 %285 = icmp eq i32 %284, 0 br i1 %285, label %286, label %299 %287 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %288 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %287, i64 0, i32 19 %289 = load %struct.key.264821*, %struct.key.264821** %288, align 8 %290 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %289, i64 0, i32 16, i32 0, i32 0, i64 0 %291 = bitcast i8** %290 to %struct.request_key_auth.265231** %292 = load %struct.request_key_auth.265231*, %struct.request_key_auth.265231** %291, align 8 %293 = getelementptr inbounds %struct.request_key_auth.265231, %struct.request_key_auth.265231* %292, i64 0, i32 3 %294 = bitcast %struct.cred.265010** %293 to i64* %295 = load i64, i64* %294, align 8 %296 = bitcast %struct.cred.265010** %13 to i64* store i64 %295, i64* %296, align 8 %297 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 store %struct.cred.265010* %272, %struct.cred.265010** %13, align 8 %298 = icmp ugt %struct.__key_reference_with_attributes* %297, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %298, label %299, label %308 %300 = phi %struct.__key_reference_with_attributes* [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %279 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %276 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %271 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %283 ], [ %297, %286 ] %301 = icmp eq %struct.__key_reference_with_attributes* %269, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %302 = icmp eq %struct.__key_reference_with_attributes* %300, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %303 = or i1 %301, %302 br i1 %303, label %304, label %305 call void @__rcu_read_unlock() #83 br label %313 %314 = phi %struct.__key_reference_with_attributes* [ %264, %308 ], [ %309, %311 ], [ %254, %251 ], [ %212, %208 ], [ %192, %188 ], [ %184, %180 ], [ %176, %172 ], [ %123, %119 ], [ %73, %69 ], [ %264, %304 ] %315 = icmp eq i32 %2, 7 br i1 %315, label %336, label %316 %317 = and i64 %1, 2 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %325 %320 = load %struct.key.264821*, %struct.key.264821** %5, align 8 %321 = call i32 bitcast (i32 (%struct.key.237885*, i1)* @wait_for_key_construction to i32 (%struct.key.264821*, i1)*)(%struct.key.264821* %320, i1 zeroext true) #83 Function:wait_for_key_construction %3 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %0, i64 0, i32 14 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 wait_for_key_construction 1 lookup_user_key 2 __se_sys_add_key 3 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %256 = icmp slt i32 %0, 1 br i1 %256, label %347, label %257 %258 = call %struct.key.264821* bitcast (%struct.key.237885* (i32)* @key_lookup to %struct.key.264821* (i32)*)(i32 %0) #83 store %struct.key.264821* %258, %struct.key.264821** %5, align 8 %259 = icmp ugt %struct.key.264821* %258, inttoptr (i64 -4096 to %struct.key.264821*) br i1 %259, label %260, label %262 %263 = ptrtoint %struct.key.264821* %258 to i64 %264 = bitcast %struct.key.264821* %258 to %struct.__key_reference_with_attributes* %265 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %258, i64 0, i32 15, i32 0 %266 = bitcast %struct.keyring_index_key.264817* %265 to i8* %267 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 2, i32 1 %268 = bitcast i8** %267 to i64* store i64 %263, i64* %268, align 8 call void @__rcu_read_lock() #83 %269 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 %270 = icmp ugt %struct.__key_reference_with_attributes* %269, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %270, label %271, label %308 %272 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %273 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %272, i64 0, i32 19 %274 = load %struct.key.264821*, %struct.key.264821** %273, align 8 %275 = icmp eq %struct.key.264821* %274, null br i1 %275, label %299, label %276 %277 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %278 = icmp eq %struct.cred.265010* %272, %277 br i1 %278, label %279, label %299 %280 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 0, i32 2 %281 = load %struct.key_type.265226*, %struct.key_type.265226** %280, align 8 %282 = icmp eq %struct.key_type.265226* %281, bitcast ({ i8*, i64, i32, i32 (i8*)*, i32 (%struct.key_preparsed_payload*)*, void (%struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key.265828*, %struct.key_preparsed_payload*)*, i32 (%struct.key_match_data.265574*)*, void (%struct.key_match_data.265574*)*, void (%struct.key.265828*)*, void (%struct.key.265828*)*, void (%struct.key.265828*, %struct.seq_file.265818*)*, i64 (%struct.key.265828*, i8*, i64)*, i32 (%struct.key.265828*, i8*)*, %struct.key_restriction.265819* (i8*)*, i32 (%struct.kernel_pkey_params.265821*, %struct.kernel_pkey_query*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, i32 (%struct.kernel_pkey_params.265821*, i8*, i8*)*, %struct.list_head, %struct.lockdep_map }* @key_type_request_key_auth to %struct.key_type.265226*) br i1 %282, label %299, label %283 %284 = call i32 bitcast (i32 (%struct.key.237885*)* @key_validate to i32 (%struct.key.264821*)*)(%struct.key.264821* nonnull %274) #83 %285 = icmp eq i32 %284, 0 br i1 %285, label %286, label %299 %287 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %288 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %287, i64 0, i32 19 %289 = load %struct.key.264821*, %struct.key.264821** %288, align 8 %290 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %289, i64 0, i32 16, i32 0, i32 0, i64 0 %291 = bitcast i8** %290 to %struct.request_key_auth.265231** %292 = load %struct.request_key_auth.265231*, %struct.request_key_auth.265231** %291, align 8 %293 = getelementptr inbounds %struct.request_key_auth.265231, %struct.request_key_auth.265231* %292, i64 0, i32 3 %294 = bitcast %struct.cred.265010** %293 to i64* %295 = load i64, i64* %294, align 8 %296 = bitcast %struct.cred.265010** %13 to i64* store i64 %295, i64* %296, align 8 %297 = call %struct.__key_reference_with_attributes* @search_cred_keyrings_rcu(%struct.keyring_search_context.265228* nonnull %4) #83 store %struct.cred.265010* %272, %struct.cred.265010** %13, align 8 %298 = icmp ugt %struct.__key_reference_with_attributes* %297, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %298, label %299, label %308 %300 = phi %struct.__key_reference_with_attributes* [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %279 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %276 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %271 ], [ inttoptr (i64 -13 to %struct.__key_reference_with_attributes*), %283 ], [ %297, %286 ] %301 = icmp eq %struct.__key_reference_with_attributes* %269, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %302 = icmp eq %struct.__key_reference_with_attributes* %300, inttoptr (i64 -126 to %struct.__key_reference_with_attributes*) %303 = or i1 %301, %302 br i1 %303, label %304, label %305 call void @__rcu_read_unlock() #83 br label %313 %314 = phi %struct.__key_reference_with_attributes* [ %264, %308 ], [ %309, %311 ], [ %254, %251 ], [ %212, %208 ], [ %192, %188 ], [ %184, %180 ], [ %176, %172 ], [ %123, %119 ], [ %73, %69 ], [ %264, %304 ] %315 = icmp eq i32 %2, 7 br i1 %315, label %336, label %316 %317 = and i64 %1, 2 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %325 %320 = load %struct.key.264821*, %struct.key.264821** %5, align 8 %321 = call i32 bitcast (i32 (%struct.key.237885*, i1)* @wait_for_key_construction to i32 (%struct.key.264821*, i1)*)(%struct.key.264821* %320, i1 zeroext true) #83 Function:wait_for_key_construction %3 = getelementptr inbounds %struct.key.237885, %struct.key.237885* %0, i64 0, i32 14 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_clear_invalid_mapping 1 nfs_revalidate_mapping 2 nfs_readdir ------------- Path:  Function:nfs_readdir %3 = alloca [2 x i32], align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 67108864 %10 = icmp eq i32 %9, 0 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = phi %struct.dentry* [ %18, %11 ], [ %6, %2 ] %21 = getelementptr inbounds %struct.dentry, %struct.dentry* %20, i64 0, i32 5 %22 = load %struct.inode*, %struct.inode** %21, align 8 %23 = getelementptr %struct.inode, %struct.inode* %22, i64 -1, i32 24, i32 4 %24 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.nfs_open_dir_context** %26 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %22, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 28 %30 = bitcast i8** %29 to %struct.nfs_server.212651** %31 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %30, align 16 %32 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %31, i64 0, i32 6 %33 = load %struct.nfs_iostats*, %struct.nfs_iostats** %32, align 8 %34 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %33, i64 0, i32 1, i64 12 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !6 %35 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %41, label %38 %39 = tail call i32 bitcast (i32 (%struct.inode.214835*)* @nfs_attribute_cache_expired to i32 (%struct.inode*)*)(%struct.inode* %22) #83 %40 = icmp eq i32 %39, 0 br i1 %40, label %46, label %41 %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %43 = load %struct.address_space*, %struct.address_space** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.inode.214835*, %struct.address_space.214836*)* @nfs_revalidate_mapping to i32 (%struct.inode*, %struct.address_space*)*)(%struct.inode* %22, %struct.address_space* %43) #83 Function:nfs_revalidate_mapping %3 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 256 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %59 %8 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 9, i32 1 %10 = bitcast %struct.list_head** %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 256 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %49 %15 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %16 = load %struct.super_block.214819*, %struct.super_block.214819** %15, align 8 %17 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.214962** %19 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %19, i64 0, i32 0 %21 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %20, align 8 %22 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %21, i64 0, i32 12 %23 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %22, align 8 %24 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %23, i64 0, i32 47 %25 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %24, align 8 %26 = tail call i32 %25(%struct.inode.214835* %0, i32 1) #83 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %43 %44 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 9 %45 = bitcast %struct.list_head* %44 to i64* %46 = load volatile i64, i64* %45, align 8 %47 = and i64 %46, 2 %48 = icmp eq i64 %47, 0 br i1 %48, label %57, label %49 %58 = tail call i32 @nfs_clear_invalid_mapping(%struct.address_space.214836* %1) #84 Function:nfs_clear_invalid_mapping %2 = getelementptr inbounds %struct.address_space.214836, %struct.address_space.214836* %0, i64 0, i32 0 %3 = load %struct.inode.214835*, %struct.inode.214835** %2, align 8 %4 = getelementptr %struct.inode.214835, %struct.inode.214835* %3, i64 -1, i32 24, i32 4 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 9 %6 = bitcast %struct.list_head* %5 to i64* %7 = bitcast %struct.list_head* %5 to i8* %8 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %3, i64 0, i32 18, i32 0, i32 0 br label %9 %10 = tail call i32 @__SCT__might_resched() #83 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %18 = load volatile i64, i64* %6, align 8 %19 = and i64 %18, 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %22, label %21 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 br label %9 %10 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __ext4_find_entry 1 ext4_lookup ------------- Path:  Function:ext4_lookup %4 = alloca %struct.ext4_filename, align 8 %5 = alloca %struct.ext4_dir_entry_2*, align 8 %6 = bitcast %struct.ext4_dir_entry_2** %5 to i8* %7 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4, i32 0 %8 = bitcast %struct.anon.1* %7 to %struct.static_call_site* %9 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %8, i64 0, i32 1 %10 = load i32, i32* %9, align 4 %11 = icmp ugt i32 %10, 255 br i1 %11, label %80, label %12 %13 = bitcast %struct.ext4_filename* %4 to i8* %14 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4 %15 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 0 store %struct.qstr* %14, %struct.qstr** %15, align 8 %16 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4, i32 1 %17 = bitcast i8** %16 to i64* %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1 %20 = bitcast %struct.uuidcmp* %19 to i64* store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1, i32 1 store i32 %10, i32* %21, align 8 tail call void bitcast (void (%struct.dentry.151783*)* @generic_set_encrypted_ci_d_ops to void (%struct.dentry.190016*)*)(%struct.dentry.190016* %1) #83 %22 = call fastcc %struct.buffer_head.190040* @__ext4_find_entry(%struct.inode.190029* %0, %struct.ext4_filename* nonnull %4, %struct.ext4_dir_entry_2** nonnull %5, i32* null) #83 Function:__ext4_find_entry %5 = alloca [3 x %struct.dx_frame], align 16 %6 = alloca [8 x %struct.buffer_head.190040*], align 16 %7 = alloca i32, align 4 %8 = bitcast [8 x %struct.buffer_head.190040*]* %6 to i8* %9 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 0 %10 = load %struct.qstr*, %struct.qstr** %9, align 8 %11 = getelementptr inbounds %struct.qstr, %struct.qstr* %10, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 store %struct.ext4_dir_entry_2* null, %struct.ext4_dir_entry_2** %2, align 8 %13 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 8 %14 = load %struct.super_block.190011*, %struct.super_block.190011** %13, align 8 %15 = bitcast %struct.ext4_filename* %1 to %struct.static_call_site** %16 = load %struct.static_call_site*, %struct.static_call_site** %15, align 8 %17 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %16, i64 0, i32 1 %18 = load i32, i32* %17, align 4 %19 = icmp sgt i32 %18, 255 br i1 %19, label %449, label %20 %21 = getelementptr %struct.inode.190029, %struct.inode.190029* %0, i64 -1, i32 34 %22 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %21, i64 10, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 268435456 %25 = icmp eq i64 %24, 0 br i1 %25, label %41, label %26 %42 = phi %struct.buffer_head.190040* [ %33, %40 ], [ null, %26 ], [ null, %20 ] %43 = icmp slt i32 %18, 3 br i1 %43, label %44, label %50 %45 = load i8, i8* %12, align 1 %46 = icmp eq i8 %45, 46 br i1 %46, label %47, label %50 %48 = getelementptr i8, i8* %12, i64 1 %49 = load i8, i8* %48, align 1 switch i8 %49, label %50 [ i8 46, label %267 i8 0, label %267 ] %268 = phi i32 [ %259, %261 ], [ 1, %47 ], [ 1, %47 ] %269 = phi i32 [ %266, %261 ], [ 0, %47 ], [ 0, %47 ] %270 = phi %struct.buffer_head.190040* [ %252, %261 ], [ %42, %47 ], [ %42, %47 ] %271 = getelementptr inbounds [8 x %struct.buffer_head.190040*], [8 x %struct.buffer_head.190040*]* %6, i64 0, i64 0 %272 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %14, i64 0, i32 2 %273 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 1, i32 1 %274 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 1, i32 0 %275 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 14 br label %276 %277 = phi i32 [ %435, %430 ], [ %268, %267 ] %278 = phi i64 [ %304, %430 ], [ 0, %267 ] %279 = phi i64 [ %303, %430 ], [ 0, %267 ] %280 = phi i32 [ %277, %430 ], [ %269, %267 ] %281 = phi i32 [ 0, %430 ], [ %269, %267 ] br label %282 %283 = phi i64 [ %278, %276 ], [ %304, %425 ] %284 = phi i64 [ %279, %276 ], [ %303, %425 ] %285 = phi i32 [ %280, %276 ], [ %428, %425 ] %286 = call i32 @__SCT__cond_resched() #83 %287 = icmp ult i64 %283, %284 br i1 %287, label %301, label %288 %289 = icmp ugt i32 %281, %285 %290 = select i1 %289, i32 %281, i32 %277 %291 = sub i32 %290, %285 %292 = zext i32 %291 to i64 %293 = icmp ult i64 %292, 8 %294 = select i1 %293, i64 %292, i64 8 %295 = trunc i64 %294 to i32 %296 = call i32 @ext4_bread_batch(%struct.inode.190029* %0, i32 %285, i32 %295, i1 zeroext false, %struct.buffer_head.190040** nonnull %271) #83 %297 = icmp eq i32 %296, 0 br i1 %297, label %301, label %298 %302 = phi i64 [ 0, %288 ], [ %283, %282 ] %303 = phi i64 [ %294, %288 ], [ %284, %282 ] %304 = add nuw i64 %302, 1 %305 = getelementptr [8 x %struct.buffer_head.190040*], [8 x %struct.buffer_head.190040*]* %6, i64 0, i64 %302 %306 = load %struct.buffer_head.190040*, %struct.buffer_head.190040** %305, align 8 %307 = icmp eq %struct.buffer_head.190040* %306, null br i1 %307, label %425, label %308 %309 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ext4_bread_batch 1 __ext4_find_entry 2 ext4_lookup ------------- Path:  Function:ext4_lookup %4 = alloca %struct.ext4_filename, align 8 %5 = alloca %struct.ext4_dir_entry_2*, align 8 %6 = bitcast %struct.ext4_dir_entry_2** %5 to i8* %7 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4, i32 0 %8 = bitcast %struct.anon.1* %7 to %struct.static_call_site* %9 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %8, i64 0, i32 1 %10 = load i32, i32* %9, align 4 %11 = icmp ugt i32 %10, 255 br i1 %11, label %80, label %12 %13 = bitcast %struct.ext4_filename* %4 to i8* %14 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4 %15 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 0 store %struct.qstr* %14, %struct.qstr** %15, align 8 %16 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4, i32 1 %17 = bitcast i8** %16 to i64* %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1 %20 = bitcast %struct.uuidcmp* %19 to i64* store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1, i32 1 store i32 %10, i32* %21, align 8 tail call void bitcast (void (%struct.dentry.151783*)* @generic_set_encrypted_ci_d_ops to void (%struct.dentry.190016*)*)(%struct.dentry.190016* %1) #83 %22 = call fastcc %struct.buffer_head.190040* @__ext4_find_entry(%struct.inode.190029* %0, %struct.ext4_filename* nonnull %4, %struct.ext4_dir_entry_2** nonnull %5, i32* null) #83 Function:__ext4_find_entry %5 = alloca [3 x %struct.dx_frame], align 16 %6 = alloca [8 x %struct.buffer_head.190040*], align 16 %7 = alloca i32, align 4 %8 = bitcast [8 x %struct.buffer_head.190040*]* %6 to i8* %9 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 0 %10 = load %struct.qstr*, %struct.qstr** %9, align 8 %11 = getelementptr inbounds %struct.qstr, %struct.qstr* %10, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 store %struct.ext4_dir_entry_2* null, %struct.ext4_dir_entry_2** %2, align 8 %13 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 8 %14 = load %struct.super_block.190011*, %struct.super_block.190011** %13, align 8 %15 = bitcast %struct.ext4_filename* %1 to %struct.static_call_site** %16 = load %struct.static_call_site*, %struct.static_call_site** %15, align 8 %17 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %16, i64 0, i32 1 %18 = load i32, i32* %17, align 4 %19 = icmp sgt i32 %18, 255 br i1 %19, label %449, label %20 %21 = getelementptr %struct.inode.190029, %struct.inode.190029* %0, i64 -1, i32 34 %22 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %21, i64 10, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 268435456 %25 = icmp eq i64 %24, 0 br i1 %25, label %41, label %26 %42 = phi %struct.buffer_head.190040* [ %33, %40 ], [ null, %26 ], [ null, %20 ] %43 = icmp slt i32 %18, 3 br i1 %43, label %44, label %50 %45 = load i8, i8* %12, align 1 %46 = icmp eq i8 %45, 46 br i1 %46, label %47, label %50 %48 = getelementptr i8, i8* %12, i64 1 %49 = load i8, i8* %48, align 1 switch i8 %49, label %50 [ i8 46, label %267 i8 0, label %267 ] %268 = phi i32 [ %259, %261 ], [ 1, %47 ], [ 1, %47 ] %269 = phi i32 [ %266, %261 ], [ 0, %47 ], [ 0, %47 ] %270 = phi %struct.buffer_head.190040* [ %252, %261 ], [ %42, %47 ], [ %42, %47 ] %271 = getelementptr inbounds [8 x %struct.buffer_head.190040*], [8 x %struct.buffer_head.190040*]* %6, i64 0, i64 0 %272 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %14, i64 0, i32 2 %273 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 1, i32 1 %274 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 1, i32 0 %275 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 14 br label %276 %277 = phi i32 [ %435, %430 ], [ %268, %267 ] %278 = phi i64 [ %304, %430 ], [ 0, %267 ] %279 = phi i64 [ %303, %430 ], [ 0, %267 ] %280 = phi i32 [ %277, %430 ], [ %269, %267 ] %281 = phi i32 [ 0, %430 ], [ %269, %267 ] br label %282 %283 = phi i64 [ %278, %276 ], [ %304, %425 ] %284 = phi i64 [ %279, %276 ], [ %303, %425 ] %285 = phi i32 [ %280, %276 ], [ %428, %425 ] %286 = call i32 @__SCT__cond_resched() #83 %287 = icmp ult i64 %283, %284 br i1 %287, label %301, label %288 %289 = icmp ugt i32 %281, %285 %290 = select i1 %289, i32 %281, i32 %277 %291 = sub i32 %290, %285 %292 = zext i32 %291 to i64 %293 = icmp ult i64 %292, 8 %294 = select i1 %293, i64 %292, i64 8 %295 = trunc i64 %294 to i32 %296 = call i32 @ext4_bread_batch(%struct.inode.190029* %0, i32 %285, i32 %295, i1 zeroext false, %struct.buffer_head.190040** nonnull %271) #83 Function:ext4_bread_batch %6 = icmp sgt i32 %2, 0 br i1 %6, label %7, label %55 %8 = zext i32 %2 to i64 br label %12 %13 = phi i64 [ 0, %7 ], [ %27, %26 ] %14 = trunc i64 %13 to i32 %15 = add i32 %14, %1 %16 = tail call %struct.buffer_head.190040* @ext4_getblk(%struct.jbd2_journal_handle.190058* null, %struct.inode.190029* %0, i32 %15, i32 0) #83 %17 = getelementptr %struct.buffer_head.190040*, %struct.buffer_head.190040** %4, i64 %13 store %struct.buffer_head.190040* %16, %struct.buffer_head.190040** %17, align 8 %18 = icmp ugt %struct.buffer_head.190040* %16, inttoptr (i64 -4096 to %struct.buffer_head.190040*) br i1 %18, label %19, label %26 %27 = add nuw nsw i64 %13, 1 %28 = icmp eq i64 %27, %8 br i1 %28, label %9, label %12 br i1 %6, label %10, label %55 %11 = zext i32 %2 to i64 br label %29 %30 = phi i64 [ 0, %10 ], [ %53, %52 ] %31 = getelementptr %struct.buffer_head.190040*, %struct.buffer_head.190040** %4, i64 %30 %32 = load %struct.buffer_head.190040*, %struct.buffer_head.190040** %31, align 8 %33 = icmp eq %struct.buffer_head.190040* %32, null br i1 %33, label %52, label %34 %35 = getelementptr inbounds %struct.buffer_head.190040, %struct.buffer_head.190040* %32, i64 0, i32 0 %36 = load volatile i64, i64* %35, align 8 %37 = and i64 %36, 1024 %38 = icmp eq i64 %37, 0 br i1 %38, label %45, label %39 %46 = load volatile i64, i64* %35, align 8 %47 = and i64 %46, 1 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %52 %53 = add nuw nsw i64 %30, 1 %54 = icmp eq i64 %53, %11 br i1 %54, label %55, label %29 %56 = and i1 %6, %3 br i1 %56, label %57, label %105 %58 = zext i32 %2 to i64 br label %62 %63 = phi i64 [ 0, %57 ], [ %75, %74 ] %64 = getelementptr %struct.buffer_head.190040*, %struct.buffer_head.190040** %4, i64 %63 %65 = load %struct.buffer_head.190040*, %struct.buffer_head.190040** %64, align 8 %66 = icmp eq %struct.buffer_head.190040* %65, null br i1 %66, label %74, label %67 %68 = tail call i32 @__SCT__might_resched() #84 ------------- Use: =BAD PATH= Call Stack: 0 generic_delete_lease 1 generic_setlease 2 nfs4_proc_setlease 3 nfs4_setlease ------------- Path:  Function:nfs4_setlease %5 = tail call i32 @nfs4_proc_setlease(%struct.file* %0, i64 %1, %struct.file_lock** %2, i8** %3) #83 Function:nfs4_proc_setlease switch i64 %1, label %22 [ i64 0, label %5 i64 1, label %5 i64 2, label %20 ] %21 = tail call i32 @generic_setlease(%struct.file* %0, i64 2, %struct.file_lock** null, i8** %3) #83 Function:generic_setlease %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = getelementptr inbounds %struct.cred, %struct.cred* %10, i64 0, i32 7, i32 0 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 2, i32 0 %14 = load i32, i32* %13, align 4 %15 = icmp eq i32 %12, %14 br i1 %15, label %18, label %16 %17 = tail call zeroext i1 @capable(i32 28) #83 br i1 %17, label %18, label %41 %19 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 0 %20 = load i16, i16* %19, align 8 %21 = and i16 %20, -4096 %22 = icmp eq i16 %21, -32768 br i1 %22, label %23, label %41 %24 = trunc i64 %1 to i32 %25 = tail call i32 @security_file_lock(%struct.file* %0, i32 %24) #83 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %41 switch i64 %1, label %41 [ i64 2, label %28 i64 0, label %31 i64 1, label %31 ] %29 = load i8*, i8** %3, align 8 %30 = tail call fastcc i32 @generic_delete_lease(%struct.file* %0, i8* %29) #84 Function:generic_delete_lease %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 40 %10 = load volatile %struct.file_lock_context*, %struct.file_lock_context** %9, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = icmp eq %struct.file_lock_context* %10, null br i1 %11, label %12, label %33 %34 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 do_io_getevents 1 __ia32_sys_io_getevents ------------- Path:  Function:__ia32_sys_io_getevents %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = inttoptr i64 %14 to %struct.sched_info* %19 = bitcast %struct.cpu_itimer* %2 to i8* %20 = icmp eq i64 %17, 0 br i1 %20, label %25, label %21 %22 = inttoptr i64 %17 to %struct.cpu_itimer* %23 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %2, %struct.cpu_itimer* nonnull %22) #83 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %46, !prof !4, !misexpect !5 %26 = phi %struct.cpu_itimer* [ null, %1 ], [ %2, %21 ] %27 = call fastcc i64 @do_io_getevents(i64 %5, i64 %8, i64 %11, %struct.sched_info* %18, %struct.cpu_itimer* %26) #83 Function:do_io_getevents %6 = alloca i64, align 8 %7 = alloca %struct.hrtimer_sleeper, align 8 %8 = alloca %struct.wait_queue_entry, align 8 %9 = icmp eq %struct.cpu_itimer* %4, null br i1 %9, label %19, label %10 %20 = phi i64 [ %18, %10 ], [ 9223372036854775807, %5 ] %21 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %22 = icmp eq %struct.kioctx* %21, null br i1 %22, label %87, label %23, !prof !4, !misexpect !5 %24 = icmp sle i64 %1, %2 %25 = icmp sgt i64 %1, -1 %26 = and i1 %25, %24 br i1 %26, label %27, label %66, !prof !6, !misexpect !5 %28 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %29 = icmp eq i64 %20, 0 br i1 %29, label %30, label %32 %33 = tail call i32 @__SCT__might_resched() #84 ------------- Use: =BAD PATH= Call Stack: 0 do_io_getevents 1 __ia32_sys_io_getevents_time32 ------------- Path:  Function:__ia32_sys_io_getevents_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = inttoptr i64 %12 to %struct.sched_info* %17 = bitcast %struct.cpu_itimer* %2 to i8* %18 = icmp eq i64 %15, 0 br i1 %18, label %23, label %19 %20 = inttoptr i64 %15 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %2, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %48 %24 = phi %struct.cpu_itimer* [ null, %1 ], [ %2, %19 ] %25 = shl i64 %7, 32 %26 = ashr exact i64 %25, 32 %27 = shl i64 %9, 32 %28 = ashr exact i64 %27, 32 %29 = call fastcc i64 @do_io_getevents(i64 %5, i64 %26, i64 %28, %struct.sched_info* %16, %struct.cpu_itimer* %24) #83 Function:do_io_getevents %6 = alloca i64, align 8 %7 = alloca %struct.hrtimer_sleeper, align 8 %8 = alloca %struct.wait_queue_entry, align 8 %9 = icmp eq %struct.cpu_itimer* %4, null br i1 %9, label %19, label %10 %20 = phi i64 [ %18, %10 ], [ 9223372036854775807, %5 ] %21 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %22 = icmp eq %struct.kioctx* %21, null br i1 %22, label %87, label %23, !prof !4, !misexpect !5 %24 = icmp sle i64 %1, %2 %25 = icmp sgt i64 %1, -1 %26 = and i1 %25, %24 br i1 %26, label %27, label %66, !prof !6, !misexpect !5 %28 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %29 = icmp eq i64 %20, 0 br i1 %29, label %30, label %32 %33 = tail call i32 @__SCT__might_resched() #84 ------------- Use: =BAD PATH= Call Stack: 0 do_io_getevents 1 __x64_sys_io_getevents ------------- Path:  Function:__x64_sys_io_getevents %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to %struct.sched_info** %11 = load %struct.sched_info*, %struct.sched_info** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = bitcast %struct.cpu_itimer* %2 to i8* %15 = icmp eq i64 %13, 0 br i1 %15, label %20, label %16 %17 = inttoptr i64 %13 to %struct.cpu_itimer* %18 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %2, %struct.cpu_itimer* nonnull %17) #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %41, !prof !4, !misexpect !5 %21 = phi %struct.cpu_itimer* [ null, %1 ], [ %2, %16 ] %22 = call fastcc i64 @do_io_getevents(i64 %4, i64 %6, i64 %8, %struct.sched_info* %11, %struct.cpu_itimer* %21) #83 Function:do_io_getevents %6 = alloca i64, align 8 %7 = alloca %struct.hrtimer_sleeper, align 8 %8 = alloca %struct.wait_queue_entry, align 8 %9 = icmp eq %struct.cpu_itimer* %4, null br i1 %9, label %19, label %10 %20 = phi i64 [ %18, %10 ], [ 9223372036854775807, %5 ] %21 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %22 = icmp eq %struct.kioctx* %21, null br i1 %22, label %87, label %23, !prof !4, !misexpect !5 %24 = icmp sle i64 %1, %2 %25 = icmp sgt i64 %1, -1 %26 = and i1 %25, %24 br i1 %26, label %27, label %66, !prof !6, !misexpect !5 %28 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %29 = icmp eq i64 %20, 0 br i1 %29, label %30, label %32 %33 = tail call i32 @__SCT__might_resched() #84 ------------- Use: =BAD PATH= Call Stack: 0 do_io_getevents 1 __x64_sys_io_getevents_time32 ------------- Path:  Function:__x64_sys_io_getevents_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to %struct.sched_info** %11 = load %struct.sched_info*, %struct.sched_info** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = bitcast %struct.cpu_itimer* %2 to i8* %15 = icmp eq i64 %13, 0 br i1 %15, label %20, label %16 %17 = inttoptr i64 %13 to i8* %18 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %2, i8* nonnull %17) #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %46 %21 = phi %struct.cpu_itimer* [ null, %1 ], [ %2, %16 ] %22 = and i64 %4, 4294967295 %23 = shl i64 %6, 32 %24 = ashr exact i64 %23, 32 %25 = shl i64 %8, 32 %26 = ashr exact i64 %25, 32 %27 = call fastcc i64 @do_io_getevents(i64 %22, i64 %24, i64 %26, %struct.sched_info* %11, %struct.cpu_itimer* %21) #83 Function:do_io_getevents %6 = alloca i64, align 8 %7 = alloca %struct.hrtimer_sleeper, align 8 %8 = alloca %struct.wait_queue_entry, align 8 %9 = icmp eq %struct.cpu_itimer* %4, null br i1 %9, label %19, label %10 %20 = phi i64 [ %18, %10 ], [ 9223372036854775807, %5 ] %21 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %22 = icmp eq %struct.kioctx* %21, null br i1 %22, label %87, label %23, !prof !4, !misexpect !5 %24 = icmp sle i64 %1, %2 %25 = icmp sgt i64 %1, -1 %26 = and i1 %25, %24 br i1 %26, label %27, label %66, !prof !6, !misexpect !5 %28 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %29 = icmp eq i64 %20, 0 br i1 %29, label %30, label %32 %33 = tail call i32 @__SCT__might_resched() #84 ------------- Use: =BAD PATH= Call Stack: 0 __wait_on_buffer 1 ext4_bread_batch 2 __ext4_find_entry 3 ext4_lookup ------------- Path:  Function:ext4_lookup %4 = alloca %struct.ext4_filename, align 8 %5 = alloca %struct.ext4_dir_entry_2*, align 8 %6 = bitcast %struct.ext4_dir_entry_2** %5 to i8* %7 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4, i32 0 %8 = bitcast %struct.anon.1* %7 to %struct.static_call_site* %9 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %8, i64 0, i32 1 %10 = load i32, i32* %9, align 4 %11 = icmp ugt i32 %10, 255 br i1 %11, label %80, label %12 %13 = bitcast %struct.ext4_filename* %4 to i8* %14 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4 %15 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 0 store %struct.qstr* %14, %struct.qstr** %15, align 8 %16 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4, i32 1 %17 = bitcast i8** %16 to i64* %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1 %20 = bitcast %struct.uuidcmp* %19 to i64* store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1, i32 1 store i32 %10, i32* %21, align 8 tail call void bitcast (void (%struct.dentry.151783*)* @generic_set_encrypted_ci_d_ops to void (%struct.dentry.190016*)*)(%struct.dentry.190016* %1) #83 %22 = call fastcc %struct.buffer_head.190040* @__ext4_find_entry(%struct.inode.190029* %0, %struct.ext4_filename* nonnull %4, %struct.ext4_dir_entry_2** nonnull %5, i32* null) #83 Function:__ext4_find_entry %5 = alloca [3 x %struct.dx_frame], align 16 %6 = alloca [8 x %struct.buffer_head.190040*], align 16 %7 = alloca i32, align 4 %8 = bitcast [8 x %struct.buffer_head.190040*]* %6 to i8* %9 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 0 %10 = load %struct.qstr*, %struct.qstr** %9, align 8 %11 = getelementptr inbounds %struct.qstr, %struct.qstr* %10, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 store %struct.ext4_dir_entry_2* null, %struct.ext4_dir_entry_2** %2, align 8 %13 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 8 %14 = load %struct.super_block.190011*, %struct.super_block.190011** %13, align 8 %15 = bitcast %struct.ext4_filename* %1 to %struct.static_call_site** %16 = load %struct.static_call_site*, %struct.static_call_site** %15, align 8 %17 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %16, i64 0, i32 1 %18 = load i32, i32* %17, align 4 %19 = icmp sgt i32 %18, 255 br i1 %19, label %449, label %20 %21 = getelementptr %struct.inode.190029, %struct.inode.190029* %0, i64 -1, i32 34 %22 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %21, i64 10, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 268435456 %25 = icmp eq i64 %24, 0 br i1 %25, label %41, label %26 %42 = phi %struct.buffer_head.190040* [ %33, %40 ], [ null, %26 ], [ null, %20 ] %43 = icmp slt i32 %18, 3 br i1 %43, label %44, label %50 %45 = load i8, i8* %12, align 1 %46 = icmp eq i8 %45, 46 br i1 %46, label %47, label %50 %48 = getelementptr i8, i8* %12, i64 1 %49 = load i8, i8* %48, align 1 switch i8 %49, label %50 [ i8 46, label %267 i8 0, label %267 ] %268 = phi i32 [ %259, %261 ], [ 1, %47 ], [ 1, %47 ] %269 = phi i32 [ %266, %261 ], [ 0, %47 ], [ 0, %47 ] %270 = phi %struct.buffer_head.190040* [ %252, %261 ], [ %42, %47 ], [ %42, %47 ] %271 = getelementptr inbounds [8 x %struct.buffer_head.190040*], [8 x %struct.buffer_head.190040*]* %6, i64 0, i64 0 %272 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %14, i64 0, i32 2 %273 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 1, i32 1 %274 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 1, i32 0 %275 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 14 br label %276 %277 = phi i32 [ %435, %430 ], [ %268, %267 ] %278 = phi i64 [ %304, %430 ], [ 0, %267 ] %279 = phi i64 [ %303, %430 ], [ 0, %267 ] %280 = phi i32 [ %277, %430 ], [ %269, %267 ] %281 = phi i32 [ 0, %430 ], [ %269, %267 ] br label %282 %283 = phi i64 [ %278, %276 ], [ %304, %425 ] %284 = phi i64 [ %279, %276 ], [ %303, %425 ] %285 = phi i32 [ %280, %276 ], [ %428, %425 ] %286 = call i32 @__SCT__cond_resched() #83 %287 = icmp ult i64 %283, %284 br i1 %287, label %301, label %288 %289 = icmp ugt i32 %281, %285 %290 = select i1 %289, i32 %281, i32 %277 %291 = sub i32 %290, %285 %292 = zext i32 %291 to i64 %293 = icmp ult i64 %292, 8 %294 = select i1 %293, i64 %292, i64 8 %295 = trunc i64 %294 to i32 %296 = call i32 @ext4_bread_batch(%struct.inode.190029* %0, i32 %285, i32 %295, i1 zeroext false, %struct.buffer_head.190040** nonnull %271) #83 Function:ext4_bread_batch %6 = icmp sgt i32 %2, 0 br i1 %6, label %7, label %55 %8 = zext i32 %2 to i64 br label %12 %13 = phi i64 [ 0, %7 ], [ %27, %26 ] %14 = trunc i64 %13 to i32 %15 = add i32 %14, %1 %16 = tail call %struct.buffer_head.190040* @ext4_getblk(%struct.jbd2_journal_handle.190058* null, %struct.inode.190029* %0, i32 %15, i32 0) #83 %17 = getelementptr %struct.buffer_head.190040*, %struct.buffer_head.190040** %4, i64 %13 store %struct.buffer_head.190040* %16, %struct.buffer_head.190040** %17, align 8 %18 = icmp ugt %struct.buffer_head.190040* %16, inttoptr (i64 -4096 to %struct.buffer_head.190040*) br i1 %18, label %19, label %26 %27 = add nuw nsw i64 %13, 1 %28 = icmp eq i64 %27, %8 br i1 %28, label %9, label %12 br i1 %6, label %10, label %55 %11 = zext i32 %2 to i64 br label %29 %30 = phi i64 [ 0, %10 ], [ %53, %52 ] %31 = getelementptr %struct.buffer_head.190040*, %struct.buffer_head.190040** %4, i64 %30 %32 = load %struct.buffer_head.190040*, %struct.buffer_head.190040** %31, align 8 %33 = icmp eq %struct.buffer_head.190040* %32, null br i1 %33, label %52, label %34 %35 = getelementptr inbounds %struct.buffer_head.190040, %struct.buffer_head.190040* %32, i64 0, i32 0 %36 = load volatile i64, i64* %35, align 8 %37 = and i64 %36, 1024 %38 = icmp eq i64 %37, 0 br i1 %38, label %45, label %39 %46 = load volatile i64, i64* %35, align 8 %47 = and i64 %46, 1 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %52 %53 = add nuw nsw i64 %30, 1 %54 = icmp eq i64 %53, %11 br i1 %54, label %55, label %29 %56 = and i1 %6, %3 br i1 %56, label %57, label %105 %58 = zext i32 %2 to i64 br label %62 %63 = phi i64 [ 0, %57 ], [ %75, %74 ] %64 = getelementptr %struct.buffer_head.190040*, %struct.buffer_head.190040** %4, i64 %63 %65 = load %struct.buffer_head.190040*, %struct.buffer_head.190040** %64, align 8 %66 = icmp eq %struct.buffer_head.190040* %65, null br i1 %66, label %74, label %67 %68 = tail call i32 @__SCT__might_resched() #84 %69 = getelementptr inbounds %struct.buffer_head.190040, %struct.buffer_head.190040* %65, i64 0, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 4 %72 = icmp eq i64 %71, 0 br i1 %72, label %74, label %73 tail call void bitcast (void (%struct.buffer_head.158297*)* @__wait_on_buffer to void (%struct.buffer_head.190040*)*)(%struct.buffer_head.190040* nonnull %65) #84 Function:__wait_on_buffer %2 = getelementptr inbounds %struct.buffer_head.158297, %struct.buffer_head.158297* %0, i64 0, i32 0 %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 write_inode_now 1 nfs_unlink ------------- Path:  Function:nfs_unlink callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_unlink_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_unlink, %3)) #6 to label %23 [label %3], !srcloc !4 %24 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %25 = bitcast %struct.anon.1* %24 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %25) #83 %26 = bitcast %struct.anon.1* %24 to %struct.swap_cluster_info* %27 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, 1 br i1 %29, label %30, label %35 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %25) #83 %31 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = tail call i32 @write_inode_now(%struct.inode* %32, i32 0) #83 Function:write_inode_now %3 = alloca %struct.writeback_control, align 8 %4 = bitcast %struct.writeback_control* %3 to i8* %5 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 0 store i64 9223372036854775807, i64* %5, align 8 %6 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 1 %7 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 3 %8 = bitcast i64* %6 to i8* store i64 9223372036854775807, i64* %7, align 8 %9 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 4 %10 = icmp ne i32 %1, 0 %11 = zext i1 %10 to i32 store i32 %11, i32* %9, align 8 %12 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 5 store i8 0, i8* %12, align 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %14 = load %struct.address_space*, %struct.address_space** %13, align 8 %15 = getelementptr inbounds %struct.address_space, %struct.address_space* %14, i64 0, i32 0 %16 = load %struct.inode*, %struct.inode** %15, align 8 %17 = tail call %struct.backing_dev_info* @inode_to_bdi(%struct.inode* %16) #83 %18 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %17, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 1 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %23 %24 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 write_inode_now 1 nfs_unlink ------------- Path:  Function:nfs_unlink callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_unlink_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_unlink, %3)) #6 to label %23 [label %3], !srcloc !4 %24 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %25 = bitcast %struct.anon.1* %24 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %25) #83 %26 = bitcast %struct.anon.1* %24 to %struct.swap_cluster_info* %27 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, 1 br i1 %29, label %30, label %35 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %25) #83 %31 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = tail call i32 @write_inode_now(%struct.inode* %32, i32 0) #83 Function:write_inode_now %3 = alloca %struct.writeback_control, align 8 %4 = bitcast %struct.writeback_control* %3 to i8* %5 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 0 store i64 9223372036854775807, i64* %5, align 8 %6 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 1 %7 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 3 %8 = bitcast i64* %6 to i8* store i64 9223372036854775807, i64* %7, align 8 %9 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 4 %10 = icmp ne i32 %1, 0 %11 = zext i1 %10 to i32 store i32 %11, i32* %9, align 8 %12 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 5 store i8 0, i8* %12, align 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %14 = load %struct.address_space*, %struct.address_space** %13, align 8 %15 = getelementptr inbounds %struct.address_space, %struct.address_space* %14, i64 0, i32 0 %16 = load %struct.inode*, %struct.inode** %15, align 8 %17 = tail call %struct.backing_dev_info* @inode_to_bdi(%struct.inode* %16) #83 %18 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %17, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 1 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %23 %24 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 write_inode_now 1 nfs_unlink ------------- Path:  Function:nfs_unlink callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_unlink_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_unlink, %3)) #6 to label %23 [label %3], !srcloc !4 %24 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %25 = bitcast %struct.anon.1* %24 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %25) #83 %26 = bitcast %struct.anon.1* %24 to %struct.swap_cluster_info* %27 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, 1 br i1 %29, label %30, label %35 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %25) #83 %31 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = tail call i32 @write_inode_now(%struct.inode* %32, i32 0) #83 Function:write_inode_now %3 = alloca %struct.writeback_control, align 8 %4 = bitcast %struct.writeback_control* %3 to i8* %5 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 0 store i64 9223372036854775807, i64* %5, align 8 %6 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 1 %7 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 3 %8 = bitcast i64* %6 to i8* store i64 9223372036854775807, i64* %7, align 8 %9 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 4 %10 = icmp ne i32 %1, 0 %11 = zext i1 %10 to i32 store i32 %11, i32* %9, align 8 %12 = getelementptr inbounds %struct.writeback_control, %struct.writeback_control* %3, i64 0, i32 5 store i8 0, i8* %12, align 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %14 = load %struct.address_space*, %struct.address_space** %13, align 8 %15 = getelementptr inbounds %struct.address_space, %struct.address_space* %14, i64 0, i32 0 %16 = load %struct.inode*, %struct.inode** %15, align 8 %17 = tail call %struct.backing_dev_info* @inode_to_bdi(%struct.inode* %16) #83 %18 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %17, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 1 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %23 %24 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 expand_files 1 ksys_dup3 2 __ia32_sys_dup2 ------------- Path:  Function:__ia32_sys_dup2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = trunc i64 %5 to i32 %9 = icmp eq i32 %8, %7 br i1 %9, label %10, label %32, !prof !4, !misexpect !5 %33 = tail call fastcc i32 @ksys_dup3(i32 %7, i32 %8, i32 0) #83 Function:ksys_dup3 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 101 %7 = load %struct.files_struct*, %struct.files_struct** %6, align 16 %8 = and i32 %2, -524289 %9 = icmp ne i32 %8, 0 %10 = icmp eq i32 %0, %1 %11 = or i1 %10, %9 br i1 %11, label %48, label %12, !prof !5 %13 = zext i32 %1 to i64 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 104 %15 = load %struct.signal_struct*, %struct.signal_struct** %14, align 8 %16 = getelementptr %struct.signal_struct, %struct.signal_struct* %15, i64 0, i32 50, i64 7, i32 0 %17 = load volatile i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %13 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %7, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = tail call fastcc i32 @expand_files(%struct.files_struct* %7, i32 %1) #84 Function:expand_files %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %5 = load volatile %struct.fdtable*, %struct.fdtable** %4, align 32 %6 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp ugt i32 %7, %1 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 6, i32 0, i32 0 %12 = bitcast %struct.wait_queue_entry* %3 to i8* %13 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 2 br label %14 %15 = load i32, i32* @sysctl_nr_open, align 4 %16 = icmp ugt i32 %15, %1 br i1 %16, label %17, label %134 %18 = load i8, i8* %10, align 4, !range !4 %19 = icmp eq i8 %18, 0 br i1 %19, label %38, label %20, !prof !5, !misexpect !6 call void @_raw_spin_unlock(%struct.raw_spinlock* %11) #83 %21 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 expand_files 1 ksys_dup3 2 __ia32_sys_dup3 ------------- Path:  Function:__ia32_sys_dup3 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call fastcc i32 @ksys_dup3(i32 %8, i32 %9, i32 %10) #83 Function:ksys_dup3 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 101 %7 = load %struct.files_struct*, %struct.files_struct** %6, align 16 %8 = and i32 %2, -524289 %9 = icmp ne i32 %8, 0 %10 = icmp eq i32 %0, %1 %11 = or i1 %10, %9 br i1 %11, label %48, label %12, !prof !5 %13 = zext i32 %1 to i64 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 104 %15 = load %struct.signal_struct*, %struct.signal_struct** %14, align 8 %16 = getelementptr %struct.signal_struct, %struct.signal_struct* %15, i64 0, i32 50, i64 7, i32 0 %17 = load volatile i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %13 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %7, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = tail call fastcc i32 @expand_files(%struct.files_struct* %7, i32 %1) #84 Function:expand_files %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %5 = load volatile %struct.fdtable*, %struct.fdtable** %4, align 32 %6 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp ugt i32 %7, %1 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 6, i32 0, i32 0 %12 = bitcast %struct.wait_queue_entry* %3 to i8* %13 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 2 br label %14 %15 = load i32, i32* @sysctl_nr_open, align 4 %16 = icmp ugt i32 %15, %1 br i1 %16, label %17, label %134 %18 = load i8, i8* %10, align 4, !range !4 %19 = icmp eq i8 %18, 0 br i1 %19, label %38, label %20, !prof !5, !misexpect !6 call void @_raw_spin_unlock(%struct.raw_spinlock* %11) #83 %21 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 expand_files 1 ksys_dup3 2 __x64_sys_dup2 ------------- Path:  Function:__x64_sys_dup2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i32 %8 = icmp eq i32 %7, %6 br i1 %8, label %9, label %32, !prof !4, !misexpect !5 %33 = tail call fastcc i32 @ksys_dup3(i32 %6, i32 %7, i32 0) #83 Function:ksys_dup3 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 101 %7 = load %struct.files_struct*, %struct.files_struct** %6, align 16 %8 = and i32 %2, -524289 %9 = icmp ne i32 %8, 0 %10 = icmp eq i32 %0, %1 %11 = or i1 %10, %9 br i1 %11, label %48, label %12, !prof !5 %13 = zext i32 %1 to i64 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 104 %15 = load %struct.signal_struct*, %struct.signal_struct** %14, align 8 %16 = getelementptr %struct.signal_struct, %struct.signal_struct* %15, i64 0, i32 50, i64 7, i32 0 %17 = load volatile i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %13 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %7, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = tail call fastcc i32 @expand_files(%struct.files_struct* %7, i32 %1) #84 Function:expand_files %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %5 = load volatile %struct.fdtable*, %struct.fdtable** %4, align 32 %6 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp ugt i32 %7, %1 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 6, i32 0, i32 0 %12 = bitcast %struct.wait_queue_entry* %3 to i8* %13 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 2 br label %14 %15 = load i32, i32* @sysctl_nr_open, align 4 %16 = icmp ugt i32 %15, %1 br i1 %16, label %17, label %134 %18 = load i8, i8* %10, align 4, !range !4 %19 = icmp eq i8 %18, 0 br i1 %19, label %38, label %20, !prof !5, !misexpect !6 call void @_raw_spin_unlock(%struct.raw_spinlock* %11) #83 %21 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 expand_files 1 ksys_dup3 2 __x64_sys_dup3 ------------- Path:  Function:__x64_sys_dup3 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call fastcc i32 @ksys_dup3(i32 %8, i32 %9, i32 %10) #83 Function:ksys_dup3 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 101 %7 = load %struct.files_struct*, %struct.files_struct** %6, align 16 %8 = and i32 %2, -524289 %9 = icmp ne i32 %8, 0 %10 = icmp eq i32 %0, %1 %11 = or i1 %10, %9 br i1 %11, label %48, label %12, !prof !5 %13 = zext i32 %1 to i64 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 104 %15 = load %struct.signal_struct*, %struct.signal_struct** %14, align 8 %16 = getelementptr %struct.signal_struct, %struct.signal_struct* %15, i64 0, i32 50, i64 7, i32 0 %17 = load volatile i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %13 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %7, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = tail call fastcc i32 @expand_files(%struct.files_struct* %7, i32 %1) #84 Function:expand_files %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %5 = load volatile %struct.fdtable*, %struct.fdtable** %4, align 32 %6 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp ugt i32 %7, %1 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 6, i32 0, i32 0 %12 = bitcast %struct.wait_queue_entry* %3 to i8* %13 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 2 br label %14 %15 = load i32, i32* @sysctl_nr_open, align 4 %16 = icmp ugt i32 %15, %1 br i1 %16, label %17, label %134 %18 = load i8, i8* %10, align 4, !range !4 %19 = icmp eq i8 %18, 0 br i1 %19, label %38, label %20, !prof !5, !misexpect !6 call void @_raw_spin_unlock(%struct.raw_spinlock* %11) #83 %21 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __kmalloc_node 1 rb_alloc_aux 2 perf_mmap ------------- Path:  Function:perf_mmap %3 = getelementptr inbounds %struct.file.114997, %struct.file.114997* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.perf_event.115065** %5 = load %struct.perf_event.115065*, %struct.perf_event.115065** %4, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.115211** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.115211**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.115211* %8 = getelementptr inbounds %struct.task_struct.115211, %struct.task_struct.115211* %7, i64 0, i32 94 %9 = load %struct.cred.114987*, %struct.cred.114987** %8, align 8 %10 = getelementptr inbounds %struct.cred.114987, %struct.cred.114987* %9, i64 0, i32 21 %11 = load %struct.user_struct*, %struct.user_struct** %10, align 8 %12 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 35 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, -1 br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 22, i32 6 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 2 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %324 %21 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 8 %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %324, label %25 %26 = tail call i32 bitcast (i32 (%struct.perf_event*)* @security_perf_event_read to i32 (%struct.perf_event.115065*)*)(%struct.perf_event.115065* %5) #83 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %324 %29 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = sub i64 %30, %32 %34 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 13 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %47 %38 = lshr i64 %33, 12 %39 = add nsw i64 %38, -1 %40 = icmp eq i64 %39, 0 %42 = icmp eq i64 %41, 1 %43 = or i1 %40, %42 %44 = and i64 %33, -4096 %45 = icmp eq i64 %33, %44 %46 = and i1 %45, %43 br i1 %46, label %117, label %324 %118 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 27 %119 = load %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %118, align 8 %120 = getelementptr inbounds %struct.perf_event_context.115041, %struct.perf_event_context.115041* %119, i64 0, i32 20 %121 = load %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %120, align 8 %122 = icmp eq %struct.perf_event_context.115041* %121, null br i1 %122, label %124, label %123, !prof !10, !misexpect !7 %125 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 38 tail call void @mutex_lock(%struct.mutex* %125) #83 %126 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 40 %127 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %128 = icmp eq %struct.perf_buffer* %127, null br i1 %128, label %152, label %129 %130 = phi %struct.perf_buffer* [ %150, %149 ], [ %127, %124 ] %131 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 8 %133 = sext i32 %132 to i64 %134 = icmp eq i64 %39, %133 br i1 %134, label %135, label %310 %136 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 15, i32 0 %137 = load volatile i32, i32* %136, align 4 %138 = icmp eq i32 %137, 0 br i1 %138, label %149, label %139, !prof !6, !misexpect !7 %140 = phi i32 [ %147, %146 ], [ %137, %135 ] %141 = add i32 %140, 1 %142 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %136, i32 %141, i32* %136, i32 %140) #6, !srcloc !8 %143 = extractvalue { i8, i32 } %142, 0 %144 = and i8 %143, 1 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %296, !prof !6, !misexpect !7 %147 = extractvalue { i8, i32 } %142, 1 %148 = icmp eq i32 %147, 0 br i1 %148, label %149, label %139, !prof !6, !misexpect !7 tail call void @mutex_unlock(%struct.mutex* %125) #83 tail call void @mutex_lock(%struct.mutex* %125) #83 %150 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %151 = icmp eq %struct.perf_buffer* %150, null br i1 %151, label %152, label %129 %153 = phi i1 [ false, %115 ], [ true, %124 ], [ true, %149 ] %154 = phi i32 [ -22, %115 ], [ 0, %124 ], [ 0, %149 ] %155 = phi i64 [ %52, %115 ], [ %38, %124 ], [ %38, %149 ] %156 = phi i64 [ %52, %115 ], [ %39, %124 ], [ %39, %149 ] %157 = phi %struct.perf_buffer* [ %54, %115 ], [ null, %124 ], [ null, %149 ] %158 = load i32, i32* @sysctl_perf_event_mlock, align 4 %159 = ashr i32 %158, 2 %160 = sext i32 %159 to i64 %161 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %162 = zext i32 %161 to i64 %163 = mul nsw i64 %160, %162 %164 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %11, i64 0, i32 6, i32 0 %165 = load volatile i64, i64* %164, align 8 %166 = icmp ugt i64 %165, %163 %167 = select i1 %166, i64 %163, i64 %165 %168 = add i64 %167, %155 %170 = sub i64 %155, %169 %171 = getelementptr inbounds %struct.task_struct.115211, %struct.task_struct.115211* %7, i64 0, i32 104 %172 = load %struct.signal_struct.115167*, %struct.signal_struct.115167** %171, align 8 %173 = getelementptr %struct.signal_struct.115167, %struct.signal_struct.115167* %172, i64 0, i32 50, i64 8, i32 0 %174 = load volatile i64, i64* %173, align 8 %175 = lshr i64 %174, 12 %176 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 6 %177 = load %struct.mm_struct.115142*, %struct.mm_struct.115142** %176, align 8 %178 = getelementptr inbounds %struct.mm_struct.115142, %struct.mm_struct.115142* %177, i64 0, i32 0, i32 23, i32 0 %179 = load volatile i64, i64* %178, align 8 %180 = add i64 %169, %179 %181 = icmp ule i64 %180, %175 %182 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %183 = icmp slt i32 %182, 0 %184 = or i1 %183, %181 br i1 %184, label %187, label %185 %188 = icmp eq %struct.perf_buffer* %157, null br i1 %188, label %189, label %281 %282 = load i64, i64* %21, align 8 %283 = lshr i64 %282, 1 %284 = trunc i64 %283 to i32 %285 = and i32 %284, 1 %286 = load i64, i64* %34, align 8 %287 = trunc i64 %156 to i32 %288 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 22, i32 16 %289 = load i32, i32* %288, align 8 %290 = zext i32 %289 to i64 %291 = tail call i32 bitcast (i32 (%struct.perf_buffer*, %struct.perf_event*, i64, i32, i64, i32)* @rb_alloc_aux to i32 (%struct.perf_buffer*, %struct.perf_event.115065*, i64, i32, i64, i32)*)(%struct.perf_buffer* nonnull %157, %struct.perf_event.115065* %5, i64 %286, i32 %287, i64 %290, i32 %285) #83 Function:rb_alloc_aux %7 = and i32 %5, 1 %8 = icmp eq i32 %7, 0 %9 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 35 %10 = load i32, i32* %9, align 4 %11 = icmp eq i32 %10, -1 br i1 %11, label %19, label %12 %20 = phi i32 [ %18, %12 ], [ -1, %6 ] %21 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 12 %22 = load %struct.pmu*, %struct.pmu** %21, align 8 %23 = getelementptr inbounds %struct.pmu, %struct.pmu* %22, i64 0, i32 31 %24 = load i8* (%struct.perf_event*, i8**, i32, i1)*, i8* (%struct.perf_event*, i8**, i32, i1)** %23, align 8 %25 = icmp eq i8* (%struct.perf_event*, i8**, i32, i1)* %24, null br i1 %25, label %162, label %26 br i1 %8, label %36, label %27 %28 = icmp eq i64 %4, 0 %29 = shl i32 %3, 11 %30 = sext i32 %29 to i64 %31 = select i1 %28, i64 %30, i64 %4 %32 = add i64 %31, -1 %33 = lshr i64 %32, 12 %34 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %33, i32 -1) #4, !srcloc !4 %35 = add i32 %34, 1 br label %38 %39 = phi i32 [ %37, %36 ], [ %35, %27 ] %40 = phi i64 [ 0, %36 ], [ %31, %27 ] %41 = sext i32 %3 to i64 %43 = extractvalue { i64, i1 } %42, 1 br i1 %43, label %44, label %47, !prof !6, !misexpect !7 %48 = extractvalue { i64, i1 } %42, 0 %49 = tail call noalias align 8 i8* @__kmalloc_node(i64 %48, i32 3520, i32 %20) #83 Function:__kmalloc_node %4 = icmp ugt i64 %0, 8192 br i1 %4, label %5, label %35, !prof !4, !misexpect !5 %36 = tail call %struct.kmem_cache* @kmalloc_slab(i64 %0, i32 %1) #84 %37 = icmp ult %struct.kmem_cache* %36, inttoptr (i64 17 to %struct.kmem_cache*) br i1 %37, label %38, label %40, !prof !4, !misexpect !5 %42 = ptrtoint i8* %41 to i64 %43 = load i32, i32* @gfp_allowed_mask, align 4 %44 = and i32 %43, %1 %45 = and i32 %44, 1024 %46 = icmp eq i32 %45, 0 br i1 %46, label %49, label %47 %48 = tail call i32 @__SCT__might_resched() #84 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_node 1 create_task_io_context 2 get_task_io_context 3 set_task_ioprio 4 __se_sys_ioprio_set 5 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %154 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %154 tail call void @__rcu_read_lock() #83 switch i32 %4, label %151 [ i32 1, label %19 i32 2, label %31 i32 3, label %87 ] %88 = icmp eq i32 %5, -1 br i1 %88, label %151, label %89 %90 = icmp eq i32 %5, 0 br i1 %90, label %91, label %98 %99 = tail call %struct.user_struct* @find_user(i32 %5) #83 br label %100 %101 = phi %struct.user_struct* [ %99, %98 ], [ %97, %91 ] %102 = icmp eq %struct.user_struct* %101, null br i1 %102, label %151, label %103 %104 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct.2039, %struct.task_struct.2039* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.sched_class*, %struct.task_group*, [32 x i8], %struct.sched_statistics, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, i32, %struct.kuid_t, %struct.list_head, %struct.rcu_node*, i64, i8, i8, i32, %struct.list_head, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, i64, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.26, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lockdep_map, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [32 x i8], %struct.thread_struct }* @init_task to %struct.task_struct.2039*), i64 0, i32 44, i32 0), align 8 %105 = getelementptr %struct.list_head, %struct.list_head* %104, i64 -70, i32 1 %106 = icmp eq %struct.list_head** %105, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.sched_class*, %struct.task_group*, [32 x i8], %struct.sched_statistics, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, i32, %struct.kuid_t, %struct.list_head, %struct.rcu_node*, i64, i8, i8, i32, %struct.list_head, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, i64, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.26, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lockdep_map, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [32 x i8], %struct.thread_struct }* @init_task to %struct.list_head**) br i1 %106, label %148, label %113 %114 = phi %struct.list_head* [ %110, %107 ], [ %104, %103 ] %115 = phi i32 [ %108, %107 ], [ -3, %103 ] %116 = getelementptr %struct.list_head, %struct.list_head* %114, i64 -70, i32 1 %117 = getelementptr inbounds %struct.list_head*, %struct.list_head** %116, i64 241 %118 = bitcast %struct.list_head** %117 to %struct.signal_struct.1997** %119 = load %struct.signal_struct.1997*, %struct.signal_struct.1997** %118, align 8 %120 = getelementptr inbounds %struct.signal_struct.1997, %struct.signal_struct.1997* %119, i64 0, i32 3, i32 0 %121 = load volatile %struct.list_head*, %struct.list_head** %120, align 8 %122 = getelementptr inbounds %struct.signal_struct.1997, %struct.signal_struct.1997* %119, i64 0, i32 3 %123 = icmp eq %struct.list_head* %121, %122 br i1 %123, label %107, label %124 %125 = phi %struct.list_head* [ %144, %141 ], [ %121, %113 ] %126 = phi i32 [ %142, %141 ], [ %115, %113 ] %127 = getelementptr %struct.list_head, %struct.list_head* %125, i64 -98 %128 = bitcast %struct.list_head* %127 to %struct.task_struct.2039* tail call void @__rcu_read_lock() #83 %129 = getelementptr %struct.list_head, %struct.list_head* %125, i64 16 %130 = bitcast %struct.list_head* %129 to %struct.cred** %131 = load volatile %struct.cred*, %struct.cred** %130, align 32 %132 = getelementptr inbounds %struct.cred, %struct.cred* %131, i64 0, i32 1, i32 0 %133 = load i32, i32* %132, align 4 tail call void @__rcu_read_unlock() #83 %134 = icmp eq i32 %133, %5 br i1 %134, label %135, label %141 %136 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.2039*, i32, %struct.pid_namespace.1720*)*)(%struct.task_struct.2039* %128, i32 0, %struct.pid_namespace.1720* null) #83 %137 = icmp eq i32 %136, 0 br i1 %137, label %141, label %138 %139 = tail call i32 @set_task_ioprio(%struct.task_struct.2039* %128, i32 %6) #83 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.2039** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.2039**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.2039* %5 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %0, i64 0, i32 93 %8 = load volatile %struct.cred*, %struct.cred** %7, align 32 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #83 br i1 %19, label %21, label %20 tail call void @__rcu_read_unlock() #83 %22 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @security_task_setioprio to i32 (%struct.task_struct.2039*, i32)*)(%struct.task_struct.2039* %0, i32 %1) #83 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context.2012* bitcast (%struct.io_context.290227* (%struct.task_struct.290370*, i32, i32)* @get_task_io_context to %struct.io_context.2012* (%struct.task_struct.2039*, i32, i32)*)(%struct.task_struct.2039* %0, i32 2592, i32 -1) #83 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.290370, %struct.task_struct.290370* %0, i64 0, i32 121, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.290370, %struct.task_struct.290370* %0, i64 0, i32 132 br label %11 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %12 = load %struct.io_context.290227*, %struct.io_context.290227** %10, align 16 %13 = icmp eq %struct.io_context.290227* %12, null br i1 %13, label %20, label %14, !prof !4, !misexpect !5 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %21 = tail call i32 @create_task_io_context(%struct.task_struct.290370* %0, i32 %1, i32 %2) #84 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #83 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_node 1 create_task_io_context 2 get_task_io_context 3 set_task_ioprio 4 __se_sys_ioprio_set 5 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %154 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %154 tail call void @__rcu_read_lock() #83 switch i32 %4, label %151 [ i32 1, label %19 i32 2, label %31 i32 3, label %87 ] %88 = icmp eq i32 %5, -1 br i1 %88, label %151, label %89 %90 = icmp eq i32 %5, 0 br i1 %90, label %91, label %98 %99 = tail call %struct.user_struct* @find_user(i32 %5) #83 br label %100 %101 = phi %struct.user_struct* [ %99, %98 ], [ %97, %91 ] %102 = icmp eq %struct.user_struct* %101, null br i1 %102, label %151, label %103 %104 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct.2039, %struct.task_struct.2039* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.sched_class*, %struct.task_group*, [32 x i8], %struct.sched_statistics, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, i32, %struct.kuid_t, %struct.list_head, %struct.rcu_node*, i64, i8, i8, i32, %struct.list_head, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, i64, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.26, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lockdep_map, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [32 x i8], %struct.thread_struct }* @init_task to %struct.task_struct.2039*), i64 0, i32 44, i32 0), align 8 %105 = getelementptr %struct.list_head, %struct.list_head* %104, i64 -70, i32 1 %106 = icmp eq %struct.list_head** %105, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.sched_class*, %struct.task_group*, [32 x i8], %struct.sched_statistics, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, i32, %struct.kuid_t, %struct.list_head, %struct.rcu_node*, i64, i8, i8, i32, %struct.list_head, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, i64, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.26, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lockdep_map, i32, %struct.task_struct*, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [32 x i8], %struct.thread_struct }* @init_task to %struct.list_head**) br i1 %106, label %148, label %113 %114 = phi %struct.list_head* [ %110, %107 ], [ %104, %103 ] %115 = phi i32 [ %108, %107 ], [ -3, %103 ] %116 = getelementptr %struct.list_head, %struct.list_head* %114, i64 -70, i32 1 %117 = getelementptr inbounds %struct.list_head*, %struct.list_head** %116, i64 241 %118 = bitcast %struct.list_head** %117 to %struct.signal_struct.1997** %119 = load %struct.signal_struct.1997*, %struct.signal_struct.1997** %118, align 8 %120 = getelementptr inbounds %struct.signal_struct.1997, %struct.signal_struct.1997* %119, i64 0, i32 3, i32 0 %121 = load volatile %struct.list_head*, %struct.list_head** %120, align 8 %122 = getelementptr inbounds %struct.signal_struct.1997, %struct.signal_struct.1997* %119, i64 0, i32 3 %123 = icmp eq %struct.list_head* %121, %122 br i1 %123, label %107, label %124 %125 = phi %struct.list_head* [ %144, %141 ], [ %121, %113 ] %126 = phi i32 [ %142, %141 ], [ %115, %113 ] %127 = getelementptr %struct.list_head, %struct.list_head* %125, i64 -98 %128 = bitcast %struct.list_head* %127 to %struct.task_struct.2039* tail call void @__rcu_read_lock() #83 %129 = getelementptr %struct.list_head, %struct.list_head* %125, i64 16 %130 = bitcast %struct.list_head* %129 to %struct.cred** %131 = load volatile %struct.cred*, %struct.cred** %130, align 32 %132 = getelementptr inbounds %struct.cred, %struct.cred* %131, i64 0, i32 1, i32 0 %133 = load i32, i32* %132, align 4 tail call void @__rcu_read_unlock() #83 %134 = icmp eq i32 %133, %5 br i1 %134, label %135, label %141 %136 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.2039*, i32, %struct.pid_namespace.1720*)*)(%struct.task_struct.2039* %128, i32 0, %struct.pid_namespace.1720* null) #83 %137 = icmp eq i32 %136, 0 br i1 %137, label %141, label %138 %139 = tail call i32 @set_task_ioprio(%struct.task_struct.2039* %128, i32 %6) #83 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.2039** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.2039**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.2039* %5 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.task_struct.2039, %struct.task_struct.2039* %0, i64 0, i32 93 %8 = load volatile %struct.cred*, %struct.cred** %7, align 32 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #83 br i1 %19, label %21, label %20 tail call void @__rcu_read_unlock() #83 %22 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @security_task_setioprio to i32 (%struct.task_struct.2039*, i32)*)(%struct.task_struct.2039* %0, i32 %1) #83 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context.2012* bitcast (%struct.io_context.290227* (%struct.task_struct.290370*, i32, i32)* @get_task_io_context to %struct.io_context.2012* (%struct.task_struct.2039*, i32, i32)*)(%struct.task_struct.2039* %0, i32 2592, i32 -1) #83 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.290370, %struct.task_struct.290370* %0, i64 0, i32 121, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.290370, %struct.task_struct.290370* %0, i64 0, i32 132 br label %11 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %12 = load %struct.io_context.290227*, %struct.io_context.290227** %10, align 16 %13 = icmp eq %struct.io_context.290227* %12, null br i1 %13, label %20, label %14, !prof !4, !misexpect !5 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %21 = tail call i32 @create_task_io_context(%struct.task_struct.290370* %0, i32 %1, i32 %2) #84 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #83 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_node 1 create_task_io_context 2 submit_bio_checks 3 __submit_bio 4 submit_bio_noacct 5 __blk_queue_split 6 blk_queue_split 7 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.688709*, align 8 store %struct.bio.688709* %0, %struct.bio.688709** %2, align 8 %3 = getelementptr inbounds %struct.bio.688709, %struct.bio.688709* %0, i64 0, i32 1 %4 = load %struct.block_device.688705*, %struct.block_device.688705** %3, align 8 %5 = getelementptr inbounds %struct.block_device.688705, %struct.block_device.688705* %4, i64 0, i32 17 %6 = load %struct.gendisk.688433*, %struct.gendisk.688433** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.688433, %struct.gendisk.688433* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 38 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #83 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = icmp eq i8* %13, null br i1 %15, label %16, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 1 %28 = icmp eq i64 %27, 0 %29 = getelementptr inbounds %struct.bio.688709, %struct.bio.688709* %0, i64 0, i32 2 %30 = load i32, i32* %29, align 8 br i1 %28, label %59, label %31, !prof !6, !misexpect !5 %60 = trunc i32 %30 to i8 switch i8 %60, label %63 [ i8 3, label %61 i8 5, label %61 i8 7, label %61 i8 9, label %61 ] call void bitcast (void (%struct.bio.289986**)* @blk_queue_split to void (%struct.bio.688709**)*)(%struct.bio.688709** nonnull %2) #83 Function:blk_queue_split %2 = alloca i32, align 4 %3 = load %struct.bio.289986*, %struct.bio.289986** %0, align 8 %4 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 1 %5 = load %struct.block_device.289982*, %struct.block_device.289982** %4, align 8 %6 = getelementptr inbounds %struct.block_device.289982, %struct.block_device.289982* %5, i64 0, i32 18 %7 = load %struct.request_queue.289873*, %struct.request_queue.289873** %6, align 8 %8 = bitcast i32* %2 to i8* %9 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i8 switch i8 %11, label %12 [ i8 3, label %29 i8 5, label %29 i8 9, label %29 i8 7, label %29 ] %13 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %7, i64 0, i32 32, i32 5 %14 = load i32, i32* %13, align 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %29 call void @__blk_queue_split(%struct.request_queue.289873* %7, %struct.bio.289986** %0, i32* nonnull %2) #83 Function:__blk_queue_split %4 = alloca %struct.bio_vec.289985, align 8 %5 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %6 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 2 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i8 switch i8 %8, label %80 [ i8 3, label %9 i8 5, label %9 i8 9, label %56 i8 7, label %68 ] %69 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 52 store i32 1, i32* %2, align 4 %70 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 32, i32 15 %71 = load i32, i32* %70, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %324, label %73 %74 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 8, i32 1 %75 = load i32, i32* %74, align 8 %76 = lshr i32 %75, 9 %77 = icmp ugt i32 %76, %71 br i1 %77, label %78, label %324 %79 = tail call %struct.bio.289986* @bio_split(%struct.bio.289986* %5, i32 %71, i32 3072, %struct.bio_set.289990* %69) #83 br label %290 %291 = phi %struct.bio.289986* [ %289, %288 ], [ %55, %38 ], [ %67, %66 ], [ %79, %78 ] %292 = icmp eq %struct.bio.289986* %291, null br i1 %292, label %324, label %293 %294 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %291, i64 0, i32 2 %295 = load i32, i32* %294, align 8 %296 = or i32 %295, 16384 store i32 %296, i32* %294, align 8 %297 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void @bio_chain(%struct.bio.289986* nonnull %291, %struct.bio.289986* %297) #83 %298 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %299 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %298, i64 0, i32 8, i32 0 %300 = load i64, i64* %299, align 8 %301 = trunc i64 %300 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %302)) #6 to label %322 [label %302], !srcloc !9 %323 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void bitcast (void (%struct.bio.290594*)* @submit_bio_noacct to void (%struct.bio.289986*)*)(%struct.bio.289986* %323) #83 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.290592], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.290793* %5 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %4, i64 0, i32 128 %6 = load %struct.bio_list.290592*, %struct.bio_list.290592** %5, align 16 %7 = icmp eq %struct.bio_list.290592* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %18 = load %struct.block_device.290586*, %struct.block_device.290586** %17, align 8 %19 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %18, i64 0, i32 17 %20 = load %struct.gendisk.290584*, %struct.gendisk.290584** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %22, i64 0, i32 0 %24 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %23, align 8 %25 = icmp eq void (%struct.bio.290594*)* %24, null %26 = bitcast [2 x %struct.bio_list.290592]* %2 to i8* br i1 %25, label %27, label %44 %45 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 0 %46 = load %struct.bio.290594*, %struct.bio.290594** %45, align 8 %47 = icmp eq %struct.bio.290594* %46, null br i1 %47, label %49, label %48, !prof !5, !misexpect !6 %50 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0 store %struct.bio_list.290592* %50, %struct.bio_list.290592** %5, align 16 %51 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1 %52 = bitcast %struct.bio_list.290592* %51 to i8* %53 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 0 %54 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 1 %55 = bitcast %struct.bio.290594** %54 to i64* %56 = getelementptr inbounds %struct.bio_list.290592, %struct.bio_list.290592* %51, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1, i32 1 %58 = bitcast %struct.bio.290594** %57 to i64* br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 %68 = phi %struct.bio.290594* [ %104, %99 ], [ %65, %59 ] %69 = phi i64 [ %103, %99 ], [ 0, %59 ] %70 = phi %struct.bio.290594* [ %102, %99 ], [ null, %59 ] %71 = phi i64 [ %101, %99 ], [ 0, %59 ] %72 = phi %struct.bio.290594* [ %100, %99 ], [ null, %59 ] %73 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 0 %74 = load %struct.bio.290594*, %struct.bio.290594** %73, align 8 store %struct.bio.290594* %74, %struct.bio.290594** %53, align 16 %75 = icmp eq %struct.bio.290594* %74, null br i1 %75, label %76, label %77 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %77 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 %78 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 1 %79 = load %struct.block_device.290586*, %struct.block_device.290586** %78, align 8 %80 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %79, i64 0, i32 18 %81 = load %struct.request_queue.290802*, %struct.request_queue.290802** %80, align 8 %82 = icmp eq %struct.request_queue.290802* %64, %81 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 br i1 %82, label %83, label %91 %92 = icmp eq i64 %71, 0 br i1 %92, label %96, label %93 %94 = inttoptr i64 %71 to %struct.bio.290594* %95 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %94, i64 0, i32 0 store %struct.bio.290594* %68, %struct.bio.290594** %95, align 8 br label %96 %97 = phi %struct.bio.290594* [ %72, %93 ], [ %68, %91 ] %98 = ptrtoint %struct.bio.290594* %68 to i64 br label %99 %100 = phi %struct.bio.290594* [ %72, %88 ], [ %97, %96 ] %101 = phi i64 [ %71, %88 ], [ %98, %96 ] %102 = phi %struct.bio.290594* [ %89, %88 ], [ %70, %96 ] %103 = phi i64 [ %90, %88 ], [ %69, %96 ] %104 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %105 = icmp eq %struct.bio.290594* %104, null br i1 %105, label %106, label %67 %107 = icmp eq %struct.bio.290594* %100, null br i1 %107, label %115, label %108 %109 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %110 = icmp eq %struct.bio.290594* %109, null br i1 %110, label %113, label %111 store %struct.bio.290594* %100, %struct.bio.290594** %53, align 16 br label %114 store i64 %101, i64* %55, align 8 br label %115 %116 = icmp eq %struct.bio.290594* %102, null br i1 %116, label %124, label %117 %118 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %119 = icmp eq %struct.bio.290594* %118, null br i1 %119, label %122, label %120 store %struct.bio.290594* %102, %struct.bio.290594** %53, align 16 br label %123 store i64 %103, i64* %55, align 8 br label %124 %125 = load %struct.bio.290594*, %struct.bio.290594** %56, align 16 %126 = icmp eq %struct.bio.290594* %125, null br i1 %126, label %135, label %127 %128 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %129 = icmp eq %struct.bio.290594* %128, null br i1 %129, label %132, label %130 store %struct.bio.290594* %125, %struct.bio.290594** %53, align 16 br label %133 %134 = load i64, i64* %58, align 8 store i64 %134, i64* %55, align 8 br label %135 %136 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %137 = icmp eq %struct.bio.290594* %136, null br i1 %137, label %144, label %138 %139 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %136, i64 0, i32 0 %140 = load %struct.bio.290594*, %struct.bio.290594** %139, align 8 store %struct.bio.290594* %140, %struct.bio.290594** %53, align 16 %141 = icmp eq %struct.bio.290594* %140, null br i1 %141, label %142, label %143 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %143 store %struct.bio.290594* null, %struct.bio.290594** %139, align 8 br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 Function:__submit_bio %2 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %3 = load %struct.block_device.290586*, %struct.block_device.290586** %2, align 8 %4 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 17 %5 = load %struct.gendisk.290584*, %struct.gendisk.290584** %4, align 8 %6 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %5, i64 0, i32 8 %7 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %6, align 8 %8 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %7, i64 0, i32 0 %9 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %8, align 8 %10 = icmp eq void (%struct.bio.290594*)* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 18 %14 = load %struct.request_queue.290802*, %struct.request_queue.290802** %13, align 8 tail call void @__rcu_read_lock() #83 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %14, i64 0, i32 2, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 3 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %21, !prof !4, !misexpect !5 %22 = and i64 %16, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %65 %25 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %14, i64 0, i32 2, i32 1 %26 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %25, align 8 %27 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %65, label %30, !prof !7, !misexpect !5 %31 = phi i64 [ %38, %37 ], [ %28, %24 ] %32 = add i64 %31, 1 %33 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %27, i64 %32, i64* %27, i64 %31) #6, !srcloc !8 %34 = extractvalue { i8, i64 } %33, 0 %35 = and i8 %34, 1 %36 = icmp eq i8 %35, 0 br i1 %36, label %37, label %40, !prof !7, !misexpect !5 %38 = extractvalue { i8, i64 } %33, 1 %39 = icmp eq i64 %38, 0 br i1 %39, label %65, label %30, !prof !7, !misexpect !5 tail call void @__rcu_read_unlock() #83 %66 = tail call i32 @__bio_queue_enter(%struct.request_queue.290802* %14, %struct.bio.290594* %0) #83 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %96, !prof !4, !misexpect !5 %69 = tail call zeroext i1 @submit_bio_checks(%struct.bio.290594* %0) #83 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %4 = load %struct.block_device.290586*, %struct.block_device.290586** %3, align 8 %5 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %4, i64 0, i32 18 %6 = load %struct.request_queue.290802*, %struct.request_queue.290802** %5, align 8 %7 = tail call i32 @__SCT__might_resched() #83 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.290793* %10 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %9, i64 0, i32 129 %11 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %10, align 8 %12 = icmp eq %struct.blk_plug.290756* %11, null br i1 %12, label %21, label %13 %14 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %11, i64 0, i32 6 %15 = load i8, i8* %14, align 2, !range !5 %16 = icmp eq i8 %15, 0 br i1 %16, label %21, label %17 %22 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 2 %23 = load i32, i32* %22, align 8 %24 = and i32 %23, 2097152 %25 = icmp eq i32 %24, 0 br i1 %25, label %31, label %26 %27 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %6, i64 0, i32 11 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 536870912 %30 = icmp eq i64 %29, 0 br i1 %30, label %192, label %31 %32 = and i32 %23, 1 %33 = icmp eq i32 %32, 0 br i1 %33, label %69, label %34 %70 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 3 %71 = load i16, i16* %70, align 4 %72 = and i16 %71, 2048 %73 = icmp eq i16 %72, 0 br i1 %73, label %74, label %113 %114 = load i32, i32* %22, align 8 %115 = and i32 %114, 393216 %116 = icmp eq i32 %115, 0 br i1 %116, label %127, label %117 %118 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %6, i64 0, i32 11 %119 = load volatile i64, i64* %118, align 8 %120 = and i64 %119, 131072 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %127 %128 = phi i32 [ %114, %117 ], [ %114, %113 ], [ %123, %122 ] %129 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %6, i64 0, i32 11 %130 = load volatile i64, i64* %129, align 8 %131 = and i64 %130, 65536 %132 = icmp eq i64 %131, 0 br i1 %132, label %133, label %137 %138 = phi i32 [ %128, %127 ], [ %136, %133 ] %139 = trunc i32 %138 to i8 switch i8 %139, label %156 [ i8 3, label %140 i8 5, label %144 i8 7, label %148 i8 13, label %192 i8 15, label %192 i8 10, label %192 i8 11, label %192 i8 12, label %192 i8 17, label %192 i8 9, label %152 ] %141 = load volatile i64, i64* %129, align 8 %142 = and i64 %141, 256 %143 = icmp eq i64 %142, 0 br i1 %143, label %192, label %156 %157 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %9, i64 0, i32 132 %158 = load %struct.io_context.290596*, %struct.io_context.290596** %157, align 16 %159 = icmp eq %struct.io_context.290596* %158, null br i1 %159, label %160, label %164, !prof !10, !misexpect !7 %161 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %6, i64 0, i32 34 %162 = load i32, i32* %161, align 4 %163 = call i32 bitcast (i32 (%struct.task_struct.290370*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.290793*, i32, i32)*)(%struct.task_struct.290793* %9, i32 2592, i32 %162) #83 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #83 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_node 1 create_task_io_context 2 submit_bio_checks 3 __submit_bio 4 submit_bio_noacct 5 __blk_queue_split 6 blk_queue_split 7 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.687194*, align 8 store %struct.bio.687194* %0, %struct.bio.687194** %2, align 8 %3 = getelementptr inbounds %struct.bio.687194, %struct.bio.687194* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.687194, %struct.bio.687194* %0, i64 0, i32 1 %8 = load %struct.block_device.687185*, %struct.block_device.687185** %7, align 8 %9 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %8, i64 0, i32 17 %10 = load %struct.gendisk.687208*, %struct.gendisk.687208** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.289986**)* @blk_queue_split to void (%struct.bio.687194**)*)(%struct.bio.687194** nonnull %2) #83 Function:blk_queue_split %2 = alloca i32, align 4 %3 = load %struct.bio.289986*, %struct.bio.289986** %0, align 8 %4 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 1 %5 = load %struct.block_device.289982*, %struct.block_device.289982** %4, align 8 %6 = getelementptr inbounds %struct.block_device.289982, %struct.block_device.289982* %5, i64 0, i32 18 %7 = load %struct.request_queue.289873*, %struct.request_queue.289873** %6, align 8 %8 = bitcast i32* %2 to i8* %9 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i8 switch i8 %11, label %12 [ i8 3, label %29 i8 5, label %29 i8 9, label %29 i8 7, label %29 ] %13 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %7, i64 0, i32 32, i32 5 %14 = load i32, i32* %13, align 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %29 call void @__blk_queue_split(%struct.request_queue.289873* %7, %struct.bio.289986** %0, i32* nonnull %2) #83 Function:__blk_queue_split %4 = alloca %struct.bio_vec.289985, align 8 %5 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %6 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 2 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i8 switch i8 %8, label %80 [ i8 3, label %9 i8 5, label %9 i8 9, label %56 i8 7, label %68 ] %69 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 52 store i32 1, i32* %2, align 4 %70 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 32, i32 15 %71 = load i32, i32* %70, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %324, label %73 %74 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 8, i32 1 %75 = load i32, i32* %74, align 8 %76 = lshr i32 %75, 9 %77 = icmp ugt i32 %76, %71 br i1 %77, label %78, label %324 %79 = tail call %struct.bio.289986* @bio_split(%struct.bio.289986* %5, i32 %71, i32 3072, %struct.bio_set.289990* %69) #83 br label %290 %291 = phi %struct.bio.289986* [ %289, %288 ], [ %55, %38 ], [ %67, %66 ], [ %79, %78 ] %292 = icmp eq %struct.bio.289986* %291, null br i1 %292, label %324, label %293 %294 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %291, i64 0, i32 2 %295 = load i32, i32* %294, align 8 %296 = or i32 %295, 16384 store i32 %296, i32* %294, align 8 %297 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void @bio_chain(%struct.bio.289986* nonnull %291, %struct.bio.289986* %297) #83 %298 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %299 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %298, i64 0, i32 8, i32 0 %300 = load i64, i64* %299, align 8 %301 = trunc i64 %300 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %302)) #6 to label %322 [label %302], !srcloc !9 %323 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void bitcast (void (%struct.bio.290594*)* @submit_bio_noacct to void (%struct.bio.289986*)*)(%struct.bio.289986* %323) #83 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.290592], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.290793* %5 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %4, i64 0, i32 128 %6 = load %struct.bio_list.290592*, %struct.bio_list.290592** %5, align 16 %7 = icmp eq %struct.bio_list.290592* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %18 = load %struct.block_device.290586*, %struct.block_device.290586** %17, align 8 %19 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %18, i64 0, i32 17 %20 = load %struct.gendisk.290584*, %struct.gendisk.290584** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %22, i64 0, i32 0 %24 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %23, align 8 %25 = icmp eq void (%struct.bio.290594*)* %24, null %26 = bitcast [2 x %struct.bio_list.290592]* %2 to i8* br i1 %25, label %27, label %44 %45 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 0 %46 = load %struct.bio.290594*, %struct.bio.290594** %45, align 8 %47 = icmp eq %struct.bio.290594* %46, null br i1 %47, label %49, label %48, !prof !5, !misexpect !6 %50 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0 store %struct.bio_list.290592* %50, %struct.bio_list.290592** %5, align 16 %51 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1 %52 = bitcast %struct.bio_list.290592* %51 to i8* %53 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 0 %54 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 1 %55 = bitcast %struct.bio.290594** %54 to i64* %56 = getelementptr inbounds %struct.bio_list.290592, %struct.bio_list.290592* %51, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1, i32 1 %58 = bitcast %struct.bio.290594** %57 to i64* br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 %68 = phi %struct.bio.290594* [ %104, %99 ], [ %65, %59 ] %69 = phi i64 [ %103, %99 ], [ 0, %59 ] %70 = phi %struct.bio.290594* [ %102, %99 ], [ null, %59 ] %71 = phi i64 [ %101, %99 ], [ 0, %59 ] %72 = phi %struct.bio.290594* [ %100, %99 ], [ null, %59 ] %73 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 0 %74 = load %struct.bio.290594*, %struct.bio.290594** %73, align 8 store %struct.bio.290594* %74, %struct.bio.290594** %53, align 16 %75 = icmp eq %struct.bio.290594* %74, null br i1 %75, label %76, label %77 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %77 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 %78 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 1 %79 = load %struct.block_device.290586*, %struct.block_device.290586** %78, align 8 %80 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %79, i64 0, i32 18 %81 = load %struct.request_queue.290802*, %struct.request_queue.290802** %80, align 8 %82 = icmp eq %struct.request_queue.290802* %64, %81 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 br i1 %82, label %83, label %91 %92 = icmp eq i64 %71, 0 br i1 %92, label %96, label %93 %94 = inttoptr i64 %71 to %struct.bio.290594* %95 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %94, i64 0, i32 0 store %struct.bio.290594* %68, %struct.bio.290594** %95, align 8 br label %96 %97 = phi %struct.bio.290594* [ %72, %93 ], [ %68, %91 ] %98 = ptrtoint %struct.bio.290594* %68 to i64 br label %99 %100 = phi %struct.bio.290594* [ %72, %88 ], [ %97, %96 ] %101 = phi i64 [ %71, %88 ], [ %98, %96 ] %102 = phi %struct.bio.290594* [ %89, %88 ], [ %70, %96 ] %103 = phi i64 [ %90, %88 ], [ %69, %96 ] %104 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %105 = icmp eq %struct.bio.290594* %104, null br i1 %105, label %106, label %67 %107 = icmp eq %struct.bio.290594* %100, null br i1 %107, label %115, label %108 %109 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %110 = icmp eq %struct.bio.290594* %109, null br i1 %110, label %113, label %111 store %struct.bio.290594* %100, %struct.bio.290594** %53, align 16 br label %114 store i64 %101, i64* %55, align 8 br label %115 %116 = icmp eq %struct.bio.290594* %102, null br i1 %116, label %124, label %117 %118 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %119 = icmp eq %struct.bio.290594* %118, null br i1 %119, label %122, label %120 store %struct.bio.290594* %102, %struct.bio.290594** %53, align 16 br label %123 store i64 %103, i64* %55, align 8 br label %124 %125 = load %struct.bio.290594*, %struct.bio.290594** %56, align 16 %126 = icmp eq %struct.bio.290594* %125, null br i1 %126, label %135, label %127 %128 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %129 = icmp eq %struct.bio.290594* %128, null br i1 %129, label %132, label %130 store %struct.bio.290594* %125, %struct.bio.290594** %53, align 16 br label %133 %134 = load i64, i64* %58, align 8 store i64 %134, i64* %55, align 8 br label %135 %136 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %137 = icmp eq %struct.bio.290594* %136, null br i1 %137, label %144, label %138 %139 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %136, i64 0, i32 0 %140 = load %struct.bio.290594*, %struct.bio.290594** %139, align 8 store %struct.bio.290594* %140, %struct.bio.290594** %53, align 16 %141 = icmp eq %struct.bio.290594* %140, null br i1 %141, label %142, label %143 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %143 store %struct.bio.290594* null, %struct.bio.290594** %139, align 8 br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 Function:__submit_bio %2 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %3 = load %struct.block_device.290586*, %struct.block_device.290586** %2, align 8 %4 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 17 %5 = load %struct.gendisk.290584*, %struct.gendisk.290584** %4, align 8 %6 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %5, i64 0, i32 8 %7 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %6, align 8 %8 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %7, i64 0, i32 0 %9 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %8, align 8 %10 = icmp eq void (%struct.bio.290594*)* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 18 %14 = load %struct.request_queue.290802*, %struct.request_queue.290802** %13, align 8 tail call void @__rcu_read_lock() #83 %15 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %14, i64 0, i32 2, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 3 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %21, !prof !4, !misexpect !5 %22 = and i64 %16, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %65 %25 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %14, i64 0, i32 2, i32 1 %26 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %25, align 8 %27 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %65, label %30, !prof !7, !misexpect !5 %31 = phi i64 [ %38, %37 ], [ %28, %24 ] %32 = add i64 %31, 1 %33 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %27, i64 %32, i64* %27, i64 %31) #6, !srcloc !8 %34 = extractvalue { i8, i64 } %33, 0 %35 = and i8 %34, 1 %36 = icmp eq i8 %35, 0 br i1 %36, label %37, label %40, !prof !7, !misexpect !5 %38 = extractvalue { i8, i64 } %33, 1 %39 = icmp eq i64 %38, 0 br i1 %39, label %65, label %30, !prof !7, !misexpect !5 tail call void @__rcu_read_unlock() #83 %66 = tail call i32 @__bio_queue_enter(%struct.request_queue.290802* %14, %struct.bio.290594* %0) #83 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %96, !prof !4, !misexpect !5 %69 = tail call zeroext i1 @submit_bio_checks(%struct.bio.290594* %0) #83 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %4 = load %struct.block_device.290586*, %struct.block_device.290586** %3, align 8 %5 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %4, i64 0, i32 18 %6 = load %struct.request_queue.290802*, %struct.request_queue.290802** %5, align 8 %7 = tail call i32 @__SCT__might_resched() #83 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.290793* %10 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %9, i64 0, i32 129 %11 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %10, align 8 %12 = icmp eq %struct.blk_plug.290756* %11, null br i1 %12, label %21, label %13 %14 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %11, i64 0, i32 6 %15 = load i8, i8* %14, align 2, !range !5 %16 = icmp eq i8 %15, 0 br i1 %16, label %21, label %17 %22 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 2 %23 = load i32, i32* %22, align 8 %24 = and i32 %23, 2097152 %25 = icmp eq i32 %24, 0 br i1 %25, label %31, label %26 %27 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %6, i64 0, i32 11 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 536870912 %30 = icmp eq i64 %29, 0 br i1 %30, label %192, label %31 %32 = and i32 %23, 1 %33 = icmp eq i32 %32, 0 br i1 %33, label %69, label %34 %70 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 3 %71 = load i16, i16* %70, align 4 %72 = and i16 %71, 2048 %73 = icmp eq i16 %72, 0 br i1 %73, label %74, label %113 %114 = load i32, i32* %22, align 8 %115 = and i32 %114, 393216 %116 = icmp eq i32 %115, 0 br i1 %116, label %127, label %117 %118 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %6, i64 0, i32 11 %119 = load volatile i64, i64* %118, align 8 %120 = and i64 %119, 131072 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %127 %128 = phi i32 [ %114, %117 ], [ %114, %113 ], [ %123, %122 ] %129 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %6, i64 0, i32 11 %130 = load volatile i64, i64* %129, align 8 %131 = and i64 %130, 65536 %132 = icmp eq i64 %131, 0 br i1 %132, label %133, label %137 %138 = phi i32 [ %128, %127 ], [ %136, %133 ] %139 = trunc i32 %138 to i8 switch i8 %139, label %156 [ i8 3, label %140 i8 5, label %144 i8 7, label %148 i8 13, label %192 i8 15, label %192 i8 10, label %192 i8 11, label %192 i8 12, label %192 i8 17, label %192 i8 9, label %152 ] %141 = load volatile i64, i64* %129, align 8 %142 = and i64 %141, 256 %143 = icmp eq i64 %142, 0 br i1 %143, label %192, label %156 %157 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %9, i64 0, i32 132 %158 = load %struct.io_context.290596*, %struct.io_context.290596** %157, align 16 %159 = icmp eq %struct.io_context.290596* %158, null br i1 %159, label %160, label %164, !prof !10, !misexpect !7 %161 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %6, i64 0, i32 34 %162 = load i32, i32* %161, align 4 %163 = call i32 bitcast (i32 (%struct.task_struct.290370*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.290793*, i32, i32)*)(%struct.task_struct.290793* %9, i32 2592, i32 %162) #83 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #83 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 gss_setup_upcall 2 gss_create_upcall 3 gss_cred_init 4 rpcauth_lookup_credcache 5 gss_lookup_cred 6 nfs_ctx_key_to_expire 7 nfs_key_timeout_notify 8 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.212839, %struct.kiocb.212839* %0, i64 0, i32 0 %4 = load %struct.file.213286*, %struct.file.213286** %3, align 8 %5 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %4, i64 0, i32 2 %6 = load %struct.inode.213279*, %struct.inode.213279** %5, align 8 %7 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %6, i64 0, i32 8 %8 = load %struct.super_block.213267*, %struct.super_block.213267** %7, align 8 %9 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.213423** %11 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.213286*, %struct.inode.213279*)*)(%struct.file.213286* %4, %struct.inode.213279* %6) #83 Function:nfs_key_timeout_notify %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.nfs_open_context** %5 = load %struct.nfs_open_context*, %struct.nfs_open_context** %4, align 8 %6 = tail call zeroext i1 @nfs_ctx_key_to_expire(%struct.nfs_open_context* %5, %struct.inode* %1) #83 Function:nfs_ctx_key_to_expire %3 = alloca %struct.auth_cred, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server** %8 = load %struct.nfs_server*, %struct.nfs_server** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server, %struct.nfs_server* %8, i64 0, i32 3 %10 = load %struct.rpc_clnt*, %struct.rpc_clnt** %9, align 8 %11 = getelementptr inbounds %struct.rpc_clnt, %struct.rpc_clnt* %10, i64 0, i32 11 %12 = load %struct.rpc_auth*, %struct.rpc_auth** %11, align 8 %13 = bitcast %struct.auth_cred* %3 to i8* %14 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 3 %15 = bitcast %struct.cred** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = bitcast %struct.auth_cred* %3 to i64* store i64 %16, i64* %17, align 8 %18 = getelementptr inbounds %struct.auth_cred, %struct.auth_cred* %3, i64 0, i32 1 store i8* null, i8** %18, align 8 tail call void @__rcu_read_lock() #83 %19 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 4 %20 = load volatile %struct.rpc_cred*, %struct.rpc_cred** %19, align 8 %21 = icmp eq %struct.rpc_cred* %20, null br i1 %21, label %31, label %22 %23 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %20, i64 0, i32 4 %24 = load %struct.rpc_credops*, %struct.rpc_credops** %23, align 8 %25 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %24, i64 0, i32 9 %26 = load i32 (%struct.rpc_cred*)*, i32 (%struct.rpc_cred*)** %25, align 8 %27 = icmp eq i32 (%struct.rpc_cred*)* %26, null br i1 %27, label %55, label %28 %29 = tail call i32 %26(%struct.rpc_cred* nonnull %20) #83 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 tail call void @__rcu_read_unlock() #83 %32 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %12, i64 0, i32 5 %33 = load %struct.rpc_authops*, %struct.rpc_authops** %32, align 8 %34 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %33, i64 0, i32 6 %35 = load %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)*, %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)** %34, align 8 %36 = call %struct.rpc_cred* %35(%struct.rpc_auth* %12, %struct.auth_cred* nonnull %3, i32 0) #83 Function:gss_lookup_cred %4 = tail call %struct.rpc_cred* @rpcauth_lookup_credcache(%struct.rpc_auth* %0, %struct.auth_cred* %1, i32 %2, i32 3136) #83 Function:rpcauth_lookup_credcache %5 = alloca %struct.list_head, align 8 %6 = bitcast %struct.list_head* %5 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 store %struct.list_head* %5, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 1 store %struct.list_head* %5, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %0, i64 0, i32 8 %10 = load %struct.rpc_cred_cache*, %struct.rpc_cred_cache** %9, align 8 %11 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %0, i64 0, i32 5 %12 = load %struct.rpc_authops*, %struct.rpc_authops** %11, align 8 %13 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %12, i64 0, i32 5 %14 = load i32 (%struct.auth_cred*, i32)*, i32 (%struct.auth_cred*, i32)** %13, align 8 %15 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 1 %16 = load i32, i32* %15, align 8 %17 = call i32 %14(%struct.auth_cred* %1, i32 %16) #83 call void @__rcu_read_lock() #83 %18 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 0 %19 = load %struct.hlist_head*, %struct.hlist_head** %18, align 8 %20 = zext i32 %17 to i64 %21 = getelementptr %struct.hlist_head, %struct.hlist_head* %19, i64 %20, i32 0 %22 = load volatile %struct.hlist_node*, %struct.hlist_node** %21, align 8 %23 = icmp eq %struct.hlist_node* %22, null br i1 %23, label %64, label %24 %25 = phi %struct.hlist_node* [ %60, %58 ], [ %22, %4 ] %26 = bitcast %struct.hlist_node* %25 to %struct.rpc_cred* %27 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %25, i64 3, i32 1 %28 = bitcast %struct.hlist_node*** %27 to %struct.rpc_credops** %29 = load %struct.rpc_credops*, %struct.rpc_credops** %28, align 8 %30 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %29, i64 0, i32 3 %31 = load i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)*, i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)** %30, align 8 %32 = call i32 %31(%struct.auth_cred* %1, %struct.rpc_cred* nonnull %26, i32 %2) #83 %33 = icmp eq i32 %32, 0 br i1 %33, label %58, label %34 %35 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %25, i64 5 %36 = bitcast %struct.hlist_node* %35 to %struct.seqcount_spinlock* %37 = bitcast %struct.hlist_node* %35 to i32* %38 = load volatile i32, i32* %37, align 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %50, label %40 %41 = phi i32 [ %48, %47 ], [ %38, %34 ] %42 = add i32 %41, 1 %43 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %37, i32 %42, i32* %37, i32 %41) #6, !srcloc !4 %44 = extractvalue { i8, i32 } %43, 0 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %47, label %50, !prof !5, !misexpect !6 %48 = extractvalue { i8, i32 } %43, 1 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %40 %51 = phi i32 [ 0, %34 ], [ %41, %40 ], [ 0, %47 ] %52 = add i32 %51, 1 %53 = or i32 %52, %51 %54 = icmp sgt i32 %53, -1 br i1 %54, label %56, label %55, !prof !7, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %36, i32 0) #83 br label %56 %57 = icmp eq i32 %51, 0 br i1 %57, label %58, label %62 %59 = getelementptr %struct.hlist_node, %struct.hlist_node* %25, i64 0, i32 0 %60 = load volatile %struct.hlist_node*, %struct.hlist_node** %59, align 8 %61 = icmp eq %struct.hlist_node* %60, null br i1 %61, label %64, label %24 call void @__rcu_read_unlock() #83 %65 = load %struct.rpc_authops*, %struct.rpc_authops** %11, align 8 %66 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %65, i64 0, i32 7 %67 = load %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32, i32)*, %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32, i32)** %66, align 8 %68 = call %struct.rpc_cred* %67(%struct.rpc_auth* %0, %struct.auth_cred* %1, i32 %2, i32 %3) #83 %69 = icmp ugt %struct.rpc_cred* %68, inttoptr (i64 -4096 to %struct.rpc_cred*) br i1 %69, label %189, label %70 %71 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %71) #83 %72 = load %struct.hlist_head*, %struct.hlist_head** %18, align 8 %73 = getelementptr %struct.hlist_head, %struct.hlist_head* %72, i64 %20, i32 0 %74 = bitcast %struct.hlist_node** %73 to %struct.rpc_cred** %75 = load %struct.rpc_cred*, %struct.rpc_cred** %74, align 8 %76 = icmp eq %struct.rpc_cred* %75, null br i1 %76, label %112, label %77 %78 = phi %struct.rpc_cred* [ %110, %108 ], [ %75, %70 ] %79 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %78, i64 0, i32 4 %80 = load %struct.rpc_credops*, %struct.rpc_credops** %79, align 8 %81 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %80, i64 0, i32 3 %82 = load i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)*, i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)** %81, align 8 %83 = call i32 %82(%struct.auth_cred* %1, %struct.rpc_cred* nonnull %78, i32 %2) #83 %84 = icmp eq i32 %83, 0 br i1 %84, label %108, label %85 %86 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %78, i64 0, i32 7 %87 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %86, i64 0, i32 0, i32 0 %88 = load volatile i32, i32* %87, align 4 %89 = icmp eq i32 %88, 0 br i1 %89, label %100, label %90 %91 = phi i32 [ %98, %97 ], [ %88, %85 ] %92 = add i32 %91, 1 %93 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %87, i32 %92, i32* %87, i32 %91) #6, !srcloc !4 %94 = extractvalue { i8, i32 } %93, 0 %95 = and i8 %94, 1 %96 = icmp eq i8 %95, 0 br i1 %96, label %97, label %100, !prof !5, !misexpect !6 %98 = extractvalue { i8, i32 } %93, 1 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %90 %101 = phi i32 [ 0, %85 ], [ %91, %90 ], [ 0, %97 ] %102 = add i32 %101, 1 %103 = or i32 %102, %101 %104 = icmp sgt i32 %103, -1 br i1 %104, label %106, label %105, !prof !7, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %86, i32 0) #83 br label %106 %107 = icmp eq i32 %101, 0 br i1 %107, label %108, label %135 %109 = bitcast %struct.rpc_cred* %78 to %struct.rpc_cred** %110 = load %struct.rpc_cred*, %struct.rpc_cred** %109, align 8 %111 = icmp eq %struct.rpc_cred* %110, null br i1 %111, label %112, label %77 %113 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %68, i64 0, i32 6 %114 = bitcast i64* %113 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %114, i32 4, i8* %114) #6, !srcloc !8 %115 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %68, i64 0, i32 7 %116 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %115, i64 0, i32 0, i32 0 %117 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %116, i32 1, i32* %116) #6, !srcloc !9 %118 = icmp eq i32 %117, 0 br i1 %118, label %123, label %119, !prof !5, !misexpect !6 %120 = add i32 %117, 1 %121 = or i32 %120, %117 %122 = icmp sgt i32 %121, -1 br i1 %122, label %125, label %123, !prof !7, !misexpect !6 %124 = phi i32 [ 2, %112 ], [ 1, %119 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %115, i32 %124) #83 br label %125 %126 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %68, i64 0, i32 0 %127 = load %struct.hlist_head*, %struct.hlist_head** %18, align 8 %128 = getelementptr %struct.hlist_head, %struct.hlist_head* %127, i64 %20, i32 0 %129 = load %struct.hlist_node*, %struct.hlist_node** %128, align 8 %130 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %68, i64 0, i32 0, i32 0 store %struct.hlist_node* %129, %struct.hlist_node** %130, align 8 %131 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %68, i64 0, i32 0, i32 1 store volatile %struct.hlist_node** %128, %struct.hlist_node*** %131, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 store volatile %struct.hlist_node* %126, %struct.hlist_node** %128, align 8 %132 = icmp eq %struct.hlist_node* %129, null br i1 %132, label %141, label %133 %134 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %129, i64 0, i32 1 store volatile %struct.hlist_node** %130, %struct.hlist_node*** %134, align 8 br label %141 %142 = phi %struct.rpc_cred* [ %78, %135 ], [ %68, %125 ], [ %68, %133 ] call void @_raw_spin_unlock(%struct.raw_spinlock* %71) #83 %143 = load i64, i64* @number_cred_unused, align 8 %144 = load i64, i64* @auth_max_cred_cachesize, align 8 %145 = icmp ugt i64 %143, %144 br i1 %145, label %146, label %152 %147 = sub i64 %143, %144 %148 = icmp ult i64 %147, 100 %149 = select i1 %148, i64 %147, i64 100 %150 = trunc i64 %149 to i32 %151 = call fastcc i64 @rpcauth_cache_do_shrink(i32 %150) #83 br label %152 %153 = phi %struct.rpc_cred* [ %63, %62 ], [ %142, %141 ], [ %142, %146 ] %154 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %153, i64 0, i32 6 %155 = load volatile i64, i64* %154, align 8 %156 = and i64 %155, 1 %157 = icmp eq i64 %156, 0 br i1 %157, label %173, label %158 %159 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %153, i64 0, i32 4 %160 = load %struct.rpc_credops*, %struct.rpc_credops** %159, align 8 %161 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %160, i64 0, i32 1 %162 = load i32 (%struct.rpc_auth*, %struct.rpc_cred*)*, i32 (%struct.rpc_auth*, %struct.rpc_cred*)** %161, align 8 %163 = icmp ne i32 (%struct.rpc_auth*, %struct.rpc_cred*)* %162, null %164 = and i32 %2, 1 %165 = icmp eq i32 %164, 0 %166 = and i1 %165, %163 br i1 %166, label %167, label %173 %168 = call i32 %162(%struct.rpc_auth* %0, %struct.rpc_cred* %153) #83 Function:gss_cred_init %3 = getelementptr %struct.rpc_auth, %struct.rpc_auth* %0, i64 -1, i32 5 %4 = bitcast %struct.rpc_authops** %3 to %struct.gss_auth* %5 = bitcast %struct.rpc_cred* %1 to %struct.gss_cred* br label %6 %7 = tail call fastcc i32 @gss_create_upcall(%struct.gss_auth* %4, %struct.gss_cred* %5) #83 %7 = tail call fastcc i32 @gss_create_upcall(%struct.gss_auth* %4, %struct.gss_cred* %5) #83 Function:gss_create_upcall %3 = alloca %struct.wait_queue_entry, align 8 %4 = alloca %struct.wait_queue_entry, align 8 %5 = getelementptr inbounds %struct.gss_auth, %struct.gss_auth* %0, i64 0, i32 6 %6 = load %struct.net*, %struct.net** %5, align 8 %7 = load i32, i32* @sunrpc_net_id, align 4 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.net, %struct.net* %6, i64 0, i32 38 %9 = load volatile %struct.net_generic*, %struct.net_generic** %8, align 64 %10 = bitcast %struct.net_generic* %9 to [0 x i8*]* %11 = zext i32 %7 to i64 %12 = getelementptr [0 x i8*], [0 x i8*]* %10, i64 0, i64 %11 %13 = load i8*, i8** %12, align 8 tail call void @__rcu_read_unlock() #83 %14 = getelementptr inbounds %struct.gss_cred, %struct.gss_cred* %1, i64 0, i32 0 %15 = bitcast %struct.wait_queue_entry* %3 to i8* %16 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct* %20 = bitcast i8** %17 to %struct.task_struct** store %struct.task_struct* %19, %struct.task_struct** %20, align 8 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %21, align 8 %22 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 store %struct.list_head* %22, %struct.list_head** %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 store %struct.list_head* %22, %struct.list_head** %24, align 8 %25 = getelementptr inbounds i8, i8* %13, i64 188 %26 = bitcast i8* %25 to i32* %27 = bitcast %struct.wait_queue_entry* %4 to i8* br label %28 %29 = call zeroext i1 @gssd_running(%struct.net* %6) #83 br i1 %29, label %30, label %142 %31 = call fastcc %struct.gss_upcall_msg* @gss_setup_upcall(%struct.gss_auth* %0, %struct.rpc_cred* %14) #84 Function:gss_setup_upcall %3 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %1, i64 0, i32 8 %4 = load %struct.cred*, %struct.cred** %3, align 8 %5 = getelementptr inbounds %struct.cred, %struct.cred* %4, i64 0, i32 7, i32 0 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %1, i64 1, i32 1, i32 1 %8 = bitcast %struct.list_head** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %11 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %10, i32 3392, i64 584) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 proc_tcp_available_ulp ------------- Path:  Function:proc_tcp_available_ulp %6 = alloca %struct.ctl_table, align 8 %7 = bitcast %struct.ctl_table* %6 to i8* %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 2048, i32* %8, align 8 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 1051840, i64 2048) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 proc_tcp_available_congestion_control ------------- Path:  Function:proc_tcp_available_congestion_control %6 = alloca %struct.ctl_table, align 8 %7 = bitcast %struct.ctl_table* %6 to i8* %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 2048, i32* %8, align 8 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 1051840, i64 2048) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 proc_allowed_congestion_control ------------- Path:  Function:proc_allowed_congestion_control %6 = alloca %struct.ctl_table, align 8 %7 = bitcast %struct.ctl_table* %6 to i8* %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 2048, i32* %8, align 8 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 1051840, i64 2048) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 proc_tcp_fastopen_key ------------- Path:  Function:proc_tcp_fastopen_key %6 = alloca [4 x i32], align 16 %7 = alloca %struct.ctl_table, align 8 %8 = alloca [8 x i32], align 16 %9 = bitcast [8 x i32]* %8 to i8* %10 = alloca [8 x i32], align 16 %11 = bitcast [8 x i32]* %10 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = load i8*, i8** %12, align 8 %14 = getelementptr i8, i8* %13, i64 -1108 %15 = bitcast i8* %14 to %struct.net* %16 = bitcast %struct.ctl_table* %7 to i8* %17 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 2 store i32 74, i32* %17, align 8 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %19 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 3264, i64 74) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 ip_ra_control 2 ip_setsockopt ------------- Path:  Function:ip_setsockopt %7 = alloca %struct.compat_group_source_req, align 4 %8 = alloca %struct.group_source_req, align 8 %9 = alloca %struct.kernel_symbol, align 4 %10 = alloca %struct.sched_domain_shared, align 4 %11 = alloca %struct.sched_domain_shared, align 4 %12 = alloca %struct.group_req, align 8 %13 = alloca %struct.compat_group_req, align 4 %14 = alloca %struct.sched_domain_shared, align 4 %15 = alloca i32, align 4 %16 = alloca i8, align 1 %17 = alloca %struct.ip_options_rcu*, align 8 %18 = alloca %struct.sched_domain_shared, align 8 %19 = alloca %struct.sched_domain_shared, align 8 %20 = alloca %struct.kernel_symbol, align 4 %21 = alloca %struct.sched_domain_shared, align 4 %22 = icmp eq i32 %1, 0 br i1 %22, label %23, label %960 %24 = bitcast %struct.sock.813299* %0 to %struct.inet_sock.818337* %25 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %0, i64 0, i32 0, i32 9, i32 0 %26 = load %struct.net.813150*, %struct.net.813150** %25, align 8 %27 = bitcast i32* %15 to i8* store i32 0, i32* %15, align 4 %28 = add i32 %2, -35 %29 = icmp ult i32 %28, 14 switch i32 %2, label %66 [ i32 8, label %30 i32 12, label %30 i32 6, label %30 i32 13, label %30 i32 7, label %30 i32 1, label %30 i32 2, label %30 i32 3, label %30 i32 10, label %30 i32 11, label %30 i32 5, label %30 i32 15, label %30 i32 18, label %30 i32 19, label %30 i32 21, label %30 i32 22, label %30 i32 24, label %30 i32 50, label %30 i32 33, label %30 i32 49, label %30 i32 34, label %30 i32 20, label %30 i32 23, label %30 i32 25, label %30 i32 26, label %30 ] %31 = icmp ugt i32 %5, 3 br i1 %31, label %32, label %42 %43 = icmp eq i32 %5, 0 br i1 %43, label %59, label %44 %45 = and i8 %4, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %49, label %47 %50 = call i64 @_copy_from_user(i8* nonnull %16, i8* %3, i64 1) #83 %51 = trunc i64 %50 to i32 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %58 %54 = load i8, i8* %16, align 1 br label %55 %56 = phi i8 [ %54, %53 ], [ %48, %47 ] %57 = zext i8 %56 to i32 store i32 %57, i32* %15, align 4 br label %59 %60 = icmp eq i32 %2, 5 br i1 %60, label %61, label %71 %62 = load i32, i32* %15, align 4 %63 = icmp ne i32 %62, 0 %64 = zext i1 %63 to i8 %65 = call i32 @ip_ra_control(%struct.sock.813299* %0, i8 zeroext %64, void (%struct.sock.813299*)* null) #83 Function:ip_ra_control %4 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %0, i64 0, i32 0, i32 9, i32 0 %5 = load %struct.net.813150*, %struct.net.813150** %4, align 8 %6 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %0, i64 0, i32 46 %7 = load i16, i16* %6, align 2 %8 = icmp eq i16 %7, 3 br i1 %8, label %9, label %84 %10 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %0, i64 0, i32 0, i32 2 %11 = bitcast %struct.kuid_t* %10 to %struct.raw_hdlc_proto* %12 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %11, i64 0, i32 1 %13 = load i16, i16* %12, align 2 %14 = icmp eq i16 %13, 255 br i1 %14, label %84, label %15 %16 = icmp eq i8 %1, 0 br i1 %16, label %22, label %17 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %19 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 3264, i64 40) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 dst_cow_metrics_generic ------------- Path:  Function:dst_cow_metrics_generic %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 2592, i64 72) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __scm_send 2 netlink_sendmsg ------------- Path:  Function:netlink_sendmsg %4 = alloca %struct.scm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.sock* %6 to %struct.netlink_sock* %8 = bitcast %struct.msghdr* %1 to %struct.sctphdr** %9 = load %struct.sctphdr*, %struct.sctphdr** %8, align 8 %10 = bitcast %struct.scm_cookie* %4 to i8* %11 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %194 %16 = icmp eq i64 %2, 0 br i1 %16, label %17, label %21 %22 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 1, i32 0 store i32 -1, i32* %22, align 4 %23 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 2, i32 0 store i32 -1, i32* %23, align 8 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 104 %27 = load %struct.signal_struct*, %struct.signal_struct** %26, align 8 %28 = getelementptr %struct.signal_struct, %struct.signal_struct* %27, i64 0, i32 22, i64 1 %29 = load %struct.pid*, %struct.pid** %28, align 8 %30 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 94 %31 = load %struct.cred*, %struct.cred** %30, align 8 %32 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 1, i32 0 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 2, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq %struct.pid* %29, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0 %39 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0, i32 0, i32 0 %40 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 1, i32* %39) #6, !srcloc !7 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43, !prof !8, !misexpect !5 %44 = add i32 %40, 1 %45 = or i32 %44, %40 %46 = icmp sgt i32 %45, -1 br i1 %46, label %48, label %47, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %38, i32 1) #84 br label %48 %49 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 0 store %struct.pid* %29, %struct.pid** %49, align 8 %50 = tail call i32 @pid_vnr(%struct.pid* %29) #84 %51 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 0 store i32 %50, i32* %51, align 8 store i32 %33, i32* %22, align 4 store i32 %35, i32* %23, align 8 %52 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 3 %53 = call i32 @security_socket_getpeersec_dgram(%struct.socket* %0, %struct.sk_buff* null, i32* %52) #84 %54 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %60, label %57 %58 = call i32 @__scm_send(%struct.socket* %0, %struct.msghdr* %1, %struct.scm_cookie* nonnull %4) #84 Function:__scm_send %4 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 15 br i1 %6, label %7, label %209 %8 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %9 = bitcast i8** %8 to %struct.arch_uprobe_task** %10 = load %struct.arch_uprobe_task*, %struct.arch_uprobe_task** %9, align 8 %11 = icmp eq %struct.arch_uprobe_task* %10, null br i1 %11, label %209, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %14 = bitcast i8** %13 to i64* %15 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 0 %16 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 0 %17 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 1, i32 0 %18 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 2, i32 0 %19 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 5 %20 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 1 %21 = bitcast %struct.scm_fp_list** %20 to i8** br label %22 %23 = phi i64 [ %5, %12 ], [ %196, %194 ] %24 = phi %struct.arch_uprobe_task* [ %10, %12 ], [ %207, %194 ] %25 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %26, 15 br i1 %27, label %28, label %221 %29 = load i64, i64* %14, align 8 %30 = ptrtoint %struct.arch_uprobe_task* %24 to i64 %31 = sub i64 %23, %30 %32 = add i64 %31, %29 %33 = icmp ugt i64 %26, %32 br i1 %33, label %221, label %34 %35 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = icmp eq i32 %36, 1 br i1 %37, label %38, label %194 %39 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 2 %40 = load i32, i32* %39, align 4 switch i32 %40, label %221 [ i32 1, label %41 i32 2, label %124 ] %42 = load %struct.proto_ops*, %struct.proto_ops** %19, align 32 %43 = icmp eq %struct.proto_ops* %42, null br i1 %43, label %221, label %44 %45 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %42, i64 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, 1 br i1 %47, label %48, label %221 %49 = getelementptr %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 1 %50 = bitcast %struct.arch_uprobe_task* %49 to i32* %51 = load %struct.scm_fp_list*, %struct.scm_fp_list** %20, align 8 %52 = add i64 %26, 17179869168 %53 = lshr i64 %52, 2 %54 = trunc i64 %53 to i32 %55 = icmp slt i32 %54, 1 br i1 %55, label %194, label %56 %57 = icmp sgt i32 %54, 253 br i1 %57, label %221, label %58 %59 = icmp eq %struct.scm_fp_list* %51, null br i1 %59, label %60, label %71 %61 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %62 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %61, i32 4197568, i64 2040) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 snd_seq_call_port_info_ioctl 2 snd_seq_ioctl_compat ------------- Path:  Function:snd_seq_ioctl_compat %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.snd_seq_client** %6 = load %struct.snd_seq_client*, %struct.snd_seq_client** %5, align 8 %7 = and i64 %2, 4294967295 %8 = icmp eq %struct.snd_seq_client* %6, null br i1 %8, label %32, label %9, !prof !4, !misexpect !5 switch i32 %1, label %32 [ i32 -2147200256, label %10 i32 -2147200255, label %10 i32 -1070574846, label %10 i32 -1061399792, label %10 i32 1086083857, label %10 i32 1079006000, label %10 i32 1079006001, label %10 i32 -1064545486, label %10 i32 1082938163, label %10 i32 -1064545484, label %10 i32 -1064545483, label %10 i32 -1064545482, label %10 i32 -1067691200, label %10 i32 -1070836927, label %10 i32 1076646722, label %10 i32 -1067429051, label %10 i32 1080054598, label %10 i32 -1068739767, label %10 i32 1078743882, label %10 i32 -1067953333, label %10 i32 1079530316, label %10 i32 1077957454, label %10 i32 -1067953329, label %10 i32 -1068477616, label %10 i32 -1061399727, label %10 i32 -1072671997, label %10 i32 -1062972640, label %12 i32 1084511009, label %16 i32 -1062972638, label %20 i32 1084511011, label %24 i32 -1062972590, label %28 ] %29 = inttoptr i64 %7 to %struct.snd_seq_port_info32* %30 = tail call fastcc i32 @snd_seq_call_port_info_ioctl(%struct.snd_seq_client* nonnull %6, i32 -1062710446, %struct.snd_seq_port_info32* %29) #83 Function:snd_seq_call_port_info_ioctl %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3264, i64 168) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 snd_pcm_ioctl_hw_params_compat 2 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %159 = inttoptr i64 %10 to %struct.snd_pcm_hw_params32* %160 = tail call fastcc i32 @snd_pcm_ioctl_hw_params_compat(%struct.snd_pcm_substream.721187* nonnull %18, i32 0, %struct.snd_pcm_hw_params32* %159) #83 Function:snd_pcm_ioctl_hw_params_compat %4 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %5 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %4, align 8 %6 = icmp eq %struct.snd_pcm_runtime.721183* %5, null br i1 %6, label %63, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 608) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 snd_pcm_ioctl_hw_params_compat 2 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %159 = inttoptr i64 %10 to %struct.snd_pcm_hw_params32* %160 = tail call fastcc i32 @snd_pcm_ioctl_hw_params_compat(%struct.snd_pcm_substream.721187* nonnull %18, i32 0, %struct.snd_pcm_hw_params32* %159) #83 Function:snd_pcm_ioctl_hw_params_compat %4 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %5 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %4, align 8 %6 = icmp eq %struct.snd_pcm_runtime.721183* %5, null br i1 %6, label %63, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 608) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 snd_timer_user_open ------------- Path:  Function:snd_timer_user_open %3 = tail call i32 @stream_open(%struct.inode* %0, %struct.file* %1) #83 %4 = icmp slt i32 %3, 0 br i1 %4, label %24, label %5 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 176) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 snd_ctl_ioctl 2 snd_ctl_ioctl_compat ------------- Path:  Function:snd_ctl_ioctl_compat %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca %struct.snd_ctl_elem_list, align 8 %9 = and i64 %2, 4294967295 %10 = inttoptr i64 %9 to i8* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.snd_ctl_file** %13 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %12, align 8 %14 = icmp eq %struct.snd_ctl_file* %13, null br i1 %14, label %233, label %15, !prof !4 %16 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %13, i64 0, i32 1 %17 = load %struct.snd_card*, %struct.snd_card** %16, align 8 %18 = icmp eq %struct.snd_card* %17, null br i1 %18, label %233, label %19, !prof !4, !misexpect !5 switch i32 %1, label %212 [ i32 -2147199744, label %20 i32 -2122820351, label %20 i32 -1073457898, label %20 i32 -1073457712, label %20 i32 -2147199535, label %20 i32 1077957908, label %20 i32 1077957909, label %20 i32 -1069525735, label %20 i32 -1073195750, label %20 i32 -1073195749, label %20 i32 -1073195748, label %20 i32 -1069001456, label %22 i32 -1055894255, label %51 i32 -1027320558, label %154 i32 -1027320557, label %179 i32 -1055894249, label %204 i32 -1055894248, label %208 ] %21 = tail call i64 @snd_ctl_ioctl(%struct.file* %0, i32 %1, i64 %9) #83 Function:snd_ctl_ioctl %4 = alloca %struct.snd_ctl_elem_id, align 4 %5 = alloca %struct.snd_ctl_elem_id, align 4 %6 = alloca %struct.snd_ctl_elem_id, align 4 %7 = alloca %struct.snd_ctl_elem_info, align 8 %8 = alloca %struct.snd_ctl_elem_list, align 8 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %2 to i32* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.snd_ctl_file** %13 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %12, align 8 %14 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %13, i64 0, i32 1 %15 = load %struct.snd_card*, %struct.snd_card** %14, align 8 %16 = icmp eq %struct.snd_card* %15, null br i1 %16, label %361, label %17, !prof !4, !misexpect !5 switch i32 %1, label %343 [ i32 -2147199744, label %18 i32 -2122820351, label %27 i32 -1068477168, label %56 i32 -1055894255, label %70 i32 -993503982, label %87 i32 -993503981, label %107 i32 1077957908, label %127 i32 1077957909, label %173 i32 -1055894249, label %221 i32 -1055894248, label %225 i32 -1069525735, label %229 i32 -1073457898, label %265 i32 -1073195750, label %313 i32 -1073195749, label %320 i32 -1073195748, label %327 i32 -1073457712, label %361 i32 -2147199535, label %334 ] %28 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %29 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %28, i32 3520, i64 376) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 snd_ctl_ioctl ------------- Path:  Function:snd_ctl_ioctl %4 = alloca %struct.snd_ctl_elem_id, align 4 %5 = alloca %struct.snd_ctl_elem_id, align 4 %6 = alloca %struct.snd_ctl_elem_id, align 4 %7 = alloca %struct.snd_ctl_elem_info, align 8 %8 = alloca %struct.snd_ctl_elem_list, align 8 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %2 to i32* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.snd_ctl_file** %13 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %12, align 8 %14 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %13, i64 0, i32 1 %15 = load %struct.snd_card*, %struct.snd_card** %14, align 8 %16 = icmp eq %struct.snd_card* %15, null br i1 %16, label %361, label %17, !prof !4, !misexpect !5 switch i32 %1, label %343 [ i32 -2147199744, label %18 i32 -2122820351, label %27 i32 -1068477168, label %56 i32 -1055894255, label %70 i32 -993503982, label %87 i32 -993503981, label %107 i32 1077957908, label %127 i32 1077957909, label %173 i32 -1055894249, label %221 i32 -1055894248, label %225 i32 -1069525735, label %229 i32 -1073457898, label %265 i32 -1073195750, label %313 i32 -1073195749, label %320 i32 -1073195748, label %327 i32 -1073457712, label %361 i32 -2147199535, label %334 ] %28 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %29 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %28, i32 3520, i64 376) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 hidraw_open ------------- Path:  Function:hidraw_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 13 %4 = load i32, i32* %3, align 4 %5 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %5, i32 3520, i64 1096) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 hid_debug_events_open ------------- Path:  Function:hid_debug_events_open %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 3520, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 new_id_store.61484 ------------- Path:  Function:new_id_store.61484 %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i64, align 8 %8 = getelementptr %struct.device_driver, %struct.device_driver* %0, i64 -2, i32 16 %9 = bitcast i32* %4 to i8* %10 = bitcast i32* %5 to i8* %11 = bitcast i32* %6 to i8* %12 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %13 = call i32 (i8*, i8*, ...) @sscanf(i8* %1, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.82.61485, i64 0, i64 0), i32* nonnull %4, i32* nonnull %5, i32* nonnull %6, i64* nonnull %7) #83 %14 = icmp slt i32 %13, 3 br i1 %14, label %53, label %15 %16 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %17 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %16, i32 3520, i64 40) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 dm_open ------------- Path:  Function:dm_open %3 = tail call i32 bitcast (i32 (%struct.inode*, %struct.file*)* @nonseekable_open to i32 (%struct.inode.690677*, %struct.file.690524*)*)(%struct.inode.690677* %0, %struct.file.690524* %1) #83 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %13, !prof !4, !misexpect !5 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 4) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 i2c_new_client_device 2 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* %21, i8* nonnull %6) #83 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 %32 = load i16, i16* %21, align 2 %33 = and i16 %32, -24576 %34 = icmp eq i16 %33, -24576 br i1 %34, label %35, label %40 %36 = and i16 %32, 24575 store i16 %36, i16* %21, align 2 %37 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 1 %38 = load i16, i16* %37, align 4 %39 = or i16 %38, 16 store i16 %39, i16* %37, align 4 br label %40 %41 = phi i16 [ %36, %35 ], [ %32, %31 ] %42 = and i16 %41, 4096 %43 = icmp eq i16 %42, 0 br i1 %43, label %49, label %44 %50 = call %struct.i2c_client* @i2c_new_client_device(%struct.i2c_adapter* %8, %struct.i2c_board_info* nonnull %5) #83 Function:i2c_new_client_device %3 = alloca i32, align 4 %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3520, i64 792) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 serport_ldisc_read ------------- Path:  Function:serport_ldisc_read %7 = alloca %struct.wait_queue_entry, align 8 %8 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 29 %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 48 %11 = bitcast i8* %10 to i64* %12 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 1, i64* %11) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %72 %16 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %17 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %16, i32 3520, i64 1096) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 truinst_show ------------- Path:  Function:truinst_show %4 = getelementptr %struct.device.666185, %struct.device.666185* %0, i64 -1, i32 32 %5 = getelementptr inbounds %struct.class.666182*, %struct.class.666182** %4, i64 14 %6 = bitcast %struct.class.666182** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr i8, i8* %7, i64 -168 %9 = bitcast i8* %8 to %struct.usb_device.666496* %10 = load i32, i32* @swi_tru_install, align 4 %11 = icmp eq i32 %10, 2 br i1 %11, label %12, label %13 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %15 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 3264, i64 60) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debug_async_open ------------- Path:  Function:debug_async_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to i64* %5 = load i64, i64* %4, align 8 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 64) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debug_periodic_open ------------- Path:  Function:debug_periodic_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to i64* %5 = load i64, i64* %4, align 8 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 64) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debug_registers_open ------------- Path:  Function:debug_registers_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to i64* %5 = load i64, i64* %4, align 8 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 64) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 mon_stat_open ------------- Path:  Function:mon_stat_open %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 3264, i64 84) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 usbdev_mmap ------------- Path:  Function:usbdev_mmap %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.usb_dev_state** %6 = load %struct.usb_dev_state*, %struct.usb_dev_state** %5, align 8 %7 = getelementptr inbounds %struct.usb_dev_state, %struct.usb_dev_state* %6, i64 0, i32 1 %8 = load %struct.usb_device*, %struct.usb_device** %7, align 8 %9 = getelementptr inbounds %struct.usb_device, %struct.usb_device* %8, i64 0, i32 14 %10 = bitcast %struct.usb_bus** %9 to %struct.usb_hcd** %11 = load %struct.usb_hcd*, %struct.usb_hcd** %10, align 8 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %15 = load i64, i64* %14, align 8 %16 = sub i64 %13, %15 %17 = bitcast i64* %3 to i8* %18 = add i64 %16, 64 %19 = load volatile i32, i32* @usbfs_memory_mb, align 4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; addq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @usbfs_memory_usage, i64 0, i32 0), i64 %18, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @usbfs_memory_usage, i64 0, i32 0)) #6, !srcloc !4 %20 = icmp eq i32 %19, 0 br i1 %20, label %27, label %21 %28 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %29 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %28, i32 3520, i64 64) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 usbdev_open ------------- Path:  Function:usbdev_open %3 = alloca i32, align 4 %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3520, i64 200) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 usb_store_new_id 2 new_id_store.55282 ------------- Path:  Function:new_id_store.55282 %4 = getelementptr %struct.device_driver, %struct.device_driver* %0, i64 -1, i32 4 %5 = getelementptr inbounds i8, i8* %4, i64 88 %6 = bitcast i8* %5 to %struct.wait_queue_head* %7 = getelementptr inbounds i8, i8* %4, i64 72 %8 = bitcast i8* %7 to %struct.usb_device_id** %9 = load %struct.usb_device_id*, %struct.usb_device_id** %8, align 8 %10 = tail call i64 @usb_store_new_id(%struct.wait_queue_head* %6, %struct.usb_device_id* %9, %struct.device_driver* %0, i8* %1, i64 %2) #83 Function:usb_store_new_id %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %12 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %13 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %14 = bitcast i32* %9 to i8* %15 = bitcast i32* %10 to i8* %16 = call i32 (i8*, i8*, ...) @sscanf(i8* %3, i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.55269, i64 0, i64 0), i32* nonnull %6, i32* nonnull %7, i32* nonnull %8, i32* nonnull %9, i32* nonnull %10) #83 %17 = icmp slt i32 %16, 2 br i1 %17, label %92, label %18 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %20 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 48) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 new_id_store.54775 ------------- Path:  Function:new_id_store.54775 %4 = alloca i16, align 2 %5 = alloca i16, align 2 %6 = alloca i16, align 2 %7 = alloca i8, align 1 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca [4 x i32], align 16 %11 = getelementptr %struct.device_driver, %struct.device_driver* %0, i64 -1, i32 12 %12 = bitcast i16* %4 to i8* %13 = bitcast i16* %5 to i8* %14 = bitcast i16* %6 to i8* %15 = bitcast [4 x i32]* %10 to i8* %16 = getelementptr inbounds [4 x i32], [4 x i32]* %10, i64 0, i64 0 %17 = getelementptr inbounds [4 x i32], [4 x i32]* %10, i64 0, i64 1 %18 = getelementptr inbounds [4 x i32], [4 x i32]* %10, i64 0, i64 2 %19 = getelementptr inbounds [4 x i32], [4 x i32]* %10, i64 0, i64 3 %20 = call i32 (i8*, i8*, ...) @sscanf(i8* %1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.6.54776, i64 0, i64 0), i16* nonnull %4, i16* nonnull %5, i16* nonnull %6, i8* nonnull %7, i8* nonnull %8, i8* nonnull %9, i32* nonnull %16, i32* %17, i32* %18, i32* %19) #83 %21 = icmp slt i32 %20, 6 br i1 %21, label %61, label %22 %23 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %24 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %23, i32 3520, i64 96) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 sg_ioctl ------------- Path:  Function:sg_ioctl %4 = alloca %struct.sg_request*, align 8 %5 = alloca %struct.wait_queue_entry, align 8 %6 = alloca %struct.sg_scsi_id, align 4 %7 = inttoptr i64 %2 to i8* %8 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.sg_fd** %10 = load %struct.sg_fd*, %struct.sg_fd** %9, align 8 %11 = icmp eq %struct.sg_fd* %10, null br i1 %11, label %781, label %12 %13 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %10, i64 0, i32 1 %14 = load %struct.sg_device*, %struct.sg_device** %13, align 8 %15 = icmp eq %struct.sg_device* %14, null br i1 %15, label %781, label %16 %17 = inttoptr i64 %2 to i32* %18 = bitcast %struct.sg_request** %4 to i8* %19 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 3 %22 = icmp ne i32 %21, 2 %23 = zext i1 %22 to i32 switch i32 %1, label %758 [ i32 8837, label %24 i32 8705, label %97 i32 8706, label %121 i32 8825, label %768 i32 8826, label %125 i32 8822, label %133 i32 8827, label %172 i32 8828, label %188 i32 8829, label %232 i32 8831, label %271 i32 8821, label %281 i32 8818, label %414 i32 8817, label %435 i32 8816, label %451 i32 8839, label %462 i32 8840, label %477 i32 8835, label %488 i32 8834, label %507 i32 8841, label %515 i32 8838, label %527 i32 8707, label %656 i32 1, label %679 i32 8830, label %690 i32 4711, label %705 i32 -1069018509, label %722 i32 4724, label %733 i32 4725, label %740 i32 4726, label %747 i32 21378, label %754 i32 21382, label %754 i32 21381, label %754 i32 8709, label %754 i32 8836, label %754 ] %528 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %529 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %528, i32 3520, i64 384) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 sdev_prefix_printk 2 max_retries_store ------------- Path:  Function:max_retries_store %5 = alloca i32, align 4 %6 = getelementptr %struct.device.613560, %struct.device.613560* %0, i64 -1, i32 36 %7 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %6, i64 1 %8 = bitcast %struct.dev_iommu** %7 to %struct.scsi_device.613577** %9 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %8, align 8 %10 = bitcast i32* %5 to i8* %11 = call i32 @kstrtoint(i8* %2, i32 10, i32* nonnull %5) #83 %12 = icmp eq i32 %11, 0 br i1 %12, label %15, label %13 %16 = load i32, i32* %5, align 4 %17 = icmp slt i32 %16, 6 br i1 %17, label %18, label %21 call void (i8*, %struct.scsi_device.613577*, i8*, i8*, ...) bitcast (void (i8*, %struct.scsi_device.611890*, i8*, i8*, ...)* @sdev_prefix_printk to void (i8*, %struct.scsi_device.613577*, i8*, i8*, ...)*)(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.34.50994, i64 0, i64 0), %struct.scsi_device.613577* %9, i8* null, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.130.50995, i64 0, i64 0), i32 5) #83 Function:sdev_prefix_printk %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %7 = icmp eq %struct.scsi_device.611890* %1, null br i1 %7, label %27, label %8 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 2592, i64 128) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 sdev_prefix_printk 2 store_queue_type_field ------------- Path:  Function:store_queue_type_field %5 = getelementptr %struct.device.609954, %struct.device.609954* %0, i64 -1, i32 11, i32 8, i32 0, i32 1 %6 = bitcast i64* %5 to %struct.scsi_device.610229* %7 = getelementptr inbounds %struct.scsi_device.610229, %struct.scsi_device.610229* %6, i64 0, i32 41 %8 = bitcast i48* %7 to i64* %9 = load i64, i64* %8, align 4 %10 = and i64 %9, 2048 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12 tail call void (i8*, %struct.scsi_device.610229*, i8*, i8*, ...) bitcast (void (i8*, %struct.scsi_device.611890*, i8*, i8*, ...)* @sdev_prefix_printk to void (i8*, %struct.scsi_device.610229*, i8*, i8*, ...)*)(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.1.50293, i64 0, i64 0), %struct.scsi_device.610229* %6, i8* null, i8* getelementptr inbounds ([50 x i8], [50 x i8]* @.str.90.50294, i64 0, i64 0)) #83 Function:sdev_prefix_printk %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %7 = icmp eq %struct.scsi_device.611890* %1, null br i1 %7, label %27, label %8 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 2592, i64 128) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 regmap_name_read_file ------------- Path:  Function:regmap_name_read_file %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.regmap.603327** %7 = load %struct.regmap.603327*, %struct.regmap.603327** %6, align 8 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 4096) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 uevent_show ------------- Path:  Function:uevent_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 0 br label %5 %6 = phi %struct.kobject* [ %4, %3 ], [ %12, %10 ] %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %6, i64 0, i32 3 %8 = load %struct.kset*, %struct.kset** %7, align 8 %9 = icmp eq %struct.kset* %8, null br i1 %9, label %10, label %14 %15 = getelementptr inbounds %struct.kset, %struct.kset* %8, i64 0, i32 3 %16 = load %struct.kset_uevent_ops*, %struct.kset_uevent_ops** %15, align 8 %17 = icmp eq %struct.kset_uevent_ops* %16, null br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.kset_uevent_ops, %struct.kset_uevent_ops* %16, i64 0, i32 2 %20 = load i32 (%struct.kset*, %struct.kobject*, %struct.kobj_uevent_env*)*, i32 (%struct.kset*, %struct.kobject*, %struct.kobj_uevent_env*)** %19, align 8 %21 = icmp eq i32 (%struct.kset*, %struct.kobject*, %struct.kobj_uevent_env*)* %20, null br i1 %21, label %61, label %22 %23 = getelementptr inbounds %struct.kset_uevent_ops, %struct.kset_uevent_ops* %16, i64 0, i32 0 %24 = load i32 (%struct.kset*, %struct.kobject*)*, i32 (%struct.kset*, %struct.kobject*)** %23, align 8 %25 = icmp eq i32 (%struct.kset*, %struct.kobject*)* %24, null br i1 %25, label %29, label %26 %27 = tail call i32 %24(%struct.kset* nonnull %8, %struct.kobject* %4) #83 %28 = icmp eq i32 %27, 0 br i1 %28, label %61, label %29 %30 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %31 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %30, i32 3520, i64 2592) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 vga_arb_read ------------- Path:  Function:vga_arb_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.vga_arb_private** %7 = load %struct.vga_arb_private*, %struct.vga_arb_private** %6, align 8 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 1024) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 vga_arb_open ------------- Path:  Function:vga_arb_open %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 3520, i64 288) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %6 = bitcast %struct.workqueue_struct** %5 to %struct.i915_perf.436281* %7 = bitcast i32* %4 to i8* %8 = bitcast %struct.workqueue_struct** %5 to %struct.drm_i915_private.436298** %9 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %8, align 8 %10 = icmp eq %struct.drm_i915_private.436298* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 3 %14 = bitcast i32* %13 to %struct.kobject** %15 = load %struct.kobject*, %struct.kobject** %14, align 8 %16 = icmp eq %struct.kobject* %15, null br i1 %16, label %17, label %18 %19 = load i32, i32* @i915_perf_stream_paranoid, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = tail call zeroext i1 @capable(i32 38) #83 br i1 %22, label %26, label %23 %27 = getelementptr inbounds i8, i8* %1, i64 48 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 8 %30 = icmp eq i64 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds i8, i8* %1, i64 36 %33 = bitcast i8* %32 to i32* %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %57 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 216) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 i915_l3_write ------------- Path:  Function:i915_l3_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = getelementptr inbounds %struct.bin_attribute, %struct.bin_attribute* %2, i64 0, i32 2 %14 = bitcast i8** %13 to i64* %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.drm_i915_private.412466, %struct.drm_i915_private.412466* %12, i64 0, i32 3, i32 16 %17 = bitcast [3 x i8]* %16 to i24* %18 = load i24, i24* %17, align 8 %19 = and i24 %18, 512 %20 = icmp eq i24 %19, 0 br i1 %20, label %68, label %21 %22 = and i64 %4, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %68 %25 = icmp sgt i64 %4, 127 br i1 %25, label %68, label %26 %27 = icmp ult i64 %5, 4 br i1 %27, label %68, label %28 %29 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %30 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %29, i32 3520, i64 128) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 i915_l3_write ------------- Path:  Function:i915_l3_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = getelementptr inbounds %struct.bin_attribute, %struct.bin_attribute* %2, i64 0, i32 2 %14 = bitcast i8** %13 to i64* %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.drm_i915_private.412466, %struct.drm_i915_private.412466* %12, i64 0, i32 3, i32 16 %17 = bitcast [3 x i8]* %16 to i24* %18 = load i24, i24* %17, align 8 %19 = and i24 %18, 512 %20 = icmp eq i24 %19, 0 br i1 %20, label %68, label %21 %22 = and i64 %4, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %68 %25 = icmp sgt i64 %4, 127 br i1 %25, label %68, label %26 %27 = icmp ult i64 %5, 4 br i1 %27, label %68, label %28 %29 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %30 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %29, i32 3520, i64 128) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 crtc_crc_open ------------- Path:  Function:crtc_crc_open %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %5 = bitcast i8** %4 to %struct.drm_crtc.400184** %6 = load %struct.drm_crtc.400184*, %struct.drm_crtc.400184** %5, align 8 %7 = bitcast i64* %3 to i8* %8 = getelementptr inbounds %struct.drm_crtc.400184, %struct.drm_crtc.400184* %6, i64 0, i32 0 %9 = load %struct.drm_device.373290*, %struct.drm_device.373290** %8, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 4 %11 = load %struct.drm_driver*, %struct.drm_driver** %10, align 8 %12 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %11, i64 0, i32 24 %13 = load i32, i32* %12, align 8 %14 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 10 %15 = load i32, i32* %14, align 8 %16 = and i32 %13, 16 %17 = and i32 %16, %15 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %27 %20 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 30, i32 27 %21 = load %struct.drm_mode_config_funcs.373271*, %struct.drm_mode_config_funcs.373271** %20, align 8 %22 = icmp eq %struct.drm_mode_config_funcs.373271* %21, null br i1 %22, label %37, label %23 %24 = getelementptr inbounds %struct.drm_mode_config_funcs.373271, %struct.drm_mode_config_funcs.373271* %21, i64 0, i32 5 %25 = load i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)*, i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)** %24, align 8 %26 = icmp eq i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)* %25, null br i1 %26, label %37, label %27 %38 = getelementptr inbounds %struct.drm_crtc.400184, %struct.drm_crtc.400184* %6, i64 0, i32 16 %39 = load %struct.drm_crtc_funcs.400179*, %struct.drm_crtc_funcs.400179** %38, align 8 %40 = getelementptr inbounds %struct.drm_crtc_funcs.400179, %struct.drm_crtc_funcs.400179* %39, i64 0, i32 17 %41 = load i32 (%struct.drm_crtc.400184*, i8*, i64*)*, i32 (%struct.drm_crtc.400184*, i8*, i64*)** %40, align 8 %42 = getelementptr inbounds %struct.drm_crtc.400184, %struct.drm_crtc.400184* %6, i64 0, i32 26, i32 1 %43 = load i8*, i8** %42, align 8 %44 = call i32 %41(%struct.drm_crtc.400184* %6, i8* %43, i64* nonnull %3) #83 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %78 %47 = load i64, i64* %3, align 8 %48 = icmp ugt i64 %47, 10 br i1 %48, label %49, label %50, !prof !5, !misexpect !6 %51 = icmp eq i64 %47, 0 br i1 %51, label %52, label %53, !prof !5, !misexpect !6 %54 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 13), align 8 %55 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %54, i32 3520, i64 6144) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 drm_modeset_lock_all 2 wm_latency_write 3 pri_wm_latency_write ------------- Path:  Function:pri_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.428426** %10 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 0, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #83 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.428426** %14 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #83 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.41054, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #84 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.387280*)* @drm_modeset_lock_all to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %15) #83 Function:drm_modeset_lock_all %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 36288, i64 64) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 drm_modeset_lock_all 2 wm_latency_write 3 spr_wm_latency_write ------------- Path:  Function:spr_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.428426** %10 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 1, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #83 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.428426** %14 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #83 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.41054, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #84 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.387280*)* @drm_modeset_lock_all to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %15) #83 Function:drm_modeset_lock_all %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 36288, i64 64) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 drm_modeset_lock_all 2 wm_latency_write 3 cur_wm_latency_write ------------- Path:  Function:cur_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.428426** %10 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 2, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #83 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.428426** %14 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #83 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.41054, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #84 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.387280*)* @drm_modeset_lock_all to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %15) #83 Function:drm_modeset_lock_all %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 36288, i64 64) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 drm_modeset_lock_all 2 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 tail call void bitcast (void (%struct.drm_device.387280*)* @drm_modeset_lock_all to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %0) #83 Function:drm_modeset_lock_all %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 36288, i64 64) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 read_mem ------------- Path:  Function:read_mem %5 = load i64, i64* %3, align 8 %6 = tail call i32 @valid_phys_addr_range(i64 %5, i64 %2) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %72, label %8 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 3264, i64 4096) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 vt_do_kdgkb_ioctl 2 vt_ioctl ------------- Path:  Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.355841*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.static_call_site, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.355841** %15 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.355747* %19 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %18, i64 0, i32 104 %20 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %19, align 8 %21 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %20, i64 0, i32 25 %22 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %21, align 8 %23 = icmp eq %struct.tty_struct.355831* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #83 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.355841, %struct.vc_data.355841* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] %161 = inttoptr i64 %2 to %struct.kbsentry* %162 = zext i1 %28 to i32 %163 = tail call i32 @vt_do_kdgkb_ioctl(i32 %1, %struct.kbsentry* %161, i32 %162) #83 Function:vt_do_kdgkb_ioctl %5 = getelementptr inbounds %struct.kbsentry, %struct.kbsentry* %1, i64 0, i32 0 %6 = tail call { i8*, i8, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i8* %5, i64 1, i64 %4) #6, !srcloc !4 %7 = extractvalue { i8*, i8, i64 } %6, 0 %8 = extractvalue { i8*, i8, i64 } %6, 2 %9 = ptrtoint i8* %7 to i64 %10 = and i64 %9, 4294967295 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %73, !prof !5, !misexpect !6 %13 = extractvalue { i8*, i8, i64 } %6, 1 %14 = zext i8 %13 to i64 %15 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 256, i64 %14) #6, !srcloc !7 %16 = trunc i64 %15 to i8 %17 = and i8 %13, %16 switch i32 %0, label %70 [ i32 19272, label %18 i32 19273, label %40 ] %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3264, i64 512) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 vt_do_kdgkb_ioctl 2 vt_ioctl 3 vt_compat_ioctl ------------- Path:  Function:vt_compat_ioctl %4 = alloca %struct.compat_sock_fprog, align 4 %5 = alloca %struct.console_font_op, align 8 %6 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %7 = bitcast i8** %6 to %struct.vc_data.355841** %8 = load %struct.vc_data.355841*, %struct.vc_data.355841** %7, align 8 %9 = bitcast %struct.console_font_op* %5 to i8* %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.355747* %14 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %13, i64 0, i32 104 %15 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %14, align 8 %16 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %15, i64 0, i32 25 %17 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %16, align 8 %18 = icmp eq %struct.tty_struct.355831* %17, %0 br i1 %18, label %21, label %19 %20 = tail call zeroext i1 @capable(i32 26) #83 br i1 %20, label %21, label %22 br label %22 %23 = phi i1 [ false, %21 ], [ true, %19 ] switch i32 %1, label %79 [ i32 19314, label %24 i32 19303, label %48 i32 19302, label %48 i32 19247, label %77 i32 19248, label %77 i32 19252, label %77 i32 19253, label %77 i32 19258, label %77 i32 19260, label %77 i32 19261, label %77 i32 19269, label %77 i32 19299, label %77 i32 19301, label %77 i32 19250, label %77 i32 19278, label %77 i32 22022, label %77 i32 22023, label %77 i32 22021, label %77 i32 22024, label %77 i32 22025, label %77 i32 22026, label %77 ] %80 = tail call i32 @vt_ioctl(%struct.tty_struct.355831* %0, i32 %1, i64 %10) #84 Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.355841*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.static_call_site, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.355841** %15 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.355747* %19 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %18, i64 0, i32 104 %20 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %19, align 8 %21 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %20, i64 0, i32 25 %22 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %21, align 8 %23 = icmp eq %struct.tty_struct.355831* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #83 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.355841, %struct.vc_data.355841* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] %161 = inttoptr i64 %2 to %struct.kbsentry* %162 = zext i1 %28 to i32 %163 = tail call i32 @vt_do_kdgkb_ioctl(i32 %1, %struct.kbsentry* %161, i32 %162) #83 Function:vt_do_kdgkb_ioctl %5 = getelementptr inbounds %struct.kbsentry, %struct.kbsentry* %1, i64 0, i32 0 %6 = tail call { i8*, i8, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i8* %5, i64 1, i64 %4) #6, !srcloc !4 %7 = extractvalue { i8*, i8, i64 } %6, 0 %8 = extractvalue { i8*, i8, i64 } %6, 2 %9 = ptrtoint i8* %7 to i64 %10 = and i64 %9, 4294967295 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %73, !prof !5, !misexpect !6 %13 = extractvalue { i8*, i8, i64 } %6, 1 %14 = zext i8 %13 to i64 %15 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 256, i64 %14) #6, !srcloc !7 %16 = trunc i64 %15 to i8 %17 = and i8 %13, %16 switch i32 %0, label %70 [ i32 19272, label %18 i32 19273, label %40 ] %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3264, i64 512) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 vcs_poll_data_get 2 vcs_poll ------------- Path:  Function:vcs_poll %3 = tail call fastcc %struct.vcs_poll_data* @vcs_poll_data_get(%struct.file* %0) #83 Function:vcs_poll_data_get %2 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %3 = bitcast i8** %2 to %struct.vcs_poll_data** %4 = load %struct.vcs_poll_data*, %struct.vcs_poll_data** %3, align 8 %5 = icmp eq %struct.vcs_poll_data* %4, null br i1 %5, label %6, label %36 %7 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %8 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %7, i32 3520, i64 64) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 vcs_poll_data_get 2 vcs_fasync ------------- Path:  Function:vcs_fasync %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.vcs_poll_data** %6 = load %struct.vcs_poll_data*, %struct.vcs_poll_data** %5, align 8 %7 = icmp eq %struct.vcs_poll_data* %6, null br i1 %7, label %8, label %13 %9 = icmp eq i32 %2, 0 br i1 %9, label %17, label %10 %11 = tail call fastcc %struct.vcs_poll_data* @vcs_poll_data_get(%struct.file* %1) #83 Function:vcs_poll_data_get %2 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %3 = bitcast i8** %2 to %struct.vcs_poll_data** %4 = load %struct.vcs_poll_data*, %struct.vcs_poll_data** %3, align 8 %5 = icmp eq %struct.vcs_poll_data* %4, null br i1 %5, label %6, label %36 %7 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %8 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %7, i32 3520, i64 64) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 resources_show ------------- Path:  Function:resources_show %4 = icmp eq %struct.device* %0, null br i1 %4, label %62, label %5 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 40) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 options_show ------------- Path:  Function:options_show %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3520, i64 40) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_execute_simple_method 3 camera_store ------------- Path:  Function:camera_store %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %7 = bitcast i8** %6 to %struct.eeepc_laptop** %8 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %7, align 8 %9 = bitcast i32* %5 to i8* %10 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.56.62820, i64 0, i64 0), i32* nonnull %5) #83 %11 = icmp eq i32 %10, 1 br i1 %11, label %12, label %26 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %8, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %26, label %17 %18 = load i32, i32* %5, align 4 %19 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %8, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = sext i32 %18 to i64 %22 = call i32 @acpi_execute_simple_method(i8* %20, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.42.62835, i64 0, i64 0), i64 %21) #83 Function:acpi_execute_simple_method %4 = alloca %union.acpi_object, align 8 %5 = alloca %struct.acpi_object_list, align 8 %6 = bitcast %union.acpi_object* %4 to i8* %7 = bitcast %struct.acpi_object_list* %5 to i8* %8 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %5, i64 0, i32 0 store i32 1, i32* %8, align 8 %9 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %5, i64 0, i32 1 store %union.acpi_object* %4, %union.acpi_object** %9, align 8 %10 = getelementptr inbounds %union.acpi_object, %union.acpi_object* %4, i64 0, i32 0, i32 2 store i64 %2, i64* %10, align 8 %11 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* nonnull %5, %struct.trace_print_flags* null) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_execute_simple_method 3 cardr_store ------------- Path:  Function:cardr_store %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %7 = bitcast i8** %6 to %struct.eeepc_laptop** %8 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %7, align 8 %9 = bitcast i32* %5 to i8* %10 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.56.62820, i64 0, i64 0), i32* nonnull %5) #83 %11 = icmp eq i32 %10, 1 br i1 %11, label %12, label %26 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %8, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 1048576 %16 = icmp eq i32 %15, 0 br i1 %16, label %26, label %17 %18 = load i32, i32* %5, align 4 %19 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %8, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = sext i32 %18 to i64 %22 = call i32 @acpi_execute_simple_method(i8* %20, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.48.62832, i64 0, i64 0), i64 %21) #83 Function:acpi_execute_simple_method %4 = alloca %union.acpi_object, align 8 %5 = alloca %struct.acpi_object_list, align 8 %6 = bitcast %union.acpi_object* %4 to i8* %7 = bitcast %struct.acpi_object_list* %5 to i8* %8 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %5, i64 0, i32 0 store i32 1, i32* %8, align 8 %9 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %5, i64 0, i32 1 store %union.acpi_object* %4, %union.acpi_object** %9, align 8 %10 = getelementptr inbounds %union.acpi_object, %union.acpi_object* %4, i64 0, i32 0, i32 2 store i64 %2, i64* %10, align 8 %11 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* nonnull %5, %struct.trace_print_flags* null) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_execute_simple_method 3 disp_store ------------- Path:  Function:disp_store %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %7 = bitcast i8** %6 to %struct.eeepc_laptop** %8 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %7, align 8 %9 = bitcast i32* %5 to i8* %10 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.56.62820, i64 0, i64 0), i32* nonnull %5) #83 %11 = icmp eq i32 %10, 1 br i1 %11, label %12, label %26 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %8, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 256 %16 = icmp eq i32 %15, 0 br i1 %16, label %26, label %17 %18 = load i32, i32* %5, align 4 %19 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %8, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = sext i32 %18 to i64 %22 = call i32 @acpi_execute_simple_method(i8* %20, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.43.62830, i64 0, i64 0), i64 %21) #83 Function:acpi_execute_simple_method %4 = alloca %union.acpi_object, align 8 %5 = alloca %struct.acpi_object_list, align 8 %6 = bitcast %union.acpi_object* %4 to i8* %7 = bitcast %struct.acpi_object_list* %5 to i8* %8 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %5, i64 0, i32 0 store i32 1, i32* %8, align 8 %9 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %5, i64 0, i32 1 store %union.acpi_object* %4, %union.acpi_object** %9, align 8 %10 = getelementptr inbounds %union.acpi_object, %union.acpi_object* %4, i64 0, i32 0, i32 2 store i64 %2, i64* %10, align 8 %11 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* nonnull %5, %struct.trace_print_flags* null) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_evaluate_integer 3 camera_show ------------- Path:  Function:camera_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 16 %11 = icmp eq i32 %10, 0 br i1 %11, label %27, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.26.62836, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_evaluate_integer 3 cardr_show ------------- Path:  Function:cardr_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 1048576 %11 = icmp eq i32 %10, 0 br i1 %11, label %27, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.31.62833, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_evaluate_integer 3 cpufv_show ------------- Path:  Function:cpufv_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %35, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.28.62824, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_evaluate_integer 3 available_cpufv_show ------------- Path:  Function:available_cpufv_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %42, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.28.62824, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_evaluate_integer 3 uid_show.32298 ------------- Path:  Function:uid_show.32298 %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 7 %7 = bitcast i8** %6 to %struct.dock_station** %8 = load %struct.dock_station*, %struct.dock_station** %7, align 8 %9 = getelementptr inbounds %struct.dock_station, %struct.dock_station* %8, i64 0, i32 0 %10 = load i8*, i8** %9, align 8 %11 = call i32 @acpi_evaluate_integer(i8* %10, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.32299, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_evaluate_integer 3 acpi_device_get_power 4 real_power_state_show ------------- Path:  Function:real_power_state_show %4 = alloca i32, align 4 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 2 %6 = bitcast %struct.device_private** %5 to %struct.acpi_device* %7 = bitcast i32* %4 to i8* %8 = call i32 @acpi_device_get_power(%struct.acpi_device* %6, i32* nonnull %4) #83 Function:acpi_device_get_power %3 = alloca i64, align 8 %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* store i32 255, i32* %4, align 4 %6 = icmp ne %struct.acpi_device* %0, null %7 = icmp ne i32* %1, null %8 = and i1 %6, %7 br i1 %8, label %9, label %75 %10 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 9, i32 0 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %22 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 11, i32 1, i32 0 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 2 %25 = icmp eq i32 %24, 0 br i1 %25, label %31, label %26 %27 = call i32 @acpi_power_get_inferred_state(%struct.acpi_device* nonnull %0, i32* nonnull %4) #83 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %75 %30 = load i32, i32* %22, align 4 br label %31 %32 = phi i32 [ %30, %29 ], [ %23, %21 ] %33 = and i32 %32, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast i64* %3 to i8* %37 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 1 %38 = load i8*, i8** %37, align 8 %39 = call i32 @acpi_evaluate_integer(i8* %38, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.11.31884, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %3) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_evaluate_integer 3 sun_show ------------- Path:  Function:sun_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 2 %6 = bitcast i64* %4 to i8* %7 = getelementptr inbounds %struct.device_private*, %struct.device_private** %5, i64 1 %8 = bitcast %struct.device_private** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = call i32 @acpi_evaluate_integer(i8* %9, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.2.31849, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_evaluate_integer 3 hrv_show ------------- Path:  Function:hrv_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 2 %6 = bitcast i64* %4 to i8* %7 = getelementptr inbounds %struct.device_private*, %struct.device_private** %5, i64 1 %8 = bitcast %struct.device_private** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = call i32 @acpi_evaluate_integer(i8* %9, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.3.31850, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_evaluate_integer 3 status_show ------------- Path:  Function:status_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 2 %6 = bitcast i64* %4 to i8* %7 = getelementptr inbounds %struct.device_private*, %struct.device_private** %5, i64 1 %8 = bitcast %struct.device_private** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = call i32 @acpi_evaluate_integer(i8* %9, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.31851, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_evaluate_dsm 3 dsm_get_label 4 label_show ------------- Path:  Function:label_show %4 = tail call fastcc i32 @dsm_get_label(%struct.device.324838* %0, i8* %2, i32 0) #83 Function:dsm_get_label %4 = getelementptr inbounds %struct.device.324838, %struct.device.324838* %0, i64 0, i32 26 %5 = load %struct.fwnode_handle.324824*, %struct.fwnode_handle.324824** %4, align 8 %6 = tail call zeroext i1 bitcast (i1 (%struct.fwnode_handle*)* @is_acpi_device_node to i1 (%struct.fwnode_handle.324824*)*)(%struct.fwnode_handle.324824* %5) #83 %7 = getelementptr %struct.fwnode_handle.324824, %struct.fwnode_handle.324824* %5, i64 -1, i32 4, i32 1 %8 = icmp eq %struct.list_head** %7, null %9 = xor i1 %6, true %10 = or i1 %8, %9 br i1 %10, label %68, label %11 %12 = getelementptr inbounds %struct.list_head*, %struct.list_head** %7, i64 1 %13 = bitcast %struct.list_head** %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = icmp eq i8* %14, null br i1 %15, label %68, label %16 %17 = tail call %union.acpi_object* @acpi_evaluate_dsm(i8* nonnull %14, %struct.uuid_t* nonnull @pci_acpi_dsm_guid, i64 2, i64 7, %union.acpi_object* null) #83 Function:acpi_evaluate_dsm %6 = alloca %struct.trace_print_flags, align 8 %7 = alloca [4 x %union.acpi_object], align 16 %8 = alloca %struct.acpi_object_list, align 8 %9 = bitcast %struct.trace_print_flags* %6 to i8* %10 = bitcast [4 x %union.acpi_object]* %7 to i8* %11 = bitcast %struct.acpi_object_list* %8 to i8* %12 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %8, i64 0, i32 0 store i32 4, i32* %12, align 8 %13 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %8, i64 0, i32 1 %14 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0 store %union.acpi_object* %14, %union.acpi_object** %13, align 8 %15 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0, i32 0, i32 0 store i32 3, i32* %15, align 16 %16 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0, i32 0, i32 1 store i32 16, i32* %16, align 4 %17 = getelementptr %struct.uuid_t, %struct.uuid_t* %1, i64 0, i32 0, i64 0 %18 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0, i32 0, i32 2 %19 = bitcast i64* %18 to i8** store i8* %17, i8** %19, align 8 %20 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 1, i32 0, i32 0 store i32 1, i32* %20, align 8 %21 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 1, i32 0, i32 2 store i64 %2, i64* %21, align 8 %22 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 2, i32 0, i32 0 store i32 1, i32* %22, align 16 %23 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 2, i32 0, i32 2 store i64 %3, i64* %23, align 8 %24 = icmp eq %union.acpi_object* %4, null %25 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 3 br i1 %24, label %29, label %26 %30 = getelementptr %union.acpi_object, %union.acpi_object* %25, i64 0, i32 0, i32 0 store i32 4, i32* %30, align 8 %31 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 3, i32 0, i32 1 store i32 0, i32* %31, align 4 %32 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 3, i32 0, i32 2 %33 = bitcast i64* %32 to %union.acpi_object** store %union.acpi_object* null, %union.acpi_object** %33, align 8 br label %34 %35 = call i32 @acpi_evaluate_object(i8* %0, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.14.31765, i64 0, i64 0), %struct.acpi_object_list* nonnull %8, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 acpi_evaluate_object 2 acpi_evaluate_dsm 3 dsm_get_label 4 acpi_index_show ------------- Path:  Function:acpi_index_show %4 = tail call fastcc i32 @dsm_get_label(%struct.device.324838* %0, i8* %2, i32 1) #83 Function:dsm_get_label %4 = getelementptr inbounds %struct.device.324838, %struct.device.324838* %0, i64 0, i32 26 %5 = load %struct.fwnode_handle.324824*, %struct.fwnode_handle.324824** %4, align 8 %6 = tail call zeroext i1 bitcast (i1 (%struct.fwnode_handle*)* @is_acpi_device_node to i1 (%struct.fwnode_handle.324824*)*)(%struct.fwnode_handle.324824* %5) #83 %7 = getelementptr %struct.fwnode_handle.324824, %struct.fwnode_handle.324824* %5, i64 -1, i32 4, i32 1 %8 = icmp eq %struct.list_head** %7, null %9 = xor i1 %6, true %10 = or i1 %8, %9 br i1 %10, label %68, label %11 %12 = getelementptr inbounds %struct.list_head*, %struct.list_head** %7, i64 1 %13 = bitcast %struct.list_head** %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = icmp eq i8* %14, null br i1 %15, label %68, label %16 %17 = tail call %union.acpi_object* @acpi_evaluate_dsm(i8* nonnull %14, %struct.uuid_t* nonnull @pci_acpi_dsm_guid, i64 2, i64 7, %union.acpi_object* null) #83 Function:acpi_evaluate_dsm %6 = alloca %struct.trace_print_flags, align 8 %7 = alloca [4 x %union.acpi_object], align 16 %8 = alloca %struct.acpi_object_list, align 8 %9 = bitcast %struct.trace_print_flags* %6 to i8* %10 = bitcast [4 x %union.acpi_object]* %7 to i8* %11 = bitcast %struct.acpi_object_list* %8 to i8* %12 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %8, i64 0, i32 0 store i32 4, i32* %12, align 8 %13 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %8, i64 0, i32 1 %14 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0 store %union.acpi_object* %14, %union.acpi_object** %13, align 8 %15 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0, i32 0, i32 0 store i32 3, i32* %15, align 16 %16 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0, i32 0, i32 1 store i32 16, i32* %16, align 4 %17 = getelementptr %struct.uuid_t, %struct.uuid_t* %1, i64 0, i32 0, i64 0 %18 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0, i32 0, i32 2 %19 = bitcast i64* %18 to i8** store i8* %17, i8** %19, align 8 %20 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 1, i32 0, i32 0 store i32 1, i32* %20, align 8 %21 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 1, i32 0, i32 2 store i64 %2, i64* %21, align 8 %22 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 2, i32 0, i32 0 store i32 1, i32* %22, align 16 %23 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 2, i32 0, i32 2 store i64 %3, i64* %23, align 8 %24 = icmp eq %union.acpi_object* %4, null %25 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 3 br i1 %24, label %29, label %26 %30 = getelementptr %union.acpi_object, %union.acpi_object* %25, i64 0, i32 0, i32 0 store i32 4, i32* %30, align 8 %31 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 3, i32 0, i32 1 store i32 0, i32* %31, align 4 %32 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 3, i32 0, i32 2 %33 = bitcast i64* %32 to %union.acpi_object** store %union.acpi_object* null, %union.acpi_object** %33, align 8 br label %34 %35 = call i32 @acpi_evaluate_object(i8* %0, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.14.31765, i64 0, i64 0), %struct.acpi_object_list* nonnull %8, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 proc_bus_pci_open ------------- Path:  Function:proc_bus_pci_open %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 3264, i64 8) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 new_id_store ------------- Path:  Function:new_id_store %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = alloca i64, align 8 %11 = icmp eq %struct.device_driver* %0, null %12 = getelementptr %struct.device_driver, %struct.device_driver* %0, i64 -1, i32 3 %13 = bitcast i8** %12 to %struct.pci_driver.313794* %14 = select i1 %11, %struct.pci_driver.313794* null, %struct.pci_driver.313794* %13 %15 = getelementptr inbounds %struct.pci_driver.313794, %struct.pci_driver.313794* %14, i64 0, i32 2 %16 = load %struct.pci_device_id*, %struct.pci_device_id** %15, align 8 %17 = bitcast i32* %4 to i8* %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %20 = bitcast i32* %7 to i8* store i32 -1, i32* %7, align 4 %21 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %22 = bitcast i32* %9 to i8* store i32 0, i32* %9, align 4 %23 = bitcast i64* %10 to i8* store i64 0, i64* %10, align 8 %24 = call i32 (i8*, i8*, ...) @sscanf(i8* %1, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.5.30773, i64 0, i64 0), i32* nonnull %4, i32* nonnull %5, i32* nonnull %6, i32* nonnull %7, i32* nonnull %8, i32* nonnull %9, i64* nonnull %10) #83 %25 = icmp slt i32 %24, 2 br i1 %25, label %116, label %26 %27 = icmp eq i32 %24, 7 br i1 %27, label %55, label %28 %56 = icmp eq %struct.pci_device_id* %16, null %57 = load i64, i64* %10, align 8 br i1 %56, label %76, label %58 %59 = phi %struct.pci_device_id* [ %75, %71 ], [ %16, %55 ] %60 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %59, i64 0, i32 0 %61 = load i32, i32* %60, align 8 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %71 %64 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %59, i64 0, i32 2 %65 = load i32, i32* %64, align 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %71 %68 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %59, i64 0, i32 5 %69 = load i32, i32* %68, align 4 %70 = icmp eq i32 %69, 0 br i1 %70, label %116, label %71 %72 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %59, i64 0, i32 6 %73 = load i64, i64* %72, align 8 %74 = icmp eq i64 %57, %73 %75 = getelementptr %struct.pci_device_id, %struct.pci_device_id* %59, i64 1 br i1 %74, label %76, label %58 %77 = load i32, i32* %4, align 4 %78 = load i32, i32* %5, align 4 %79 = load i32, i32* %6, align 4 %80 = load i32, i32* %7, align 4 %81 = load i32, i32* %8, align 4 %82 = load i32, i32* %9, align 4 %83 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %84 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %83, i32 3520, i64 56) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 kobject_synth_uevent 2 uevent_store.48328 ------------- Path:  Function:uevent_store.48328 %4 = getelementptr inbounds %struct.device_driver, %struct.device_driver* %0, i64 0, i32 18 %5 = load %struct.driver_private*, %struct.driver_private** %4, align 8 %6 = getelementptr inbounds %struct.driver_private, %struct.driver_private* %5, i64 0, i32 0 %7 = tail call i32 @kobject_synth_uevent(%struct.kobject* %6, i8* %1, i64 %2) #83 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #83 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.30025, i64 0, i64 0), i8* %1, i64 %21) #83 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.30026, i64 0, i64 0), i8* %1, i64 %21) #83 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.30027, i64 0, i64 0), i8* %1, i64 %21) #83 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.30028, i64 0, i64 0), i8* %1, i64 %21) #83 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.30029, i64 0, i64 0), i8* %1, i64 %21) #83 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.30030, i64 0, i64 0), i8* %1, i64 %21) #83 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.30031, i64 0, i64 0), i8* %1, i64 %21) #83 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.30032, i64 0, i64 0), i8* %1, i64 %21) #83 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %65 = ptrtoint i8* %22 to i64 %66 = sub i64 %18, %65 %67 = add i64 %66, %2 %68 = icmp eq i64 %67, 0 br i1 %68, label %162, label %69 %70 = add i64 %67, -1 %71 = getelementptr i8, i8* %22, i64 %70 %72 = load i8, i8* %71, align 1 switch i8 %72, label %75 [ i8 10, label %73 i8 0, label %73 ] %74 = icmp eq i64 %70, 0 br i1 %74, label %162, label %75 %76 = phi i64 [ %70, %73 ], [ %67, %69 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %78 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %77, i32 3520, i64 2592) #85 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 kobject_synth_uevent 2 bus_uevent_store ------------- Path:  Function:bus_uevent_store %4 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %0, i64 0, i32 20 %5 = load %struct.subsys_private*, %struct.subsys_private** %4, align 8 %6 = getelementptr inbounds %struct.subsys_private, %struct.subsys_private* %5, i64 0, i32 0, i32 2 %7 = tail call i32 @kobject_synth_uevent(%struct.kobject* %6, i8* %1, i64 %2) #83 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #83 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.30025, i64 0, i64 0), i8* %1, i64 %21) #83 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.30026, i64 0, i64 0), i8* %1, i64 %21) #83 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.30027, i64 0, i64 0), i8* %1, i64 %21) #83 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.30028, i64 0, i64 0), i8* %1, i64 %21) #83 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.30029, i64 0, i64 0), i8* %1, i64 %21) #83 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.30030, i64 0, i64 0), i8* %1, i64 %21) #83 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.30031, i64 0, i64 0), i8* %1, i64 %21) #83 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.30032, i64 0, i64 0), i8* %1, i64 %21) #83 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %65 = ptrtoint i8* %22 to i64 %66 = sub i64 %18, %65 %67 = add i64 %66, %2 %68 = icmp eq i64 %67, 0 br i1 %68, label %162, label %69 %70 = add i64 %67, -1 %71 = getelementptr i8, i8* %22, i64 %70 %72 = load i8, i8* %71, align 1 switch i8 %72, label %75 [ i8 10, label %73 i8 0, label %73 ] %74 = icmp eq i64 %70, 0 br i1 %74, label %162, label %75 %76 = phi i64 [ %70, %73 ], [ %67, %69 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %78 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %77, i32 3520, i64 2592) #85 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 kobject_synth_uevent 2 uevent_store ------------- Path:  Function:uevent_store %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 0 %6 = tail call i32 @kobject_synth_uevent(%struct.kobject* %5, i8* %2, i64 %3) #83 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #83 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.30025, i64 0, i64 0), i8* %1, i64 %21) #83 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.30026, i64 0, i64 0), i8* %1, i64 %21) #83 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.30027, i64 0, i64 0), i8* %1, i64 %21) #83 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.30028, i64 0, i64 0), i8* %1, i64 %21) #83 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.30029, i64 0, i64 0), i8* %1, i64 %21) #83 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.30030, i64 0, i64 0), i8* %1, i64 %21) #83 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.30031, i64 0, i64 0), i8* %1, i64 %21) #83 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.30032, i64 0, i64 0), i8* %1, i64 %21) #83 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %65 = ptrtoint i8* %22 to i64 %66 = sub i64 %18, %65 %67 = add i64 %66, %2 %68 = icmp eq i64 %67, 0 br i1 %68, label %162, label %69 %70 = add i64 %67, -1 %71 = getelementptr i8, i8* %22, i64 %70 %72 = load i8, i8* %71, align 1 switch i8 %72, label %75 [ i8 10, label %73 i8 0, label %73 ] %74 = icmp eq i64 %70, 0 br i1 %74, label %162, label %75 %76 = phi i64 [ %70, %73 ], [ %67, %69 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %78 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %77, i32 3520, i64 2592) #85 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 kobject_synth_uevent 2 store_uevent ------------- Path:  Function:store_uevent %5 = getelementptr inbounds %struct.module_kobject, %struct.module_kobject* %1, i64 0, i32 0 %6 = tail call i32 @kobject_synth_uevent(%struct.kobject* %5, i8* %2, i64 %3) #83 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #83 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.30025, i64 0, i64 0), i8* %1, i64 %21) #83 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.30026, i64 0, i64 0), i8* %1, i64 %21) #83 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.30027, i64 0, i64 0), i8* %1, i64 %21) #83 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.30028, i64 0, i64 0), i8* %1, i64 %21) #83 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.30029, i64 0, i64 0), i8* %1, i64 %21) #83 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.30030, i64 0, i64 0), i8* %1, i64 %21) #83 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.30031, i64 0, i64 0), i8* %1, i64 %21) #83 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.30032, i64 0, i64 0), i8* %1, i64 %21) #83 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %65 = ptrtoint i8* %22 to i64 %66 = sub i64 %18, %65 %67 = add i64 %66, %2 %68 = icmp eq i64 %67, 0 br i1 %68, label %162, label %69 %70 = add i64 %67, -1 %71 = getelementptr i8, i8* %22, i64 %70 %72 = load i8, i8* %71, align 1 switch i8 %72, label %75 [ i8 10, label %73 i8 0, label %73 ] %74 = icmp eq i64 %70, 0 br i1 %74, label %162, label %75 %76 = phi i64 [ %70, %73 ], [ %67, %69 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %78 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %77, i32 3520, i64 2592) #85 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __do_semtimedop 2 do_semtimedop 3 compat_ksys_semtimedop 4 compat_ksys_ipc 5 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #83 Function:compat_ksys_ipc %7 = alloca %struct.static_call_site, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %17 = zext i32 %4 to i64 %18 = inttoptr i64 %17 to %struct.orc_entry* %19 = zext i32 %5 to i64 %20 = inttoptr i64 %19 to %struct.static_call_site* %21 = tail call i64 @compat_ksys_semtimedop(i32 %1, %struct.orc_entry* %18, i32 %2, %struct.static_call_site* %20) #83 Function:compat_ksys_semtimedop %5 = alloca %struct.cpu_itimer, align 8 %6 = icmp eq %struct.static_call_site* %3, null br i1 %6, label %16, label %7 %17 = tail call fastcc i64 @do_semtimedop(i32 %0, %struct.orc_entry* %1, i32 %2, %struct.cpu_itimer* null) #84 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __do_semtimedop 2 do_semtimedop 3 __ia32_sys_semop ------------- Path:  Function:__ia32_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.orc_entry* %11 = trunc i64 %8 to i32 %12 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %10, i32 %11, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __do_semtimedop 2 do_semtimedop 3 __ia32_sys_semtimedop ------------- Path:  Function:__ia32_sys_semtimedop %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __do_semtimedop 2 do_semtimedop 3 __ia32_sys_semtimedop_time32 ------------- Path:  Function:__ia32_sys_semtimedop_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __do_semtimedop 2 do_semtimedop 3 __x64_sys_semop ------------- Path:  Function:__x64_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.orc_entry** %6 = load %struct.orc_entry*, %struct.orc_entry** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %6, i32 %10, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __do_semtimedop 2 do_semtimedop 3 __x64_sys_semtimedop ------------- Path:  Function:__x64_sys_semtimedop %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __do_semtimedop 2 do_semtimedop 3 __x64_sys_semtimedop_time32 ------------- Path:  Function:__x64_sys_semtimedop_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 regmap_cache_only_write_file ------------- Path:  Function:regmap_cache_only_write_file %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = getelementptr i8, i8* %7, i64 -524 %9 = bitcast i8* %8 to %struct.regmap.603327* %10 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %64 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %14 = load %struct.dentry*, %struct.dentry** %13, align 8 %15 = call i32 @debugfs_file_get(%struct.dentry* %14) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 regmap_cache_bypass_write_file ------------- Path:  Function:regmap_cache_bypass_write_file %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %45 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %12 = load %struct.dentry*, %struct.dentry** %11, align 8 %13 = call i32 @debugfs_file_get(%struct.dentry* %12) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_read_file_str ------------- Path:  Function:debugfs_read_file_str %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_read_file_str ------------- Path:  Function:debugfs_read_file_str %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 read_file_blob ------------- Path:  Function:read_file_blob %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.iovec** %7 = load %struct.iovec*, %struct.iovec** %6, align 8 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %9 = load %struct.dentry*, %struct.dentry** %8, align 8 %10 = tail call i32 @debugfs_file_get(%struct.dentry* %9) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_read_file_bool ------------- Path:  Function:debugfs_read_file_bool %5 = alloca [2 x i8], align 1 %6 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = tail call i32 @debugfs_file_get(%struct.dentry* %8) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_read_file_bool ------------- Path:  Function:debugfs_read_file_bool %5 = alloca [2 x i8], align 1 %6 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = tail call i32 @debugfs_file_get(%struct.dentry* %8) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_read_file_bool ------------- Path:  Function:debugfs_read_file_bool %5 = alloca [2 x i8], align 1 %6 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = tail call i32 @debugfs_file_get(%struct.dentry* %8) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_read_file_bool ------------- Path:  Function:debugfs_read_file_bool %5 = alloca [2 x i8], align 1 %6 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = tail call i32 @debugfs_file_get(%struct.dentry* %8) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_write_file_bool ------------- Path:  Function:debugfs_write_file_bool %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %9 = load %struct.dentry*, %struct.dentry** %8, align 8 %10 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %34 %13 = call i32 @debugfs_file_get(%struct.dentry* %9) #84 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 debugfs_write_file_bool ------------- Path:  Function:debugfs_write_file_bool %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %9 = load %struct.dentry*, %struct.dentry** %8, align 8 %10 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %34 %13 = call i32 @debugfs_file_get(%struct.dentry* %9) #84 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 debugfs_file_get 2 open_proxy_open ------------- Path:  Function:open_proxy_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = tail call i32 @debugfs_file_get(%struct.dentry* %4) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 autofs_new_ino 2 autofs_lookup ------------- Path:  Function:autofs_lookup %4 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.static_call_site* %6 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.inode.257672, %struct.inode.257672* %0, i64 0, i32 8 %11 = load %struct.super_block.257652*, %struct.super_block.257652** %10, align 8 %12 = getelementptr inbounds %struct.super_block.257652, %struct.super_block.257652* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.autofs_sb_info.257683** %14 = load %struct.autofs_sb_info.257683*, %struct.autofs_sb_info.257683** %13, align 16 %15 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 9 %16 = load %struct.super_block.257652*, %struct.super_block.257652** %15, align 8 %17 = getelementptr inbounds %struct.super_block.257652, %struct.super_block.257652* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.autofs_sb_info.257683** %19 = load %struct.autofs_sb_info.257683*, %struct.autofs_sb_info.257683** %18, align 16 %20 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 3 %21 = load %struct.dentry.257676*, %struct.dentry.257676** %20, align 8 %22 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 4 %23 = bitcast %struct.qstr* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 4, i32 1 %26 = load i8*, i8** %25, align 8 %27 = getelementptr inbounds %struct.autofs_sb_info.257683, %struct.autofs_sb_info.257683* %19, i64 0, i32 17 %28 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %29 = load volatile %struct.list_head*, %struct.list_head** %28, align 8 %30 = icmp eq %struct.list_head* %29, %27 br i1 %30, label %84, label %31 %32 = getelementptr inbounds %struct.autofs_sb_info.257683, %struct.autofs_sb_info.257683* %19, i64 0, i32 16, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %32) #83 %33 = load %struct.list_head*, %struct.list_head** %28, align 8 %34 = icmp eq %struct.list_head* %33, %27 br i1 %34, label %83, label %35 %36 = zext i32 %7 to i64 br label %37 %38 = phi %struct.list_head* [ %33, %35 ], [ %80, %78 ] %39 = getelementptr %struct.list_head, %struct.list_head* %38, i64 -4, i32 1 %40 = bitcast %struct.list_head** %39 to %struct.dentry.257676** %41 = load %struct.dentry.257676*, %struct.dentry.257676** %40, align 8 %42 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 7, i32 0 %43 = bitcast %struct.anon.1* %42 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #83 %44 = bitcast %struct.anon.1* %42 to %struct.swap_cluster_info* %45 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %44, i64 0, i32 1 %46 = load i32, i32* %45, align 4 %47 = icmp slt i32 %46, 1 br i1 %47, label %78, label %48 %49 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 4 %50 = bitcast %struct.qstr* %49 to %struct.static_call_site* %51 = bitcast %struct.qstr* %49 to i32* %52 = load i32, i32* %51, align 8 %53 = icmp eq i32 %52, %24 br i1 %53, label %54, label %78 %55 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 3 %56 = load %struct.dentry.257676*, %struct.dentry.257676** %55, align 8 %57 = icmp eq %struct.dentry.257676* %56, %21 br i1 %57, label %58, label %78 %59 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %50, i64 0, i32 1 %60 = load i32, i32* %59, align 4 %61 = icmp eq i32 %60, %7 br i1 %61, label %62, label %78 %63 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 4, i32 1 %64 = load i8*, i8** %63, align 8 %65 = tail call i32 @bcmp(i8* %64, i8* %26, i64 %36) #6 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 2, i32 1 %69 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %68, align 8 %70 = icmp eq %struct.hlist_bl_node** %69, null br i1 %70, label %71, label %78 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %43) #83 %79 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 0 %80 = load %struct.list_head*, %struct.list_head** %79, align 8 %81 = icmp eq %struct.list_head* %80, %27 br i1 %81, label %83, label %37 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %32) #83 br label %84 %85 = getelementptr inbounds %struct.autofs_sb_info.257683, %struct.autofs_sb_info.257683* %14, i64 0, i32 8 %86 = load i32, i32* %85, align 8 %87 = and i32 %86, 1 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %104 %90 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.257640** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.257640**)) #11, !srcloc !4 %91 = inttoptr i64 %90 to %struct.task_struct.257640* %92 = getelementptr inbounds %struct.task_struct.257640, %struct.task_struct.257640* %91, i64 0, i32 104 %93 = load %struct.signal_struct.257569*, %struct.signal_struct.257569** %92, align 8 %94 = getelementptr %struct.signal_struct.257569, %struct.signal_struct.257569* %93, i64 0, i32 22, i64 2 %95 = load %struct.pid*, %struct.pid** %94, align 8 %96 = getelementptr inbounds %struct.autofs_sb_info.257683, %struct.autofs_sb_info.257683* %14, i64 0, i32 3 %97 = load %struct.pid*, %struct.pid** %96, align 8 %98 = icmp eq %struct.pid* %95, %97 br i1 %98, label %104, label %99 %105 = tail call %struct.autofs_info.257684* bitcast (%struct.autofs_info* (%struct.autofs_sb_info*)* @autofs_new_ino to %struct.autofs_info.257684* (%struct.autofs_sb_info.257683*)*)(%struct.autofs_sb_info.257683* %14) #83 Function:autofs_new_ino %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 3520, i64 136) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs4_alloc_slot 2 nfs4_setup_sequence 3 nfs4_proc_unlink_rpc_prepare ------------- Path:  Function:nfs4_proc_unlink_rpc_prepare %3 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %1, i64 0, i32 2 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 9 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 0 %11 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %10, align 8 %12 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %1, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %1, i64 0, i32 1, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.233190* %11, %struct.nfs4_sequence_args.233141* %12, %struct.nfs4_sequence_res.233143* %13, %struct.rpc_task* %0) #83 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 36 %6 = load %struct.nfs4_session.233138*, %struct.nfs4_session.233138** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.233143, %struct.nfs4_sequence_res.233143* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %10, label %66 %11 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 33 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = icmp eq %struct.nfs4_session.233138* %6, null %14 = getelementptr inbounds %struct.nfs4_session.233138, %struct.nfs4_session.233138* %6, i64 0, i32 6 %15 = select i1 %13, %struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot_table.233139* %14 %16 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %16) #83 %17 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 15 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 1 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %27 = tail call %struct.nfs4_slot.233140* @nfs4_alloc_slot(%struct.nfs4_slot_table.233139* %15) #83 Function:nfs4_alloc_slot %2 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 2, i64 0 %3 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %4 = load i32, i32* %3, align 4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = tail call i64 @_find_first_zero_bit(i64* %2, i64 %6) #83 %8 = load i32, i32* %3, align 4 %9 = trunc i64 %7 to i32 %10 = icmp ult i32 %8, %9 br i1 %10, label %62, label %11 %12 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 6 br label %14 %15 = phi %struct.nfs4_slot.233140** [ %12, %11 ], [ %45, %44 ] %16 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %15, align 8 %17 = icmp eq %struct.nfs4_slot.233140* %16, null br i1 %17, label %18, label %39 %19 = load i32, i32* %13, align 8 %20 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %21 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %20, i32 2304, i64 48) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs4_alloc_slot 2 nfs4_setup_sequence 3 nfs4_proc_rename_rpc_prepare ------------- Path:  Function:nfs4_proc_rename_rpc_prepare %3 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %1, i64 0, i32 3 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 0 %11 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %10, align 8 %12 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %1, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %1, i64 0, i32 1, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.233190* %11, %struct.nfs4_sequence_args.233141* %12, %struct.nfs4_sequence_res.233143* %13, %struct.rpc_task* %0) #83 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 36 %6 = load %struct.nfs4_session.233138*, %struct.nfs4_session.233138** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.233143, %struct.nfs4_sequence_res.233143* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %10, label %66 %11 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 33 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = icmp eq %struct.nfs4_session.233138* %6, null %14 = getelementptr inbounds %struct.nfs4_session.233138, %struct.nfs4_session.233138* %6, i64 0, i32 6 %15 = select i1 %13, %struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot_table.233139* %14 %16 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %16) #83 %17 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 15 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 1 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %27 = tail call %struct.nfs4_slot.233140* @nfs4_alloc_slot(%struct.nfs4_slot_table.233139* %15) #83 Function:nfs4_alloc_slot %2 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 2, i64 0 %3 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %4 = load i32, i32* %3, align 4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = tail call i64 @_find_first_zero_bit(i64* %2, i64 %6) #83 %8 = load i32, i32* %3, align 4 %9 = trunc i64 %7 to i32 %10 = icmp ult i32 %8, %9 br i1 %10, label %62, label %11 %12 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 6 br label %14 %15 = phi %struct.nfs4_slot.233140** [ %12, %11 ], [ %45, %44 ] %16 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %15, align 8 %17 = icmp eq %struct.nfs4_slot.233140* %16, null br i1 %17, label %18, label %39 %19 = load i32, i32* %13, align 8 %20 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %21 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %20, i32 2304, i64 48) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs4_alloc_slot 2 nfs4_setup_sequence 3 nfs4_proc_pgio_rpc_prepare ------------- Path:  Function:nfs4_proc_pgio_rpc_prepare %3 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 0 %11 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %10, align 8 %12 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 0 %13 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.233190* %11, %struct.nfs4_sequence_args.233141* %12, %struct.nfs4_sequence_res.233143* %13, %struct.rpc_task* %0) #83 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 36 %6 = load %struct.nfs4_session.233138*, %struct.nfs4_session.233138** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.233143, %struct.nfs4_sequence_res.233143* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %10, label %66 %11 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 33 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = icmp eq %struct.nfs4_session.233138* %6, null %14 = getelementptr inbounds %struct.nfs4_session.233138, %struct.nfs4_session.233138* %6, i64 0, i32 6 %15 = select i1 %13, %struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot_table.233139* %14 %16 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %16) #83 %17 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 15 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 1 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %27 = tail call %struct.nfs4_slot.233140* @nfs4_alloc_slot(%struct.nfs4_slot_table.233139* %15) #83 Function:nfs4_alloc_slot %2 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 2, i64 0 %3 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %4 = load i32, i32* %3, align 4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = tail call i64 @_find_first_zero_bit(i64* %2, i64 %6) #83 %8 = load i32, i32* %3, align 4 %9 = trunc i64 %7 to i32 %10 = icmp ult i32 %8, %9 br i1 %10, label %62, label %11 %12 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 6 br label %14 %15 = phi %struct.nfs4_slot.233140** [ %12, %11 ], [ %45, %44 ] %16 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %15, align 8 %17 = icmp eq %struct.nfs4_slot.233140* %16, null br i1 %17, label %18, label %39 %19 = load i32, i32* %13, align 8 %20 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %21 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %20, i32 2304, i64 48) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs4_alloc_slot 2 nfs4_setup_sequence 3 nfs4_proc_commit_rpc_prepare ------------- Path:  Function:nfs4_proc_commit_rpc_prepare %3 = getelementptr inbounds %struct.nfs_commit_data.233181, %struct.nfs_commit_data.233181* %1, i64 0, i32 1 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 0 %11 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %10, align 8 %12 = getelementptr inbounds %struct.nfs_commit_data.233181, %struct.nfs_commit_data.233181* %1, i64 0, i32 8, i32 0 %13 = getelementptr inbounds %struct.nfs_commit_data.233181, %struct.nfs_commit_data.233181* %1, i64 0, i32 9, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.233190* %11, %struct.nfs4_sequence_args.233141* %12, %struct.nfs4_sequence_res.233143* %13, %struct.rpc_task* %0) #83 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 36 %6 = load %struct.nfs4_session.233138*, %struct.nfs4_session.233138** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.233143, %struct.nfs4_sequence_res.233143* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %10, label %66 %11 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 33 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = icmp eq %struct.nfs4_session.233138* %6, null %14 = getelementptr inbounds %struct.nfs4_session.233138, %struct.nfs4_session.233138* %6, i64 0, i32 6 %15 = select i1 %13, %struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot_table.233139* %14 %16 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %16) #83 %17 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 15 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 1 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %27 = tail call %struct.nfs4_slot.233140* @nfs4_alloc_slot(%struct.nfs4_slot_table.233139* %15) #83 Function:nfs4_alloc_slot %2 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 2, i64 0 %3 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %4 = load i32, i32* %3, align 4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = tail call i64 @_find_first_zero_bit(i64* %2, i64 %6) #83 %8 = load i32, i32* %3, align 4 %9 = trunc i64 %7 to i32 %10 = icmp ult i32 %8, %9 br i1 %10, label %62, label %11 %12 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 6 br label %14 %15 = phi %struct.nfs4_slot.233140** [ %12, %11 ], [ %45, %44 ] %16 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %15, align 8 %17 = icmp eq %struct.nfs4_slot.233140* %16, null br i1 %17, label %18, label %39 %19 = load i32, i32* %13, align 8 %20 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %21 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %20, i32 2304, i64 48) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs4_set_lock_state 2 nfs4_proc_getlk 3 nfs4_proc_lock ------------- Path:  Function:nfs4_proc_lock %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.nfs_open_context.233158** %7 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %6, align 8 %8 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %7, i64 0, i32 5 %9 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %8, align 8 %10 = icmp eq i32 %1, 5 br i1 %10, label %11, label %15 %12 = icmp eq %struct.nfs4_state.233157* %9, null br i1 %12, label %143, label %13 %14 = tail call fastcc i32 @nfs4_proc_getlk(%struct.nfs4_state.233157* nonnull %9, %struct.file_lock* %2) #83 Function:nfs4_proc_getlk %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs_lockt_args, align 8 %6 = alloca %struct.nfs_lockt_res, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %0, i64 0, i32 4 %12 = bitcast %struct.nfs_lockt_args* %5 to i8* %13 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 1 %14 = bitcast %struct.nfs_fh** %13 to %struct.list_head*** %15 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 2 %16 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 3, i32 1 %17 = bitcast i64* %16 to i8* %18 = bitcast %struct.nfs_lockt_res* %6 to i8* %19 = getelementptr inbounds %struct.nfs_lockt_res, %struct.nfs_lockt_res* %6, i64 0, i32 1 %20 = bitcast %struct.rpc_message* %7 to i8* %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %23 = bitcast i8** %22 to %struct.nfs_lockt_args** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %25 = bitcast i8** %24 to %struct.nfs_lockt_res** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %27 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %0, i64 0, i32 3 %28 = bitcast %struct.cred** %26 to i64* %29 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 3, i32 0 %30 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 0 %31 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 19 %32 = bitcast %union.anon.77* %31 to %struct.nfs4_lock_state.233191** %33 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 3, i32 2 %34 = getelementptr inbounds %struct.nfs_lockt_res, %struct.nfs_lockt_res* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_lockt_args, %struct.nfs_lockt_args* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs_lockt_res, %struct.nfs_lockt_res* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %56 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 7 %57 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 17 %58 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %59 %60 = load %struct.inode*, %struct.inode** %11, align 8 %61 = getelementptr inbounds %struct.inode, %struct.inode* %60, i64 0, i32 8 %62 = load %struct.super_block*, %struct.super_block** %61, align 8 %63 = getelementptr inbounds %struct.super_block, %struct.super_block* %62, i64 0, i32 28 %64 = bitcast i8** %63 to %struct.nfs_server.233131** %65 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %64, align 16 %66 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %65, i64 0, i32 0 %67 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %66, align 8 %68 = getelementptr %struct.inode, %struct.inode* %60, i64 -1, i32 24, i32 4, i32 1 store %struct.list_head** %68, %struct.list_head*** %14, align 8 store %struct.file_lock* %1, %struct.file_lock** %15, align 8 store %struct.file_lock* %1, %struct.file_lock** %19, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 15), %struct.rpc_procinfo** %21, align 8 store %struct.nfs_lockt_args* %5, %struct.nfs_lockt_args** %23, align 8 store %struct.nfs_lockt_res* %6, %struct.nfs_lockt_res** %25, align 8 %69 = load %struct.nfs4_state_owner.233154*, %struct.nfs4_state_owner.233154** %27, align 8 %70 = getelementptr inbounds %struct.nfs4_state_owner.233154, %struct.nfs4_state_owner.233154* %69, i64 0, i32 4 %71 = bitcast %struct.cred** %70 to i64* %72 = load i64, i64* %71, align 8 store i64 %72, i64* %28, align 8 %73 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %67, i64 0, i32 20 %74 = load i64, i64* %73, align 8 store i64 %74, i64* %29, align 8 %75 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, %struct.file_lock*)* @nfs4_set_lock_state to i32 (%struct.nfs4_state.233157*, %struct.file_lock*)*)(%struct.nfs4_state.233157* %0, %struct.file_lock* %1) #83 %118 = phi i32 [ %75, %59 ], [ %113, %112 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_get_lock to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_getlk, %119)) #6 to label %139 [label %119], !srcloc !4 %140 = load %struct.inode*, %struct.inode** %11, align 8 %141 = getelementptr inbounds %struct.inode, %struct.inode* %140, i64 0, i32 8 %142 = load %struct.super_block*, %struct.super_block** %141, align 8 %143 = getelementptr inbounds %struct.super_block, %struct.super_block* %142, i64 0, i32 28 %144 = bitcast i8** %143 to %struct.nfs_server.233131** %145 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %144, align 16 %146 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %145, i32 %118, %struct.nfs4_exception* nonnull %8) #84 %147 = load i8, i8* %58, align 8 %148 = and i8 %147, 8 %149 = icmp eq i8 %148, 0 br i1 %149, label %150, label %59 %60 = load %struct.inode*, %struct.inode** %11, align 8 %61 = getelementptr inbounds %struct.inode, %struct.inode* %60, i64 0, i32 8 %62 = load %struct.super_block*, %struct.super_block** %61, align 8 %63 = getelementptr inbounds %struct.super_block, %struct.super_block* %62, i64 0, i32 28 %64 = bitcast i8** %63 to %struct.nfs_server.233131** %65 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %64, align 16 %66 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %65, i64 0, i32 0 %67 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %66, align 8 %68 = getelementptr %struct.inode, %struct.inode* %60, i64 -1, i32 24, i32 4, i32 1 store %struct.list_head** %68, %struct.list_head*** %14, align 8 store %struct.file_lock* %1, %struct.file_lock** %15, align 8 store %struct.file_lock* %1, %struct.file_lock** %19, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 15), %struct.rpc_procinfo** %21, align 8 store %struct.nfs_lockt_args* %5, %struct.nfs_lockt_args** %23, align 8 store %struct.nfs_lockt_res* %6, %struct.nfs_lockt_res** %25, align 8 %69 = load %struct.nfs4_state_owner.233154*, %struct.nfs4_state_owner.233154** %27, align 8 %70 = getelementptr inbounds %struct.nfs4_state_owner.233154, %struct.nfs4_state_owner.233154* %69, i64 0, i32 4 %71 = bitcast %struct.cred** %70 to i64* %72 = load i64, i64* %71, align 8 store i64 %72, i64* %28, align 8 %73 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %67, i64 0, i32 20 %74 = load i64, i64* %73, align 8 store i64 %74, i64* %29, align 8 %75 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, %struct.file_lock*)* @nfs4_set_lock_state to i32 (%struct.nfs4_state.233157*, %struct.file_lock*)*)(%struct.nfs4_state.233157* %0, %struct.file_lock* %1) #83 Function:nfs4_set_lock_state %3 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 17 %4 = load %struct.file_lock_operations*, %struct.file_lock_operations** %3, align 8 %5 = icmp eq %struct.file_lock_operations* %4, null br i1 %5, label %6, label %112 %7 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 5 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 6, i32 0, i32 0 %10 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 2 %11 = bitcast %struct.list_head* %10 to %struct.nfs4_lock_state.234758** %12 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 3 br label %13 %14 = phi %struct.nfs4_lock_state.234758* [ null, %6 ], [ %59, %90 ] tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %15 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %11, align 8 %16 = getelementptr %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %15, i64 0, i32 0 %17 = icmp eq %struct.list_head* %16, %10 br i1 %17, label %43, label %18 %19 = phi %struct.nfs4_lock_state.234758* [ %28, %24 ], [ %15, %13 ] %20 = phi %struct.nfs4_lock_state.234758* [ %26, %24 ], [ null, %13 ] %21 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %19, i64 0, i32 6 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, %8 br i1 %23, label %31, label %24 %25 = icmp eq i8* %22, null %26 = select i1 %25, %struct.nfs4_lock_state.234758* %19, %struct.nfs4_lock_state.234758* %20 %27 = bitcast %struct.nfs4_lock_state.234758* %19 to %struct.nfs4_lock_state.234758** %28 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %28, i64 0, i32 0 %30 = icmp eq %struct.list_head* %29, %10 br i1 %30, label %31, label %18 %32 = phi %struct.nfs4_lock_state.234758* [ %26, %24 ], [ %19, %18 ] %33 = icmp eq %struct.nfs4_lock_state.234758* %32, null br i1 %33, label %43, label %34 %44 = icmp eq %struct.nfs4_lock_state.234758* %14, null br i1 %44, label %53, label %45 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %54 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %12, align 8 %55 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %54, i64 0, i32 0 %56 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %55, align 8 %57 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %58 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %57, i32 3392, i64 304) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %69, label %17 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %19 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 3520, i64 568) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs4_proc_mkdir ------------- Path:  Function:nfs4_proc_mkdir %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = bitcast %struct.nfs4_exception* %4 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = getelementptr %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 35, i64 2 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 131072 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %23 %24 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 4 br label %27 %28 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %29 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %28, i32 3520, i64 568) #84 %76 = phi i32 [ %74, %31 ], [ -12, %27 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_mkdir to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_mkdir, %77)) #6 to label %97 [label %77], !srcloc !4 %98 = load %struct.super_block*, %struct.super_block** %5, align 8 %99 = getelementptr inbounds %struct.super_block, %struct.super_block* %98, i64 0, i32 28 %100 = bitcast i8** %99 to %struct.nfs_server.233131** %101 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %100, align 16 %102 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %101, i32 %76, %struct.nfs4_exception* nonnull %4) #85 %103 = load i8, i8* %26, align 8 %104 = and i8 %103, 8 %105 = icmp eq i8 %104, 0 br i1 %105, label %106, label %27 %28 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %29 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %28, i32 3520, i64 568) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs4_proc_mknod ------------- Path:  Function:nfs4_proc_mknod %5 = alloca %struct.nfs4_exception, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.233131** %10 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %9, align 16 %11 = bitcast %struct.nfs4_exception* %5 to i8* %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %5, i64 0, i32 5 store i8 1, i8* %12, align 1 %13 = getelementptr %struct.nfs_server.233131, %struct.nfs_server.233131* %10, i64 0, i32 35, i64 2 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 131072 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %24 %25 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 1 %26 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %27 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %28 = lshr i32 %3, 20 %29 = and i32 %3, 1048575 %30 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %5, i64 0, i32 4 br label %31 %32 = load i16, i16* %25, align 4 %33 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %34 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %33, i32 3520, i64 568) #84 %96 = phi i32 [ %94, %93 ], [ -12, %31 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_mknod to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_mknod, %97)) #6 to label %117 [label %97], !srcloc !4 %118 = load %struct.super_block*, %struct.super_block** %6, align 8 %119 = getelementptr inbounds %struct.super_block, %struct.super_block* %118, i64 0, i32 28 %120 = bitcast i8** %119 to %struct.nfs_server.233131** %121 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %120, align 16 %122 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %121, i32 %96, %struct.nfs4_exception* nonnull %5) #85 %123 = load i8, i8* %30, align 8 %124 = and i8 %123, 8 %125 = icmp eq i8 %124, 0 br i1 %125, label %126, label %31 %32 = load i16, i16* %25, align 4 %33 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %34 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %33, i32 3520, i64 568) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs_async_rename 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %62 = phi %struct.inode* [ %10, %35 ], [ %10, %45 ], [ null, %33 ], [ null, %58 ] %63 = phi %struct.dentry* [ null, %35 ], [ null, %45 ], [ null, %33 ], [ %56, %58 ] %64 = phi %struct.dentry* [ null, %35 ], [ %46, %45 ], [ null, %33 ], [ null, %58 ] %65 = phi %struct.dentry* [ %4, %35 ], [ %4, %45 ], [ %4, %33 ], [ %56, %58 ] %66 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.220177* (%struct.inode.220132*, %struct.inode.220132*, %struct.dentry.220135*, %struct.dentry.220135*, void (%struct.rpc_task.220177*, %struct.nfs_renamedata.220258*)*)* @nfs_async_rename to %struct.rpc_task* (%struct.inode*, %struct.inode*, %struct.dentry*, %struct.dentry*, void (%struct.rpc_task*, %struct.nfs_renamedata.212594*)*)*)(%struct.inode* %1, %struct.inode* %3, %struct.dentry* %2, %struct.dentry* %65, void (%struct.rpc_task*, %struct.nfs_renamedata.212594*)* null) #83 Function:nfs_async_rename %6 = alloca %struct.rpc_message.220176, align 8 %7 = alloca %struct.rpc_task_setup.220214, align 8 %8 = bitcast %struct.rpc_message.220176* %6 to i8* %9 = bitcast %struct.rpc_task_setup.220214* %7 to i8* %10 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 0 store %struct.rpc_task.220177* null, %struct.rpc_task.220177** %10, align 8 %11 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 1 %12 = getelementptr inbounds %struct.inode.220132, %struct.inode.220132* %0, i64 0, i32 8 %13 = load %struct.super_block.220120*, %struct.super_block.220120** %12, align 8 %14 = getelementptr inbounds %struct.super_block.220120, %struct.super_block.220120* %13, i64 0, i32 28 %15 = bitcast i8** %14 to %struct.nfs_server.220256** %16 = load %struct.nfs_server.220256*, %struct.nfs_server.220256** %15, align 16 %17 = getelementptr inbounds %struct.nfs_server.220256, %struct.nfs_server.220256* %16, i64 0, i32 3 %18 = bitcast %struct.rpc_clnt.220164** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = bitcast %struct.rpc_clnt.220164** %11 to i64* store i64 %19, i64* %20, align 8 %21 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 2 %22 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 4 %23 = bitcast %struct.rpc_xprt.220153** %21 to i8* store %struct.rpc_message.220176* %6, %struct.rpc_message.220176** %22, align 8 %24 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 5 store %struct.rpc_call_ops.220178* @nfs_rename_ops, %struct.rpc_call_ops.220178** %24, align 8 %25 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 6 store i8* null, i8** %25, align 8 %26 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 7 %27 = load i64, i64* bitcast (%struct.workqueue_struct** @nfsiod_workqueue to i64*), align 8 %28 = bitcast %struct.workqueue_struct** %26 to i64* store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 8 store i16 -32767, i16* %29, align 8 %30 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 9 store i8 0, i8* %30, align 2 %31 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %32 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %31, i32 3520, i64 664) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs_async_rename 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %62 = phi %struct.inode* [ %10, %35 ], [ %10, %45 ], [ null, %33 ], [ null, %58 ] %63 = phi %struct.dentry* [ null, %35 ], [ null, %45 ], [ null, %33 ], [ %56, %58 ] %64 = phi %struct.dentry* [ null, %35 ], [ %46, %45 ], [ null, %33 ], [ null, %58 ] %65 = phi %struct.dentry* [ %4, %35 ], [ %4, %45 ], [ %4, %33 ], [ %56, %58 ] %66 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.220177* (%struct.inode.220132*, %struct.inode.220132*, %struct.dentry.220135*, %struct.dentry.220135*, void (%struct.rpc_task.220177*, %struct.nfs_renamedata.220258*)*)* @nfs_async_rename to %struct.rpc_task* (%struct.inode*, %struct.inode*, %struct.dentry*, %struct.dentry*, void (%struct.rpc_task*, %struct.nfs_renamedata.212594*)*)*)(%struct.inode* %1, %struct.inode* %3, %struct.dentry* %2, %struct.dentry* %65, void (%struct.rpc_task*, %struct.nfs_renamedata.212594*)* null) #83 Function:nfs_async_rename %6 = alloca %struct.rpc_message.220176, align 8 %7 = alloca %struct.rpc_task_setup.220214, align 8 %8 = bitcast %struct.rpc_message.220176* %6 to i8* %9 = bitcast %struct.rpc_task_setup.220214* %7 to i8* %10 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 0 store %struct.rpc_task.220177* null, %struct.rpc_task.220177** %10, align 8 %11 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 1 %12 = getelementptr inbounds %struct.inode.220132, %struct.inode.220132* %0, i64 0, i32 8 %13 = load %struct.super_block.220120*, %struct.super_block.220120** %12, align 8 %14 = getelementptr inbounds %struct.super_block.220120, %struct.super_block.220120* %13, i64 0, i32 28 %15 = bitcast i8** %14 to %struct.nfs_server.220256** %16 = load %struct.nfs_server.220256*, %struct.nfs_server.220256** %15, align 16 %17 = getelementptr inbounds %struct.nfs_server.220256, %struct.nfs_server.220256* %16, i64 0, i32 3 %18 = bitcast %struct.rpc_clnt.220164** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = bitcast %struct.rpc_clnt.220164** %11 to i64* store i64 %19, i64* %20, align 8 %21 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 2 %22 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 4 %23 = bitcast %struct.rpc_xprt.220153** %21 to i8* store %struct.rpc_message.220176* %6, %struct.rpc_message.220176** %22, align 8 %24 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 5 store %struct.rpc_call_ops.220178* @nfs_rename_ops, %struct.rpc_call_ops.220178** %24, align 8 %25 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 6 store i8* null, i8** %25, align 8 %26 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 7 %27 = load i64, i64* bitcast (%struct.workqueue_struct** @nfsiod_workqueue to i64*), align 8 %28 = bitcast %struct.workqueue_struct** %26 to i64* store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 8 store i16 -32767, i16* %29, align 8 %30 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 9 store i8 0, i8* %30, align 2 %31 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %32 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %31, i32 3520, i64 664) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs_async_rename 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %62 = phi %struct.inode* [ %10, %35 ], [ %10, %45 ], [ null, %33 ], [ null, %58 ] %63 = phi %struct.dentry* [ null, %35 ], [ null, %45 ], [ null, %33 ], [ %56, %58 ] %64 = phi %struct.dentry* [ null, %35 ], [ %46, %45 ], [ null, %33 ], [ null, %58 ] %65 = phi %struct.dentry* [ %4, %35 ], [ %4, %45 ], [ %4, %33 ], [ %56, %58 ] %66 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.220177* (%struct.inode.220132*, %struct.inode.220132*, %struct.dentry.220135*, %struct.dentry.220135*, void (%struct.rpc_task.220177*, %struct.nfs_renamedata.220258*)*)* @nfs_async_rename to %struct.rpc_task* (%struct.inode*, %struct.inode*, %struct.dentry*, %struct.dentry*, void (%struct.rpc_task*, %struct.nfs_renamedata.212594*)*)*)(%struct.inode* %1, %struct.inode* %3, %struct.dentry* %2, %struct.dentry* %65, void (%struct.rpc_task*, %struct.nfs_renamedata.212594*)* null) #83 Function:nfs_async_rename %6 = alloca %struct.rpc_message.220176, align 8 %7 = alloca %struct.rpc_task_setup.220214, align 8 %8 = bitcast %struct.rpc_message.220176* %6 to i8* %9 = bitcast %struct.rpc_task_setup.220214* %7 to i8* %10 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 0 store %struct.rpc_task.220177* null, %struct.rpc_task.220177** %10, align 8 %11 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 1 %12 = getelementptr inbounds %struct.inode.220132, %struct.inode.220132* %0, i64 0, i32 8 %13 = load %struct.super_block.220120*, %struct.super_block.220120** %12, align 8 %14 = getelementptr inbounds %struct.super_block.220120, %struct.super_block.220120* %13, i64 0, i32 28 %15 = bitcast i8** %14 to %struct.nfs_server.220256** %16 = load %struct.nfs_server.220256*, %struct.nfs_server.220256** %15, align 16 %17 = getelementptr inbounds %struct.nfs_server.220256, %struct.nfs_server.220256* %16, i64 0, i32 3 %18 = bitcast %struct.rpc_clnt.220164** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = bitcast %struct.rpc_clnt.220164** %11 to i64* store i64 %19, i64* %20, align 8 %21 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 2 %22 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 4 %23 = bitcast %struct.rpc_xprt.220153** %21 to i8* store %struct.rpc_message.220176* %6, %struct.rpc_message.220176** %22, align 8 %24 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 5 store %struct.rpc_call_ops.220178* @nfs_rename_ops, %struct.rpc_call_ops.220178** %24, align 8 %25 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 6 store i8* null, i8** %25, align 8 %26 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 7 %27 = load i64, i64* bitcast (%struct.workqueue_struct** @nfsiod_workqueue to i64*), align 8 %28 = bitcast %struct.workqueue_struct** %26 to i64* store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 8 store i16 -32767, i16* %29, align 8 %30 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 9 store i8 0, i8* %30, align 2 %31 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %32 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %31, i32 3520, i64 664) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs_alloc_fattr 2 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %16 = bitcast %struct.nfs_fh** %14 to %struct.list_head*** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %15, %struct.list_head*** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.233131* %62, %struct.nfs_server.233131** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #83 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #83 Function:nfs_alloc_fattr %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3136, i64 224) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs_alloc_fattr 2 __nfs3_proc_setacls 3 nfs3_set_acl ------------- Path:  Function:nfs3_set_acl %5 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %1, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, -4096 %8 = icmp eq i16 %7, 16384 br i1 %8, label %9, label %16 switch i32 %3, label %16 [ i32 32768, label %10 i32 16384, label %13 ] %14 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.232196*, i32)*)(%struct.inode.232196* %1, i32 32768) #83 %15 = icmp ugt %struct.posix_acl* %14, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %15, label %63, label %16 %17 = phi %struct.posix_acl* [ %2, %9 ], [ %2, %4 ], [ %2, %10 ], [ %14, %13 ] %18 = phi %struct.posix_acl* [ null, %9 ], [ null, %4 ], [ %11, %10 ], [ %2, %13 ] %19 = icmp eq %struct.posix_acl* %17, null br i1 %19, label %20, label %24 %21 = load i16, i16* %5, align 8 %22 = tail call %struct.posix_acl* @posix_acl_from_mode(i16 zeroext %21, i32 3264) #83 %23 = icmp ugt %struct.posix_acl* %22, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %23, label %63, label %24 %25 = phi %struct.posix_acl* [ %17, %16 ], [ %22, %20 ] %26 = tail call fastcc i32 @__nfs3_proc_setacls(%struct.inode.232196* %1, %struct.posix_acl* %25, %struct.posix_acl* %18) #84 Function:__nfs3_proc_setacls %4 = alloca %struct.nfs_fattr*, align 8 %5 = alloca [7 x %struct.page.232204*], align 16 %6 = alloca %struct.nfs3_setaclargs, align 8 %7 = alloca %struct.rpc_message.232335, align 8 %8 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %0, i64 0, i32 8 %9 = load %struct.super_block.232179*, %struct.super_block.232179** %8, align 8 %10 = getelementptr inbounds %struct.super_block.232179, %struct.super_block.232179* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.232431** %12 = load %struct.nfs_server.232431*, %struct.nfs_server.232431** %11, align 16 %13 = bitcast %struct.nfs_fattr** %4 to i8* %14 = bitcast [7 x %struct.page.232204*]* %5 to i8* %15 = bitcast %struct.nfs3_setaclargs* %6 to i8* %16 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 0 store %struct.inode.232196* %0, %struct.inode.232196** %16, align 8 %17 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 1 store i32 1, i32* %17, align 8 %18 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 2 store %struct.posix_acl* %1, %struct.posix_acl** %18, align 8 %19 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 4 %21 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 5 %22 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 6 %23 = getelementptr inbounds [7 x %struct.page.232204*], [7 x %struct.page.232204*]* %5, i64 0, i64 0 %24 = bitcast %struct.posix_acl** %19 to i8* store %struct.page.232204** %23, %struct.page.232204*** %22, align 8 %25 = bitcast %struct.rpc_message.232335* %7 to i8* %26 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 0 store %struct.rpc_procinfo.232334* null, %struct.rpc_procinfo.232334** %26, align 8 %27 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 1 %28 = bitcast i8** %27 to %struct.nfs3_setaclargs** store %struct.nfs3_setaclargs* %6, %struct.nfs3_setaclargs** %28, align 8 %29 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 2 %30 = bitcast i8** %29 to %struct.nfs_fattr*** store %struct.nfs_fattr** %4, %struct.nfs_fattr*** %30, align 8 %31 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 3 store %struct.cred* null, %struct.cred** %31, align 8 %32 = icmp eq %struct.posix_acl* %1, null br i1 %32, label %33, label %45 %46 = getelementptr inbounds %struct.nfs_server.232431, %struct.nfs_server.232431* %12, i64 0, i32 10 %47 = load i32, i32* %46, align 8 %48 = and i32 %47, 8 %49 = icmp eq i32 %48, 0 br i1 %49, label %153, label %50 %51 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %1, i64 0, i32 2 %52 = load i32, i32* %51, align 8 %53 = icmp ugt i32 %52, 1024 br i1 %53, label %153, label %54 %55 = icmp eq %struct.posix_acl* %2, null br i1 %55, label %65, label %56 %66 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %0, i64 0, i32 0 %67 = load i16, i16* %66, align 8 %68 = and i16 %67, -4096 %69 = icmp eq i16 %68, 16384 br i1 %69, label %70, label %84 %85 = phi i32 [ %52, %70 ], [ %58, %71 ], [ %58, %72 ], [ %82, %80 ], [ %52, %65 ] %86 = phi i32 [ 16, %70 ], [ 64, %71 ], [ %78, %72 ], [ 16, %80 ], [ 16, %65 ] %87 = icmp sgt i32 %85, 4 %88 = select i1 %87, i32 %85, i32 4 %89 = mul i32 %88, 12 %90 = add i32 %89, %86 %91 = zext i32 %90 to i64 store i64 %91, i64* %20, align 8 %92 = icmp ugt i32 %90, 136 br i1 %92, label %93, label %113 %94 = add nuw nsw i64 %91, 17592186044415 %95 = lshr i64 %94, 12 %96 = trunc i64 %95 to i32 %97 = add nsw i32 %96, 1 br label %98 %99 = call %struct.page.232204* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.232204* (i32, i32)*)(i32 3264, i32 0) #83 %100 = load %struct.page.232204**, %struct.page.232204*** %22, align 8 %101 = load i32, i32* %21, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr %struct.page.232204*, %struct.page.232204** %100, i64 %102 store %struct.page.232204* %99, %struct.page.232204** %103, align 8 %104 = load %struct.page.232204**, %struct.page.232204*** %22, align 8 %105 = load i32, i32* %21, align 8 %106 = zext i32 %105 to i64 %107 = getelementptr %struct.page.232204*, %struct.page.232204** %104, i64 %106 %108 = load %struct.page.232204*, %struct.page.232204** %107, align 8 %109 = icmp eq %struct.page.232204* %108, null br i1 %109, label %140, label %110 %111 = add i32 %105, 1 store i32 %111, i32* %21, align 8 %112 = icmp ult i32 %111, %97 br i1 %112, label %98, label %113 %114 = call %struct.nfs_fattr* @nfs_alloc_fattr() #83 Function:nfs_alloc_fattr %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3136, i64 224) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs_alloc_fattr_with_label 2 nfs4_proc_link ------------- Path:  Function:nfs4_proc_link %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [3 x i32], align 4 %7 = alloca %struct.nfs4_link_arg, align 8 %8 = alloca %struct.nfs4_link_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 1, i8* %12, align 1 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = bitcast [3 x i32]* %6 to i8* %15 = bitcast %struct.nfs4_link_arg* %7 to i8* %16 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %18 = bitcast %struct.nfs_fh** %16 to %struct.list_head*** %19 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 2 %20 = getelementptr %struct.inode, %struct.inode* %1, i64 -1, i32 24, i32 4, i32 1 %21 = bitcast %struct.nfs_fh** %19 to %struct.list_head*** %22 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 3 %23 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 4 %24 = getelementptr inbounds [3 x i32], [3 x i32]* %6, i64 0, i64 0 %25 = bitcast %struct.nfs4_link_res* %8 to i8* %26 = getelementptr inbounds %struct.nfs4_link_res, %struct.nfs4_link_res* %8, i64 0, i32 1 %27 = bitcast %struct.rpc_message* %9 to i8* %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %30 = bitcast i8** %29 to %struct.nfs4_link_arg** %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %32 = bitcast i8** %31 to %struct.nfs4_link_res** %33 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %34 = getelementptr inbounds %struct.nfs4_link_res, %struct.nfs4_link_res* %8, i64 0, i32 2 %35 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 0 %36 = icmp eq %struct.inode* %0, null %37 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 9, i32 1 %39 = bitcast %struct.list_head** %38 to i64* %40 = getelementptr inbounds [3 x i32], [3 x i32]* %6, i64 0, i64 1 %41 = getelementptr inbounds %struct.nfs4_link_res, %struct.nfs4_link_res* %8, i64 0, i32 0 %42 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 0, i32 0 %43 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 0, i32 1 %44 = getelementptr inbounds %struct.nfs4_link_res, %struct.nfs4_link_res* %8, i64 0, i32 0, i32 0 %45 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %47 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %49 = bitcast %struct.rpc_task_setup* %5 to i8* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %52 = bitcast %struct.rpc_clnt** %51 to i64* %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %55 = bitcast %struct.rpc_xprt** %53 to i8* %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %57 = bitcast %struct.rpc_call_ops** %56 to i64* %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %59 = bitcast i8** %58 to %struct.nfs4_call_sync_data** %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %61 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %63 = getelementptr inbounds %struct.nfs4_link_res, %struct.nfs4_link_res* %8, i64 0, i32 3 %64 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18, i32 0, i32 0 %65 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 %66 = bitcast %struct.nfs_fattr** %34 to i8** %67 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %68 %69 = load %struct.super_block*, %struct.super_block** %13, align 8 %70 = getelementptr inbounds %struct.super_block, %struct.super_block* %69, i64 0, i32 28 %71 = bitcast i8** %70 to %struct.nfs_server.233131** %72 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %71, align 16 store %struct.list_head** %17, %struct.list_head*** %18, align 8 store %struct.list_head** %20, %struct.list_head*** %21, align 8 store %struct.qstr* %2, %struct.qstr** %22, align 8 store i32* %24, i32** %23, align 8 store %struct.nfs_server.233131* %72, %struct.nfs_server.233131** %26, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 23), %struct.rpc_procinfo** %28, align 8 store %struct.nfs4_link_arg* %7, %struct.nfs4_link_arg** %30, align 8 store %struct.nfs4_link_res* %8, %struct.nfs4_link_res** %32, align 8 store %struct.cred* null, %struct.cred** %33, align 8 %73 = call %struct.nfs_fattr* bitcast (%struct.nfs_fattr* (%struct.nfs_server.214962*)* @nfs_alloc_fattr_with_label to %struct.nfs_fattr* (%struct.nfs_server.233131*)*)(%struct.nfs_server.233131* %72) #83 %142 = phi i32 [ -12, %68 ], [ %130, %129 ], [ %137, %132 ], [ 0, %139 ] %143 = load i8*, i8** %66, align 8 call void @kfree(i8* %143) #83 %144 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %72, i32 %142, %struct.nfs4_exception* nonnull %10) #84 %145 = load i8, i8* %67, align 8 %146 = and i8 %145, 8 %147 = icmp eq i8 %146, 0 br i1 %147, label %148, label %68 %69 = load %struct.super_block*, %struct.super_block** %13, align 8 %70 = getelementptr inbounds %struct.super_block, %struct.super_block* %69, i64 0, i32 28 %71 = bitcast i8** %70 to %struct.nfs_server.233131** %72 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %71, align 16 store %struct.list_head** %17, %struct.list_head*** %18, align 8 store %struct.list_head** %20, %struct.list_head*** %21, align 8 store %struct.qstr* %2, %struct.qstr** %22, align 8 store i32* %24, i32** %23, align 8 store %struct.nfs_server.233131* %72, %struct.nfs_server.233131** %26, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 23), %struct.rpc_procinfo** %28, align 8 store %struct.nfs4_link_arg* %7, %struct.nfs4_link_arg** %30, align 8 store %struct.nfs4_link_res* %8, %struct.nfs4_link_res** %32, align 8 store %struct.cred* null, %struct.cred** %33, align 8 %73 = call %struct.nfs_fattr* bitcast (%struct.nfs_fattr* (%struct.nfs_server.214962*)* @nfs_alloc_fattr_with_label to %struct.nfs_fattr* (%struct.nfs_server.233131*)*)(%struct.nfs_server.233131* %72) #83 Function:nfs_alloc_fattr_with_label %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 3136, i64 224) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs_get_lock_context 2 _nfs4_do_setattr 3 nfs4_do_setattr 4 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 2 %36 = call zeroext i1 @nfs4_copy_delegation_stateid(%struct.inode* %0, i32 2, %struct.nfs4_stateid_struct* %35, %struct.cred** nonnull %9) #83 br i1 %36, label %62, label %37 %38 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %38, label %57, label %39 %40 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %4, i64 0, i32 5 %41 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %40, align 8 %42 = icmp eq %struct.nfs4_state.233157* %41, null br i1 %42, label %57, label %43 %44 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %41, i64 0, i32 5 %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 512 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %160 %49 = call %struct.nfs_lock_context.233159* bitcast (%struct.nfs_lock_context.214916* (%struct.nfs_open_context.214915*)* @nfs_get_lock_context to %struct.nfs_lock_context.233159* (%struct.nfs_open_context.233158*)*)(%struct.nfs_open_context.233158* nonnull %4) #83 Function:nfs_get_lock_context %2 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 2 %3 = load %struct.dentry.214823*, %struct.dentry.214823** %2, align 8 %4 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %3, i64 0, i32 5 %5 = load %struct.inode.214835*, %struct.inode.214835** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 1 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 %8 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %9 = getelementptr %struct.list_head, %struct.list_head* %8, i64 -1, i32 1 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %9, i64 1 %11 = bitcast %struct.list_head** %10 to %struct.list_head* %12 = icmp eq %struct.list_head* %6, %11 br i1 %12, label %56, label %13 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.214809** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.214809**)) #11, !srcloc !4 %15 = inttoptr i64 %14 to %struct.task_struct.214809* %16 = getelementptr inbounds %struct.task_struct.214809, %struct.task_struct.214809* %15, i64 0, i32 101 %17 = bitcast %struct.files_struct** %16 to i8** br label %18 %19 = phi %struct.list_head* [ %11, %13 ], [ %54, %49 ] %20 = phi %struct.list_head** [ %9, %13 ], [ %52, %49 ] %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %20, i64 4 %22 = bitcast %struct.list_head** %21 to i8** %23 = load i8*, i8** %22, align 8 %24 = load i8*, i8** %17, align 16 %25 = icmp eq i8* %23, %24 br i1 %25, label %26, label %49 %27 = bitcast %struct.list_head** %20 to %struct.seqcount_spinlock* %28 = bitcast %struct.list_head** %20 to i32* %29 = load volatile i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %41, label %31 %32 = phi i32 [ %39, %38 ], [ %29, %26 ] %33 = add i32 %32, 1 %34 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 %33, i32* %28, i32 %32) #6, !srcloc !5 %35 = extractvalue { i8, i32 } %34, 0 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %41, !prof !6, !misexpect !7 %39 = extractvalue { i8, i32 } %34, 1 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %31 %42 = phi i32 [ 0, %26 ], [ 0, %38 ], [ %32, %31 ] %43 = add i32 %42, 1 %44 = or i32 %43, %42 %45 = icmp sgt i32 %44, -1 br i1 %45, label %47, label %46, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %27, i32 0) #83 br label %47 %48 = icmp eq i32 %42, 0 br i1 %48, label %49, label %57 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %51 = load volatile %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -1, i32 1 %53 = getelementptr inbounds %struct.list_head*, %struct.list_head** %52, i64 1 %54 = bitcast %struct.list_head** %53 to %struct.list_head* %55 = icmp eq %struct.list_head* %6, %54 br i1 %55, label %56, label %18 tail call void @__rcu_read_unlock() #83 br label %60 %61 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %62 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %61, i32 3264, i64 64) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 alloc_nfs_open_context 2 nfs_open 3 nfs4_file_open ------------- Path:  Function:nfs4_file_open %3 = alloca %struct.iattr, align 8 %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %5 = load %struct.dentry*, %struct.dentry** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 67108864 %9 = icmp eq i32 %8, 0 br i1 %9, label %18, label %10, !prof !4, !misexpect !5 %19 = phi %struct.dentry* [ %17, %10 ], [ %5, %2 ] %20 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = bitcast %struct.iattr* %3 to i8* %23 = tail call i32 @nfs_check_flags(i32 %21) #83 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = and i32 %21, 3 %27 = icmp eq i32 %26, 3 br i1 %27, label %28, label %30 %29 = tail call i32 bitcast (i32 (%struct.inode.214835*, %struct.file.214359*)* @nfs_open to i32 (%struct.inode*, %struct.file*)*)(%struct.inode* %0, %struct.file* %1) #83 Function:nfs_open %3 = getelementptr inbounds %struct.file.214359, %struct.file.214359* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry.214823*, %struct.dentry.214823** %3, align 8 %5 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.214823* [ %16, %9 ], [ %4, %2 ] %19 = getelementptr inbounds %struct.file.214359, %struct.file.214359* %1, i64 0, i32 8 %20 = load i32, i32* %19, align 4 %21 = tail call %struct.nfs_open_context.214915* @alloc_nfs_open_context(%struct.dentry.214823* %18, i32 %20, %struct.file.214359* %1) #84 Function:alloc_nfs_open_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3264, i64 168) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 alloc_nfs_open_context 2 nfs4_proc_create ------------- Path:  Function:nfs4_proc_create %5 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = tail call %struct.nfs_open_context.233158* bitcast (%struct.nfs_open_context.214915* (%struct.dentry.214823*, i32, %struct.file.214359*)* @alloc_nfs_open_context to %struct.nfs_open_context.233158* (%struct.dentry*, i32, %struct.file*)*)(%struct.dentry* %1, i32 1, %struct.file* null) #83 Function:alloc_nfs_open_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3264, i64 168) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 alloc_nfs_open_context 2 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr* %7 to i8* %15 = getelementptr inbounds %struct.iattr, %struct.iattr* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.inode* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #83 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %288 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %34, label %27 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %36 = bitcast %struct.qstr* %35 to %struct.static_call_site* %37 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %36, i64 0, i32 1 %38 = load i32, i32* %37, align 4 %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %40 = load %struct.super_block*, %struct.super_block** %39, align 8 %41 = getelementptr inbounds %struct.super_block, %struct.super_block* %40, i64 0, i32 28 %42 = bitcast i8** %41 to %struct.nfs_server.212651** %43 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %42, align 16 %44 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %43, i64 0, i32 23 %45 = load i32, i32* %44, align 4 %46 = icmp ugt i32 %38, %45 br i1 %46, label %288, label %47 %48 = and i32 %3, 64 %49 = icmp eq i32 %48, 0 br i1 %49, label %65, label %50 %66 = and i32 %3, 512 %67 = icmp eq i32 %66, 0 br i1 %67, label %72, label %68 br i1 %49, label %73, label %93 %74 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 0 %75 = load i32, i32* %74, align 8 %76 = and i32 %75, 268435456 %77 = icmp eq i32 %76, 0 br i1 %77, label %78, label %93 %94 = phi %struct.dentry* [ %1, %72 ], [ %1, %73 ], [ %81, %86 ] %95 = phi i1 [ true, %72 ], [ true, %73 ], [ false, %86 ] %96 = and i32 %3, 32 %97 = and i32 %3, 3 %98 = icmp ne i32 %97, 1 %99 = zext i1 %98 to i32 %100 = or i32 %96, %99 %101 = icmp eq i32 %97, 0 %102 = or i32 %100, 2 %103 = select i1 %101, i32 %100, i32 %102 %104 = call %struct.nfs_open_context.212604* bitcast (%struct.nfs_open_context.214915* (%struct.dentry.214823*, i32, %struct.file.214359*)* @alloc_nfs_open_context to %struct.nfs_open_context.212604* (%struct.dentry*, i32, %struct.file*)*)(%struct.dentry* %94, i32 %103, %struct.file* %2) #83 Function:alloc_nfs_open_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3264, i64 168) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __nfs_revalidate_inode 2 nfs_revalidate_mapping 3 nfs_readdir ------------- Path:  Function:nfs_readdir %3 = alloca [2 x i32], align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 67108864 %10 = icmp eq i32 %9, 0 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = phi %struct.dentry* [ %18, %11 ], [ %6, %2 ] %21 = getelementptr inbounds %struct.dentry, %struct.dentry* %20, i64 0, i32 5 %22 = load %struct.inode*, %struct.inode** %21, align 8 %23 = getelementptr %struct.inode, %struct.inode* %22, i64 -1, i32 24, i32 4 %24 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.nfs_open_dir_context** %26 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %22, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 28 %30 = bitcast i8** %29 to %struct.nfs_server.212651** %31 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %30, align 16 %32 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %31, i64 0, i32 6 %33 = load %struct.nfs_iostats*, %struct.nfs_iostats** %32, align 8 %34 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %33, i64 0, i32 1, i64 12 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !6 %35 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %41, label %38 %39 = tail call i32 bitcast (i32 (%struct.inode.214835*)* @nfs_attribute_cache_expired to i32 (%struct.inode*)*)(%struct.inode* %22) #83 %40 = icmp eq i32 %39, 0 br i1 %40, label %46, label %41 %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %43 = load %struct.address_space*, %struct.address_space** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.inode.214835*, %struct.address_space.214836*)* @nfs_revalidate_mapping to i32 (%struct.inode*, %struct.address_space*)*)(%struct.inode* %22, %struct.address_space* %43) #83 Function:nfs_revalidate_mapping %3 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 256 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %59 %8 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 9, i32 1 %10 = bitcast %struct.list_head** %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 256 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %49 %15 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %16 = load %struct.super_block.214819*, %struct.super_block.214819** %15, align 8 %17 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.214962** %19 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %19, i64 0, i32 0 %21 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %20, align 8 %22 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %21, i64 0, i32 12 %23 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %22, align 8 %24 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %23, i64 0, i32 47 %25 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %24, align 8 %26 = tail call i32 %25(%struct.inode.214835* %0, i32 1) #83 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %43 %44 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 9 %45 = bitcast %struct.list_head* %44 to i64* %46 = load volatile i64, i64* %45, align 8 %47 = and i64 %46, 2 %48 = icmp eq i64 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %51 = load %struct.super_block.214819*, %struct.super_block.214819** %50, align 8 %52 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %51, i64 0, i32 28 %53 = bitcast i8** %52 to %struct.nfs_server.214962** %54 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %53, align 16 %55 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %54, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __nfs_revalidate_inode 2 nfs_getattr ------------- Path:  Function:nfs_getattr %6 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 1 %7 = load %struct.dentry.214823*, %struct.dentry.214823** %6, align 8 %8 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %7, i64 0, i32 5 %9 = load %struct.inode.214835*, %struct.inode.214835** %8, align 8 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %37 [label %17], !srcloc !4 %38 = and i32 %3, 2047 %39 = and i32 %4, 16384 %40 = icmp eq i32 %39, 0 %41 = xor i1 %16, true %42 = or i1 %40, %41 br i1 %42, label %60, label %43 %61 = and i32 %3, 192 %62 = icmp eq i32 %61, 0 br i1 %62, label %73, label %63 %64 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 0 %65 = load i16, i16* %64, align 8 %66 = and i16 %65, -4096 %67 = icmp eq i16 %66, -32768 br i1 %67, label %68, label %73 %69 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 9 %70 = load %struct.address_space.214836*, %struct.address_space.214836** %69, align 8 %71 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.214836*, i64, i64)*)(%struct.address_space.214836* %70, i64 0, i64 9223372036854775807) #83 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %297 %74 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 0 %75 = load %struct.vfsmount.214820*, %struct.vfsmount.214820** %74, align 8 %76 = getelementptr inbounds %struct.vfsmount.214820, %struct.vfsmount.214820* %75, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = and i32 %77, 8 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %88 %81 = and i32 %77, 16 %82 = icmp eq i32 %81, 0 br i1 %82, label %90, label %83 %91 = phi i32 [ %89, %88 ], [ %38, %83 ], [ %38, %80 ] %92 = and i32 %91, 1790 %93 = icmp eq i32 %92, 0 br i1 %93, label %237, label %94 br i1 %16, label %95, label %125 %96 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %97 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %96, i64 0, i32 28 %98 = bitcast i8** %97 to %struct.nfs_server.214962** %99 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %98, align 16 %100 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %99, i64 0, i32 0 %101 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %100, align 8 %102 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %101, i64 0, i32 12 %103 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %102, align 8 %104 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %103, i64 0, i32 47 %105 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %104, align 8 %106 = tail call i32 %105(%struct.inode.214835* %9, i32 1) #83 %107 = icmp eq i32 %106, 0 br i1 %107, label %108, label %125 %109 = getelementptr %struct.inode.214835, %struct.inode.214835* %9, i64 -1, i32 24, i32 4 %110 = load volatile i64, i64* @jiffies, align 64 %111 = getelementptr inbounds %struct.list_head, %struct.list_head* %109, i64 10 %112 = bitcast %struct.list_head* %111 to i64* %113 = load i64, i64* %112, align 8 %114 = sub i64 %110, %113 %115 = icmp sgt i64 %114, -1 br i1 %115, label %116, label %125 %117 = load volatile i64, i64* @jiffies, align 64 %118 = getelementptr inbounds %struct.list_head, %struct.list_head* %109, i64 10, i32 1 %119 = bitcast %struct.list_head** %118 to i64* %120 = load i64, i64* %119, align 8 %121 = sub i64 %117, %113 %122 = sub i64 %121, %120 %123 = lshr i64 %122, 63 %124 = xor i64 %123, 1 br label %125 %126 = phi i64 [ 1, %94 ], [ 0, %95 ], [ 1, %108 ], [ %124, %116 ] %127 = getelementptr %struct.inode.214835, %struct.inode.214835* %9, i64 -1, i32 24, i32 4 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %127, i64 9, i32 1 %129 = bitcast %struct.list_head** %128 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = and i64 %130, 256 %132 = or i64 %131, %126 %133 = icmp ne i64 %132, 0 %134 = and i32 %91, 32 %135 = icmp eq i32 %134, 0 %136 = and i64 %130, 4 %137 = zext i1 %133 to i64 %138 = or i64 %136, %137 %139 = icmp ne i64 %138, 0 %140 = select i1 %135, i1 %133, i1 %139 %141 = trunc i32 %91 to i8 %142 = icmp sgt i8 %141, -1 %143 = and i64 %130, 512 %144 = zext i1 %140 to i64 %145 = or i64 %143, %144 %146 = icmp ne i64 %145, 0 %147 = select i1 %142, i1 %140, i1 %146 %148 = and i32 %91, 64 %149 = icmp eq i32 %148, 0 %150 = and i64 %130, 1024 %151 = zext i1 %147 to i64 %152 = or i64 %150, %151 %153 = icmp ne i64 %152, 0 %154 = select i1 %149, i1 %147, i1 %153 %155 = and i32 %91, 512 %156 = icmp eq i32 %155, 0 %157 = and i64 %130, 2048 %158 = zext i1 %154 to i64 %159 = or i64 %157, %158 %160 = icmp ne i64 %159, 0 %161 = select i1 %156, i1 %154, i1 %160 %162 = and i32 %91, 4 %163 = icmp eq i32 %162, 0 %164 = and i64 %130, 65536 %165 = zext i1 %161 to i64 %166 = or i64 %164, %165 %167 = icmp ne i64 %166, 0 %168 = select i1 %163, i1 %161, i1 %167 %169 = and i32 %91, 2 %170 = icmp eq i32 %169, 0 %171 = and i64 %130, 131072 %172 = zext i1 %168 to i64 %173 = or i64 %171, %172 %174 = icmp ne i64 %173, 0 %175 = select i1 %170, i1 %168, i1 %174 %176 = and i32 %91, 24 %177 = icmp eq i32 %176, 0 %178 = and i64 %130, 4096 %179 = zext i1 %175 to i64 %180 = or i64 %178, %179 %181 = icmp ne i64 %180, 0 %182 = select i1 %177, i1 %175, i1 %181 %183 = and i32 %91, 1024 %184 = icmp eq i32 %183, 0 %185 = and i64 %130, 16384 %186 = zext i1 %182 to i64 %187 = or i64 %185, %186 %188 = icmp ne i64 %187, 0 %189 = select i1 %184, i1 %182, i1 %188 br i1 %189, label %190, label %220 %191 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 8 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 32 %194 = icmp eq i32 %193, 0 %195 = load %struct.dentry.214823*, %struct.dentry.214823** %6, align 8 %196 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %195, i64 0, i32 5 %197 = load %struct.inode.214835*, %struct.inode.214835** %196, align 8 %198 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %197, i64 0, i32 8 %199 = load %struct.super_block.214819*, %struct.super_block.214819** %198, align 8 %200 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %199, i64 0, i32 28 %201 = bitcast i8** %200 to %struct.nfs_server.214962** %202 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %201, align 16 %203 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %202, i64 0, i32 10 %204 = load i32, i32* %203, align 8 %205 = and i32 %204, 1 %206 = icmp eq i32 %205, 0 br i1 %194, label %207, label %212 br i1 %206, label %217, label %213 %214 = tail call %struct.dentry.214823* bitcast (%struct.dentry.148048* (%struct.dentry.148048*)* @dget_parent to %struct.dentry.214823* (%struct.dentry.214823*)*)(%struct.dentry.214823* %195) #83 %215 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %214, i64 0, i32 5 %216 = load %struct.inode.214835*, %struct.inode.214835** %215, align 8 tail call void bitcast (void (%struct.inode*)* @nfs_advise_use_readdirplus to void (%struct.inode.214835*)*)(%struct.inode.214835* %216) #83 tail call void bitcast (void (%struct.dentry.148048*)* @dput to void (%struct.dentry.214823*)*)(%struct.dentry.214823* %214) #83 br label %217 %218 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %14, %struct.inode.214835* %9) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __nfs_revalidate_inode 2 nfs_getattr 3 nfs_namespace_getattr ------------- Path:  Function:nfs_namespace_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %9, i64 -1, i32 24, i32 4, i32 1 %11 = bitcast %struct.list_head** %10 to i16* %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.path.214263*, %struct.kstat*, i32, i32)* @nfs_getattr to i32 (%struct.user_namespace*, %struct.path*, %struct.kstat*, i32, i32)*)(%struct.user_namespace* %0, %struct.path* %1, %struct.kstat* %2, i32 %3, i32 %4) #83 Function:nfs_getattr %6 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 1 %7 = load %struct.dentry.214823*, %struct.dentry.214823** %6, align 8 %8 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %7, i64 0, i32 5 %9 = load %struct.inode.214835*, %struct.inode.214835** %8, align 8 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %37 [label %17], !srcloc !4 %38 = and i32 %3, 2047 %39 = and i32 %4, 16384 %40 = icmp eq i32 %39, 0 %41 = xor i1 %16, true %42 = or i1 %40, %41 br i1 %42, label %60, label %43 %61 = and i32 %3, 192 %62 = icmp eq i32 %61, 0 br i1 %62, label %73, label %63 %64 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 0 %65 = load i16, i16* %64, align 8 %66 = and i16 %65, -4096 %67 = icmp eq i16 %66, -32768 br i1 %67, label %68, label %73 %69 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 9 %70 = load %struct.address_space.214836*, %struct.address_space.214836** %69, align 8 %71 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.214836*, i64, i64)*)(%struct.address_space.214836* %70, i64 0, i64 9223372036854775807) #83 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %297 %74 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 0 %75 = load %struct.vfsmount.214820*, %struct.vfsmount.214820** %74, align 8 %76 = getelementptr inbounds %struct.vfsmount.214820, %struct.vfsmount.214820* %75, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = and i32 %77, 8 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %88 %81 = and i32 %77, 16 %82 = icmp eq i32 %81, 0 br i1 %82, label %90, label %83 %91 = phi i32 [ %89, %88 ], [ %38, %83 ], [ %38, %80 ] %92 = and i32 %91, 1790 %93 = icmp eq i32 %92, 0 br i1 %93, label %237, label %94 br i1 %16, label %95, label %125 %96 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %97 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %96, i64 0, i32 28 %98 = bitcast i8** %97 to %struct.nfs_server.214962** %99 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %98, align 16 %100 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %99, i64 0, i32 0 %101 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %100, align 8 %102 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %101, i64 0, i32 12 %103 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %102, align 8 %104 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %103, i64 0, i32 47 %105 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %104, align 8 %106 = tail call i32 %105(%struct.inode.214835* %9, i32 1) #83 %107 = icmp eq i32 %106, 0 br i1 %107, label %108, label %125 %109 = getelementptr %struct.inode.214835, %struct.inode.214835* %9, i64 -1, i32 24, i32 4 %110 = load volatile i64, i64* @jiffies, align 64 %111 = getelementptr inbounds %struct.list_head, %struct.list_head* %109, i64 10 %112 = bitcast %struct.list_head* %111 to i64* %113 = load i64, i64* %112, align 8 %114 = sub i64 %110, %113 %115 = icmp sgt i64 %114, -1 br i1 %115, label %116, label %125 %117 = load volatile i64, i64* @jiffies, align 64 %118 = getelementptr inbounds %struct.list_head, %struct.list_head* %109, i64 10, i32 1 %119 = bitcast %struct.list_head** %118 to i64* %120 = load i64, i64* %119, align 8 %121 = sub i64 %117, %113 %122 = sub i64 %121, %120 %123 = lshr i64 %122, 63 %124 = xor i64 %123, 1 br label %125 %126 = phi i64 [ 1, %94 ], [ 0, %95 ], [ 1, %108 ], [ %124, %116 ] %127 = getelementptr %struct.inode.214835, %struct.inode.214835* %9, i64 -1, i32 24, i32 4 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %127, i64 9, i32 1 %129 = bitcast %struct.list_head** %128 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = and i64 %130, 256 %132 = or i64 %131, %126 %133 = icmp ne i64 %132, 0 %134 = and i32 %91, 32 %135 = icmp eq i32 %134, 0 %136 = and i64 %130, 4 %137 = zext i1 %133 to i64 %138 = or i64 %136, %137 %139 = icmp ne i64 %138, 0 %140 = select i1 %135, i1 %133, i1 %139 %141 = trunc i32 %91 to i8 %142 = icmp sgt i8 %141, -1 %143 = and i64 %130, 512 %144 = zext i1 %140 to i64 %145 = or i64 %143, %144 %146 = icmp ne i64 %145, 0 %147 = select i1 %142, i1 %140, i1 %146 %148 = and i32 %91, 64 %149 = icmp eq i32 %148, 0 %150 = and i64 %130, 1024 %151 = zext i1 %147 to i64 %152 = or i64 %150, %151 %153 = icmp ne i64 %152, 0 %154 = select i1 %149, i1 %147, i1 %153 %155 = and i32 %91, 512 %156 = icmp eq i32 %155, 0 %157 = and i64 %130, 2048 %158 = zext i1 %154 to i64 %159 = or i64 %157, %158 %160 = icmp ne i64 %159, 0 %161 = select i1 %156, i1 %154, i1 %160 %162 = and i32 %91, 4 %163 = icmp eq i32 %162, 0 %164 = and i64 %130, 65536 %165 = zext i1 %161 to i64 %166 = or i64 %164, %165 %167 = icmp ne i64 %166, 0 %168 = select i1 %163, i1 %161, i1 %167 %169 = and i32 %91, 2 %170 = icmp eq i32 %169, 0 %171 = and i64 %130, 131072 %172 = zext i1 %168 to i64 %173 = or i64 %171, %172 %174 = icmp ne i64 %173, 0 %175 = select i1 %170, i1 %168, i1 %174 %176 = and i32 %91, 24 %177 = icmp eq i32 %176, 0 %178 = and i64 %130, 4096 %179 = zext i1 %175 to i64 %180 = or i64 %178, %179 %181 = icmp ne i64 %180, 0 %182 = select i1 %177, i1 %175, i1 %181 %183 = and i32 %91, 1024 %184 = icmp eq i32 %183, 0 %185 = and i64 %130, 16384 %186 = zext i1 %182 to i64 %187 = or i64 %185, %186 %188 = icmp ne i64 %187, 0 %189 = select i1 %184, i1 %182, i1 %188 br i1 %189, label %190, label %220 %191 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 8 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 32 %194 = icmp eq i32 %193, 0 %195 = load %struct.dentry.214823*, %struct.dentry.214823** %6, align 8 %196 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %195, i64 0, i32 5 %197 = load %struct.inode.214835*, %struct.inode.214835** %196, align 8 %198 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %197, i64 0, i32 8 %199 = load %struct.super_block.214819*, %struct.super_block.214819** %198, align 8 %200 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %199, i64 0, i32 28 %201 = bitcast i8** %200 to %struct.nfs_server.214962** %202 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %201, align 16 %203 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %202, i64 0, i32 10 %204 = load i32, i32* %203, align 8 %205 = and i32 %204, 1 %206 = icmp eq i32 %205, 0 br i1 %194, label %207, label %212 br i1 %206, label %217, label %213 %214 = tail call %struct.dentry.214823* bitcast (%struct.dentry.148048* (%struct.dentry.148048*)* @dget_parent to %struct.dentry.214823* (%struct.dentry.214823*)*)(%struct.dentry.214823* %195) #83 %215 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %214, i64 0, i32 5 %216 = load %struct.inode.214835*, %struct.inode.214835** %215, align 8 tail call void bitcast (void (%struct.inode*)* @nfs_advise_use_readdirplus to void (%struct.inode.214835*)*)(%struct.inode.214835* %216) #83 tail call void bitcast (void (%struct.dentry.148048*)* @dput to void (%struct.dentry.214823*)*)(%struct.dentry.214823* %214) #83 br label %217 %218 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %14, %struct.inode.214835* %9) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __nfs_revalidate_inode 2 nfs_revalidate_inode 3 nfs4_xattr_get_nfs4_acl ------------- Path:  Function:nfs4_xattr_get_nfs4_acl %7 = getelementptr inbounds %struct.inode, %struct.inode* %2, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.233131** %11 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %11, i64 0, i32 10 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %58, label %16 %17 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %2, i64 256) #83 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __nfs_revalidate_inode 2 nfs_revalidate_inode 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __nfs_revalidate_inode 2 nfs_revalidate_inode 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __nfs_revalidate_inode 2 nfs_revalidate_inode 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __nfs_revalidate_inode 2 nfs_revalidate_inode 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __nfs_revalidate_inode 2 nfs_revalidate_inode 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __nfs_revalidate_inode 2 nfs_revalidate_inode 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __nfs_revalidate_inode 2 nfs_file_llseek ------------- Path:  Function:nfs_file_llseek %4 = icmp ult i32 %2, 2 br i1 %4, label %25, label %5 %6 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %0, i64 0, i32 18 %7 = load %struct.address_space.212830*, %struct.address_space.212830** %6, align 8 %8 = getelementptr inbounds %struct.address_space.212830, %struct.address_space.212830* %7, i64 0, i32 0 %9 = load %struct.inode.213279*, %struct.inode.213279** %8, align 8 %10 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %9, i64 0, i32 8 %11 = load %struct.super_block.213267*, %struct.super_block.213267** %10, align 8 %12 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.213423** %14 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %13, align 16 %15 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %0, i64 0, i32 7 %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 16384 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %21 %22 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.213423*, %struct.inode.213279*)*)(%struct.nfs_server.213423* %14, %struct.inode.213279* %9) #83 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __nfs_revalidate_inode 2 nfs_weak_revalidate ------------- Path:  Function:nfs_weak_revalidate %3 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = icmp eq %struct.inode* %4, null br i1 %5, label %53, label %6 %7 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode*)*)(%struct.inode* nonnull %4) #83 br i1 %7, label %53, label %8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.212651** %13 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %12, align 16 %14 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2048 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %49 %19 = and i32 %1, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %35, label %21 %22 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %35 [ i16 -32768, label %25 i16 16384, label %30 ] %26 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %13, i64 0, i32 10 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 16 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %38 %31 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %13, i64 0, i32 8 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 16 %34 = icmp eq i32 %33, 0 br i1 %34, label %43, label %35 %36 = and i32 %1, 32 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = and i32 %1, 64 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %49 %47 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %13, %struct.inode* nonnull %4) #83 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs_setattr ------------- Path:  Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %1, i64 0, i32 5 %5 = load %struct.inode.214835*, %struct.inode.214835** %4, align 8 %6 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 8 %7 = load %struct.super_block.214819*, %struct.super_block.214819** %6, align 8 %8 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.214962** %10 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.214825, %struct.iattr.214825* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.214825, %struct.iattr.214825* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.148792*, i64)* @inode_newsize_ok to i32 (%struct.inode.214835*, i64)*)(%struct.inode.214835* %5, i64 %32) #83 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %136 %36 = load i64, i64* %31, align 8 %37 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 14 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 %40 = load i32, i32* %14, align 8 br i1 %39, label %41, label %43 %44 = phi i32 [ %21, %20 ], [ %42, %41 ], [ %40, %35 ] %45 = and i32 %44, 447 %46 = icmp eq i32 %45, 0 br i1 %46, label %136, label %47 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_setattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_setattr, %48)) #6 to label %68 [label %48], !srcloc !9 %69 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 0 %70 = load i16, i16* %69, align 8 %71 = and i16 %70, -4096 %72 = icmp eq i16 %71, -32768 br i1 %72, label %73, label %75 tail call void bitcast (void (%struct.inode.148552*)* @inode_dio_wait to void (%struct.inode.214835*)*)(%struct.inode.214835* %5) #83 %74 = tail call i32 bitcast (i32 (%struct.inode*)* @nfs_wb_all to i32 (%struct.inode.214835*)*)(%struct.inode.214835* %5) #83 br label %75 %76 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %77 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %76, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs_setattr 2 nfs_namespace_setattr ------------- Path:  Function:nfs_namespace_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 24, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to i16* %8 = load i16, i16* %7, align 2 %9 = icmp eq i16 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.214823*, %struct.iattr.214825*)* @nfs_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #83 Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %1, i64 0, i32 5 %5 = load %struct.inode.214835*, %struct.inode.214835** %4, align 8 %6 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 8 %7 = load %struct.super_block.214819*, %struct.super_block.214819** %6, align 8 %8 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.214962** %10 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.214825, %struct.iattr.214825* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.214825, %struct.iattr.214825* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.148792*, i64)* @inode_newsize_ok to i32 (%struct.inode.214835*, i64)*)(%struct.inode.214835* %5, i64 %32) #83 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %136 %36 = load i64, i64* %31, align 8 %37 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 14 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 %40 = load i32, i32* %14, align 8 br i1 %39, label %41, label %43 %44 = phi i32 [ %21, %20 ], [ %42, %41 ], [ %40, %35 ] %45 = and i32 %44, 447 %46 = icmp eq i32 %45, 0 br i1 %46, label %136, label %47 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_setattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_setattr, %48)) #6 to label %68 [label %48], !srcloc !9 %69 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 0 %70 = load i16, i16* %69, align 8 %71 = and i16 %70, -4096 %72 = icmp eq i16 %71, -32768 br i1 %72, label %73, label %75 tail call void bitcast (void (%struct.inode.148552*)* @inode_dio_wait to void (%struct.inode.214835*)*)(%struct.inode.214835* %5) #83 %74 = tail call i32 bitcast (i32 (%struct.inode*)* @nfs_wb_all to i32 (%struct.inode.214835*)*)(%struct.inode.214835* %5) #83 br label %75 %76 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %77 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %76, i32 3136, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs_opendir ------------- Path:  Function:nfs_opendir %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.212651** %7 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %7, i64 0, i32 6 %9 = load %struct.nfs_iostats*, %struct.nfs_iostats** %8, align 8 %10 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %9, i64 0, i32 1, i64 4 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %10, i64* %10) #6, !srcloc !4 %11 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %12 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %13 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %12, i32 3264, i64 64) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 nfs_alloc_client 2 nfs4_alloc_client ------------- Path:  Function:nfs4_alloc_client %2 = alloca [49 x i8], align 16 %3 = alloca %struct.__kernel_sockaddr_storage, align 8 %4 = getelementptr inbounds [49 x i8], [49 x i8]* %2, i64 0, i64 0 %5 = getelementptr inbounds %struct.nfs_client_initdata.236306, %struct.nfs_client_initdata.236306* %0, i64 0, i32 4 %6 = load i8*, i8** %5, align 8 %7 = tail call %struct.nfs_client.243389* bitcast (%struct.nfs_client* (%struct.nfs_client_initdata*)* @nfs_alloc_client to %struct.nfs_client.243389* (%struct.nfs_client_initdata.236306*)*)(%struct.nfs_client_initdata.236306* %0) #83 Function:nfs_alloc_client %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 3520, i64 800) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca %struct.readahead_control.189108, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.hw_perf_event_extra, align 8 %6 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 2 %7 = load %struct.inode.189107*, %struct.inode.189107** %6, align 8 %8 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 8 %9 = load %struct.super_block.189089*, %struct.super_block.189089** %8, align 8 %10 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 4 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 16384 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %853 %15 = getelementptr inbounds %struct.super_block.189089, %struct.super_block.189089* %9, i64 0, i32 28 %16 = bitcast i8** %15 to %struct.ext4_sb_info.189208** %17 = load %struct.ext4_sb_info.189208*, %struct.ext4_sb_info.189208** %16, align 16 %18 = getelementptr inbounds %struct.ext4_sb_info.189208, %struct.ext4_sb_info.189208* %17, i64 0, i32 15 %19 = load %struct.ext4_super_block*, %struct.ext4_super_block** %18, align 8 %20 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %19, i64 0, i32 28 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 32 %23 = icmp eq i32 %22, 0 br i1 %23, label %540, label %24 %25 = getelementptr %struct.inode.189107, %struct.inode.189107* %7, i64 -1, i32 34 %26 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %25, i64 10, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = and i64 %27, 4096 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %47 %31 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.super_block.189089, %struct.super_block.189089* %9, i64 0, i32 2 %34 = load i8, i8* %33, align 4 %35 = zext i8 %34 to i64 %36 = ashr i64 %32, %35 %37 = icmp eq i64 %36, 1 br i1 %37, label %47, label %38 %39 = load volatile i64, i64* %26, align 8 %40 = and i64 %39, 268435456 %41 = icmp eq i64 %40, 0 br i1 %41, label %540, label %42 %43 = bitcast %struct.anon.1* %25 to %struct.ext4_inode_info* %44 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %43, i64 0, i32 33 %45 = load i16, i16* %44, align 2 %46 = icmp eq i16 %45, 0 br i1 %46, label %540, label %47 %48 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 16 %49 = bitcast i8** %48 to %struct.dir_private_info** %50 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %51 = icmp eq %struct.dir_private_info* %50, null br i1 %51, label %55, label %52 %56 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 kernfs_iop_get_link ------------- Path:  Function:kernfs_iop_get_link %4 = icmp eq %struct.dentry* %0, null br i1 %4, label %113, label %5 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 4096) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 proc_thread_self_get_link ------------- Path:  Function:proc_thread_self_get_link %4 = getelementptr inbounds %struct.inode.181547, %struct.inode.181547* %1, i64 0, i32 8 %5 = load %struct.super_block.181541*, %struct.super_block.181541** %4, align 8 %6 = getelementptr inbounds %struct.super_block.181541, %struct.super_block.181541* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.proc_fs_info.181558** %8 = load %struct.proc_fs_info.181558*, %struct.proc_fs_info.181558** %7, align 16 %9 = getelementptr inbounds %struct.proc_fs_info.181558, %struct.proc_fs_info.181558* %8, i64 0, i32 0 %10 = load %struct.pid_namespace.181416*, %struct.pid_namespace.181416** %9, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.181529** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.181529**)) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct.181529* %13 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.181529*, i32, %struct.pid_namespace.181416*)*)(%struct.task_struct.181529* %12, i32 1, %struct.pid_namespace.181416* %10) #83 %14 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.181529*, i32, %struct.pid_namespace.181416*)*)(%struct.task_struct.181529* %12, i32 0, %struct.pid_namespace.181416* %10) #83 %15 = icmp eq i32 %14, 0 br i1 %15, label %28, label %16 %17 = icmp eq %struct.dentry.181551* %0, null %18 = select i1 %17, i32 2592, i32 3264 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 %18, i64 27) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 proc_self_get_link ------------- Path:  Function:proc_self_get_link %4 = getelementptr inbounds %struct.inode.181547, %struct.inode.181547* %1, i64 0, i32 8 %5 = load %struct.super_block.181541*, %struct.super_block.181541** %4, align 8 %6 = getelementptr inbounds %struct.super_block.181541, %struct.super_block.181541* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.proc_fs_info.181558** %8 = load %struct.proc_fs_info.181558*, %struct.proc_fs_info.181558** %7, align 16 %9 = getelementptr inbounds %struct.proc_fs_info.181558, %struct.proc_fs_info.181558* %8, i64 0, i32 0 %10 = load %struct.pid_namespace.181416*, %struct.pid_namespace.181416** %9, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.181529** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.181529**)) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct.181529* %13 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.181529*, i32, %struct.pid_namespace.181416*)*)(%struct.task_struct.181529* %12, i32 1, %struct.pid_namespace.181416* %10) #83 %14 = icmp eq i32 %13, 0 br i1 %14, label %27, label %15 %16 = icmp eq %struct.dentry.181551* %0, null %17 = select i1 %16, i32 2592, i32 3264 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 4), align 16 %19 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 %17, i64 11) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 smaps_rollup_open ------------- Path:  Function:smaps_rollup_open %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 4197824, i64 40) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_eventfd 2 __ia32_sys_eventfd ------------- Path:  Function:__ia32_sys_eventfd %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i32 @do_eventfd(i32 %4, i32 0) #83 Function:do_eventfd %3 = and i32 %1, -526338 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %41 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_eventfd 2 __ia32_sys_eventfd2 ------------- Path:  Function:__ia32_sys_eventfd2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i32 %8 = tail call fastcc i32 @do_eventfd(i32 %6, i32 %7) #83 Function:do_eventfd %3 = and i32 %1, -526338 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %41 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_eventfd 2 __x64_sys_eventfd ------------- Path:  Function:__x64_sys_eventfd %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i32 @do_eventfd(i32 %4, i32 0) #83 Function:do_eventfd %3 = and i32 %1, -526338 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %41 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_eventfd 2 __x64_sys_eventfd2 ------------- Path:  Function:__x64_sys_eventfd2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i32 %8 = tail call fastcc i32 @do_eventfd(i32 %6, i32 %7) #83 Function:do_eventfd %3 = and i32 %1, -526338 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %41 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __se_sys_timerfd_create 2 __ia32_sys_timerfd_create ------------- Path:  Function:__ia32_sys_timerfd_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_timerfd_create(i64 %4, i64 %7) #83 Function:__se_sys_timerfd_create %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = and i32 %4, -526337 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %41 switch i32 %3, label %41 [ i32 9, label %8 i32 8, label %8 i32 7, label %8 i32 1, label %8 i32 0, label %8 ] %9 = and i32 %3, -2 %10 = icmp eq i32 %9, 8 br i1 %10, label %11, label %13 %12 = tail call zeroext i1 @capable(i32 35) #83 br i1 %12, label %13, label %41 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %15 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 3520, i64 216) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __se_sys_timerfd_create 2 __x64_sys_timerfd_create ------------- Path:  Function:__x64_sys_timerfd_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_timerfd_create(i64 %3, i64 %5) #83 Function:__se_sys_timerfd_create %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = and i32 %4, -526337 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %41 switch i32 %3, label %41 [ i32 9, label %8 i32 8, label %8 i32 7, label %8 i32 1, label %8 i32 0, label %8 ] %9 = and i32 %3, -2 %10 = icmp eq i32 %9, 8 br i1 %10, label %11, label %13 %12 = tail call zeroext i1 @capable(i32 35) #83 br i1 %12, label %13, label %41 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %15 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 3520, i64 216) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_signalfd4 2 __ia32_compat_sys_signalfd ------------- Path:  Function:__ia32_compat_sys_signalfd %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %8 to i32 %11 = bitcast %struct.cpumask* %2 to i8* %12 = icmp eq i32 %10, 8 br i1 %12, label %13, label %21 %14 = and i64 %6, 4294967295 %15 = inttoptr i64 %14 to %struct.kernel_cap_struct* %16 = call i32 @get_compat_sigset(%struct.cpumask* nonnull %2, %struct.kernel_cap_struct* %15) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21 %19 = call fastcc i32 @do_signalfd4(i32 %9, %struct.cpumask* nonnull %2, i32 0) #83 Function:do_signalfd4 %4 = and i32 %2, -526337 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %55 %7 = getelementptr %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -262401 %10 = xor i64 %9, -1 store i64 %10, i64* %7, align 8 %11 = icmp eq i32 %0, -1 br i1 %11, label %12, label %24 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 8) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_signalfd4 2 __ia32_compat_sys_signalfd4 ------------- Path:  Function:__ia32_compat_sys_signalfd4 %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %4 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i32 %14 = bitcast %struct.cpumask* %2 to i8* %15 = icmp eq i32 %12, 8 br i1 %15, label %16, label %24 %17 = and i64 %6, 4294967295 %18 = inttoptr i64 %17 to %struct.kernel_cap_struct* %19 = call i32 @get_compat_sigset(%struct.cpumask* nonnull %2, %struct.kernel_cap_struct* %18) #83 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %24 %22 = call fastcc i32 @do_signalfd4(i32 %11, %struct.cpumask* nonnull %2, i32 %13) #83 Function:do_signalfd4 %4 = and i32 %2, -526337 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %55 %7 = getelementptr %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -262401 %10 = xor i64 %9, -1 store i64 %10, i64* %7, align 8 %11 = icmp eq i32 %0, -1 br i1 %11, label %12, label %24 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 8) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_signalfd4 2 __ia32_sys_signalfd ------------- Path:  Function:__ia32_sys_signalfd %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = bitcast %struct.cpumask* %2 to i8* %12 = icmp eq i64 %9, 8 br i1 %12, label %13, label %21 %14 = and i64 %6, 4294967295 %15 = inttoptr i64 %14 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %11, i8* %15, i64 8) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %21 %19 = call fastcc i32 @do_signalfd4(i32 %10, %struct.cpumask* nonnull %2, i32 0) #83 Function:do_signalfd4 %4 = and i32 %2, -526337 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %55 %7 = getelementptr %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -262401 %10 = xor i64 %9, -1 store i64 %10, i64* %7, align 8 %11 = icmp eq i32 %0, -1 br i1 %11, label %12, label %24 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 8) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_signalfd4 2 __ia32_sys_signalfd4 ------------- Path:  Function:__ia32_sys_signalfd4 %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %11 to i32 %14 = bitcast %struct.cpumask* %2 to i8* %15 = icmp eq i64 %9, 8 br i1 %15, label %16, label %24 %17 = and i64 %6, 4294967295 %18 = inttoptr i64 %17 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %14, i8* %18, i64 8) #83 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %24 %22 = call fastcc i32 @do_signalfd4(i32 %12, %struct.cpumask* nonnull %2, i32 %13) #83 Function:do_signalfd4 %4 = and i32 %2, -526337 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %55 %7 = getelementptr %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -262401 %10 = xor i64 %9, -1 store i64 %10, i64* %7, align 8 %11 = icmp eq i32 %0, -1 br i1 %11, label %12, label %24 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 8) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_signalfd4 2 __x64_sys_signalfd ------------- Path:  Function:__x64_sys_signalfd %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = bitcast %struct.cpumask* %2 to i8* %12 = icmp eq i64 %9, 8 br i1 %12, label %13, label %19 %14 = call i64 @_copy_from_user(i8* nonnull %11, i8* %7, i64 8) #83 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %19 %17 = call fastcc i32 @do_signalfd4(i32 %10, %struct.cpumask* nonnull %2, i32 0) #83 Function:do_signalfd4 %4 = and i32 %2, -526337 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %55 %7 = getelementptr %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -262401 %10 = xor i64 %9, -1 store i64 %10, i64* %7, align 8 %11 = icmp eq i32 %0, -1 br i1 %11, label %12, label %24 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 8) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_signalfd4 2 __x64_sys_signalfd4 ------------- Path:  Function:__x64_sys_signalfd4 %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %11 to i32 %14 = bitcast %struct.cpumask* %2 to i8* %15 = icmp eq i64 %9, 8 br i1 %15, label %16, label %22 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %7, i64 8) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %22 %20 = call fastcc i32 @do_signalfd4(i32 %12, %struct.cpumask* nonnull %2, i32 %13) #83 Function:do_signalfd4 %4 = and i32 %2, -526337 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %55 %7 = getelementptr %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -262401 %10 = xor i64 %9, -1 store i64 %10, i64* %7, align 8 %11 = icmp eq i32 %0, -1 br i1 %11, label %12, label %24 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 8) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_epoll_create 2 __ia32_sys_epoll_create ------------- Path:  Function:__ia32_sys_epoll_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 1 br i1 %5, label %9, label %6 %7 = tail call fastcc i32 @do_epoll_create(i32 0) #83 Function:do_epoll_create %2 = and i32 %0, -524289 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %62 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.162711** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.162711**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.162711* %7 = getelementptr inbounds %struct.task_struct.162711, %struct.task_struct.162711* %6, i64 0, i32 94 %8 = load %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 21 %10 = load %struct.user_struct*, %struct.user_struct** %9, align 8 %11 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !5 %14 = icmp eq i32 %13, 0 br i1 %14, label %19, label %15, !prof !6, !misexpect !7 %16 = add i32 %13, 1 %17 = or i32 %16, %13 %18 = icmp sgt i32 %17, -1 br i1 %18, label %21, label %19, !prof !8, !misexpect !7 %20 = phi i32 [ 2, %4 ], [ 1, %15 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 %20) #83 br label %21 %22 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %23 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %22, i32 3520, i64 176) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_epoll_create 2 __ia32_sys_epoll_create1 ------------- Path:  Function:__ia32_sys_epoll_create1 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i32 @do_epoll_create(i32 %4) #83 Function:do_epoll_create %2 = and i32 %0, -524289 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %62 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.162711** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.162711**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.162711* %7 = getelementptr inbounds %struct.task_struct.162711, %struct.task_struct.162711* %6, i64 0, i32 94 %8 = load %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 21 %10 = load %struct.user_struct*, %struct.user_struct** %9, align 8 %11 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !5 %14 = icmp eq i32 %13, 0 br i1 %14, label %19, label %15, !prof !6, !misexpect !7 %16 = add i32 %13, 1 %17 = or i32 %16, %13 %18 = icmp sgt i32 %17, -1 br i1 %18, label %21, label %19, !prof !8, !misexpect !7 %20 = phi i32 [ 2, %4 ], [ 1, %15 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 %20) #83 br label %21 %22 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %23 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %22, i32 3520, i64 176) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_epoll_create 2 __x64_sys_epoll_create ------------- Path:  Function:__x64_sys_epoll_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 1 br i1 %5, label %9, label %6 %7 = tail call fastcc i32 @do_epoll_create(i32 0) #83 Function:do_epoll_create %2 = and i32 %0, -524289 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %62 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.162711** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.162711**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.162711* %7 = getelementptr inbounds %struct.task_struct.162711, %struct.task_struct.162711* %6, i64 0, i32 94 %8 = load %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 21 %10 = load %struct.user_struct*, %struct.user_struct** %9, align 8 %11 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !5 %14 = icmp eq i32 %13, 0 br i1 %14, label %19, label %15, !prof !6, !misexpect !7 %16 = add i32 %13, 1 %17 = or i32 %16, %13 %18 = icmp sgt i32 %17, -1 br i1 %18, label %21, label %19, !prof !8, !misexpect !7 %20 = phi i32 [ 2, %4 ], [ 1, %15 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 %20) #83 br label %21 %22 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %23 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %22, i32 3520, i64 176) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_epoll_create 2 __x64_sys_epoll_create1 ------------- Path:  Function:__x64_sys_epoll_create1 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i32 @do_epoll_create(i32 %4) #83 Function:do_epoll_create %2 = and i32 %0, -524289 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %62 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.162711** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.162711**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.162711* %7 = getelementptr inbounds %struct.task_struct.162711, %struct.task_struct.162711* %6, i64 0, i32 94 %8 = load %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 21 %10 = load %struct.user_struct*, %struct.user_struct** %9, align 8 %11 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !5 %14 = icmp eq i32 %13, 0 br i1 %14, label %19, label %15, !prof !6, !misexpect !7 %16 = add i32 %13, 1 %17 = or i32 %16, %13 %18 = icmp sgt i32 %17, -1 br i1 %18, label %21, label %19, !prof !8, !misexpect !7 %20 = phi i32 [ 2, %4 ], [ 1, %15 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 %20) #83 br label %21 %22 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %23 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %22, i32 3520, i64 176) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 guc_log_level_fops_open ------------- Path:  Function:guc_log_level_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @guc_log_level_get, i32 (i8*, i64)* nonnull @guc_log_level_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.4.43423, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 reset_fops_open ------------- Path:  Function:reset_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @__intel_gt_debugfs_reset_show, i32 (i8*, i64)* nonnull @__intel_gt_debugfs_reset_store, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.3.41455, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 i915_drrs_ctl_fops_open ------------- Path:  Function:i915_drrs_ctl_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @i915_drrs_ctl_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.25.41024, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 i915_edp_psr_debug_fops_open ------------- Path:  Function:i915_edp_psr_debug_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @i915_edp_psr_debug_get, i32 (i8*, i64)* nonnull @i915_edp_psr_debug_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.25.41024, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 i915_perf_noa_delay_fops_open ------------- Path:  Function:i915_perf_noa_delay_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @i915_perf_noa_delay_get, i32 (i8*, i64)* nonnull @i915_perf_noa_delay_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.34.40788, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 i915_wedged_fops_open ------------- Path:  Function:i915_wedged_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @i915_wedged_get, i32 (i8*, i64)* nonnull @i915_wedged_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.34.40788, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_atomic_t_wo_open ------------- Path:  Function:fops_atomic_t_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_atomic_t_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.12.25239, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_u16_wo_open ------------- Path:  Function:fops_u16_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u16_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 i915_drop_caches_fops_open ------------- Path:  Function:i915_drop_caches_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @i915_drop_caches_get, i32 (i8*, i64)* nonnull @i915_drop_caches_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.35.40786, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_x32_open ------------- Path:  Function:fops_x32_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u32_get, i32 (i8*, i64)* nonnull @debugfs_u32_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.10.25226, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_x32_ro_open ------------- Path:  Function:fops_x32_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u32_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.10.25226, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_x64_wo_open ------------- Path:  Function:fops_x64_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u64_set, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.11.25223, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_atomic_t_open ------------- Path:  Function:fops_atomic_t_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_atomic_t_get, i32 (i8*, i64)* nonnull @debugfs_atomic_t_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.12.25239, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_x64_open ------------- Path:  Function:fops_x64_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u64_get, i32 (i8*, i64)* nonnull @debugfs_u64_set, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.11.25223, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_x64_ro_open ------------- Path:  Function:fops_x64_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u64_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.11.25223, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 clear_warn_once_fops_open ------------- Path:  Function:clear_warn_once_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @clear_warn_once_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.5034, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_u64_open ------------- Path:  Function:fops_u64_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u64_get, i32 (i8*, i64)* nonnull @debugfs_u64_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fake_panic_fops_open ------------- Path:  Function:fake_panic_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @fake_panic_get, i32 (i8*, i64)* nonnull @fake_panic_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.96.2951, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_u8_open ------------- Path:  Function:fops_u8_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u8_get, i32 (i8*, i64)* nonnull @debugfs_u8_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_x8_wo_open ------------- Path:  Function:fops_x8_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u8_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.8.25222, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_x8_open ------------- Path:  Function:fops_x8_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u8_get, i32 (i8*, i64)* nonnull @debugfs_u8_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.8.25222, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_u8_ro_open ------------- Path:  Function:fops_u8_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u8_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_size_t_wo_open ------------- Path:  Function:fops_size_t_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_size_t_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fault_around_bytes_fops_open ------------- Path:  Function:fault_around_bytes_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @fault_around_bytes_get, i32 (i8*, i64)* nonnull @fault_around_bytes_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.11.14790, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_u32_ro_open ------------- Path:  Function:fops_u32_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u32_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_x16_ro_open ------------- Path:  Function:fops_x16_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u16_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.9.25229, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_ulong_wo_open ------------- Path:  Function:fops_ulong_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_ulong_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_x32_wo_open ------------- Path:  Function:fops_x32_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u32_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.10.25226, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_x8_ro_open ------------- Path:  Function:fops_x8_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u8_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.8.25222, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_size_t_ro_open ------------- Path:  Function:fops_size_t_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_size_t_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_x16_open ------------- Path:  Function:fops_x16_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u16_get, i32 (i8*, i64)* nonnull @debugfs_u16_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.9.25229, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_size_t_open ------------- Path:  Function:fops_size_t_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_size_t_get, i32 (i8*, i64)* nonnull @debugfs_size_t_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_x16_wo_open ------------- Path:  Function:fops_x16_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u16_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.9.25229, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_atomic_t_ro_open ------------- Path:  Function:fops_atomic_t_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_atomic_t_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.12.25239, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_ulong_ro_open ------------- Path:  Function:fops_ulong_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_ulong_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_ulong_open ------------- Path:  Function:fops_ulong_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_ulong_get, i32 (i8*, i64)* nonnull @debugfs_ulong_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_u8_wo_open ------------- Path:  Function:fops_u8_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u8_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_u64_ro_open ------------- Path:  Function:fops_u64_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u64_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_u64_wo_open ------------- Path:  Function:fops_u64_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u64_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 i915_fbc_false_color_fops_open ------------- Path:  Function:i915_fbc_false_color_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @i915_fbc_false_color_get, i32 (i8*, i64)* nonnull @i915_fbc_false_color_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.25.41024, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_u32_open ------------- Path:  Function:fops_u32_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u32_get, i32 (i8*, i64)* nonnull @debugfs_u32_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_u32_wo_open ------------- Path:  Function:fops_u32_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u32_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_u16_ro_open ------------- Path:  Function:fops_u16_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u16_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 clk_rate_fops_open ------------- Path:  Function:clk_rate_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @clk_rate_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.76.35399, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 simple_attr_open 2 fops_u16_open ------------- Path:  Function:fops_u16_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u16_get, i32 (i8*, i64)* nonnull @debugfs_u16_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 rpc_proc_open ------------- Path:  Function:rpc_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #83 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_proc_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 rpc_dummy_info_open ------------- Path:  Function:rpc_dummy_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_dummy_info_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 rpc_info_open ------------- Path:  Function:rpc_info_open %3 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_show_info, i8* null) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 pmc_dev_state_open ------------- Path:  Function:pmc_dev_state_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_dev_state_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 pmc_pss_state_open ------------- Path:  Function:pmc_pss_state_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_pss_state_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 pmc_sleep_tmr_open ------------- Path:  Function:pmc_sleep_tmr_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_sleep_tmr_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 hid_debug_rdesc_open ------------- Path:  Function:hid_debug_rdesc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @hid_debug_rdesc_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 xhci_port_open ------------- Path:  Function:xhci_port_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_portsc_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 xhci_context_open ------------- Path:  Function:xhci_context_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry* [ %16, %9 ], [ %4, %2 ] %19 = getelementptr inbounds %struct.dentry, %struct.dentry* %18, i64 0, i32 6, i64 0 %20 = tail call i32 @strcmp(i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.116.57100, i64 0, i64 0), i8* %19) #84 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %23 = tail call i32 @strcmp(i8* dereferenceable(13) getelementptr inbounds ([13 x i8], [13 x i8]* @.str.117.57101, i64 0, i64 0), i8* %19) #84 %24 = icmp eq i32 %23, 0 %25 = select i1 %24, i64 1, i64 2 br label %26 %27 = phi i64 [ 0, %17 ], [ %25, %22 ] %28 = getelementptr [3 x %struct.xhci_file_map], [3 x %struct.xhci_file_map]* @context_files, i64 0, i64 %27, i32 1 %29 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %28, align 8 %30 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %31 = load i8*, i8** %30, align 8 %32 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %29, i8* %31) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 xhci_stream_id_open ------------- Path:  Function:xhci_stream_id_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_stream_id_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 xhci_stream_context_array_open ------------- Path:  Function:xhci_stream_context_array_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_stream_context_array_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 xhci_ring_open ------------- Path:  Function:xhci_ring_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry* [ %16, %9 ], [ %4, %2 ] %19 = getelementptr inbounds %struct.dentry, %struct.dentry* %18, i64 0, i32 6, i64 0 %20 = tail call i32 @strcmp(i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.56988, i64 0, i64 0), i8* %19) #84 %21 = icmp eq i32 %20, 0 br i1 %21, label %25, label %22 %23 = tail call i32 @strcmp(i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.56989, i64 0, i64 0), i8* %19) #84 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %32 %33 = tail call i32 @strcmp(i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.18.56990, i64 0, i64 0), i8* %19) #84 %34 = icmp eq i32 %33, 0 %35 = select i1 %34, i64 2, i64 3 br label %25 %26 = phi i64 [ 0, %17 ], [ 1, %22 ], [ %35, %32 ] %27 = getelementptr [4 x %struct.xhci_file_map], [4 x %struct.xhci_file_map]* @ring_files, i64 0, i64 %26, i32 1 %28 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %30 = load i8*, i8** %29, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %28, i8* %30) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 dma_buf_debug_open ------------- Path:  Function:dma_buf_debug_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @dma_buf_debug_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 regmap_access_open ------------- Path:  Function:regmap_access_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @regmap_access_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 rbtree_open ------------- Path:  Function:rbtree_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rbtree_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 deferred_devs_open ------------- Path:  Function:deferred_devs_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @deferred_devs_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 component_devices_open ------------- Path:  Function:component_devices_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @component_devices_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 huc_info_open ------------- Path:  Function:huc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @huc_info_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 guc_log_dump_open ------------- Path:  Function:guc_log_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_log_dump_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 guc_load_err_log_dump_open ------------- Path:  Function:guc_load_err_log_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_load_err_log_dump_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 guc_info_open ------------- Path:  Function:guc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_info_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 guc_registered_contexts_open ------------- Path:  Function:guc_registered_contexts_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_registered_contexts_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 guc_slpc_info_open ------------- Path:  Function:guc_slpc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_slpc_info_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 uc_usage_open ------------- Path:  Function:uc_usage_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @uc_usage_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 sseu_status_open ------------- Path:  Function:sseu_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @sseu_status_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 rcs_topology_open ------------- Path:  Function:rcs_topology_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rcs_topology_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 drpc_open ------------- Path:  Function:drpc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @drpc_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 frequency_open ------------- Path:  Function:frequency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @frequency_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 fw_domains_open ------------- Path:  Function:fw_domains_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @fw_domains_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 llc_open ------------- Path:  Function:llc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @llc_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 rps_boost_open ------------- Path:  Function:rps_boost_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rps_boost_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 engines_open ------------- Path:  Function:engines_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @engines_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_panel_open ------------- Path:  Function:i915_panel_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_panel_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_psr_sink_status_open ------------- Path:  Function:i915_psr_sink_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_psr_sink_status_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_psr_status_open ------------- Path:  Function:i915_psr_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_psr_status_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_hdcp_sink_capability_open ------------- Path:  Function:i915_hdcp_sink_capability_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hdcp_sink_capability_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_dsc_fec_support_open ------------- Path:  Function:i915_dsc_fec_support_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_dsc_fec_support_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_dsc_bpp_open ------------- Path:  Function:i915_dsc_bpp_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_dsc_bpp_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_lpsp_capability_open ------------- Path:  Function:i915_lpsp_capability_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_lpsp_capability_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 pri_wm_latency_open ------------- Path:  Function:pri_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1731 %6 = load i8, i8* %5, align 1 %7 = icmp ult i8 %6, 5 br i1 %7, label %8, label %14 %9 = getelementptr i8, i8* %4, i64 1828 %10 = bitcast i8* %9 to i32* %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 98304 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pri_wm_latency_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 spr_wm_latency_open ------------- Path:  Function:spr_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 512 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @spr_wm_latency_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 cur_wm_latency_open ------------- Path:  Function:cur_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 512 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @cur_wm_latency_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_displayport_test_data_open ------------- Path:  Function:i915_displayport_test_data_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_data_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_displayport_test_type_open ------------- Path:  Function:i915_displayport_test_type_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_type_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_displayport_test_active_open ------------- Path:  Function:i915_displayport_test_active_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_active_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_hpd_storm_ctl_open ------------- Path:  Function:i915_hpd_storm_ctl_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hpd_storm_ctl_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_hpd_short_storm_ctl_open ------------- Path:  Function:i915_hpd_short_storm_ctl_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hpd_short_storm_ctl_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_ipc_status_open ------------- Path:  Function:i915_ipc_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 8192 %9 = icmp eq i24 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_ipc_status_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_param_charp_open ------------- Path:  Function:i915_param_charp_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_charp_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_param_int_open ------------- Path:  Function:i915_param_int_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_int_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_param_int_open ------------- Path:  Function:i915_param_int_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_int_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 i915_param_uint_open ------------- Path:  Function:i915_param_uint_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_uint_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 ttm_pool_debugfs_globals_open ------------- Path:  Function:ttm_pool_debugfs_globals_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_pool_debugfs_globals_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 ttm_pool_debugfs_shrink_open ------------- Path:  Function:ttm_pool_debugfs_shrink_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_pool_debugfs_shrink_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 ttm_tt_debugfs_shrink_open ------------- Path:  Function:ttm_tt_debugfs_shrink_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_tt_debugfs_shrink_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 crc_control_open ------------- Path:  Function:crc_control_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @crc_control_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 dmaengine_summary_open ------------- Path:  Function:dmaengine_summary_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @dmaengine_summary_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 clk_summary_open ------------- Path:  Function:clk_summary_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_summary_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 clk_dump_open ------------- Path:  Function:clk_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_dump_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 clk_min_rate_open ------------- Path:  Function:clk_min_rate_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_min_rate_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 clk_max_rate_open ------------- Path:  Function:clk_max_rate_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_max_rate_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 clk_flags_open ------------- Path:  Function:clk_flags_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_flags_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 clk_duty_cycle_open ------------- Path:  Function:clk_duty_cycle_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_duty_cycle_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 current_parent_open ------------- Path:  Function:current_parent_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @current_parent_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 possible_parents_open ------------- Path:  Function:possible_parents_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @possible_parents_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 debugfs_devm_entry_open ------------- Path:  Function:debugfs_devm_entry_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.debugfs_devm_entry** %5 = load %struct.debugfs_devm_entry*, %struct.debugfs_devm_entry** %4, align 8 %6 = getelementptr inbounds %struct.debugfs_devm_entry, %struct.debugfs_devm_entry* %5, i64 0, i32 0 %7 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %6, align 8 %8 = getelementptr inbounds %struct.debugfs_devm_entry, %struct.debugfs_devm_entry* %5, i64 0, i32 1 %9 = bitcast %struct.device** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %7, i8* %10) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 debugfs_open_regset32 ------------- Path:  Function:debugfs_open_regset32 %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @debugfs_show_regset32, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 single_open_net ------------- Path:  Function:single_open_net %3 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.proc_dir_entry** %6 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %5, align 8 %7 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 17 %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.net** %11 = load %struct.net*, %struct.net** %10, align 8 %12 = getelementptr inbounds %struct.net, %struct.net* %11, i64 0, i32 14, i32 3 %13 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %12, i64 0, i32 0, i32 0 %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %26, label %16 %17 = phi i32 [ %24, %23 ], [ %14, %2 ] %18 = add i32 %17, 1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %13, i32 %18, i32* %13, i32 %17) #6, !srcloc !4 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %26, !prof !5, !misexpect !6 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %16 %27 = phi i32 [ 0, %2 ], [ 0, %23 ], [ %17, %16 ] %28 = add i32 %27, 1 %29 = or i32 %28, %27 %30 = icmp sgt i32 %29, -1 br i1 %30, label %32, label %31, !prof !7, !misexpect !6 %33 = icmp eq i32 %27, 0 %34 = icmp eq %struct.net* %11, null %35 = or i1 %34, %33 br i1 %35, label %52, label %36 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 8 %38 = bitcast %union.anon.80.175425* %37 to i32 (%struct.seq_file*, i8*)** %39 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %38, align 8 %40 = bitcast %struct.net* %11 to i8* %41 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %39, i8* nonnull %40) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 proc_single_open.19053 ------------- Path:  Function:proc_single_open.19053 %3 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.proc_dir_entry** %6 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %5, align 8 %7 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 8 %8 = bitcast %union.anon.80.175425* %7 to i32 (%struct.seq_file*, i8*)** %9 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %8, align 8 %10 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 10 %11 = load i8*, i8** %10, align 8 %12 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %9, i8* %11) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 suspend_stats_open ------------- Path:  Function:suspend_stats_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @suspend_stats_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 irq_affinity_list_proc_open ------------- Path:  Function:irq_affinity_list_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #83 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @irq_affinity_list_proc_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 irq_affinity_proc_open ------------- Path:  Function:irq_affinity_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #83 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @irq_affinity_proc_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 default_affinity_open ------------- Path:  Function:default_affinity_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #83 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @default_affinity_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 tk_debug_sleep_time_open ------------- Path:  Function:tk_debug_sleep_time_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tk_debug_sleep_time_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 tracing_time_stamp_mode_open ------------- Path:  Function:tracing_time_stamp_mode_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #83 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #83 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_time_stamp_mode_show, i8* %30) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 tracing_clock_open ------------- Path:  Function:tracing_clock_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #83 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #83 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_clock_show, i8* %30) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 tracing_trace_options_open ------------- Path:  Function:tracing_trace_options_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #83 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #83 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_trace_options_show, i8* %30) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 bdi_debug_stats_open ------------- Path:  Function:bdi_debug_stats_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @bdi_debug_stats_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 sg_proc_single_open_adio ------------- Path:  Function:sg_proc_single_open_adio %3 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.289897*, i32 (%struct.seq_file.289626*, i8*)*, i8*)*)(%struct.file.289897* %1, i32 (%struct.seq_file.289626*, i8*)* nonnull @sg_proc_seq_show_int, i8* bitcast (i32* @sg_allow_dio to i8*)) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 sg_proc_single_open_dressz ------------- Path:  Function:sg_proc_single_open_dressz %3 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.289897*, i32 (%struct.seq_file.289626*, i8*)*, i8*)*)(%struct.file.289897* %1, i32 (%struct.seq_file.289626*, i8*)* nonnull @sg_proc_seq_show_int, i8* bitcast (i32* @sg_big_buff to i8*)) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 proc_single_open ------------- Path:  Function:proc_single_open %3 = bitcast %struct.inode.176051* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.175888*, i32 (%struct.seq_file.175857*, i8*)*, i8*)*)(%struct.file.175888* %1, i32 (%struct.seq_file.175857*, i8*)* nonnull @proc_single_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 timens_offsets_open ------------- Path:  Function:timens_offsets_open %3 = bitcast %struct.inode.176051* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.175888*, i32 (%struct.seq_file.175857*, i8*)*, i8*)*)(%struct.file.175888* %1, i32 (%struct.seq_file.175857*, i8*)* nonnull @timens_offsets_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 vrr_range_open ------------- Path:  Function:vrr_range_open %3 = getelementptr inbounds %struct.inode.399535, %struct.inode.399535* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.399482*, i32 (%struct.seq_file.399483*, i8*)*, i8*)*)(%struct.file.399482* %1, i32 (%struct.seq_file.399483*, i8*)* nonnull @vrr_range_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 edid_open ------------- Path:  Function:edid_open %3 = getelementptr inbounds %struct.inode.399535, %struct.inode.399535* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.399482*, i32 (%struct.seq_file.399483*, i8*)*, i8*)*)(%struct.file.399482* %1, i32 (%struct.seq_file.399483*, i8*)* nonnull @edid_show.39693, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 timerslack_ns_open ------------- Path:  Function:timerslack_ns_open %3 = bitcast %struct.inode.176051* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.175888*, i32 (%struct.seq_file.175857*, i8*)*, i8*)*)(%struct.file.175888* %1, i32 (%struct.seq_file.175857*, i8*)* nonnull @timerslack_ns_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 connector_open ------------- Path:  Function:connector_open %3 = getelementptr inbounds %struct.inode.399535, %struct.inode.399535* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.399482*, i32 (%struct.seq_file.399483*, i8*)*, i8*)*)(%struct.file.399482* %1, i32 (%struct.seq_file.399483*, i8*)* nonnull @connector_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 drm_debugfs_open ------------- Path:  Function:drm_debugfs_open %3 = getelementptr inbounds %struct.inode.399535, %struct.inode.399535* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 8 %6 = bitcast i8* %5 to %struct.drm_info_list.399592** %7 = load %struct.drm_info_list.399592*, %struct.drm_info_list.399592** %6, align 8 %8 = getelementptr inbounds %struct.drm_info_list.399592, %struct.drm_info_list.399592* %7, i64 0, i32 1 %9 = load i32 (%struct.seq_file.399483*, i8*)*, i32 (%struct.seq_file.399483*, i8*)** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.399482*, i32 (%struct.seq_file.399483*, i8*)*, i8*)*)(%struct.file.399482* %1, i32 (%struct.seq_file.399483*, i8*)* %9, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 blk_mq_debugfs_open ------------- Path:  Function:blk_mq_debugfs_open %3 = getelementptr inbounds %struct.inode.302593, %struct.inode.302593* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.blk_mq_debugfs_attr.302604** %5 = load %struct.blk_mq_debugfs_attr.302604*, %struct.blk_mq_debugfs_attr.302604** %4, align 8 %6 = getelementptr inbounds %struct.file.302602, %struct.file.302602* %1, i64 0, i32 1, i32 1 %7 = load %struct.dentry.302597*, %struct.dentry.302597** %6, align 8 %8 = getelementptr inbounds %struct.dentry.302597, %struct.dentry.302597* %7, i64 0, i32 3 %9 = load %struct.dentry.302597*, %struct.dentry.302597** %8, align 8 %10 = getelementptr inbounds %struct.dentry.302597, %struct.dentry.302597* %9, i64 0, i32 5 %11 = load %struct.inode.302593*, %struct.inode.302593** %10, align 8 %12 = getelementptr inbounds %struct.inode.302593, %struct.inode.302593* %11, i64 0, i32 47 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.blk_mq_debugfs_attr.302604, %struct.blk_mq_debugfs_attr.302604* %5, i64 0, i32 4 %16 = load %struct.seq_operations.302207*, %struct.seq_operations.302207** %15, align 8 %17 = icmp eq %struct.seq_operations.302207* %16, null %18 = bitcast %struct.blk_mq_debugfs_attr.302604* %5 to i8* br i1 %17, label %28, label %19 %29 = getelementptr inbounds %struct.blk_mq_debugfs_attr.302604, %struct.blk_mq_debugfs_attr.302604* %5, i64 0, i32 2 %30 = load i32 (i8*, %struct.seq_file.302603*)*, i32 (i8*, %struct.seq_file.302603*)** %29, align 8 %31 = icmp eq i32 (i8*, %struct.seq_file.302603*)* %30, null br i1 %31, label %32, label %33, !prof !4, !misexpect !5 %34 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.302602*, i32 (%struct.seq_file.302603*, i8*)*, i8*)*)(%struct.file.302602* %1, i32 (%struct.seq_file.302603*, i8*)* nonnull @blk_mq_debugfs_show, i8* %18) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 single_open 2 comm_open ------------- Path:  Function:comm_open %3 = bitcast %struct.inode.176051* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.175888*, i32 (%struct.seq_file.175857*, i8*)*, i8*)*)(%struct.file.175888* %1, i32 (%struct.seq_file.175857*, i8*)* nonnull @comm_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __se_sys_mount 2 __ia32_sys_mount ------------- Path:  Function:__ia32_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_mount(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #83 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %21 = ptrtoint i8* %20 to i64 %22 = icmp ugt i8* %20, inttoptr (i64 -4096 to i8*) br i1 %22, label %75, label %23 %24 = phi i8* [ %20, %19 ], [ null, %16 ] %25 = icmp eq i64 %4, 0 br i1 %25, label %63, label %26 %27 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %28 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %27, i32 3264, i64 4096) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 __se_sys_mount 2 __x64_sys_mount ------------- Path:  Function:__x64_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_mount(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #83 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %21 = ptrtoint i8* %20 to i64 %22 = icmp ugt i8* %20, inttoptr (i64 -4096 to i8*) br i1 %22, label %75, label %23 %24 = phi i8* [ %20, %19 ], [ null, %16 ] %25 = icmp eq i64 %4, 0 br i1 %25, label %63, label %26 %27 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %28 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %27, i32 3264, i64 4096) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 alloc_fdtable 2 expand_files 3 ksys_dup3 4 __ia32_sys_dup2 ------------- Path:  Function:__ia32_sys_dup2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = trunc i64 %5 to i32 %9 = icmp eq i32 %8, %7 br i1 %9, label %10, label %32, !prof !4, !misexpect !5 %33 = tail call fastcc i32 @ksys_dup3(i32 %7, i32 %8, i32 0) #83 Function:ksys_dup3 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 101 %7 = load %struct.files_struct*, %struct.files_struct** %6, align 16 %8 = and i32 %2, -524289 %9 = icmp ne i32 %8, 0 %10 = icmp eq i32 %0, %1 %11 = or i1 %10, %9 br i1 %11, label %48, label %12, !prof !5 %13 = zext i32 %1 to i64 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 104 %15 = load %struct.signal_struct*, %struct.signal_struct** %14, align 8 %16 = getelementptr %struct.signal_struct, %struct.signal_struct* %15, i64 0, i32 50, i64 7, i32 0 %17 = load volatile i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %13 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %7, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = tail call fastcc i32 @expand_files(%struct.files_struct* %7, i32 %1) #84 Function:expand_files %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %5 = load volatile %struct.fdtable*, %struct.fdtable** %4, align 32 %6 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp ugt i32 %7, %1 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 6, i32 0, i32 0 %12 = bitcast %struct.wait_queue_entry* %3 to i8* %13 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 2 br label %14 %15 = load i32, i32* @sysctl_nr_open, align 4 %16 = icmp ugt i32 %15, %1 br i1 %16, label %17, label %134 %18 = load i8, i8* %10, align 4, !range !4 %19 = icmp eq i8 %18, 0 br i1 %19, label %38, label %20, !prof !5, !misexpect !6 store i8 1, i8* %10, align 4 call void @_raw_spin_unlock(%struct.raw_spinlock* %11) #83 %39 = call fastcc %struct.fdtable* @alloc_fdtable(i32 %1) #83 Function:alloc_fdtable %2 = lshr i32 %0, 7 %3 = zext i32 %2 to i64 %4 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %3, i32 -1) #4, !srcloc !4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = shl nuw i64 1, %6 %8 = trunc i64 %7 to i32 %9 = shl i32 %8, 7 %10 = load i32, i32* @sysctl_nr_open, align 4 %11 = icmp ugt i32 %9, %10 %12 = add i32 %10, -1 %13 = or i32 %12, 63 %14 = add i32 %13, 1 %15 = select i1 %11, i32 %14, i32 %9, !prof !5 %16 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %17 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %16, i32 4197568, i64 56) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 alloc_fdtable 2 expand_files 3 ksys_dup3 4 __ia32_sys_dup3 ------------- Path:  Function:__ia32_sys_dup3 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call fastcc i32 @ksys_dup3(i32 %8, i32 %9, i32 %10) #83 Function:ksys_dup3 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 101 %7 = load %struct.files_struct*, %struct.files_struct** %6, align 16 %8 = and i32 %2, -524289 %9 = icmp ne i32 %8, 0 %10 = icmp eq i32 %0, %1 %11 = or i1 %10, %9 br i1 %11, label %48, label %12, !prof !5 %13 = zext i32 %1 to i64 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 104 %15 = load %struct.signal_struct*, %struct.signal_struct** %14, align 8 %16 = getelementptr %struct.signal_struct, %struct.signal_struct* %15, i64 0, i32 50, i64 7, i32 0 %17 = load volatile i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %13 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %7, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = tail call fastcc i32 @expand_files(%struct.files_struct* %7, i32 %1) #84 Function:expand_files %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %5 = load volatile %struct.fdtable*, %struct.fdtable** %4, align 32 %6 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp ugt i32 %7, %1 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 6, i32 0, i32 0 %12 = bitcast %struct.wait_queue_entry* %3 to i8* %13 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 2 br label %14 %15 = load i32, i32* @sysctl_nr_open, align 4 %16 = icmp ugt i32 %15, %1 br i1 %16, label %17, label %134 %18 = load i8, i8* %10, align 4, !range !4 %19 = icmp eq i8 %18, 0 br i1 %19, label %38, label %20, !prof !5, !misexpect !6 store i8 1, i8* %10, align 4 call void @_raw_spin_unlock(%struct.raw_spinlock* %11) #83 %39 = call fastcc %struct.fdtable* @alloc_fdtable(i32 %1) #83 Function:alloc_fdtable %2 = lshr i32 %0, 7 %3 = zext i32 %2 to i64 %4 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %3, i32 -1) #4, !srcloc !4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = shl nuw i64 1, %6 %8 = trunc i64 %7 to i32 %9 = shl i32 %8, 7 %10 = load i32, i32* @sysctl_nr_open, align 4 %11 = icmp ugt i32 %9, %10 %12 = add i32 %10, -1 %13 = or i32 %12, 63 %14 = add i32 %13, 1 %15 = select i1 %11, i32 %14, i32 %9, !prof !5 %16 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %17 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %16, i32 4197568, i64 56) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 alloc_fdtable 2 expand_files 3 ksys_dup3 4 __x64_sys_dup2 ------------- Path:  Function:__x64_sys_dup2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i32 %8 = icmp eq i32 %7, %6 br i1 %8, label %9, label %32, !prof !4, !misexpect !5 %33 = tail call fastcc i32 @ksys_dup3(i32 %6, i32 %7, i32 0) #83 Function:ksys_dup3 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 101 %7 = load %struct.files_struct*, %struct.files_struct** %6, align 16 %8 = and i32 %2, -524289 %9 = icmp ne i32 %8, 0 %10 = icmp eq i32 %0, %1 %11 = or i1 %10, %9 br i1 %11, label %48, label %12, !prof !5 %13 = zext i32 %1 to i64 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 104 %15 = load %struct.signal_struct*, %struct.signal_struct** %14, align 8 %16 = getelementptr %struct.signal_struct, %struct.signal_struct* %15, i64 0, i32 50, i64 7, i32 0 %17 = load volatile i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %13 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %7, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = tail call fastcc i32 @expand_files(%struct.files_struct* %7, i32 %1) #84 Function:expand_files %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %5 = load volatile %struct.fdtable*, %struct.fdtable** %4, align 32 %6 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp ugt i32 %7, %1 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 6, i32 0, i32 0 %12 = bitcast %struct.wait_queue_entry* %3 to i8* %13 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 2 br label %14 %15 = load i32, i32* @sysctl_nr_open, align 4 %16 = icmp ugt i32 %15, %1 br i1 %16, label %17, label %134 %18 = load i8, i8* %10, align 4, !range !4 %19 = icmp eq i8 %18, 0 br i1 %19, label %38, label %20, !prof !5, !misexpect !6 store i8 1, i8* %10, align 4 call void @_raw_spin_unlock(%struct.raw_spinlock* %11) #83 %39 = call fastcc %struct.fdtable* @alloc_fdtable(i32 %1) #83 Function:alloc_fdtable %2 = lshr i32 %0, 7 %3 = zext i32 %2 to i64 %4 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %3, i32 -1) #4, !srcloc !4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = shl nuw i64 1, %6 %8 = trunc i64 %7 to i32 %9 = shl i32 %8, 7 %10 = load i32, i32* @sysctl_nr_open, align 4 %11 = icmp ugt i32 %9, %10 %12 = add i32 %10, -1 %13 = or i32 %12, 63 %14 = add i32 %13, 1 %15 = select i1 %11, i32 %14, i32 %9, !prof !5 %16 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %17 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %16, i32 4197568, i64 56) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 alloc_fdtable 2 expand_files 3 ksys_dup3 4 __x64_sys_dup3 ------------- Path:  Function:__x64_sys_dup3 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call fastcc i32 @ksys_dup3(i32 %8, i32 %9, i32 %10) #83 Function:ksys_dup3 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 101 %7 = load %struct.files_struct*, %struct.files_struct** %6, align 16 %8 = and i32 %2, -524289 %9 = icmp ne i32 %8, 0 %10 = icmp eq i32 %0, %1 %11 = or i1 %10, %9 br i1 %11, label %48, label %12, !prof !5 %13 = zext i32 %1 to i64 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 104 %15 = load %struct.signal_struct*, %struct.signal_struct** %14, align 8 %16 = getelementptr %struct.signal_struct, %struct.signal_struct* %15, i64 0, i32 50, i64 7, i32 0 %17 = load volatile i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %13 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %7, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = tail call fastcc i32 @expand_files(%struct.files_struct* %7, i32 %1) #84 Function:expand_files %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %5 = load volatile %struct.fdtable*, %struct.fdtable** %4, align 32 %6 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp ugt i32 %7, %1 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 6, i32 0, i32 0 %12 = bitcast %struct.wait_queue_entry* %3 to i8* %13 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 2 br label %14 %15 = load i32, i32* @sysctl_nr_open, align 4 %16 = icmp ugt i32 %15, %1 br i1 %16, label %17, label %134 %18 = load i8, i8* %10, align 4, !range !4 %19 = icmp eq i8 %18, 0 br i1 %19, label %38, label %20, !prof !5, !misexpect !6 store i8 1, i8* %10, align 4 call void @_raw_spin_unlock(%struct.raw_spinlock* %11) #83 %39 = call fastcc %struct.fdtable* @alloc_fdtable(i32 %1) #83 Function:alloc_fdtable %2 = lshr i32 %0, 7 %3 = zext i32 %2 to i64 %4 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %3, i32 -1) #4, !srcloc !4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = shl nuw i64 1, %6 %8 = trunc i64 %7 to i32 %9 = shl i32 %8, 7 %10 = load i32, i32* @sysctl_nr_open, align 4 %11 = icmp ugt i32 %9, %10 %12 = add i32 %10, -1 %13 = or i32 %12, 63 %14 = add i32 %13, 1 %15 = select i1 %11, i32 %14, i32 %9, !prof !5 %16 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %17 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %16, i32 4197568, i64 56) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 alloc_pipe_info 2 fifo_open ------------- Path:  Function:fifo_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 12 %6 = load i64, i64* %5, align 32 %7 = icmp eq i64 %6, 1346981957 %8 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 14 store i64 0, i64* %8, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 43, i32 0 %11 = load %struct.pipe_inode_info*, %struct.pipe_inode_info** %10, align 8 %12 = icmp eq %struct.pipe_inode_info* %11, null br i1 %12, label %17, label %13 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %18 = tail call %struct.pipe_inode_info* @alloc_pipe_info() #84 Function:alloc_pipe_info %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 94 %4 = load %struct.cred*, %struct.cred** %3, align 8 %5 = getelementptr inbounds %struct.cred, %struct.cred* %4, i64 0, i32 21 %6 = load %struct.user_struct*, %struct.user_struct** %5, align 8 %7 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %6, i64 0, i32 0 %8 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %6, i64 0, i32 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !5 %10 = icmp eq i32 %9, 0 br i1 %10, label %15, label %11, !prof !6, !misexpect !7 %12 = add i32 %9, 1 %13 = or i32 %12, %9 %14 = icmp sgt i32 %13, -1 br i1 %14, label %17, label %15, !prof !8, !misexpect !7 %16 = phi i32 [ 2, %0 ], [ 1, %11 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %7, i32 %16) #83 br label %17 %18 = load volatile i32, i32* @pipe_max_size, align 4 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 4197824, i64 168) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 memtype_reserve 2 reserve_pfn_range 3 track_pfn_remap 4 remap_pfn_range 5 mmap_mem ------------- Path:  Function:mmap_mem %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = sub i64 %4, %6 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 4503599627370496 br i1 %10, label %11, label %52 %12 = shl nuw i64 %9, 12 %13 = add i64 %7, -1 %14 = xor i64 %12, -1 %15 = icmp ugt i64 %13, %14 br i1 %15, label %52, label %16 %17 = tail call i32 @valid_mmap_phys_addr_range(i64 %9, i64 %7) #83 %18 = icmp eq i32 %17, 0 br i1 %18, label %52, label %19 %20 = load i64, i64* %8, align 8 %21 = shl i64 %20, 12 %22 = add i64 %21, %7 %23 = icmp ult i64 %21, %22 br i1 %23, label %24, label %35 %25 = phi i64 [ %30, %29 ], [ %21, %19 ] %26 = phi i64 [ %31, %29 ], [ %20, %19 ] %27 = tail call i32 @devmem_is_allowed(i64 %26) #83 %28 = icmp eq i32 %27, 0 br i1 %28, label %52, label %29 %30 = add i64 %25, 4096 %31 = add i64 %26, 1 %32 = icmp ult i64 %30, %22 br i1 %32, label %24, label %33 %34 = load i64, i64* %8, align 8 br label %35 %36 = phi i64 [ %34, %33 ], [ %20, %19 ] %37 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 7 %38 = tail call i32 @phys_mem_access_prot_allowed(%struct.file* %0, i64 %36, i64 %7, %struct.anon.1* %37) #84 %39 = icmp eq i32 %38, 0 br i1 %39, label %52, label %40 %41 = load i64, i64* %8, align 8 %42 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %37, i64 0, i32 0 %43 = load i64, i64* %42, align 8 %44 = tail call i64 @phys_mem_access_prot(%struct.file* %0, i64 %41, i64 %7, i64 %43) #83 %45 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 7, i32 0 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 12 store %struct.vm_operations_struct* @mmap_mem_ops, %struct.vm_operations_struct** %46, align 8 %47 = load i64, i64* %5, align 8 %48 = load i64, i64* %8, align 8 %49 = tail call i32 @remap_pfn_range(%struct.vm_area_struct* %1, i64 %47, i64 %48, i64 %7, i64 %44) #83 Function:remap_pfn_range %6 = alloca %struct.anon.1, align 8 %7 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %6, i64 0, i32 0 store i64 %4, i64* %7, align 8 %8 = add i64 %3, 4095 %9 = and i64 %8, -4096 %10 = call i32 @track_pfn_remap(%struct.vm_area_struct* %0, %struct.anon.1* nonnull %6, i64 %2, i64 %1, i64 %9) #83 Function:track_pfn_remap %6 = shl i64 %2, 12 %7 = icmp eq %struct.vm_area_struct* %0, null br i1 %7, label %8, label %10 %11 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp eq i64 %12, %3 br i1 %13, label %14, label %26 %15 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = sub i64 %16, %3 %18 = icmp eq i64 %17, %4 br i1 %18, label %19, label %26 %20 = tail call fastcc i32 @reserve_pfn_range(i64 %6, i64 %4, %struct.anon.1* %1, i32 0) #83 Function:reserve_pfn_range %5 = alloca %struct.arch_uprobe_task, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %2, i64 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = tail call i32 @pgprot2cachemode(i64 %8) #83 %10 = bitcast i32* %6 to i8* store i32 %9, i32* %6, align 4 %11 = add i64 %1, %0 %12 = lshr i64 %0, 12 %13 = add i64 %11, 4095 %14 = lshr i64 %13, 12 %15 = bitcast %struct.arch_uprobe_task* %5 to i8* %16 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 0 store i64 %12, i64* %16, align 8 %17 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 1 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 2 store i32 0, i32* %18, align 4 %19 = icmp ult i64 %0, 1048576 %20 = select i1 %19, i64 256, i64 %12 %21 = icmp ugt i64 %14, %20 br i1 %21, label %23, label %22 br label %63 %64 = call i32 @memtype_reserve(i64 %0, i64 %11, i32 %9, i32* nonnull %6) #84 Function:memtype_reserve %5 = alloca %struct.arch_uprobe_task, align 8 %6 = alloca i8, align 1 %7 = and i64 %0, 4503599627370495 %8 = add i64 %1, 4503599627370495 %9 = and i64 %8, 4503599627370495 %10 = add nuw nsw i64 %9, 1 %11 = icmp ugt i64 %7, %9 br i1 %11, label %12, label %20 %21 = load i1, i1* @pat_bp_enabled, align 1 br i1 %21, label %25, label %22 %26 = load i1 (i64, i64)*, i1 (i64, i64)** getelementptr inbounds (%struct.x86_platform_ops, %struct.x86_platform_ops* @x86_platform, i64 0, i32 5), align 8 %27 = tail call zeroext i1 %26(i64 %7, i64 %10) #83 br i1 %27, label %28, label %31 %32 = icmp eq i32 %2, 0 br i1 %32, label %33, label %37 %38 = phi i32 [ %36, %33 ], [ %2, %31 ] %39 = icmp eq i32* %3, null br i1 %39, label %41, label %40 %42 = lshr i64 %7, 12 %43 = add nuw nsw i64 %9, 4096 %44 = lshr i64 %43, 12 %45 = bitcast %struct.arch_uprobe_task* %5 to i8* %46 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 0 store i64 %42, i64* %46, align 8 %47 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 1 store i32 0, i32* %47, align 8 %48 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 2 store i32 0, i32* %48, align 4 %49 = icmp ult i64 %7, 1048576 %50 = select i1 %49, i64 256, i64 %42 %51 = icmp ugt i64 %44, %50 br i1 %51, label %52, label %109 %53 = sub nsw i64 %44, %50 %54 = call i32 @walk_system_ram_range(i64 %50, i64 %53, i8* nonnull %45, i32 (i64, i64, i8*)* nonnull @pagerange_is_ram_callback) #83 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %57 %58 = load i32, i32* %47, align 8 %59 = icmp eq i32 %58, 0 br i1 %59, label %110, label %60 %111 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %112 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %111, i32 3520, i64 56) #85 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 memtype_reserve 2 reserve_pfn_range 3 track_pfn_remap 4 remap_pfn_range 5 sel_mmap_handle_status ------------- Path:  Function:sel_mmap_handle_status %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.page** %5 = load %struct.page*, %struct.page** %4, align 8 %6 = icmp eq %struct.page* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %10 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %11 = load i64, i64* %10, align 8 %12 = load i64, i64* %9, align 8 %13 = sub i64 %11, %12 %14 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 13 %15 = load i64, i64* %14, align 8 %16 = icmp ne i64 %15, 0 %17 = icmp ne i64 %13, 4096 %18 = or i1 %16, %17 br i1 %18, label %33, label %19 %20 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %21 = load i64, i64* %20, align 8 %22 = and i64 %21, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %33 %25 = and i64 %21, -33 store i64 %25, i64* %20, align 8 %26 = load i64, i64* @vmemmap_base, align 8 %27 = ptrtoint %struct.page* %5 to i64 %28 = sub i64 %27, %26 %29 = ashr exact i64 %28, 6 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 7, i32 0 %31 = load i64, i64* %30, align 8 %32 = tail call i32 @remap_pfn_range(%struct.vm_area_struct* %1, i64 %12, i64 %29, i64 4096, i64 %31) #83 Function:remap_pfn_range %6 = alloca %struct.anon.1, align 8 %7 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %6, i64 0, i32 0 store i64 %4, i64* %7, align 8 %8 = add i64 %3, 4095 %9 = and i64 %8, -4096 %10 = call i32 @track_pfn_remap(%struct.vm_area_struct* %0, %struct.anon.1* nonnull %6, i64 %2, i64 %1, i64 %9) #83 Function:track_pfn_remap %6 = shl i64 %2, 12 %7 = icmp eq %struct.vm_area_struct* %0, null br i1 %7, label %8, label %10 %11 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp eq i64 %12, %3 br i1 %13, label %14, label %26 %15 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = sub i64 %16, %3 %18 = icmp eq i64 %17, %4 br i1 %18, label %19, label %26 %20 = tail call fastcc i32 @reserve_pfn_range(i64 %6, i64 %4, %struct.anon.1* %1, i32 0) #83 Function:reserve_pfn_range %5 = alloca %struct.arch_uprobe_task, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %2, i64 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = tail call i32 @pgprot2cachemode(i64 %8) #83 %10 = bitcast i32* %6 to i8* store i32 %9, i32* %6, align 4 %11 = add i64 %1, %0 %12 = lshr i64 %0, 12 %13 = add i64 %11, 4095 %14 = lshr i64 %13, 12 %15 = bitcast %struct.arch_uprobe_task* %5 to i8* %16 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 0 store i64 %12, i64* %16, align 8 %17 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 1 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 2 store i32 0, i32* %18, align 4 %19 = icmp ult i64 %0, 1048576 %20 = select i1 %19, i64 256, i64 %12 %21 = icmp ugt i64 %14, %20 br i1 %21, label %23, label %22 br label %63 %64 = call i32 @memtype_reserve(i64 %0, i64 %11, i32 %9, i32* nonnull %6) #84 Function:memtype_reserve %5 = alloca %struct.arch_uprobe_task, align 8 %6 = alloca i8, align 1 %7 = and i64 %0, 4503599627370495 %8 = add i64 %1, 4503599627370495 %9 = and i64 %8, 4503599627370495 %10 = add nuw nsw i64 %9, 1 %11 = icmp ugt i64 %7, %9 br i1 %11, label %12, label %20 %21 = load i1, i1* @pat_bp_enabled, align 1 br i1 %21, label %25, label %22 %26 = load i1 (i64, i64)*, i1 (i64, i64)** getelementptr inbounds (%struct.x86_platform_ops, %struct.x86_platform_ops* @x86_platform, i64 0, i32 5), align 8 %27 = tail call zeroext i1 %26(i64 %7, i64 %10) #83 br i1 %27, label %28, label %31 %32 = icmp eq i32 %2, 0 br i1 %32, label %33, label %37 %38 = phi i32 [ %36, %33 ], [ %2, %31 ] %39 = icmp eq i32* %3, null br i1 %39, label %41, label %40 %42 = lshr i64 %7, 12 %43 = add nuw nsw i64 %9, 4096 %44 = lshr i64 %43, 12 %45 = bitcast %struct.arch_uprobe_task* %5 to i8* %46 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 0 store i64 %42, i64* %46, align 8 %47 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 1 store i32 0, i32* %47, align 8 %48 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 2 store i32 0, i32* %48, align 4 %49 = icmp ult i64 %7, 1048576 %50 = select i1 %49, i64 256, i64 %42 %51 = icmp ugt i64 %44, %50 br i1 %51, label %52, label %109 %53 = sub nsw i64 %44, %50 %54 = call i32 @walk_system_ram_range(i64 %50, i64 %53, i8* nonnull %45, i32 (i64, i64, i8*)* nonnull @pagerange_is_ram_callback) #83 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %57 %58 = load i32, i32* %47, align 8 %59 = icmp eq i32 %58, 0 br i1 %59, label %110, label %60 %111 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %112 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %111, i32 3520, i64 56) #85 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 memtype_reserve 2 reserve_pfn_range 3 track_pfn_remap 4 remap_pfn_range 5 io_uring_mmap ------------- Path:  Function:io_uring_mmap %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = sub i64 %4, %6 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.io_ring_ctx** %12 = load %struct.io_ring_ctx*, %struct.io_ring_ctx** %11, align 8 %13 = shl i64 %9, 12 switch i64 %13, label %59 [ i64 0, label %14 i64 134217728, label %14 i64 268435456, label %17 ] %18 = getelementptr inbounds %struct.io_ring_ctx, %struct.io_ring_ctx* %12, i64 0, i32 1, i32 2 %19 = bitcast %struct.io_uring_sqe** %18 to i8** br label %20 %21 = phi i8** [ %19, %17 ], [ %16, %14 ] %22 = load i8*, i8** %21, align 8 %23 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %24 = ptrtoint i8* %22 to i64 %25 = add i64 %24, 2147483648 %26 = icmp ugt i8* %22, inttoptr (i64 -2147483649 to i8*) %27 = load i64, i64* @phys_base, align 8 %28 = load i64, i64* @page_offset_base, align 8 %29 = sub i64 -2147483648, %28 %30 = select i1 %26, i64 %27, i64 %29 %31 = add i64 %25, %30 %32 = lshr i64 %31, 12 %33 = getelementptr %struct.page, %struct.page* %23, i64 %32 %34 = getelementptr %struct.page, %struct.page* %23, i64 %32, i32 1 %35 = bitcast %union.anon.20* %34 to i64* %36 = load volatile i64, i64* %35, align 8 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 %39 = add i64 %36, -1 %40 = ptrtoint %struct.page* %33 to i64 %41 = select i1 %38, i64 %40, i64 %39, !prof !4 %42 = inttoptr i64 %41 to %struct.page* %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 0 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 65536 %46 = icmp eq i64 %45, 0 br i1 %46, label %53, label %47 %48 = getelementptr %struct.page, %struct.page* %42, i64 1, i32 1 %49 = bitcast %union.anon.20* %48 to %struct.anon.13* %50 = getelementptr inbounds %struct.anon.13, %struct.anon.13* %49, i64 0, i32 2 %51 = load i8, i8* %50, align 1 %52 = zext i8 %51 to i64 br label %53 %54 = phi i64 [ %52, %47 ], [ 0, %20 ] %55 = shl i64 4096, %54 %56 = icmp ult i64 %55, %7 br i1 %56, label %59, label %57 %58 = icmp ugt i8* %22, inttoptr (i64 -4096 to i8*) br i1 %58, label %59, label %63 %64 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 7, i32 0 %65 = load i64, i64* %64, align 8 %66 = tail call i32 @remap_pfn_range(%struct.vm_area_struct* %1, i64 %6, i64 %32, i64 %7, i64 %65) #83 Function:remap_pfn_range %6 = alloca %struct.anon.1, align 8 %7 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %6, i64 0, i32 0 store i64 %4, i64* %7, align 8 %8 = add i64 %3, 4095 %9 = and i64 %8, -4096 %10 = call i32 @track_pfn_remap(%struct.vm_area_struct* %0, %struct.anon.1* nonnull %6, i64 %2, i64 %1, i64 %9) #83 Function:track_pfn_remap %6 = shl i64 %2, 12 %7 = icmp eq %struct.vm_area_struct* %0, null br i1 %7, label %8, label %10 %11 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp eq i64 %12, %3 br i1 %13, label %14, label %26 %15 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = sub i64 %16, %3 %18 = icmp eq i64 %17, %4 br i1 %18, label %19, label %26 %20 = tail call fastcc i32 @reserve_pfn_range(i64 %6, i64 %4, %struct.anon.1* %1, i32 0) #83 Function:reserve_pfn_range %5 = alloca %struct.arch_uprobe_task, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %2, i64 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = tail call i32 @pgprot2cachemode(i64 %8) #83 %10 = bitcast i32* %6 to i8* store i32 %9, i32* %6, align 4 %11 = add i64 %1, %0 %12 = lshr i64 %0, 12 %13 = add i64 %11, 4095 %14 = lshr i64 %13, 12 %15 = bitcast %struct.arch_uprobe_task* %5 to i8* %16 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 0 store i64 %12, i64* %16, align 8 %17 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 1 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 2 store i32 0, i32* %18, align 4 %19 = icmp ult i64 %0, 1048576 %20 = select i1 %19, i64 256, i64 %12 %21 = icmp ugt i64 %14, %20 br i1 %21, label %23, label %22 br label %63 %64 = call i32 @memtype_reserve(i64 %0, i64 %11, i32 %9, i32* nonnull %6) #84 Function:memtype_reserve %5 = alloca %struct.arch_uprobe_task, align 8 %6 = alloca i8, align 1 %7 = and i64 %0, 4503599627370495 %8 = add i64 %1, 4503599627370495 %9 = and i64 %8, 4503599627370495 %10 = add nuw nsw i64 %9, 1 %11 = icmp ugt i64 %7, %9 br i1 %11, label %12, label %20 %21 = load i1, i1* @pat_bp_enabled, align 1 br i1 %21, label %25, label %22 %26 = load i1 (i64, i64)*, i1 (i64, i64)** getelementptr inbounds (%struct.x86_platform_ops, %struct.x86_platform_ops* @x86_platform, i64 0, i32 5), align 8 %27 = tail call zeroext i1 %26(i64 %7, i64 %10) #83 br i1 %27, label %28, label %31 %32 = icmp eq i32 %2, 0 br i1 %32, label %33, label %37 %38 = phi i32 [ %36, %33 ], [ %2, %31 ] %39 = icmp eq i32* %3, null br i1 %39, label %41, label %40 %42 = lshr i64 %7, 12 %43 = add nuw nsw i64 %9, 4096 %44 = lshr i64 %43, 12 %45 = bitcast %struct.arch_uprobe_task* %5 to i8* %46 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 0 store i64 %42, i64* %46, align 8 %47 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 1 store i32 0, i32* %47, align 8 %48 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 2 store i32 0, i32* %48, align 4 %49 = icmp ult i64 %7, 1048576 %50 = select i1 %49, i64 256, i64 %42 %51 = icmp ugt i64 %44, %50 br i1 %51, label %52, label %109 %53 = sub nsw i64 %44, %50 %54 = call i32 @walk_system_ram_range(i64 %50, i64 %53, i8* nonnull %45, i32 (i64, i64, i8*)* nonnull @pagerange_is_ram_callback) #83 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %57 %58 = load i32, i32* %47, align 8 %59 = icmp eq i32 %58, 0 br i1 %59, label %110, label %60 %111 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %112 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %111, i32 3520, i64 56) #85 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 cpu_latency_qos_open ------------- Path:  Function:cpu_latency_qos_open %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 3520, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_syslog 2 __ia32_sys_syslog ------------- Path:  Function:__ia32_sys_syslog %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i8* %11 = trunc i64 %8 to i32 %12 = tail call i32 @do_syslog(i32 %9, i8* %10, i32 %11, i32 0) #83 Function:do_syslog %5 = alloca [32 x i8], align 16 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = alloca %struct.printk_info, align 8 %9 = alloca %struct.printk_record, align 8 %10 = alloca %struct.wait_queue_entry, align 8 %11 = alloca %struct.printk_info, align 8 %12 = alloca i32, align 4 %13 = bitcast %struct.printk_info* %11 to i8* %14 = icmp eq i32 %3, 1 %15 = icmp ne i32 %0, 1 %16 = and i1 %15, %14 br i1 %16, label %37, label %17 %38 = tail call i32 @security_syslog(i32 %0) #83 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %356 switch i32 %0, label %355 [ i32 0, label %356 i32 1, label %356 i32 2, label %41 i32 4, label %163 i32 3, label %164 i32 5, label %244 i32 6, label %251 i32 7, label %258 i32 8, label %262 i32 9, label %269 i32 10, label %353 ] %42 = icmp eq i8* %1, null %43 = icmp slt i32 %2, 0 %44 = or i1 %42, %43 br i1 %44, label %356, label %45 %46 = icmp eq i32 %2, 0 br i1 %46, label %356, label %47 %48 = zext i32 %2 to i64 %49 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %50 = ptrtoint i8* %1 to i64 %51 = add i64 %48, %50 %52 = icmp ult i64 %51, %48 %53 = icmp ugt i64 %51, %49 %54 = or i1 %52, %53 br i1 %54, label %356, label %55, !prof !8, !misexpect !9 %56 = bitcast %struct.printk_info* %8 to i8* %57 = bitcast %struct.printk_record* %9 to i8* %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3264, i64 1024) #85 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_syslog 2 __x64_sys_syslog ------------- Path:  Function:__x64_sys_syslog %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i32 @do_syslog(i32 %9, i8* %6, i32 %10, i32 0) #83 Function:do_syslog %5 = alloca [32 x i8], align 16 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = alloca %struct.printk_info, align 8 %9 = alloca %struct.printk_record, align 8 %10 = alloca %struct.wait_queue_entry, align 8 %11 = alloca %struct.printk_info, align 8 %12 = alloca i32, align 4 %13 = bitcast %struct.printk_info* %11 to i8* %14 = icmp eq i32 %3, 1 %15 = icmp ne i32 %0, 1 %16 = and i1 %15, %14 br i1 %16, label %37, label %17 %38 = tail call i32 @security_syslog(i32 %0) #83 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %356 switch i32 %0, label %355 [ i32 0, label %356 i32 1, label %356 i32 2, label %41 i32 4, label %163 i32 3, label %164 i32 5, label %244 i32 6, label %251 i32 7, label %258 i32 8, label %262 i32 9, label %269 i32 10, label %353 ] %42 = icmp eq i8* %1, null %43 = icmp slt i32 %2, 0 %44 = or i1 %42, %43 br i1 %44, label %356, label %45 %46 = icmp eq i32 %2, 0 br i1 %46, label %356, label %47 %48 = zext i32 %2 to i64 %49 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %50 = ptrtoint i8* %1 to i64 %51 = add i64 %48, %50 %52 = icmp ult i64 %51, %48 %53 = icmp ugt i64 %51, %49 %54 = or i1 %52, %53 br i1 %54, label %356, label %55, !prof !8, !misexpect !9 %56 = bitcast %struct.printk_info* %8 to i8* %57 = bitcast %struct.printk_record* %9 to i8* %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3264, i64 1024) #85 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 refill_pi_state_cache 2 futex_requeue 3 do_futex 4 __se_sys_futex 5 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %38 = tail call i32 @futex_requeue(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32* null, i32 0) #83 Function:futex_requeue %8 = alloca i32, align 4 %9 = alloca %union.futex_key, align 8 %10 = alloca %union.futex_key, align 8 %11 = alloca %struct.futex_pi_state*, align 8 %12 = alloca %struct.wake_q_head, align 8 %13 = alloca i32, align 4 %14 = alloca %struct.task_struct*, align 8 %15 = bitcast %union.futex_key* %9 to i8* %16 = bitcast %union.futex_key* %10 to i8* %17 = bitcast %struct.futex_pi_state** %11 to i8* store %struct.futex_pi_state* null, %struct.futex_pi_state** %11, align 8 %18 = bitcast %struct.wake_q_head* %12 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 %21 = or i32 %4, %3 %22 = icmp sgt i32 %21, -1 br i1 %22, label %23, label %438 %24 = icmp eq i32 %6, 0 br i1 %24, label %32, label %25 %26 = icmp ne i32* %0, %2 %27 = icmp eq i32 %3, 1 %28 = and i1 %26, %27 br i1 %28, label %29, label %438 %30 = call i32 @refill_pi_state_cache() #83 Function:refill_pi_state_cache %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 149 %4 = load %struct.futex_pi_state*, %struct.futex_pi_state** %3, align 16 %5 = icmp eq %struct.futex_pi_state* %4, null br i1 %5, label %6, label %21, !prof !5, !misexpect !6 %7 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %8 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %7, i32 3520, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 refill_pi_state_cache 2 futex_requeue 3 do_futex 4 __se_sys_futex 5 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %38 = tail call i32 @futex_requeue(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32* null, i32 0) #83 Function:futex_requeue %8 = alloca i32, align 4 %9 = alloca %union.futex_key, align 8 %10 = alloca %union.futex_key, align 8 %11 = alloca %struct.futex_pi_state*, align 8 %12 = alloca %struct.wake_q_head, align 8 %13 = alloca i32, align 4 %14 = alloca %struct.task_struct*, align 8 %15 = bitcast %union.futex_key* %9 to i8* %16 = bitcast %union.futex_key* %10 to i8* %17 = bitcast %struct.futex_pi_state** %11 to i8* store %struct.futex_pi_state* null, %struct.futex_pi_state** %11, align 8 %18 = bitcast %struct.wake_q_head* %12 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 %21 = or i32 %4, %3 %22 = icmp sgt i32 %21, -1 br i1 %22, label %23, label %438 %24 = icmp eq i32 %6, 0 br i1 %24, label %32, label %25 %26 = icmp ne i32* %0, %2 %27 = icmp eq i32 %3, 1 %28 = and i1 %26, %27 br i1 %28, label %29, label %438 %30 = call i32 @refill_pi_state_cache() #83 Function:refill_pi_state_cache %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 149 %4 = load %struct.futex_pi_state*, %struct.futex_pi_state** %3, align 16 %5 = icmp eq %struct.futex_pi_state* %4, null br i1 %5, label %6, label %21, !prof !5, !misexpect !6 %7 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %8 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %7, i32 3520, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 refill_pi_state_cache 2 futex_requeue 3 do_futex 4 __se_sys_futex_time32 5 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %38 = tail call i32 @futex_requeue(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32* null, i32 0) #83 Function:futex_requeue %8 = alloca i32, align 4 %9 = alloca %union.futex_key, align 8 %10 = alloca %union.futex_key, align 8 %11 = alloca %struct.futex_pi_state*, align 8 %12 = alloca %struct.wake_q_head, align 8 %13 = alloca i32, align 4 %14 = alloca %struct.task_struct*, align 8 %15 = bitcast %union.futex_key* %9 to i8* %16 = bitcast %union.futex_key* %10 to i8* %17 = bitcast %struct.futex_pi_state** %11 to i8* store %struct.futex_pi_state* null, %struct.futex_pi_state** %11, align 8 %18 = bitcast %struct.wake_q_head* %12 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 %21 = or i32 %4, %3 %22 = icmp sgt i32 %21, -1 br i1 %22, label %23, label %438 %24 = icmp eq i32 %6, 0 br i1 %24, label %32, label %25 %26 = icmp ne i32* %0, %2 %27 = icmp eq i32 %3, 1 %28 = and i1 %26, %27 br i1 %28, label %29, label %438 %30 = call i32 @refill_pi_state_cache() #83 Function:refill_pi_state_cache %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 149 %4 = load %struct.futex_pi_state*, %struct.futex_pi_state** %3, align 16 %5 = icmp eq %struct.futex_pi_state* %4, null br i1 %5, label %6, label %21, !prof !5, !misexpect !6 %7 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %8 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %7, i32 3520, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 refill_pi_state_cache 2 futex_requeue 3 do_futex 4 __se_sys_futex_time32 5 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %38 = tail call i32 @futex_requeue(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32* null, i32 0) #83 Function:futex_requeue %8 = alloca i32, align 4 %9 = alloca %union.futex_key, align 8 %10 = alloca %union.futex_key, align 8 %11 = alloca %struct.futex_pi_state*, align 8 %12 = alloca %struct.wake_q_head, align 8 %13 = alloca i32, align 4 %14 = alloca %struct.task_struct*, align 8 %15 = bitcast %union.futex_key* %9 to i8* %16 = bitcast %union.futex_key* %10 to i8* %17 = bitcast %struct.futex_pi_state** %11 to i8* store %struct.futex_pi_state* null, %struct.futex_pi_state** %11, align 8 %18 = bitcast %struct.wake_q_head* %12 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 %21 = or i32 %4, %3 %22 = icmp sgt i32 %21, -1 br i1 %22, label %23, label %438 %24 = icmp eq i32 %6, 0 br i1 %24, label %32, label %25 %26 = icmp ne i32* %0, %2 %27 = icmp eq i32 %3, 1 %28 = and i1 %26, %27 br i1 %28, label %29, label %438 %30 = call i32 @refill_pi_state_cache() #83 Function:refill_pi_state_cache %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 149 %4 = load %struct.futex_pi_state*, %struct.futex_pi_state** %3, align 16 %5 = icmp eq %struct.futex_pi_state* %4, null br i1 %5, label %6, label %21, !prof !5, !misexpect !6 %7 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %8 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %7, i32 3520, i64 88) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 audit_signal_info_syscall 2 audit_signal_info 3 check_kill_permission 4 kill_pid_info 5 __ia32_compat_sys_rt_sigqueueinfo ------------- Path:  Function:__ia32_compat_sys_rt_sigqueueinfo %2 = alloca %struct.compat_siginfo, align 4 %3 = alloca %struct.kernel_siginfo, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = bitcast %struct.kernel_siginfo* %3 to i8* %14 = bitcast %struct.compat_siginfo* %2 to i8* %15 = inttoptr i64 %10 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %14, i8* %15, i64 128) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.compat_siginfo, %struct.compat_siginfo* %2, i64 0, i32 0 store i32 %12, i32* %20, align 4 call fastcc void @post_copy_siginfo_from_user32(%struct.kernel_siginfo* nonnull %3, %struct.compat_siginfo* nonnull %2) #83 %21 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp sgt i32 %22, -1 %24 = icmp eq i32 %22, -6 %25 = or i1 %23, %24 br i1 %25, label %26, label %31 %27 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %28 = inttoptr i64 %27 to %struct.task_struct* %29 = call i32 @__task_pid_nr_ns(%struct.task_struct* %28, i32 0, %struct.pid_namespace* null) #83 %30 = icmp eq i32 %29, %11 br i1 %30, label %31, label %35 call void @__rcu_read_lock() #83 %32 = call %struct.pid* @find_vpid(i32 %11) #83 %33 = call i32 @kill_pid_info(i32 %12, %struct.kernel_siginfo* nonnull %3, %struct.pid* %32) #83 Function:kill_pid_info %4 = icmp ne i32 %0, 0 br label %5 tail call void @__rcu_read_lock() #83 %6 = tail call %struct.task_struct* @pid_task(%struct.pid* %2, i32 0) #83 %7 = icmp eq %struct.task_struct* %6, null br i1 %7, label %8, label %9 tail call void @__rcu_read_lock() #83 %10 = tail call fastcc i32 @check_kill_permission(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* nonnull %6) #83 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 audit_signal_info_syscall 2 audit_signal_info 3 check_kill_permission 4 kill_pid_info 5 __se_sys_rt_sigqueueinfo 6 __ia32_sys_rt_sigqueueinfo ------------- Path:  Function:__ia32_sys_rt_sigqueueinfo %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_rt_sigqueueinfo(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_rt_sigqueueinfo %4 = alloca %struct.kernel_siginfo, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = inttoptr i64 %2 to %struct.siginfo* %8 = bitcast %struct.kernel_siginfo* %4 to i8* %9 = call fastcc i32 @__copy_siginfo_from_user(i32 %6, %struct.kernel_siginfo* nonnull %4, %struct.siginfo* %7) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %25, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 2 %13 = load i32, i32* %12, align 8 %14 = icmp sgt i32 %13, -1 %15 = icmp eq i32 %13, -6 %16 = or i1 %14, %15 br i1 %16, label %17, label %22 %18 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %19 = inttoptr i64 %18 to %struct.task_struct* %20 = call i32 @__task_pid_nr_ns(%struct.task_struct* %19, i32 0, %struct.pid_namespace* null) #83 %21 = icmp eq i32 %20, %5 br i1 %21, label %22, label %25 call void @__rcu_read_lock() #83 %23 = call %struct.pid* @find_vpid(i32 %5) #83 %24 = call i32 @kill_pid_info(i32 %6, %struct.kernel_siginfo* nonnull %4, %struct.pid* %23) #83 Function:kill_pid_info %4 = icmp ne i32 %0, 0 br label %5 tail call void @__rcu_read_lock() #83 %6 = tail call %struct.task_struct* @pid_task(%struct.pid* %2, i32 0) #83 %7 = icmp eq %struct.task_struct* %6, null br i1 %7, label %8, label %9 tail call void @__rcu_read_lock() #83 %10 = tail call fastcc i32 @check_kill_permission(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* nonnull %6) #83 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 audit_signal_info_syscall 2 audit_signal_info 3 check_kill_permission 4 kill_pid_info 5 __se_sys_rt_sigqueueinfo 6 __x64_sys_rt_sigqueueinfo ------------- Path:  Function:__x64_sys_rt_sigqueueinfo %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_rt_sigqueueinfo(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_rt_sigqueueinfo %4 = alloca %struct.kernel_siginfo, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = inttoptr i64 %2 to %struct.siginfo* %8 = bitcast %struct.kernel_siginfo* %4 to i8* %9 = call fastcc i32 @__copy_siginfo_from_user(i32 %6, %struct.kernel_siginfo* nonnull %4, %struct.siginfo* %7) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %25, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 2 %13 = load i32, i32* %12, align 8 %14 = icmp sgt i32 %13, -1 %15 = icmp eq i32 %13, -6 %16 = or i1 %14, %15 br i1 %16, label %17, label %22 %18 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %19 = inttoptr i64 %18 to %struct.task_struct* %20 = call i32 @__task_pid_nr_ns(%struct.task_struct* %19, i32 0, %struct.pid_namespace* null) #83 %21 = icmp eq i32 %20, %5 br i1 %21, label %22, label %25 call void @__rcu_read_lock() #83 %23 = call %struct.pid* @find_vpid(i32 %5) #83 %24 = call i32 @kill_pid_info(i32 %6, %struct.kernel_siginfo* nonnull %4, %struct.pid* %23) #83 Function:kill_pid_info %4 = icmp ne i32 %0, 0 br label %5 tail call void @__rcu_read_lock() #83 %6 = tail call %struct.task_struct* @pid_task(%struct.pid* %2, i32 0) #83 %7 = icmp eq %struct.task_struct* %6, null br i1 %7, label %8, label %9 tail call void @__rcu_read_lock() #83 %10 = tail call fastcc i32 @check_kill_permission(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* nonnull %6) #83 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 audit_signal_info_syscall 2 audit_signal_info 3 check_kill_permission 4 do_send_specific 5 __ia32_compat_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_compat_sys_rt_tgsigqueueinfo %2 = alloca %struct.compat_siginfo, align 4 %3 = alloca %struct.kernel_siginfo, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %5 to i32 %14 = trunc i64 %7 to i32 %15 = trunc i64 %9 to i32 %16 = bitcast %struct.kernel_siginfo* %3 to i8* %17 = bitcast %struct.compat_siginfo* %2 to i8* %18 = inttoptr i64 %12 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %17, i8* %18, i64 128) #83 %20 = icmp eq i64 %19, 0 br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.compat_siginfo, %struct.compat_siginfo* %2, i64 0, i32 0 store i32 %15, i32* %23, align 4 call fastcc void @post_copy_siginfo_from_user32(%struct.kernel_siginfo* nonnull %3, %struct.compat_siginfo* nonnull %2) #83 %24 = icmp slt i32 %14, 1 %25 = icmp slt i32 %13, 1 %26 = or i1 %25, %24 br i1 %26, label %41, label %27 %28 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %29 = load i32, i32* %28, align 8 %30 = icmp sgt i32 %29, -1 %31 = icmp eq i32 %29, -6 %32 = or i1 %30, %31 br i1 %32, label %33, label %38 %34 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = call i32 @__task_pid_nr_ns(%struct.task_struct* %35, i32 0, %struct.pid_namespace* null) #83 %37 = icmp eq i32 %36, %14 br i1 %37, label %38, label %41 %39 = call fastcc i32 @do_send_specific(i32 %13, i32 %14, i32 %15, %struct.kernel_siginfo* nonnull %3) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %21, label %7 %8 = icmp slt i32 %0, 1 br i1 %8, label %12, label %9 %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* nonnull %5, i32 1, %struct.pid_namespace* null) #83 %11 = icmp eq i32 %10, %0 br i1 %11, label %12, label %21 %13 = tail call fastcc i32 @check_kill_permission(i32 %2, %struct.kernel_siginfo* %3, %struct.task_struct* nonnull %5) #84 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 audit_signal_info_syscall 2 audit_signal_info 3 check_kill_permission 4 do_send_specific 5 __ia32_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_sys_rt_tgsigqueueinfo %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %4 to i32 %13 = trunc i64 %6 to i32 %14 = trunc i64 %8 to i32 %15 = inttoptr i64 %11 to %struct.siginfo* %16 = bitcast %struct.kernel_siginfo* %2 to i8* %17 = call fastcc i32 @__copy_siginfo_from_user(i32 %14, %struct.kernel_siginfo* nonnull %2, %struct.siginfo* %15) #83 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %36, !prof !4, !misexpect !5 %20 = icmp slt i32 %13, 1 %21 = icmp slt i32 %12, 1 %22 = or i1 %21, %20 br i1 %22, label %36, label %23 %24 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = icmp sgt i32 %25, -1 %27 = icmp eq i32 %25, -6 %28 = or i1 %26, %27 br i1 %28, label %29, label %34 %30 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = call i32 @__task_pid_nr_ns(%struct.task_struct* %31, i32 0, %struct.pid_namespace* null) #83 %33 = icmp eq i32 %32, %13 br i1 %33, label %34, label %36 %35 = call fastcc i32 @do_send_specific(i32 %12, i32 %13, i32 %14, %struct.kernel_siginfo* nonnull %2) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %21, label %7 %8 = icmp slt i32 %0, 1 br i1 %8, label %12, label %9 %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* nonnull %5, i32 1, %struct.pid_namespace* null) #83 %11 = icmp eq i32 %10, %0 br i1 %11, label %12, label %21 %13 = tail call fastcc i32 @check_kill_permission(i32 %2, %struct.kernel_siginfo* %3, %struct.task_struct* nonnull %5) #84 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 audit_signal_info_syscall 2 audit_signal_info 3 check_kill_permission 4 do_send_specific 5 __ia32_sys_tgkill ------------- Path:  Function:__ia32_sys_tgkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp slt i32 %10, 1 %13 = icmp slt i32 %9, 1 %14 = or i1 %13, %12 br i1 %14, label %34, label %15 %16 = bitcast %struct.kernel_siginfo* %2 to i8* %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %11, i32* %17, align 8 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %19, align 8 %20 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %21 = inttoptr i64 %20 to %struct.task_struct* %22 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %21, i32 1, %struct.pid_namespace* null) #83 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %22, i32* %23, align 8 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %21, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 1, i32 0 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, -1 %29 = load i32, i32* @overflowuid, align 4 %30 = select i1 %28, i32 %29, i32 %27 %31 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %30, i32* %31, align 4 %32 = call fastcc i32 @do_send_specific(i32 %9, i32 %10, i32 %11, %struct.kernel_siginfo* nonnull %2) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %21, label %7 %8 = icmp slt i32 %0, 1 br i1 %8, label %12, label %9 %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* nonnull %5, i32 1, %struct.pid_namespace* null) #83 %11 = icmp eq i32 %10, %0 br i1 %11, label %12, label %21 %13 = tail call fastcc i32 @check_kill_permission(i32 %2, %struct.kernel_siginfo* %3, %struct.task_struct* nonnull %5) #84 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 audit_signal_info_syscall 2 audit_signal_info 3 check_kill_permission 4 do_send_specific 5 __x64_sys_rt_tgsigqueueinfo ------------- Path:  Function:__x64_sys_rt_tgsigqueueinfo %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to %struct.siginfo** %11 = load %struct.siginfo*, %struct.siginfo** %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %6 to i32 %14 = trunc i64 %8 to i32 %15 = bitcast %struct.kernel_siginfo* %2 to i8* %16 = call fastcc i32 @__copy_siginfo_from_user(i32 %14, %struct.kernel_siginfo* nonnull %2, %struct.siginfo* %11) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %35, !prof !4, !misexpect !5 %19 = icmp slt i32 %13, 1 %20 = icmp slt i32 %12, 1 %21 = or i1 %20, %19 br i1 %21, label %35, label %22 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 %24 = load i32, i32* %23, align 8 %25 = icmp sgt i32 %24, -1 %26 = icmp eq i32 %24, -6 %27 = or i1 %25, %26 br i1 %27, label %28, label %33 %29 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %30 = inttoptr i64 %29 to %struct.task_struct* %31 = call i32 @__task_pid_nr_ns(%struct.task_struct* %30, i32 0, %struct.pid_namespace* null) #83 %32 = icmp eq i32 %31, %13 br i1 %32, label %33, label %35 %34 = call fastcc i32 @do_send_specific(i32 %12, i32 %13, i32 %14, %struct.kernel_siginfo* nonnull %2) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %21, label %7 %8 = icmp slt i32 %0, 1 br i1 %8, label %12, label %9 %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* nonnull %5, i32 1, %struct.pid_namespace* null) #83 %11 = icmp eq i32 %10, %0 br i1 %11, label %12, label %21 %13 = tail call fastcc i32 @check_kill_permission(i32 %2, %struct.kernel_siginfo* %3, %struct.task_struct* nonnull %5) #84 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 audit_signal_info_syscall 2 audit_signal_info 3 check_kill_permission 4 do_send_specific 5 __x64_sys_tgkill ------------- Path:  Function:__x64_sys_tgkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp slt i32 %10, 1 %13 = icmp slt i32 %9, 1 %14 = or i1 %13, %12 br i1 %14, label %34, label %15 %16 = bitcast %struct.kernel_siginfo* %2 to i8* %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %11, i32* %17, align 8 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %19, align 8 %20 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %21 = inttoptr i64 %20 to %struct.task_struct* %22 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %21, i32 1, %struct.pid_namespace* null) #83 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %22, i32* %23, align 8 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %21, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 1, i32 0 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, -1 %29 = load i32, i32* @overflowuid, align 4 %30 = select i1 %28, i32 %29, i32 %27 %31 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %30, i32* %31, align 4 %32 = call fastcc i32 @do_send_specific(i32 %9, i32 %10, i32 %11, %struct.kernel_siginfo* nonnull %2) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %21, label %7 %8 = icmp slt i32 %0, 1 br i1 %8, label %12, label %9 %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* nonnull %5, i32 1, %struct.pid_namespace* null) #83 %11 = icmp eq i32 %10, %0 br i1 %11, label %12, label %21 %13 = tail call fastcc i32 @check_kill_permission(i32 %2, %struct.kernel_siginfo* %3, %struct.task_struct* nonnull %5) #84 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 audit_signal_info_syscall 2 audit_signal_info 3 check_kill_permission 4 __se_sys_tkill 5 __ia32_sys_tkill ------------- Path:  Function:__ia32_sys_tkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_tkill(i64 %4, i64 %7) #83 Function:__se_sys_tkill %3 = alloca %struct.kernel_siginfo, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = icmp slt i32 %4, 1 br i1 %6, label %38, label %7 %8 = bitcast %struct.kernel_siginfo* %3 to i8* %9 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %5, i32* %9, align 8 %10 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 store i32 -6, i32* %11, align 8 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %13, i32 1, %struct.pid_namespace* null) #83 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %14, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 94 %17 = load %struct.cred*, %struct.cred** %16, align 8 %18 = getelementptr inbounds %struct.cred, %struct.cred* %17, i64 0, i32 1, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq i32 %19, -1 %21 = load i32, i32* @overflowuid, align 4 %22 = select i1 %20, i32 %21, i32 %19 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %22, i32* %23, align 4 tail call void @__rcu_read_lock() #83 %24 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 %25 = icmp eq %struct.task_struct* %24, null br i1 %25, label %35, label %26 %27 = call fastcc i32 @check_kill_permission(i32 %5, %struct.kernel_siginfo* nonnull %3, %struct.task_struct* nonnull %24) #83 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 audit_signal_info_syscall 2 audit_signal_info 3 check_kill_permission 4 __se_sys_tkill 5 __x64_sys_tkill ------------- Path:  Function:__x64_sys_tkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_tkill(i64 %3, i64 %5) #83 Function:__se_sys_tkill %3 = alloca %struct.kernel_siginfo, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = icmp slt i32 %4, 1 br i1 %6, label %38, label %7 %8 = bitcast %struct.kernel_siginfo* %3 to i8* %9 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %5, i32* %9, align 8 %10 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 store i32 -6, i32* %11, align 8 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %13, i32 1, %struct.pid_namespace* null) #83 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %14, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 94 %17 = load %struct.cred*, %struct.cred** %16, align 8 %18 = getelementptr inbounds %struct.cred, %struct.cred* %17, i64 0, i32 1, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq i32 %19, -1 %21 = load i32, i32* @overflowuid, align 4 %22 = select i1 %20, i32 %21, i32 %19 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %22, i32* %23, align 4 tail call void @__rcu_read_lock() #83 %24 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 %25 = icmp eq %struct.task_struct* %24, null br i1 %25, label %35, label %26 %27 = call fastcc i32 @check_kill_permission(i32 %5, %struct.kernel_siginfo* nonnull %3, %struct.task_struct* nonnull %24) #83 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_seccomp 2 prctl_set_seccomp 3 __do_sys_prctl 4 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %61 = inttoptr i64 %2 to i8* %62 = tail call i64 @prctl_set_seccomp(i64 %1, i8* %61) #83 Function:prctl_set_seccomp switch i64 %0, label %8 [ i64 1, label %4 i64 2, label %3 ] %5 = phi i32 [ 1, %3 ], [ 0, %2 ] %6 = phi i8* [ %1, %3 ], [ null, %2 ] %7 = tail call fastcc i64 @do_seccomp(i32 %5, i32 0, i8* %6) #83 Function:do_seccomp %4 = alloca %struct.orc_entry, align 2 %5 = alloca i32, align 4 %6 = alloca %struct.sock_fprog_kern, align 8 %7 = alloca %struct.compat_sock_fprog, align 4 switch i32 %0, label %523 [ i32 0, label %8 i32 1, label %41 i32 2, label %505 i32 3, label %516 ] %42 = zext i32 %1 to i64 %43 = and i64 %42, 4294967264 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %523 %46 = and i64 %42, 1 %47 = icmp eq i64 %46, 0 %48 = and i64 %42, 8 %49 = icmp eq i64 %48, 0 %50 = and i64 %42, 16 %51 = icmp eq i64 %50, 0 %52 = and i64 %42, 25 %53 = icmp eq i64 %52, 9 br i1 %53, label %523, label %54 %55 = bitcast %struct.sock_fprog_kern* %6 to i8* %56 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.102383** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.102383**)) #11, !srcloc !4 %57 = inttoptr i64 %56 to %struct.task_struct.102383* %58 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 0, i32 2 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 2 %61 = icmp eq i32 %60, 0 br i1 %61, label %77, label %62 %78 = call i64 @_copy_from_user(i8* nonnull %55, i8* %2, i64 16) #83 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %114 %81 = getelementptr inbounds %struct.sock_fprog_kern, %struct.sock_fprog_kern* %6, i64 0, i32 0 %82 = load i16, i16* %81, align 8 br label %83 %84 = phi i16 [ %82, %80 ], [ %69, %67 ] %85 = add i16 %84, -1 %86 = icmp ugt i16 %85, 4095 br i1 %86, label %115, label %87 %88 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 60 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 1 %91 = icmp eq i64 %90, 0 br i1 %91, label %92, label %94 %93 = call zeroext i1 @ns_capable_noaudit(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), i32 21) #83 br i1 %93, label %94, label %115 %95 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %96 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %95, i32 11712, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_seccomp 2 prctl_set_seccomp 3 __do_sys_prctl 4 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %61 = inttoptr i64 %2 to i8* %62 = tail call i64 @prctl_set_seccomp(i64 %1, i8* %61) #83 Function:prctl_set_seccomp switch i64 %0, label %8 [ i64 1, label %4 i64 2, label %3 ] %5 = phi i32 [ 1, %3 ], [ 0, %2 ] %6 = phi i8* [ %1, %3 ], [ null, %2 ] %7 = tail call fastcc i64 @do_seccomp(i32 %5, i32 0, i8* %6) #83 Function:do_seccomp %4 = alloca %struct.orc_entry, align 2 %5 = alloca i32, align 4 %6 = alloca %struct.sock_fprog_kern, align 8 %7 = alloca %struct.compat_sock_fprog, align 4 switch i32 %0, label %523 [ i32 0, label %8 i32 1, label %41 i32 2, label %505 i32 3, label %516 ] %42 = zext i32 %1 to i64 %43 = and i64 %42, 4294967264 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %523 %46 = and i64 %42, 1 %47 = icmp eq i64 %46, 0 %48 = and i64 %42, 8 %49 = icmp eq i64 %48, 0 %50 = and i64 %42, 16 %51 = icmp eq i64 %50, 0 %52 = and i64 %42, 25 %53 = icmp eq i64 %52, 9 br i1 %53, label %523, label %54 %55 = bitcast %struct.sock_fprog_kern* %6 to i8* %56 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.102383** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.102383**)) #11, !srcloc !4 %57 = inttoptr i64 %56 to %struct.task_struct.102383* %58 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 0, i32 2 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 2 %61 = icmp eq i32 %60, 0 br i1 %61, label %77, label %62 %78 = call i64 @_copy_from_user(i8* nonnull %55, i8* %2, i64 16) #83 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %114 %81 = getelementptr inbounds %struct.sock_fprog_kern, %struct.sock_fprog_kern* %6, i64 0, i32 0 %82 = load i16, i16* %81, align 8 br label %83 %84 = phi i16 [ %82, %80 ], [ %69, %67 ] %85 = add i16 %84, -1 %86 = icmp ugt i16 %85, 4095 br i1 %86, label %115, label %87 %88 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 60 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 1 %91 = icmp eq i64 %90, 0 br i1 %91, label %92, label %94 %93 = call zeroext i1 @ns_capable_noaudit(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), i32 21) #83 br i1 %93, label %94, label %115 %95 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %96 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %95, i32 11712, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_seccomp 2 __ia32_sys_seccomp ------------- Path:  Function:__ia32_sys_seccomp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = tail call fastcc i64 @do_seccomp(i32 %9, i32 %10, i8* %11) #83 Function:do_seccomp %4 = alloca %struct.orc_entry, align 2 %5 = alloca i32, align 4 %6 = alloca %struct.sock_fprog_kern, align 8 %7 = alloca %struct.compat_sock_fprog, align 4 switch i32 %0, label %523 [ i32 0, label %8 i32 1, label %41 i32 2, label %505 i32 3, label %516 ] %42 = zext i32 %1 to i64 %43 = and i64 %42, 4294967264 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %523 %46 = and i64 %42, 1 %47 = icmp eq i64 %46, 0 %48 = and i64 %42, 8 %49 = icmp eq i64 %48, 0 %50 = and i64 %42, 16 %51 = icmp eq i64 %50, 0 %52 = and i64 %42, 25 %53 = icmp eq i64 %52, 9 br i1 %53, label %523, label %54 %55 = bitcast %struct.sock_fprog_kern* %6 to i8* %56 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.102383** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.102383**)) #11, !srcloc !4 %57 = inttoptr i64 %56 to %struct.task_struct.102383* %58 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 0, i32 2 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 2 %61 = icmp eq i32 %60, 0 br i1 %61, label %77, label %62 %78 = call i64 @_copy_from_user(i8* nonnull %55, i8* %2, i64 16) #83 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %114 %81 = getelementptr inbounds %struct.sock_fprog_kern, %struct.sock_fprog_kern* %6, i64 0, i32 0 %82 = load i16, i16* %81, align 8 br label %83 %84 = phi i16 [ %82, %80 ], [ %69, %67 ] %85 = add i16 %84, -1 %86 = icmp ugt i16 %85, 4095 br i1 %86, label %115, label %87 %88 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 60 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 1 %91 = icmp eq i64 %90, 0 br i1 %91, label %92, label %94 %93 = call zeroext i1 @ns_capable_noaudit(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), i32 21) #83 br i1 %93, label %94, label %115 %95 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %96 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %95, i32 11712, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 do_seccomp 2 __x64_sys_seccomp ------------- Path:  Function:__x64_sys_seccomp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call fastcc i64 @do_seccomp(i32 %9, i32 %10, i8* %8) #83 Function:do_seccomp %4 = alloca %struct.orc_entry, align 2 %5 = alloca i32, align 4 %6 = alloca %struct.sock_fprog_kern, align 8 %7 = alloca %struct.compat_sock_fprog, align 4 switch i32 %0, label %523 [ i32 0, label %8 i32 1, label %41 i32 2, label %505 i32 3, label %516 ] %42 = zext i32 %1 to i64 %43 = and i64 %42, 4294967264 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %523 %46 = and i64 %42, 1 %47 = icmp eq i64 %46, 0 %48 = and i64 %42, 8 %49 = icmp eq i64 %48, 0 %50 = and i64 %42, 16 %51 = icmp eq i64 %50, 0 %52 = and i64 %42, 25 %53 = icmp eq i64 %52, 9 br i1 %53, label %523, label %54 %55 = bitcast %struct.sock_fprog_kern* %6 to i8* %56 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.102383** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.102383**)) #11, !srcloc !4 %57 = inttoptr i64 %56 to %struct.task_struct.102383* %58 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 0, i32 2 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 2 %61 = icmp eq i32 %60, 0 br i1 %61, label %77, label %62 %78 = call i64 @_copy_from_user(i8* nonnull %55, i8* %2, i64 16) #83 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %114 %81 = getelementptr inbounds %struct.sock_fprog_kern, %struct.sock_fprog_kern* %6, i64 0, i32 0 %82 = load i16, i16* %81, align 8 br label %83 %84 = phi i16 [ %82, %80 ], [ %69, %67 ] %85 = add i16 %84, -1 %86 = icmp ugt i16 %85, 4095 br i1 %86, label %115, label %87 %88 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 60 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 1 %91 = icmp eq i64 %90, 0 br i1 %91, label %92, label %94 %93 = call zeroext i1 @ns_capable_noaudit(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), i32 21) #83 br i1 %93, label %94, label %115 %95 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %96 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %95, i32 11712, i64 224) #84 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 tracing_stats_read ------------- Path:  Function:tracing_stats_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 47 %8 = bitcast i8** %7 to %struct.trace_array** %9 = load %struct.trace_array*, %struct.trace_array** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 43 %11 = bitcast %union.anon.97* %10 to %struct.cdev** %12 = load %struct.cdev*, %struct.cdev** %11, align 8 %13 = icmp eq %struct.cdev* %12, null %14 = ptrtoint %struct.cdev* %12 to i64 %15 = trunc i64 %14 to i32 %16 = add i32 %15, -1 %17 = select i1 %13, i32 -1, i32 %16 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 13), align 8 %19 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 3264, i64 4136) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 trace_parse_run_command 2 probes_write.12650 ------------- Path:  Function:probes_write.12650 %5 = tail call i64 bitcast (i64 (%struct.file*, i8*, i64, i64*, i32 (i8*)*)* @trace_parse_run_command to i64 (%struct.file.108396*, i8*, i64, i64*, i32 (i8*)*)*)(%struct.file.108396* %0, i8* %1, i64 %2, i64* %3, i32 (i8*)* nonnull @create_or_delete_trace_uprobe) #83 Function:trace_parse_run_command %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 4096) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 trace_parse_run_command 2 dyn_event_write ------------- Path:  Function:dyn_event_write %5 = tail call i64 bitcast (i64 (%struct.file*, i8*, i64, i64*, i32 (i8*)*)* @trace_parse_run_command to i64 (%struct.file.108396*, i8*, i64, i64*, i32 (i8*)*)*)(%struct.file.108396* %0, i8* %1, i64 %2, i64* %3, i32 (i8*)* nonnull @create_dyn_event) #83 Function:trace_parse_run_command %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 4096) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 trace_parse_run_command 2 probes_write ------------- Path:  Function:probes_write %5 = tail call i64 bitcast (i64 (%struct.file*, i8*, i64, i64*, i32 (i8*)*)* @trace_parse_run_command to i64 (%struct.file.108396*, i8*, i64, i64*, i32 (i8*)*)*)(%struct.file.108396* %0, i8* %1, i64 %2, i64* %3, i32 (i8*)* nonnull @create_or_delete_trace_kprobe) #83 Function:trace_parse_run_command %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 4096) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 event_filter_read ------------- Path:  Function:event_filter_read %5 = load i64, i64* %3, align 8 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %38 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 13), align 8 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 4136) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 subsystem_filter_read ------------- Path:  Function:subsystem_filter_read %5 = getelementptr inbounds %struct.file.108396, %struct.file.108396* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_subsystem_dir.108342** %7 = load %struct.trace_subsystem_dir.108342*, %struct.trace_subsystem_dir.108342** %6, align 8 %8 = getelementptr inbounds %struct.trace_subsystem_dir.108342, %struct.trace_subsystem_dir.108342* %7, i64 0, i32 1 %9 = load %struct.event_subsystem*, %struct.event_subsystem** %8, align 8 %10 = load i64, i64* %3, align 8 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %33 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 13), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 4136) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 show_header ------------- Path:  Function:show_header %5 = getelementptr inbounds %struct.file.108396, %struct.file.108396* %0, i64 0, i32 16 %6 = bitcast i8** %5 to i32 (%struct.trace_seq*)** %7 = load i32 (%struct.trace_seq*)*, i32 (%struct.trace_seq*)** %6, align 8 %8 = load i64, i64* %3, align 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %32 %11 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 13), align 8 %12 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %11, i32 3264, i64 4136) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kmem_cache_alloc_trace 1 system_tr_open ------------- Path:  Function:system_tr_open %3 = getelementptr inbounds %struct.inode.108445, %struct.inode.108445* %0, i64 0, i32 47 %4 = bitcast i8** %3 to i64* %5 = load i64, i64* %4, align 8 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 48) #83 Function:kmem_cache_alloc_trace %5 = ptrtoint i8* %4 to i64 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = and i32 %7, 1024 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __alloc_pages 1 alloc_pages 2 nfs4_proc_set_acl 3 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #83 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %18 = bitcast %struct.nfs_fh** %16 to %struct.list_head*** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %12, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %17, %struct.list_head*** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %165, label %63 %64 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %62, i64 0, i32 10 %65 = load i32, i32* %64, align 8 %66 = and i32 %65, 8 %67 = icmp eq i32 %66, 0 %68 = or i1 %67, %33 %69 = select i1 %67, i32 -95, i32 -34 br i1 %68, label %165, label %70 %71 = phi i32 [ %94, %83 ], [ 0, %63 ] %72 = phi %struct.page** [ %93, %83 ], [ %21, %63 ] %73 = phi i64 [ %92, %83 ], [ %2, %63 ] %74 = phi i8* [ %91, %83 ], [ %1, %63 ] %75 = icmp ult i64 %73, 4096 %76 = select i1 %75, i64 %73, i64 4096 %77 = call %struct.page* @alloc_pages(i32 3264, i32 0) #83 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __alloc_pages 1 alloc_pages 2 nfs_symlink ------------- Path:  Function:nfs_symlink %5 = alloca %struct.iattr, align 8 %6 = bitcast %struct.iattr* %5 to i8* %7 = tail call i64 @strlen(i8* %3) #83 %8 = trunc i64 %7 to i32 %9 = and i64 %7, 4294967295 %10 = icmp ugt i64 %9, 4096 br i1 %10, label %148, label %11 %12 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 1 store i16 -24065, i16* %12, align 4 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 0 store i32 1, i32* %13, align 8 %14 = tail call %struct.page* @alloc_pages(i32 1051840, i32 0) #84 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __alloc_pages 1 alloc_pages 2 nfs_symlink ------------- Path:  Function:nfs_symlink %5 = alloca %struct.iattr, align 8 %6 = bitcast %struct.iattr* %5 to i8* %7 = tail call i64 @strlen(i8* %3) #83 %8 = trunc i64 %7 to i32 %9 = and i64 %7, 4294967295 %10 = icmp ugt i64 %9, 4096 br i1 %10, label %148, label %11 %12 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 1 store i16 -24065, i16* %12, align 4 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 0 store i32 1, i32* %13, align 8 %14 = tail call %struct.page* @alloc_pages(i32 1051840, i32 0) #84 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __alloc_pages 1 alloc_pages 2 nfs_symlink ------------- Path:  Function:nfs_symlink %5 = alloca %struct.iattr, align 8 %6 = bitcast %struct.iattr* %5 to i8* %7 = tail call i64 @strlen(i8* %3) #83 %8 = trunc i64 %7 to i32 %9 = and i64 %7, 4294967295 %10 = icmp ugt i64 %9, 4096 br i1 %10, label %148, label %11 %12 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 1 store i16 -24065, i16* %12, align 4 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 0 store i32 1, i32* %13, align 8 %14 = tail call %struct.page* @alloc_pages(i32 1051840, i32 0) #84 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __alloc_pages 1 alloc_pages 2 get_zeroed_page 3 simple_transaction_get 4 selinux_transaction_write ------------- Path:  Function:selinux_transaction_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = icmp ugt i64 %8, 14 br i1 %9, label %25, label %10 %11 = getelementptr [15 x i64 (%struct.file*, i8*, i64)*], [15 x i64 (%struct.file*, i8*, i64)*]* @write_op, i64 0, i64 %8 %12 = lshr i64 15391, %8 %13 = and i64 %12, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %25 %16 = tail call i8* bitcast (i8* (%struct.file.151769*, i8*, i64)* @simple_transaction_get to i8* (%struct.file*, i8*, i64)*)(%struct.file* %0, i8* %1, i64 %2) #83 Function:simple_transaction_get %4 = icmp ugt i64 %2, 4087 br i1 %4, label %20, label %5 %6 = tail call i64 @get_zeroed_page(i32 3264) #83 Function:get_zeroed_page %2 = and i32 %0, -259 %3 = or i32 %2, 256 %4 = tail call %struct.page.135016* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.135016* (i32, i32)*)(i32 %3, i32 0) #83 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __alloc_pages 1 alloc_pages 2 isofs_lookup ------------- Path:  Function:isofs_lookup %4 = alloca %struct.qstr, align 8 %5 = tail call %struct.page.209199* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.209199* (i32, i32)*)(i32 1051840, i32 0) #83 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __alloc_pages 1 alloc_pages 2 __nfs3_proc_setacls 3 nfs3_set_acl ------------- Path:  Function:nfs3_set_acl %5 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %1, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, -4096 %8 = icmp eq i16 %7, 16384 br i1 %8, label %9, label %16 switch i32 %3, label %16 [ i32 32768, label %10 i32 16384, label %13 ] %14 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.232196*, i32)*)(%struct.inode.232196* %1, i32 32768) #83 %15 = icmp ugt %struct.posix_acl* %14, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %15, label %63, label %16 %17 = phi %struct.posix_acl* [ %2, %9 ], [ %2, %4 ], [ %2, %10 ], [ %14, %13 ] %18 = phi %struct.posix_acl* [ null, %9 ], [ null, %4 ], [ %11, %10 ], [ %2, %13 ] %19 = icmp eq %struct.posix_acl* %17, null br i1 %19, label %20, label %24 %21 = load i16, i16* %5, align 8 %22 = tail call %struct.posix_acl* @posix_acl_from_mode(i16 zeroext %21, i32 3264) #83 %23 = icmp ugt %struct.posix_acl* %22, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %23, label %63, label %24 %25 = phi %struct.posix_acl* [ %17, %16 ], [ %22, %20 ] %26 = tail call fastcc i32 @__nfs3_proc_setacls(%struct.inode.232196* %1, %struct.posix_acl* %25, %struct.posix_acl* %18) #84 Function:__nfs3_proc_setacls %4 = alloca %struct.nfs_fattr*, align 8 %5 = alloca [7 x %struct.page.232204*], align 16 %6 = alloca %struct.nfs3_setaclargs, align 8 %7 = alloca %struct.rpc_message.232335, align 8 %8 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %0, i64 0, i32 8 %9 = load %struct.super_block.232179*, %struct.super_block.232179** %8, align 8 %10 = getelementptr inbounds %struct.super_block.232179, %struct.super_block.232179* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.232431** %12 = load %struct.nfs_server.232431*, %struct.nfs_server.232431** %11, align 16 %13 = bitcast %struct.nfs_fattr** %4 to i8* %14 = bitcast [7 x %struct.page.232204*]* %5 to i8* %15 = bitcast %struct.nfs3_setaclargs* %6 to i8* %16 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 0 store %struct.inode.232196* %0, %struct.inode.232196** %16, align 8 %17 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 1 store i32 1, i32* %17, align 8 %18 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 2 store %struct.posix_acl* %1, %struct.posix_acl** %18, align 8 %19 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 4 %21 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 5 %22 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 6 %23 = getelementptr inbounds [7 x %struct.page.232204*], [7 x %struct.page.232204*]* %5, i64 0, i64 0 %24 = bitcast %struct.posix_acl** %19 to i8* store %struct.page.232204** %23, %struct.page.232204*** %22, align 8 %25 = bitcast %struct.rpc_message.232335* %7 to i8* %26 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 0 store %struct.rpc_procinfo.232334* null, %struct.rpc_procinfo.232334** %26, align 8 %27 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 1 %28 = bitcast i8** %27 to %struct.nfs3_setaclargs** store %struct.nfs3_setaclargs* %6, %struct.nfs3_setaclargs** %28, align 8 %29 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 2 %30 = bitcast i8** %29 to %struct.nfs_fattr*** store %struct.nfs_fattr** %4, %struct.nfs_fattr*** %30, align 8 %31 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 3 store %struct.cred* null, %struct.cred** %31, align 8 %32 = icmp eq %struct.posix_acl* %1, null br i1 %32, label %33, label %45 %46 = getelementptr inbounds %struct.nfs_server.232431, %struct.nfs_server.232431* %12, i64 0, i32 10 %47 = load i32, i32* %46, align 8 %48 = and i32 %47, 8 %49 = icmp eq i32 %48, 0 br i1 %49, label %153, label %50 %51 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %1, i64 0, i32 2 %52 = load i32, i32* %51, align 8 %53 = icmp ugt i32 %52, 1024 br i1 %53, label %153, label %54 %55 = icmp eq %struct.posix_acl* %2, null br i1 %55, label %65, label %56 %66 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %0, i64 0, i32 0 %67 = load i16, i16* %66, align 8 %68 = and i16 %67, -4096 %69 = icmp eq i16 %68, 16384 br i1 %69, label %70, label %84 %85 = phi i32 [ %52, %70 ], [ %58, %71 ], [ %58, %72 ], [ %82, %80 ], [ %52, %65 ] %86 = phi i32 [ 16, %70 ], [ 64, %71 ], [ %78, %72 ], [ 16, %80 ], [ 16, %65 ] %87 = icmp sgt i32 %85, 4 %88 = select i1 %87, i32 %85, i32 4 %89 = mul i32 %88, 12 %90 = add i32 %89, %86 %91 = zext i32 %90 to i64 store i64 %91, i64* %20, align 8 %92 = icmp ugt i32 %90, 136 br i1 %92, label %93, label %113 %94 = add nuw nsw i64 %91, 17592186044415 %95 = lshr i64 %94, 12 %96 = trunc i64 %95 to i32 %97 = add nsw i32 %96, 1 br label %98 %99 = call %struct.page.232204* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.232204* (i32, i32)*)(i32 3264, i32 0) #83 %111 = add i32 %105, 1 store i32 %111, i32* %21, align 8 %112 = icmp ult i32 %111, %97 br i1 %112, label %98, label %113 %99 = call %struct.page.232204* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.232204* (i32, i32)*)(i32 3264, i32 0) #83 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __alloc_pages 1 ring_buffer_alloc_read_page 2 tracing_buffers_read ------------- Path:  Function:tracing_buffers_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.ftrace_buffer_info** %7 = load %struct.ftrace_buffer_info*, %struct.ftrace_buffer_info** %6, align 8 %8 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0 %9 = icmp eq i64 %2, 0 br i1 %9, label %114, label %10 %11 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null br i1 %13, label %14, label %29 %15 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 2 %16 = load %struct.array_buffer*, %struct.array_buffer** %15, align 8 %17 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %16, i64 0, i32 1 %18 = load %struct.trace_buffer*, %struct.trace_buffer** %17, align 8 %19 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = tail call i8* @ring_buffer_alloc_read_page(%struct.trace_buffer* %18, i32 %20) #83 Function:ring_buffer_alloc_read_page %3 = alloca i64, align 8 %4 = zext i32 %1 to i64 %5 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 3, i64 0, i32 0, i64 0 %6 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4) #6, !srcloc !4 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %61, label %9 %10 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 6 %11 = load %struct.ring_buffer_per_cpu**, %struct.ring_buffer_per_cpu*** %10, align 8 %12 = sext i32 %1 to i64 %13 = getelementptr %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %11, i64 %12 %14 = load %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %13, align 8 %15 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !5 %16 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %14, i64 0, i32 5 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %17, i64 0, i32 0, i32 0, i32 0 %19 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18, i32 0) #6, !srcloc !7 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %25, !prof !8, !misexpect !9 %26 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %14, i64 0, i32 7 %27 = load %struct.buffer_data_page*, %struct.buffer_data_page** %26, align 8 %28 = icmp eq %struct.buffer_data_page* %27, null br i1 %28, label %30, label %29 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = bitcast %struct.qspinlock* %17 to i8* store volatile i8 0, i8* %31, align 4 %32 = and i64 %16, 512 %33 = icmp eq i64 %32, 0 br i1 %33, label %35, label %34 br i1 %28, label %36, label %57 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (i32* @numa_node to i64) %40 = inttoptr i64 %39 to i32* %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, -1 br i1 %42, label %43, label %45 %46 = phi i32 [ %44, %43 ], [ %41, %36 ] %47 = call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 68800, i32 0, i32 %46, %struct.cpumask* null) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __alloc_pages 1 kmalloc_large_node 2 __kmalloc_node 3 rb_alloc_aux 4 perf_mmap ------------- Path:  Function:perf_mmap %3 = getelementptr inbounds %struct.file.114997, %struct.file.114997* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.perf_event.115065** %5 = load %struct.perf_event.115065*, %struct.perf_event.115065** %4, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.115211** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.115211**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.115211* %8 = getelementptr inbounds %struct.task_struct.115211, %struct.task_struct.115211* %7, i64 0, i32 94 %9 = load %struct.cred.114987*, %struct.cred.114987** %8, align 8 %10 = getelementptr inbounds %struct.cred.114987, %struct.cred.114987* %9, i64 0, i32 21 %11 = load %struct.user_struct*, %struct.user_struct** %10, align 8 %12 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 35 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, -1 br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 22, i32 6 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 2 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %324 %21 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 8 %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %324, label %25 %26 = tail call i32 bitcast (i32 (%struct.perf_event*)* @security_perf_event_read to i32 (%struct.perf_event.115065*)*)(%struct.perf_event.115065* %5) #83 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %324 %29 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = sub i64 %30, %32 %34 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 13 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %47 %38 = lshr i64 %33, 12 %39 = add nsw i64 %38, -1 %40 = icmp eq i64 %39, 0 %42 = icmp eq i64 %41, 1 %43 = or i1 %40, %42 %44 = and i64 %33, -4096 %45 = icmp eq i64 %33, %44 %46 = and i1 %45, %43 br i1 %46, label %117, label %324 %118 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 27 %119 = load %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %118, align 8 %120 = getelementptr inbounds %struct.perf_event_context.115041, %struct.perf_event_context.115041* %119, i64 0, i32 20 %121 = load %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %120, align 8 %122 = icmp eq %struct.perf_event_context.115041* %121, null br i1 %122, label %124, label %123, !prof !10, !misexpect !7 %125 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 38 tail call void @mutex_lock(%struct.mutex* %125) #83 %126 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 40 %127 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %128 = icmp eq %struct.perf_buffer* %127, null br i1 %128, label %152, label %129 %130 = phi %struct.perf_buffer* [ %150, %149 ], [ %127, %124 ] %131 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 8 %133 = sext i32 %132 to i64 %134 = icmp eq i64 %39, %133 br i1 %134, label %135, label %310 %136 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 15, i32 0 %137 = load volatile i32, i32* %136, align 4 %138 = icmp eq i32 %137, 0 br i1 %138, label %149, label %139, !prof !6, !misexpect !7 %140 = phi i32 [ %147, %146 ], [ %137, %135 ] %141 = add i32 %140, 1 %142 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %136, i32 %141, i32* %136, i32 %140) #6, !srcloc !8 %143 = extractvalue { i8, i32 } %142, 0 %144 = and i8 %143, 1 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %296, !prof !6, !misexpect !7 %147 = extractvalue { i8, i32 } %142, 1 %148 = icmp eq i32 %147, 0 br i1 %148, label %149, label %139, !prof !6, !misexpect !7 tail call void @mutex_unlock(%struct.mutex* %125) #83 tail call void @mutex_lock(%struct.mutex* %125) #83 %150 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %151 = icmp eq %struct.perf_buffer* %150, null br i1 %151, label %152, label %129 %153 = phi i1 [ false, %115 ], [ true, %124 ], [ true, %149 ] %154 = phi i32 [ -22, %115 ], [ 0, %124 ], [ 0, %149 ] %155 = phi i64 [ %52, %115 ], [ %38, %124 ], [ %38, %149 ] %156 = phi i64 [ %52, %115 ], [ %39, %124 ], [ %39, %149 ] %157 = phi %struct.perf_buffer* [ %54, %115 ], [ null, %124 ], [ null, %149 ] %158 = load i32, i32* @sysctl_perf_event_mlock, align 4 %159 = ashr i32 %158, 2 %160 = sext i32 %159 to i64 %161 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %162 = zext i32 %161 to i64 %163 = mul nsw i64 %160, %162 %164 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %11, i64 0, i32 6, i32 0 %165 = load volatile i64, i64* %164, align 8 %166 = icmp ugt i64 %165, %163 %167 = select i1 %166, i64 %163, i64 %165 %168 = add i64 %167, %155 %170 = sub i64 %155, %169 %171 = getelementptr inbounds %struct.task_struct.115211, %struct.task_struct.115211* %7, i64 0, i32 104 %172 = load %struct.signal_struct.115167*, %struct.signal_struct.115167** %171, align 8 %173 = getelementptr %struct.signal_struct.115167, %struct.signal_struct.115167* %172, i64 0, i32 50, i64 8, i32 0 %174 = load volatile i64, i64* %173, align 8 %175 = lshr i64 %174, 12 %176 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 6 %177 = load %struct.mm_struct.115142*, %struct.mm_struct.115142** %176, align 8 %178 = getelementptr inbounds %struct.mm_struct.115142, %struct.mm_struct.115142* %177, i64 0, i32 0, i32 23, i32 0 %179 = load volatile i64, i64* %178, align 8 %180 = add i64 %169, %179 %181 = icmp ule i64 %180, %175 %182 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %183 = icmp slt i32 %182, 0 %184 = or i1 %183, %181 br i1 %184, label %187, label %185 %188 = icmp eq %struct.perf_buffer* %157, null br i1 %188, label %189, label %281 %282 = load i64, i64* %21, align 8 %283 = lshr i64 %282, 1 %284 = trunc i64 %283 to i32 %285 = and i32 %284, 1 %286 = load i64, i64* %34, align 8 %287 = trunc i64 %156 to i32 %288 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 22, i32 16 %289 = load i32, i32* %288, align 8 %290 = zext i32 %289 to i64 %291 = tail call i32 bitcast (i32 (%struct.perf_buffer*, %struct.perf_event*, i64, i32, i64, i32)* @rb_alloc_aux to i32 (%struct.perf_buffer*, %struct.perf_event.115065*, i64, i32, i64, i32)*)(%struct.perf_buffer* nonnull %157, %struct.perf_event.115065* %5, i64 %286, i32 %287, i64 %290, i32 %285) #83 Function:rb_alloc_aux %7 = and i32 %5, 1 %8 = icmp eq i32 %7, 0 %9 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 35 %10 = load i32, i32* %9, align 4 %11 = icmp eq i32 %10, -1 br i1 %11, label %19, label %12 %20 = phi i32 [ %18, %12 ], [ -1, %6 ] %21 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 12 %22 = load %struct.pmu*, %struct.pmu** %21, align 8 %23 = getelementptr inbounds %struct.pmu, %struct.pmu* %22, i64 0, i32 31 %24 = load i8* (%struct.perf_event*, i8**, i32, i1)*, i8* (%struct.perf_event*, i8**, i32, i1)** %23, align 8 %25 = icmp eq i8* (%struct.perf_event*, i8**, i32, i1)* %24, null br i1 %25, label %162, label %26 br i1 %8, label %36, label %27 %28 = icmp eq i64 %4, 0 %29 = shl i32 %3, 11 %30 = sext i32 %29 to i64 %31 = select i1 %28, i64 %30, i64 %4 %32 = add i64 %31, -1 %33 = lshr i64 %32, 12 %34 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %33, i32 -1) #4, !srcloc !4 %35 = add i32 %34, 1 br label %38 %39 = phi i32 [ %37, %36 ], [ %35, %27 ] %40 = phi i64 [ 0, %36 ], [ %31, %27 ] %41 = sext i32 %3 to i64 %43 = extractvalue { i64, i1 } %42, 1 br i1 %43, label %44, label %47, !prof !6, !misexpect !7 %48 = extractvalue { i64, i1 } %42, 0 %49 = tail call noalias align 8 i8* @__kmalloc_node(i64 %48, i32 3520, i32 %20) #83 Function:__kmalloc_node %4 = icmp ugt i64 %0, 8192 br i1 %4, label %5, label %35, !prof !4, !misexpect !5 %6 = tail call fastcc i8* @kmalloc_large_node(i64 %0, i32 %1, i32 %2) #83 Function:kmalloc_large_node %4 = add i64 %0, -1 %5 = lshr i64 %4, 12 %6 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %5, i32 -1) #4, !srcloc !4 %7 = add i32 %6, 1 %8 = or i32 %1, 262144 %9 = icmp eq i32 %2, -1 br i1 %9, label %10, label %12 %13 = phi i32 [ %11, %10 ], [ %2, %3 ] %14 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %8, i32 %7, i32 %13, %struct.cpumask* null) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 vunmap 1 relay_destroy_buf 2 relay_file_release ------------- Path:  Function:relay_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.rchan_buf** %5 = load %struct.rchan_buf*, %struct.rchan_buf** %4, align 8 %6 = getelementptr inbounds %struct.rchan_buf, %struct.rchan_buf* %5, i64 0, i32 9 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %6, i64 0, i32 0 %8 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %6, i64 0, i32 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %17 = getelementptr %struct.qspinlock, %struct.qspinlock* %6, i64 -28 %18 = bitcast %struct.qspinlock* %17 to %struct.rchan_buf* tail call fastcc void @relay_destroy_buf(%struct.rchan_buf* %18) #83 Function:relay_destroy_buf %2 = getelementptr inbounds %struct.rchan_buf, %struct.rchan_buf* %0, i64 0, i32 5 %3 = load %struct.rchan*, %struct.rchan** %2, align 8 %4 = getelementptr inbounds %struct.rchan_buf, %struct.rchan_buf* %0, i64 0, i32 0 %5 = load i8*, i8** %4, align 64 %6 = icmp eq i8* %5, null br i1 %6, label %26, label %7, !prof !4, !misexpect !5 tail call void @vunmap(i8* nonnull %5) #83 Function:vunmap %2 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %3 = and i32 %2, 16776960 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !5, !misexpect !6 %7 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 remove_vm_area 1 __vunmap 2 vunmap 3 relay_destroy_buf 4 relay_file_release ------------- Path:  Function:relay_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.rchan_buf** %5 = load %struct.rchan_buf*, %struct.rchan_buf** %4, align 8 %6 = getelementptr inbounds %struct.rchan_buf, %struct.rchan_buf* %5, i64 0, i32 9 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %6, i64 0, i32 0 %8 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %6, i64 0, i32 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %17 = getelementptr %struct.qspinlock, %struct.qspinlock* %6, i64 -28 %18 = bitcast %struct.qspinlock* %17 to %struct.rchan_buf* tail call fastcc void @relay_destroy_buf(%struct.rchan_buf* %18) #83 Function:relay_destroy_buf %2 = getelementptr inbounds %struct.rchan_buf, %struct.rchan_buf* %0, i64 0, i32 5 %3 = load %struct.rchan*, %struct.rchan** %2, align 8 %4 = getelementptr inbounds %struct.rchan_buf, %struct.rchan_buf* %0, i64 0, i32 0 %5 = load i8*, i8** %4, align 64 %6 = icmp eq i8* %5, null br i1 %6, label %26, label %7, !prof !4, !misexpect !5 tail call void @vunmap(i8* nonnull %5) #83 Function:vunmap %2 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %3 = and i32 %2, 16776960 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !5, !misexpect !6 %7 = tail call i32 @__SCT__might_resched() #83 %8 = icmp eq i8* %0, null br i1 %8, label %10, label %9 tail call fastcc void @__vunmap(i8* nonnull %0, i32 0) #84 Function:__vunmap %3 = icmp eq i8* %0, null br i1 %3, label %169, label %4 %5 = ptrtoint i8* %0 to i64 %6 = and i64 %5, 4095 %7 = icmp eq i64 %6, 0 br i1 %7, label %9, label %8, !prof !4, !misexpect !5 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vmap_area_lock, i64 0, i32 0, i32 0)) #83 %10 = load %struct.rb_node*, %struct.rb_node** getelementptr inbounds (%struct.rb_root, %struct.rb_root* @vmap_area_root, i64 0, i32 0), align 8 %11 = icmp eq %struct.rb_node* %10, null br i1 %11, label %31, label %12 %13 = phi %struct.rb_node* [ %29, %27 ], [ %10, %9 ] %14 = getelementptr %struct.rb_node, %struct.rb_node* %13, i64 -1, i32 1 %15 = bitcast %struct.rb_node** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = icmp ugt i64 %16, %5 br i1 %17, label %18, label %20 %21 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %14, i64 1 %22 = bitcast %struct.rb_node** %21 to i64* %23 = load i64, i64* %22, align 8 %24 = icmp ugt i64 %23, %5 br i1 %24, label %32, label %25 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vmap_area_lock, i64 0, i32 0, i32 0)) #83 %33 = icmp eq %struct.rb_node** %14, null br i1 %33, label %39, label %34 %35 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %14, i64 7 %36 = bitcast %struct.rb_node** %35 to %struct.vm_struct** %37 = load %struct.vm_struct*, %struct.vm_struct** %36, align 8 %38 = icmp eq %struct.vm_struct* %37, null br i1 %38, label %39, label %40, !prof !8, !misexpect !5 %41 = getelementptr inbounds %struct.vm_struct, %struct.vm_struct* %37, i64 0, i32 3 %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.vm_struct, %struct.vm_struct* %37, i64 0, i32 1 %44 = load i8*, i8** %43, align 8 %45 = tail call %struct.vm_struct* @remove_vm_area(i8* %44) #83 Function:remove_vm_area %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __anon_vma_prepare 1 expand_downwards 2 find_extend_vma 3 __get_user_pages 4 faultin_vma_page_range 5 madvise_populate 6 do_madvise 7 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #83 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %224, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #83 Function:find_extend_vma %3 = and i64 %1, -4096 %4 = tail call %struct.vm_area_struct* bitcast (%struct.vm_area_struct.126282* (%struct.mm_struct.126293*, i64)* @vmacache_find to %struct.vm_area_struct* (%struct.mm_struct*, i64)*)(%struct.mm_struct* %0, i64 %3) #83 %5 = icmp eq %struct.vm_area_struct* %4, null br i1 %5, label %6, label %38, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 1, i32 0 %8 = load %struct.rb_node*, %struct.rb_node** %7, align 8 %9 = icmp eq %struct.rb_node* %8, null br i1 %9, label %57, label %10 %11 = phi %struct.rb_node* [ %30, %27 ], [ %8, %6 ] %12 = phi %struct.vm_area_struct* [ %28, %27 ], [ null, %6 ] %13 = getelementptr %struct.rb_node, %struct.rb_node* %11, i64 -2, i32 2 %14 = bitcast %struct.rb_node** %13 to %struct.vm_area_struct* %15 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %13, i64 1 %16 = bitcast %struct.rb_node** %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %3 br i1 %18, label %19, label %25 %26 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %11, i64 0, i32 1 br label %27 %28 = phi %struct.vm_area_struct* [ %14, %23 ], [ %12, %25 ] %29 = phi %struct.rb_node** [ %24, %23 ], [ %26, %25 ] %30 = load %struct.rb_node*, %struct.rb_node** %29, align 8 %31 = icmp eq %struct.rb_node* %30, null br i1 %31, label %34, label %10 %35 = phi %struct.vm_area_struct* [ %33, %32 ], [ %28, %27 ] %36 = icmp eq %struct.vm_area_struct* %35, null br i1 %36, label %57, label %37 tail call void bitcast (void (i64, %struct.vm_area_struct.126282*)* @vmacache_update to void (i64, %struct.vm_area_struct*)*)(i64 %3, %struct.vm_area_struct* nonnull %35) #83 br label %38 %39 = phi %struct.vm_area_struct* [ %4, %2 ], [ %35, %37 ] %40 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp ugt i64 %41, %3 br i1 %42, label %43, label %57 %44 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 8 %45 = load i64, i64* %44, align 8 %46 = and i64 %45, 256 %47 = icmp eq i64 %46, 0 br i1 %47, label %57, label %48 %49 = tail call i32 @expand_downwards(%struct.vm_area_struct* nonnull %39, i64 %3) #83 Function:expand_downwards %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %4 = load %struct.mm_struct*, %struct.mm_struct** %3, align 8 %5 = and i64 %1, -4096 %6 = load i64, i64* @mmap_min_addr, align 8 %7 = icmp ult i64 %5, %6 br i1 %7, label %264, label %8 %9 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 3 %10 = load %struct.vm_area_struct*, %struct.vm_area_struct** %9, align 8 %11 = icmp eq %struct.vm_area_struct* %10, null br i1 %11, label %26, label %12 %13 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %10, i64 0, i32 8 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 256 %16 = icmp eq i64 %15, 0 %17 = and i64 %14, 7 %18 = icmp ne i64 %17, 0 %19 = and i1 %16, %18 br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 11 %28 = load %struct.anon_vma*, %struct.anon_vma** %27, align 8 %29 = icmp eq %struct.anon_vma* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %31 = tail call i32 bitcast (i32 (%struct.vm_area_struct.133481*)* @__anon_vma_prepare to i32 (%struct.vm_area_struct*)*)(%struct.vm_area_struct* %0) #83 Function:__anon_vma_prepare %2 = getelementptr inbounds %struct.vm_area_struct.133481, %struct.vm_area_struct.133481* %0, i64 0, i32 6 %3 = load %struct.mm_struct.133473*, %struct.mm_struct.133473** %2, align 8 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __anon_vma_prepare 1 expand_downwards 2 find_extend_vma 3 __get_user_pages 4 faultin_vma_page_range 5 madvise_populate 6 do_madvise 7 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #83 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %224, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #83 Function:find_extend_vma %3 = and i64 %1, -4096 %4 = tail call %struct.vm_area_struct* bitcast (%struct.vm_area_struct.126282* (%struct.mm_struct.126293*, i64)* @vmacache_find to %struct.vm_area_struct* (%struct.mm_struct*, i64)*)(%struct.mm_struct* %0, i64 %3) #83 %5 = icmp eq %struct.vm_area_struct* %4, null br i1 %5, label %6, label %38, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 1, i32 0 %8 = load %struct.rb_node*, %struct.rb_node** %7, align 8 %9 = icmp eq %struct.rb_node* %8, null br i1 %9, label %57, label %10 %11 = phi %struct.rb_node* [ %30, %27 ], [ %8, %6 ] %12 = phi %struct.vm_area_struct* [ %28, %27 ], [ null, %6 ] %13 = getelementptr %struct.rb_node, %struct.rb_node* %11, i64 -2, i32 2 %14 = bitcast %struct.rb_node** %13 to %struct.vm_area_struct* %15 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %13, i64 1 %16 = bitcast %struct.rb_node** %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %3 br i1 %18, label %19, label %25 %26 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %11, i64 0, i32 1 br label %27 %28 = phi %struct.vm_area_struct* [ %14, %23 ], [ %12, %25 ] %29 = phi %struct.rb_node** [ %24, %23 ], [ %26, %25 ] %30 = load %struct.rb_node*, %struct.rb_node** %29, align 8 %31 = icmp eq %struct.rb_node* %30, null br i1 %31, label %34, label %10 %35 = phi %struct.vm_area_struct* [ %33, %32 ], [ %28, %27 ] %36 = icmp eq %struct.vm_area_struct* %35, null br i1 %36, label %57, label %37 tail call void bitcast (void (i64, %struct.vm_area_struct.126282*)* @vmacache_update to void (i64, %struct.vm_area_struct*)*)(i64 %3, %struct.vm_area_struct* nonnull %35) #83 br label %38 %39 = phi %struct.vm_area_struct* [ %4, %2 ], [ %35, %37 ] %40 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp ugt i64 %41, %3 br i1 %42, label %43, label %57 %44 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 8 %45 = load i64, i64* %44, align 8 %46 = and i64 %45, 256 %47 = icmp eq i64 %46, 0 br i1 %47, label %57, label %48 %49 = tail call i32 @expand_downwards(%struct.vm_area_struct* nonnull %39, i64 %3) #83 Function:expand_downwards %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %4 = load %struct.mm_struct*, %struct.mm_struct** %3, align 8 %5 = and i64 %1, -4096 %6 = load i64, i64* @mmap_min_addr, align 8 %7 = icmp ult i64 %5, %6 br i1 %7, label %264, label %8 %9 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 3 %10 = load %struct.vm_area_struct*, %struct.vm_area_struct** %9, align 8 %11 = icmp eq %struct.vm_area_struct* %10, null br i1 %11, label %26, label %12 %13 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %10, i64 0, i32 8 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 256 %16 = icmp eq i64 %15, 0 %17 = and i64 %14, 7 %18 = icmp ne i64 %17, 0 %19 = and i1 %16, %18 br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 11 %28 = load %struct.anon_vma*, %struct.anon_vma** %27, align 8 %29 = icmp eq %struct.anon_vma* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %31 = tail call i32 bitcast (i32 (%struct.vm_area_struct.133481*)* @__anon_vma_prepare to i32 (%struct.vm_area_struct*)*)(%struct.vm_area_struct* %0) #83 Function:__anon_vma_prepare %2 = getelementptr inbounds %struct.vm_area_struct.133481, %struct.vm_area_struct.133481* %0, i64 0, i32 6 %3 = load %struct.mm_struct.133473*, %struct.mm_struct.133473** %2, align 8 %4 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 _nfs4_do_setattr 4 nfs4_do_setattr 5 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 2 %36 = call zeroext i1 @nfs4_copy_delegation_stateid(%struct.inode* %0, i32 2, %struct.nfs4_stateid_struct* %35, %struct.cred** nonnull %9) #83 br i1 %36, label %62, label %37 %38 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %38, label %57, label %39 %40 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %4, i64 0, i32 5 %41 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %40, align 8 %42 = icmp eq %struct.nfs4_state.233157* %41, null br i1 %42, label %57, label %43 %44 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %41, i64 0, i32 5 %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 512 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %160 %49 = call %struct.nfs_lock_context.233159* bitcast (%struct.nfs_lock_context.214916* (%struct.nfs_open_context.214915*)* @nfs_get_lock_context to %struct.nfs_lock_context.233159* (%struct.nfs_open_context.233158*)*)(%struct.nfs_open_context.233158* nonnull %4) #83 %50 = icmp ugt %struct.nfs_lock_context.233159* %49, inttoptr (i64 -4096 to %struct.nfs_lock_context.233159*) br i1 %50, label %51, label %54 %55 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %40, align 8 %56 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %55, i32 2, %struct.nfs_lock_context.233159* %49, %struct.nfs4_stateid_struct* %35, %struct.cred** nonnull %9) #83 call void bitcast (void (%struct.nfs_lock_context.214916*)* @nfs_put_lock_context to void (%struct.nfs_lock_context.233159*)*)(%struct.nfs_lock_context.233159* %49) #83 switch i32 %56, label %62 [ i32 -5, label %160 i32 -11, label %57 ] %63 = load %struct.cred*, %struct.cred** %9, align 8 %64 = icmp eq %struct.cred* %63, null br i1 %64, label %66, label %65 %67 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %14, i64 0, i32 3 %68 = bitcast %struct.rpc_clnt** %67 to i64* %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0 %71 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 0 %72 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %72, align 8 %73 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0, i32 1 %74 = load i8, i8* %73, align 8 %75 = and i8 %74, -4 %76 = or i8 %75, 1 store i8 %76, i8* %73, align 8 %77 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %77, align 8 %78 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %14, i64 0, i32 0 %79 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %78, align 8 %80 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %79, i64 0, i32 15 %81 = load i32, i32* %80, align 8 %82 = icmp eq i32 %81, 0 %83 = select i1 %82, i16 0, i16 4 %84 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %85 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 store %struct.nfs_server.233131* %14, %struct.nfs_server.233131** %85, align 8 %86 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 store %struct.nfs4_sequence_args.233141* %70, %struct.nfs4_sequence_args.233141** %86, align 8 %87 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 store %struct.nfs4_sequence_res.233143* %71, %struct.nfs4_sequence_res.233143** %87, align 8 %88 = bitcast %struct.rpc_task_setup* %7 to i8* %89 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %89, align 8 %90 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 1 %91 = bitcast %struct.rpc_clnt** %90 to i64* store i64 %69, i64* %91, align 8 %92 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 2 %93 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 4 %94 = bitcast %struct.rpc_xprt** %92 to i8* store %struct.rpc_message* %8, %struct.rpc_message** %93, align 8 %95 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 5 %96 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %79, i64 0, i32 31 %97 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %96, align 8 %98 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %97, i64 0, i32 10 %99 = bitcast %struct.rpc_call_ops** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.rpc_call_ops** %95 to i64* store i64 %100, i64* %101, align 8 %102 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 6 %103 = bitcast i8** %102 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %6, %struct.nfs4_call_sync_data** %103, align 8 %104 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 7 store %struct.workqueue_struct* null, %struct.workqueue_struct** %104, align 8 %105 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 8 store i16 %83, i16* %105, align 8 %106 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 9 store i8 0, i8* %106, align 2 %107 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %7) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 nfs4_server_capabilities 4 nfs4_proc_get_root ------------- Path:  Function:nfs4_proc_get_root %4 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %5 = load %struct.nfs_fattr*, %struct.nfs_fattr** %4, align 8 %6 = tail call i32 @nfs4_server_capabilities(%struct.nfs_server.233131* %0, %struct.nfs_fh* %1) #83 Function:nfs4_server_capabilities %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca [3 x i32], align 4 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_server_caps_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 tail call void bitcast (void (%struct.nfs_server.243328*)* @nfs4_server_set_init_caps to void (%struct.nfs_server.233131*)*)(%struct.nfs_server.233131* %0) #83 %12 = bitcast [3 x i32]* %5 to i8* %13 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 1 %14 = bitcast i32* %13 to i64* %15 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %16 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %19 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %20 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 0 %21 = bitcast %struct.nfs4_server_caps_res* %7 to i8* %22 = bitcast %struct.rpc_message* %8 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_server_caps_arg** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_server_caps_res** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %29 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 2 %30 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 3 %31 = bitcast %struct.rpc_clnt** %30 to i64* %32 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %4 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %46 = bitcast %struct.rpc_xprt** %44 to i8* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %48 = bitcast %struct.rpc_call_ops** %47 to i64* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %50 = bitcast i8** %49 to %struct.nfs4_call_sync_data** %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %54 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 2 %55 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 1 %56 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 35, i64 0 %57 = bitcast i32* %56 to i8* %58 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1 %59 = getelementptr [3 x i32], [3 x i32]* %58, i64 0, i64 0 %60 = bitcast [3 x i32]* %58 to i8* %61 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 10 %62 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 9 %63 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 3 %64 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 4 %65 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 5 %66 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 36 %67 = bitcast [3 x i32]* %66 to i8* %68 = getelementptr %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 36, i64 2 %69 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 38, i64 0 %70 = bitcast [3 x i32]* %58 to i64* %71 = getelementptr %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 38, i64 1 %72 = getelementptr %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 38, i64 2 %73 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 0 %74 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 1 %75 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 2 %76 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 37, i64 0 %77 = bitcast i32* %76 to i8* %78 = bitcast i32* %73 to i8* %79 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 39 %80 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 6 %81 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 40 %82 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %83 store i64 0, i64* %14, align 4 %84 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %15, align 8 %85 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %84, i64 0, i32 15 %86 = load i32, i32* %85, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %18, align 8 store i32* %20, i32** %19, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 30), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %25, align 8 store %struct.nfs4_server_caps_res* %7, %struct.nfs4_server_caps_res** %27, align 8 store %struct.cred* null, %struct.cred** %28, align 8 store i32 8293, i32* %20, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %89, label %88 store i32 2048, i32* %29, align 4 br label %89 %90 = phi i16 [ 0, %83 ], [ 4, %88 ] %91 = load i64, i64* %31, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %33, align 8 store i8 0, i8* %34, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %35, align 8 store %struct.nfs_server.233131* %0, %struct.nfs_server.233131** %37, align 8 store %struct.nfs4_sequence_args.233141* %17, %struct.nfs4_sequence_args.233141** %38, align 8 store %struct.nfs4_sequence_res.233143* %32, %struct.nfs4_sequence_res.233143** %39, align 8 store %struct.rpc_task* null, %struct.rpc_task** %41, align 8 store i64 %91, i64* %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %45, align 8 %92 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %84, i64 0, i32 31 %93 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %92, align 8 %94 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %93, i64 0, i32 10 %95 = bitcast %struct.rpc_call_ops** %94 to i64* %96 = load i64, i64* %95, align 8 store i64 %96, i64* %48, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %90, i16* %52, align 8 store i8 0, i8* %53, align 2 %97 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 nfs4_server_capabilities ------------- Path:  Function:nfs4_server_capabilities %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca [3 x i32], align 4 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_server_caps_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 tail call void bitcast (void (%struct.nfs_server.243328*)* @nfs4_server_set_init_caps to void (%struct.nfs_server.233131*)*)(%struct.nfs_server.233131* %0) #83 %12 = bitcast [3 x i32]* %5 to i8* %13 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 1 %14 = bitcast i32* %13 to i64* %15 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %16 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %19 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %20 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 0 %21 = bitcast %struct.nfs4_server_caps_res* %7 to i8* %22 = bitcast %struct.rpc_message* %8 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_server_caps_arg** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_server_caps_res** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %29 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 2 %30 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 3 %31 = bitcast %struct.rpc_clnt** %30 to i64* %32 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %4 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %46 = bitcast %struct.rpc_xprt** %44 to i8* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %48 = bitcast %struct.rpc_call_ops** %47 to i64* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %50 = bitcast i8** %49 to %struct.nfs4_call_sync_data** %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %54 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 2 %55 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 1 %56 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 35, i64 0 %57 = bitcast i32* %56 to i8* %58 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1 %59 = getelementptr [3 x i32], [3 x i32]* %58, i64 0, i64 0 %60 = bitcast [3 x i32]* %58 to i8* %61 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 10 %62 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 9 %63 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 3 %64 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 4 %65 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 5 %66 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 36 %67 = bitcast [3 x i32]* %66 to i8* %68 = getelementptr %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 36, i64 2 %69 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 38, i64 0 %70 = bitcast [3 x i32]* %58 to i64* %71 = getelementptr %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 38, i64 1 %72 = getelementptr %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 38, i64 2 %73 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 0 %74 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 1 %75 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 2 %76 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 37, i64 0 %77 = bitcast i32* %76 to i8* %78 = bitcast i32* %73 to i8* %79 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 39 %80 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 6 %81 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 40 %82 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %83 store i64 0, i64* %14, align 4 %84 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %15, align 8 %85 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %84, i64 0, i32 15 %86 = load i32, i32* %85, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %18, align 8 store i32* %20, i32** %19, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 30), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %25, align 8 store %struct.nfs4_server_caps_res* %7, %struct.nfs4_server_caps_res** %27, align 8 store %struct.cred* null, %struct.cred** %28, align 8 store i32 8293, i32* %20, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %89, label %88 store i32 2048, i32* %29, align 4 br label %89 %90 = phi i16 [ 0, %83 ], [ 4, %88 ] %91 = load i64, i64* %31, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %33, align 8 store i8 0, i8* %34, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %35, align 8 store %struct.nfs_server.233131* %0, %struct.nfs_server.233131** %37, align 8 store %struct.nfs4_sequence_args.233141* %17, %struct.nfs4_sequence_args.233141** %38, align 8 store %struct.nfs4_sequence_res.233143* %32, %struct.nfs4_sequence_res.233143** %39, align 8 store %struct.rpc_task* null, %struct.rpc_task** %41, align 8 store i64 %91, i64* %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %45, align 8 %92 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %84, i64 0, i32 31 %93 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %92, align 8 %94 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %93, i64 0, i32 10 %95 = bitcast %struct.rpc_call_ops** %94 to i64* %96 = load i64, i64* %95, align 8 store i64 %96, i64* %48, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %90, i16* %52, align 8 store i8 0, i8* %53, align 2 %97 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 %60 = load %struct.nfs_fattr*, %struct.nfs_fattr** %26, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %60) #83 %61 = load i64, i64* %28, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %30, align 8 %62 = load i8, i8* %31, align 8 %63 = and i8 %62, -4 store i8 %63, i8* %31, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %32, align 8 %64 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %33, align 8 %65 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %64, i64 0, i32 15 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 %68 = select i1 %67, i16 0, i16 4 store %struct.nfs_server.233131* %0, %struct.nfs_server.233131** %35, align 8 store %struct.nfs4_sequence_args.233141* %25, %struct.nfs4_sequence_args.233141** %36, align 8 store %struct.nfs4_sequence_res.233143* %29, %struct.nfs4_sequence_res.233143** %37, align 8 store %struct.rpc_task* null, %struct.rpc_task** %39, align 8 store i64 %61, i64* %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %43, align 8 %69 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %64, i64 0, i32 31 %70 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %69, align 8 %71 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %70, i64 0, i32 10 %72 = bitcast %struct.rpc_call_ops** %71 to i64* %73 = load i64, i64* %72, align 8 store i64 %73, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 %68, i16* %50, align 8 store i8 0, i8* %51, align 2 %74 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 nfs4_do_fsinfo 4 nfs4_proc_fsinfo ------------- Path:  Function:nfs4_proc_fsinfo %4 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %5 = load %struct.nfs_fattr*, %struct.nfs_fattr** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %5) #83 %6 = tail call fastcc i32 @nfs4_do_fsinfo(%struct.nfs_server.233131* %0, %struct.nfs_fh* %1, %struct.nfs_fsinfo* %2) #84 Function:nfs4_do_fsinfo %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_fsinfo_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %16 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 35, i64 0 %17 = bitcast %struct.nfs4_fsinfo_res* %7 to i8* %18 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0, i32 1 %19 = bitcast i64* %18 to i8* %20 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 1 %21 = bitcast %struct.rpc_message* %8 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_server_caps_arg** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_fsinfo_res** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 3 %29 = bitcast %struct.rpc_clnt** %28 to i64* %30 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %33 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %5 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %45 = bitcast %struct.rpc_xprt** %43 to i8* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %47 = bitcast %struct.rpc_call_ops** %46 to i64* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %49 = bitcast i8** %48 to %struct.nfs4_call_sync_data** %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %53 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %54 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %55 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsinfo* %2, %struct.nfs_fsinfo** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 10), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_fsinfo_res* %7, %struct.nfs4_fsinfo_res** %26, align 8 store %struct.cred* null, %struct.cred** %27, align 8 %56 = load i64, i64* %29, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %31, align 8 store i8 0, i8* %32, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %33, align 8 %57 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %34, align 8 %58 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %57, i64 0, i32 15 %59 = load i32, i32* %58, align 8 %60 = icmp eq i32 %59, 0 %61 = select i1 %60, i16 0, i16 4 store %struct.nfs_server.233131* %0, %struct.nfs_server.233131** %36, align 8 store %struct.nfs4_sequence_args.233141* %13, %struct.nfs4_sequence_args.233141** %37, align 8 store %struct.nfs4_sequence_res.233143* %30, %struct.nfs4_sequence_res.233143** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %56, i64* %42, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %62 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %57, i64 0, i32 31 %63 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %62, align 8 %64 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %63, i64 0, i32 10 %65 = bitcast %struct.rpc_call_ops** %64 to i64* %66 = load i64, i64* %65, align 8 store i64 %66, i64* %47, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %49, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %50, align 8 store i16 %61, i16* %51, align 8 store i8 0, i8* %52, align 2 %67 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #83 %70 = ptrtoint %struct.rpc_task* %67 to i64 %71 = trunc i64 %70 to i32 br label %75 %76 = phi i32 [ %71, %69 ], [ %74, %72 ] %77 = load %struct.nfs_fattr*, %struct.nfs_fattr** %53, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_fsinfo to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_do_fsinfo, %78)) #6 to label %98 [label %78], !srcloc !4 %99 = icmp eq i32 %76, 0 br i1 %99, label %100, label %106 %107 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %0, i32 %76, %struct.nfs4_exception* nonnull %9) #84 %108 = load i8, i8* %54, align 8 %109 = and i8 %108, 8 %110 = icmp eq i8 %109, 0 br i1 %110, label %111, label %55 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsinfo* %2, %struct.nfs_fsinfo** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 10), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_fsinfo_res* %7, %struct.nfs4_fsinfo_res** %26, align 8 store %struct.cred* null, %struct.cred** %27, align 8 %56 = load i64, i64* %29, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %31, align 8 store i8 0, i8* %32, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %33, align 8 %57 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %34, align 8 %58 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %57, i64 0, i32 15 %59 = load i32, i32* %58, align 8 %60 = icmp eq i32 %59, 0 %61 = select i1 %60, i16 0, i16 4 store %struct.nfs_server.233131* %0, %struct.nfs_server.233131** %36, align 8 store %struct.nfs4_sequence_args.233141* %13, %struct.nfs4_sequence_args.233141** %37, align 8 store %struct.nfs4_sequence_res.233143* %30, %struct.nfs4_sequence_res.233143** %38, align 8 store %struct.rpc_task* null, %struct.rpc_task** %40, align 8 store i64 %56, i64* %42, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %62 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %57, i64 0, i32 31 %63 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %62, align 8 %64 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %63, i64 0, i32 10 %65 = bitcast %struct.rpc_call_ops** %64 to i64* %66 = load i64, i64* %65, align 8 store i64 %66, i64* %47, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %49, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %50, align 8 store i16 %61, i16* %51, align 8 store i8 0, i8* %52, align 2 %67 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 nfs4_proc_statfs ------------- Path:  Function:nfs4_proc_statfs %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_statfs_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %16 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 35, i64 0 %17 = bitcast %struct.nfs4_statfs_res* %7 to i8* %18 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 1 %19 = bitcast %struct.rpc_message* %8 to i8* %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.nfs4_server_caps_arg** %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %24 = bitcast i8** %23 to %struct.nfs4_statfs_res** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %26 = getelementptr inbounds %struct.nfs_fsstat, %struct.nfs_fsstat* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %53 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsstat* %2, %struct.nfs_fsstat** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 27), %struct.rpc_procinfo** %20, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %22, align 8 store %struct.nfs4_statfs_res* %7, %struct.nfs4_statfs_res** %24, align 8 store %struct.cred* null, %struct.cred** %25, align 8 %54 = load %struct.nfs_fattr*, %struct.nfs_fattr** %26, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %54) #83 %55 = load i64, i64* %28, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %30, align 8 %56 = load i8, i8* %31, align 8 %57 = and i8 %56, -4 store i8 %57, i8* %31, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %32, align 8 %58 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %33, align 8 %59 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %58, i64 0, i32 15 %60 = load i32, i32* %59, align 8 %61 = icmp eq i32 %60, 0 %62 = select i1 %61, i16 0, i16 4 store %struct.nfs_server.233131* %0, %struct.nfs_server.233131** %35, align 8 store %struct.nfs4_sequence_args.233141* %13, %struct.nfs4_sequence_args.233141** %36, align 8 store %struct.nfs4_sequence_res.233143* %29, %struct.nfs4_sequence_res.233143** %37, align 8 store %struct.rpc_task* null, %struct.rpc_task** %39, align 8 store i64 %55, i64* %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %43, align 8 %63 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %58, i64 0, i32 31 %64 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %63, align 8 %65 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %64, i64 0, i32 10 %66 = bitcast %struct.rpc_call_ops** %65 to i64* %67 = load i64, i64* %66, align 8 store i64 %67, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 %62, i16* %50, align 8 store i8 0, i8* %51, align 2 %68 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #83 %71 = ptrtoint %struct.rpc_task* %68 to i64 %72 = trunc i64 %71 to i32 br label %76 %77 = phi i32 [ %72, %70 ], [ %75, %73 ] %78 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %0, i32 %77, %struct.nfs4_exception* nonnull %9) #84 %79 = load i8, i8* %52, align 8 %80 = and i8 %79, 8 %81 = icmp eq i8 %80, 0 br i1 %81, label %82, label %53 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsstat* %2, %struct.nfs_fsstat** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 27), %struct.rpc_procinfo** %20, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %22, align 8 store %struct.nfs4_statfs_res* %7, %struct.nfs4_statfs_res** %24, align 8 store %struct.cred* null, %struct.cred** %25, align 8 %54 = load %struct.nfs_fattr*, %struct.nfs_fattr** %26, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %54) #83 %55 = load i64, i64* %28, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %30, align 8 %56 = load i8, i8* %31, align 8 %57 = and i8 %56, -4 store i8 %57, i8* %31, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %32, align 8 %58 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %33, align 8 %59 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %58, i64 0, i32 15 %60 = load i32, i32* %59, align 8 %61 = icmp eq i32 %60, 0 %62 = select i1 %61, i16 0, i16 4 store %struct.nfs_server.233131* %0, %struct.nfs_server.233131** %35, align 8 store %struct.nfs4_sequence_args.233141* %13, %struct.nfs4_sequence_args.233141** %36, align 8 store %struct.nfs4_sequence_res.233143* %29, %struct.nfs4_sequence_res.233143** %37, align 8 store %struct.rpc_task* null, %struct.rpc_task** %39, align 8 store i64 %55, i64* %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %43, align 8 %63 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %58, i64 0, i32 31 %64 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %63, align 8 %65 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %64, i64 0, i32 10 %66 = bitcast %struct.rpc_call_ops** %65 to i64* %67 = load i64, i64* %66, align 8 store i64 %67, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 %62, i16* %50, align 8 store i8 0, i8* %51, align 2 %68 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 nfs4_proc_readdir ------------- Path:  Function:nfs4_proc_readdir %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_readdir_arg, align 8 %6 = alloca %struct.nfs4_readdir_res, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 0 %12 = bitcast %struct.nfs4_readdir_arg* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 1 %15 = bitcast %struct.nfs_fh** %14 to %struct.list_head*** %16 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 4 %18 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 5 %19 = bitcast i64* %16 to i8* %20 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 5 %21 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 4 %22 = bitcast %struct.page*** %21 to i64* %23 = bitcast %struct.page*** %20 to i64* %24 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 6 %25 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 7 %26 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 8 %27 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 6 %28 = bitcast %struct.nfs4_readdir_res* %6 to i8* %29 = bitcast %struct.rpc_message* %7 to i8* %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.nfs4_readdir_arg** %33 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %34 = bitcast i8** %33 to %struct.nfs4_readdir_res** %35 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %36 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 1 %37 = bitcast %struct.cred** %36 to i64* %38 = bitcast %struct.cred** %35 to i64* %39 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 3 %40 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 3, i32 0, i64 0 %41 = bitcast i8* %40 to i64* %42 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 2 %43 = bitcast i32** %42 to i64** %44 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %6, i64 0, i32 2 %45 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %6, i64 0, i32 0 %46 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 0, i32 0 %47 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 0, i32 1 %48 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %6, i64 0, i32 0, i32 0 %49 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %50 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %51 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %52 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %53 = bitcast %struct.rpc_task_setup* %4 to i8* %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %56 = bitcast %struct.rpc_clnt** %55 to i64* %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %59 = bitcast %struct.rpc_xprt** %57 to i8* %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %61 = bitcast %struct.rpc_call_ops** %60 to i64* %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %63 = bitcast i8** %62 to %struct.nfs4_call_sync_data** %64 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %65 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %66 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %67 = bitcast %union.anon.111* %1 to i64** %68 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %6, i64 0, i32 1, i32 0, i64 0 %69 = bitcast i8* %68 to i64* %70 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %71 %72 = load %struct.dentry*, %struct.dentry** %11, align 8 %73 = getelementptr inbounds %struct.dentry, %struct.dentry* %72, i64 0, i32 5 %74 = load %struct.inode*, %struct.inode** %73, align 8 %75 = getelementptr inbounds %struct.inode, %struct.inode* %74, i64 0, i32 8 %76 = load %struct.super_block*, %struct.super_block** %75, align 8 %77 = getelementptr inbounds %struct.super_block, %struct.super_block* %76, i64 0, i32 28 %78 = bitcast i8** %77 to %struct.nfs_server.233131** %79 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %78, align 16 %80 = getelementptr %struct.inode, %struct.inode* %74, i64 -1, i32 24, i32 4, i32 1 store %struct.list_head** %80, %struct.list_head*** %15, align 8 %81 = load i32, i32* %18, align 8 store i32 %81, i32* %17, align 8 %82 = load i64, i64* %22, align 8 store i64 %82, i64* %23, align 8 store i32 0, i32* %24, align 8 %83 = load i8, i8* %27, align 4, !range !4 store i8 %83, i8* %26, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 29), %struct.rpc_procinfo** %30, align 8 store %struct.nfs4_readdir_arg* %5, %struct.nfs4_readdir_arg** %32, align 8 store %struct.nfs4_readdir_res* %6, %struct.nfs4_readdir_res** %34, align 8 %84 = load i64, i64* %37, align 8 store i64 %84, i64* %38, align 8 %85 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %79, i64 0, i32 10 %86 = load i32, i32* %85, align 8 %87 = and i32 %86, 262144 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %79, i64 0, i32 36, i64 0 %90 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %79, i64 0, i32 35, i64 0 %91 = select i1 %88, i32* %89, i32* %90 store i32* %91, i32** %25, align 8 %92 = load i64, i64* %39, align 8 %93 = icmp ugt i64 %92, 2 %94 = inttoptr i64 %82 to i64* br i1 %93, label %95, label %98 %99 = icmp eq i64 %92, 2 br i1 %99, label %174, label %100 %101 = load i64, i64* %94, align 8 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %102 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %103 = inttoptr i64 %102 to %struct.task_struct* %104 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %103, i64 0, i32 176 %105 = load i32, i32* %104, align 8 %106 = add i32 %105, 1 store i32 %106, i32* %104, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %107 = load i64, i64* @vmemmap_base, align 8 %108 = sub i64 %101, %107 %109 = shl i64 %108, 6 %110 = load i64, i64* @page_offset_base, align 8 %111 = add i64 %109, %110 %112 = inttoptr i64 %111 to i8* %113 = inttoptr i64 %111 to i32* %114 = icmp eq i64 %92, 0 br i1 %114, label %115, label %141 %116 = getelementptr i8, i8* %112, i64 4 %117 = bitcast i8* %116 to i32* store i32 16777216, i32* %113, align 4 %118 = getelementptr i8, i8* %112, i64 8 %119 = bitcast i8* %118 to i32* store i32 0, i32* %117, align 4 %120 = getelementptr i8, i8* %112, i64 12 %121 = bitcast i8* %120 to i32* store i32 16777216, i32* %119, align 4 %122 = getelementptr i8, i8* %112, i64 16 store i32 16777216, i32* %121, align 4 %123 = bitcast i8* %122 to i32* store i32 46, i32* %123, align 4 %124 = getelementptr i8, i8* %112, i64 20 %125 = bitcast i8* %124 to i32* %126 = getelementptr i8, i8* %112, i64 24 %127 = bitcast i8* %126 to i32* store i32 16777216, i32* %125, align 4 %128 = getelementptr i8, i8* %112, i64 28 %129 = bitcast i8* %128 to i32* store i32 33558528, i32* %127, align 4 %130 = getelementptr i8, i8* %112, i64 32 %131 = bitcast i8* %130 to i32* store i32 201326592, i32* %129, align 4 %132 = getelementptr i8, i8* %112, i64 36 store i32 33554432, i32* %131, align 4 %133 = load %struct.inode*, %struct.inode** %73, align 8 %134 = getelementptr %struct.inode, %struct.inode* %133, i64 -1, i32 24, i32 4 %135 = bitcast %struct.list_head* %134 to i64* %136 = load i64, i64* %135, align 8 %138 = bitcast i8* %132 to i64* store i64 %137, i64* %138, align 1 %139 = getelementptr i8, i8* %112, i64 44 %140 = bitcast i8* %139 to i32* br label %141 %142 = phi i32* [ %140, %115 ], [ %113, %100 ] %143 = getelementptr i32, i32* %142, i64 1 store i32 16777216, i32* %142, align 4 %144 = getelementptr i32, i32* %142, i64 2 store i32 0, i32* %143, align 4 %145 = getelementptr i32, i32* %142, i64 3 store i32 33554432, i32* %144, align 4 %146 = getelementptr i32, i32* %142, i64 4 store i32 33554432, i32* %145, align 4 store i32 11822, i32* %146, align 4 %147 = getelementptr i32, i32* %142, i64 5 %148 = getelementptr i32, i32* %142, i64 6 store i32 16777216, i32* %147, align 4 %149 = getelementptr i32, i32* %142, i64 7 store i32 33558528, i32* %148, align 4 %150 = getelementptr i32, i32* %142, i64 8 store i32 201326592, i32* %149, align 4 %151 = getelementptr i32, i32* %142, i64 9 store i32 33554432, i32* %150, align 4 %152 = getelementptr inbounds %struct.dentry, %struct.dentry* %72, i64 0, i32 3 %153 = load %struct.dentry*, %struct.dentry** %152, align 8 %154 = getelementptr inbounds %struct.dentry, %struct.dentry* %153, i64 0, i32 5 %155 = load %struct.inode*, %struct.inode** %154, align 8 %156 = getelementptr %struct.inode, %struct.inode* %155, i64 -1, i32 24, i32 4 %157 = bitcast %struct.list_head* %156 to i64* %158 = load i64, i64* %157, align 8 %160 = bitcast i32* %151 to i64* store i64 %159, i64* %160, align 1 %161 = getelementptr i32, i32* %142, i64 11 %162 = ptrtoint i32* %161 to i64 %163 = sub i64 %162, %111 %164 = trunc i64 %163 to i32 store i32 %164, i32* %24, align 8 %165 = load i32, i32* %17, align 8 %166 = sub i32 %165, %164 store i32 %166, i32* %17, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %167 = load i32, i32* %104, align 8 %168 = add i32 %167, -1 store i32 %168, i32* %104, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void @preempt_count_sub(i32 1) #83 %169 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %170 = icmp eq i32 %169, 0 br i1 %170, label %171, label %174, !prof !11, !misexpect !12 %173 = call i64 asm sideeffect "call __SCT__preempt_schedule", "={rsp},0,~{dirflag},~{fpsr},~{flags}"(i64 %172) #6, !srcloc !13 br label %174 %175 = load i32, i32* %24, align 8 store i32 %175, i32* %44, align 8 %176 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %79, i64 0, i32 3 %177 = bitcast %struct.rpc_clnt** %176 to i64* %178 = load i64, i64* %177, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %46, align 8 %179 = load i8, i8* %47, align 8 %180 = and i8 %179, -4 store i8 %180, i8* %47, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %48, align 8 %181 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %79, i64 0, i32 0 %182 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %181, align 8 %183 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %182, i64 0, i32 15 %184 = load i32, i32* %183, align 8 %185 = icmp eq i32 %184, 0 %186 = select i1 %185, i16 0, i16 4 store %struct.nfs_server.233131* %79, %struct.nfs_server.233131** %50, align 8 store %struct.nfs4_sequence_args.233141* %13, %struct.nfs4_sequence_args.233141** %51, align 8 store %struct.nfs4_sequence_res.233143* %45, %struct.nfs4_sequence_res.233143** %52, align 8 store %struct.rpc_task* null, %struct.rpc_task** %54, align 8 store i64 %178, i64* %56, align 8 store %struct.rpc_message* %7, %struct.rpc_message** %58, align 8 %187 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %182, i64 0, i32 31 %188 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %187, align 8 %189 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %188, i64 0, i32 10 %190 = bitcast %struct.rpc_call_ops** %189 to i64* %191 = load i64, i64* %190, align 8 store i64 %191, i64* %61, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %63, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %64, align 8 store i16 %186, i16* %65, align 8 store i8 0, i8* %66, align 2 %192 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 _nfs4_proc_remove 4 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %18 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 br label %21 %22 = call fastcc i32 @_nfs4_proc_remove(%struct.inode* %0, %struct.qstr* %18, i32 1) #84 %44 = load %struct.super_block*, %struct.super_block** %19, align 8 %45 = getelementptr inbounds %struct.super_block, %struct.super_block* %44, i64 0, i32 28 %46 = bitcast i8** %45 to %struct.nfs_server.233131** %47 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %46, align 16 %48 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %47, i32 %22, %struct.nfs4_exception* nonnull %3) #84 %49 = load i8, i8* %20, align 8 %50 = and i8 %49, 8 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %21 %22 = call fastcc i32 @_nfs4_proc_remove(%struct.inode* %0, %struct.qstr* %18, i32 1) #84 Function:_nfs4_proc_remove %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs_removeargs.233142, align 8 %7 = alloca %struct.nfs_removeres.233144, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.233131** %13 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %12, align 16 %14 = bitcast %struct.nfs_removeargs.233142* %6 to i8* %15 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %18 = bitcast %struct.nfs_fh** %16 to %struct.list_head*** store %struct.list_head** %17, %struct.list_head*** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 2 %20 = bitcast %struct.qstr* %19 to i8* %21 = bitcast %struct.qstr* %1 to i8* %22 = bitcast %struct.nfs_removeres.233144* %7 to i8* %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %7, i64 0, i32 0, i32 1 %24 = bitcast i64* %23 to i8* %25 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %7, i64 0, i32 1 store %struct.nfs_server.233131* %13, %struct.nfs_server.233131** %25, align 8 %26 = bitcast %struct.rpc_message* %8 to i8* %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %27, align 8 %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %29 = bitcast i8** %28 to %struct.nfs_removeargs.233142** store %struct.nfs_removeargs.233142* %6, %struct.nfs_removeargs.233142** %29, align 8 %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %31 = bitcast i8** %30 to %struct.nfs_removeres.233144** store %struct.nfs_removeres.233144* %7, %struct.nfs_removeres.233144** %31, align 8 %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* null, %struct.cred** %32, align 8 %33 = load volatile i64, i64* @jiffies, align 64 %34 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %13, i64 0, i32 3 %35 = bitcast %struct.rpc_clnt** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %7, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %38, align 8 %39 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 store i8 1, i8* %39, align 8 %40 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %7, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %40, align 8 %41 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %13, i64 0, i32 0 %42 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %41, align 8 %43 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %42, i64 0, i32 15 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 %46 = select i1 %45, i16 0, i16 4 %47 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 store %struct.nfs_server.233131* %13, %struct.nfs_server.233131** %48, align 8 %49 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 store %struct.nfs4_sequence_args.233141* %15, %struct.nfs4_sequence_args.233141** %49, align 8 %50 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 store %struct.nfs4_sequence_res.233143* %37, %struct.nfs4_sequence_res.233143** %50, align 8 %51 = bitcast %struct.rpc_task_setup* %5 to i8* %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %52, align 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %54 = bitcast %struct.rpc_clnt** %53 to i64* store i64 %36, i64* %54, align 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %57 = bitcast %struct.rpc_xprt** %55 to i8* store %struct.rpc_message* %8, %struct.rpc_message** %56, align 8 %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %59 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %42, i64 0, i32 31 %60 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %59, align 8 %61 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %60, i64 0, i32 10 %62 = bitcast %struct.rpc_call_ops** %61 to i64* %63 = load i64, i64* %62, align 8 %64 = bitcast %struct.rpc_call_ops** %58 to i64* store i64 %63, i64* %64, align 8 %65 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %66 = bitcast i8** %65 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %66, align 8 %67 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 store %struct.workqueue_struct* null, %struct.workqueue_struct** %67, align 8 %68 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 store i16 %46, i16* %68, align 8 %69 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 store i8 0, i8* %69, align 2 %70 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 _nfs4_proc_remove 4 nfs4_proc_rmdir ------------- Path:  Function:nfs4_proc_rmdir %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %7 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 br label %8 %9 = call fastcc i32 @_nfs4_proc_remove(%struct.inode* %0, %struct.qstr* %1, i32 2) #83 %31 = load %struct.super_block*, %struct.super_block** %6, align 8 %32 = getelementptr inbounds %struct.super_block, %struct.super_block* %31, i64 0, i32 28 %33 = bitcast i8** %32 to %struct.nfs_server.233131** %34 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %33, align 16 %35 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %34, i32 %9, %struct.nfs4_exception* nonnull %3) #83 %36 = load i8, i8* %7, align 8 %37 = and i8 %36, 8 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %8 %9 = call fastcc i32 @_nfs4_proc_remove(%struct.inode* %0, %struct.qstr* %1, i32 2) #83 Function:_nfs4_proc_remove %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs_removeargs.233142, align 8 %7 = alloca %struct.nfs_removeres.233144, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.233131** %13 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %12, align 16 %14 = bitcast %struct.nfs_removeargs.233142* %6 to i8* %15 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %18 = bitcast %struct.nfs_fh** %16 to %struct.list_head*** store %struct.list_head** %17, %struct.list_head*** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 2 %20 = bitcast %struct.qstr* %19 to i8* %21 = bitcast %struct.qstr* %1 to i8* %22 = bitcast %struct.nfs_removeres.233144* %7 to i8* %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %7, i64 0, i32 0, i32 1 %24 = bitcast i64* %23 to i8* %25 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %7, i64 0, i32 1 store %struct.nfs_server.233131* %13, %struct.nfs_server.233131** %25, align 8 %26 = bitcast %struct.rpc_message* %8 to i8* %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %27, align 8 %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %29 = bitcast i8** %28 to %struct.nfs_removeargs.233142** store %struct.nfs_removeargs.233142* %6, %struct.nfs_removeargs.233142** %29, align 8 %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %31 = bitcast i8** %30 to %struct.nfs_removeres.233144** store %struct.nfs_removeres.233144* %7, %struct.nfs_removeres.233144** %31, align 8 %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* null, %struct.cred** %32, align 8 %33 = load volatile i64, i64* @jiffies, align 64 %34 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %13, i64 0, i32 3 %35 = bitcast %struct.rpc_clnt** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %7, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %38, align 8 %39 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 store i8 1, i8* %39, align 8 %40 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %7, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %40, align 8 %41 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %13, i64 0, i32 0 %42 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %41, align 8 %43 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %42, i64 0, i32 15 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 %46 = select i1 %45, i16 0, i16 4 %47 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 store %struct.nfs_server.233131* %13, %struct.nfs_server.233131** %48, align 8 %49 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 store %struct.nfs4_sequence_args.233141* %15, %struct.nfs4_sequence_args.233141** %49, align 8 %50 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 store %struct.nfs4_sequence_res.233143* %37, %struct.nfs4_sequence_res.233143** %50, align 8 %51 = bitcast %struct.rpc_task_setup* %5 to i8* %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %52, align 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %54 = bitcast %struct.rpc_clnt** %53 to i64* store i64 %36, i64* %54, align 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %57 = bitcast %struct.rpc_xprt** %55 to i8* store %struct.rpc_message* %8, %struct.rpc_message** %56, align 8 %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %59 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %42, i64 0, i32 31 %60 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %59, align 8 %61 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %60, i64 0, i32 10 %62 = bitcast %struct.rpc_call_ops** %61 to i64* %63 = load i64, i64* %62, align 8 %64 = bitcast %struct.rpc_call_ops** %58 to i64* store i64 %63, i64* %64, align 8 %65 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %66 = bitcast i8** %65 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %66, align 8 %67 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 store %struct.workqueue_struct* null, %struct.workqueue_struct** %67, align 8 %68 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 store i16 %46, i16* %68, align 8 %69 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 store i8 0, i8* %69, align 2 %70 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 nfs4_proc_readlink ------------- Path:  Function:nfs4_proc_readlink %5 = alloca %struct.nfs4_call_sync_data, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca %struct.page*, align 8 %8 = alloca %struct.nfs4_readlink, align 8 %9 = alloca %struct.nfs4_readlink_res, align 8 %10 = alloca %struct.rpc_message, align 8 %11 = alloca %struct.nfs4_exception, align 8 %12 = bitcast %struct.nfs4_exception* %11 to i8* %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 5 store i8 1, i8* %13, align 1 %14 = bitcast %struct.page** %7 to i8* %15 = bitcast %struct.nfs4_readlink* %8 to i8* %16 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0 %17 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 1 %18 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %19 = bitcast %struct.nfs_fh** %17 to %struct.list_head*** %20 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 3 %22 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 4 %23 = bitcast %struct.nfs4_readlink_res* %9 to i8* %24 = bitcast %struct.rpc_message* %10 to i8* %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs4_readlink** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_readlink_res** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 3 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %9, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %9, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %5 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %6 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %46 = bitcast %struct.rpc_xprt** %44 to i8* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %48 = bitcast %struct.rpc_call_ops** %47 to i64* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %50 = bitcast i8** %49 to %struct.nfs4_call_sync_data** %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 9 %54 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 4 br label %55 store %struct.page* %1, %struct.page** %7, align 8 store %struct.list_head** %18, %struct.list_head*** %19, align 8 store i32 %2, i32* %20, align 8 store i32 %3, i32* %21, align 4 store %struct.page** %7, %struct.page*** %22, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 28), %struct.rpc_procinfo** %25, align 8 store %struct.nfs4_readlink* %8, %struct.nfs4_readlink** %27, align 8 store %struct.nfs4_readlink_res* %9, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 %56 = load %struct.super_block*, %struct.super_block** %31, align 8 %57 = getelementptr inbounds %struct.super_block, %struct.super_block* %56, i64 0, i32 28 %58 = bitcast i8** %57 to %struct.nfs_server.233131** %59 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %58, align 16 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %59, i64 0, i32 3 %61 = bitcast %struct.rpc_clnt** %60 to i64* %62 = load i64, i64* %61, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %33, align 8 store i8 0, i8* %34, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %35, align 8 %63 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %59, i64 0, i32 0 %64 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %64, i64 0, i32 15 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 %68 = select i1 %67, i16 0, i16 4 store %struct.nfs_server.233131* %59, %struct.nfs_server.233131** %37, align 8 store %struct.nfs4_sequence_args.233141* %16, %struct.nfs4_sequence_args.233141** %38, align 8 store %struct.nfs4_sequence_res.233143* %32, %struct.nfs4_sequence_res.233143** %39, align 8 store %struct.rpc_task* null, %struct.rpc_task** %41, align 8 store i64 %62, i64* %43, align 8 store %struct.rpc_message* %10, %struct.rpc_message** %45, align 8 %69 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %64, i64 0, i32 31 %70 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %69, align 8 %71 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %70, i64 0, i32 10 %72 = bitcast %struct.rpc_call_ops** %71 to i64* %73 = load i64, i64* %72, align 8 store i64 %73, i64* %48, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %68, i16* %52, align 8 store i8 0, i8* %53, align 2 %74 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #83 %77 = ptrtoint %struct.rpc_task* %74 to i64 %78 = trunc i64 %77 to i32 br label %82 %83 = phi i32 [ %78, %76 ], [ %81, %79 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_readlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_readlink, %84)) #6 to label %104 [label %84], !srcloc !4 %105 = load %struct.super_block*, %struct.super_block** %31, align 8 %106 = getelementptr inbounds %struct.super_block, %struct.super_block* %105, i64 0, i32 28 %107 = bitcast i8** %106 to %struct.nfs_server.233131** %108 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %107, align 16 %109 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %108, i32 %83, %struct.nfs4_exception* nonnull %11) #84 %110 = load i8, i8* %54, align 8 %111 = and i8 %110, 8 %112 = icmp eq i8 %111, 0 br i1 %112, label %113, label %55 store %struct.page* %1, %struct.page** %7, align 8 store %struct.list_head** %18, %struct.list_head*** %19, align 8 store i32 %2, i32* %20, align 8 store i32 %3, i32* %21, align 4 store %struct.page** %7, %struct.page*** %22, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 28), %struct.rpc_procinfo** %25, align 8 store %struct.nfs4_readlink* %8, %struct.nfs4_readlink** %27, align 8 store %struct.nfs4_readlink_res* %9, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 %56 = load %struct.super_block*, %struct.super_block** %31, align 8 %57 = getelementptr inbounds %struct.super_block, %struct.super_block* %56, i64 0, i32 28 %58 = bitcast i8** %57 to %struct.nfs_server.233131** %59 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %58, align 16 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %59, i64 0, i32 3 %61 = bitcast %struct.rpc_clnt** %60 to i64* %62 = load i64, i64* %61, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %33, align 8 store i8 0, i8* %34, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %35, align 8 %63 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %59, i64 0, i32 0 %64 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %64, i64 0, i32 15 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 %68 = select i1 %67, i16 0, i16 4 store %struct.nfs_server.233131* %59, %struct.nfs_server.233131** %37, align 8 store %struct.nfs4_sequence_args.233141* %16, %struct.nfs4_sequence_args.233141** %38, align 8 store %struct.nfs4_sequence_res.233143* %32, %struct.nfs4_sequence_res.233143** %39, align 8 store %struct.rpc_task* null, %struct.rpc_task** %41, align 8 store i64 %62, i64* %43, align 8 store %struct.rpc_message* %10, %struct.rpc_message** %45, align 8 %69 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %64, i64 0, i32 31 %70 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %69, align 8 %71 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %70, i64 0, i32 10 %72 = bitcast %struct.rpc_call_ops** %71 to i64* %73 = load i64, i64* %72, align 8 store i64 %73, i64* %48, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %68, i16* %52, align 8 store i8 0, i8* %53, align 2 %74 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %16 = bitcast %struct.nfs_fh** %14 to %struct.list_head*** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %15, %struct.list_head*** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.233131* %62, %struct.nfs_server.233131** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #83 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #83 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %71 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %62, i64 0, i32 38, i64 0 store i32* %71, i32** %17, align 8 br label %72 %73 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %62, i64 0, i32 3 %74 = bitcast %struct.rpc_clnt** %73 to i64* %75 = load i64, i64* %74, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %34, align 8 %76 = load i8, i8* %35, align 8 %77 = and i8 %76, -4 store i8 %77, i8* %35, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %36, align 8 %78 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %62, i64 0, i32 0 %79 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %78, align 8 %80 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %79, i64 0, i32 15 %81 = load i32, i32* %80, align 8 %82 = icmp eq i32 %81, 0 %83 = select i1 %82, i16 0, i16 4 store %struct.nfs_server.233131* %62, %struct.nfs_server.233131** %38, align 8 store %struct.nfs4_sequence_args.233141* %13, %struct.nfs4_sequence_args.233141** %39, align 8 store %struct.nfs4_sequence_res.233143* %33, %struct.nfs4_sequence_res.233143** %40, align 8 store %struct.rpc_task* null, %struct.rpc_task** %42, align 8 store i64 %75, i64* %44, align 8 store %struct.rpc_message* %7, %struct.rpc_message** %46, align 8 %84 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %79, i64 0, i32 31 %85 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %84, align 8 %86 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %85, i64 0, i32 10 %87 = bitcast %struct.rpc_call_ops** %86 to i64* %88 = load i64, i64* %87, align 8 store i64 %88, i64* %49, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %51, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %52, align 8 store i16 %83, i16* %53, align 8 store i8 0, i8* %54, align 2 %89 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 nfs4_proc_lookupp ------------- Path:  Function:nfs4_proc_lookupp %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_lookup_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %16 = bitcast %struct.nfs_fh** %14 to %struct.list_head*** %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %18 = bitcast %struct.nfs4_lookup_res* %7 to i8* %19 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %7, i64 0, i32 1 %20 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %7, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %7, i64 0, i32 3 %22 = bitcast %struct.rpc_message* %8 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_server_caps_arg** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_lookup_res** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %33 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %7, i64 0, i32 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %53 %54 = load %struct.super_block*, %struct.super_block** %12, align 8 %55 = getelementptr inbounds %struct.super_block, %struct.super_block* %54, i64 0, i32 28 %56 = bitcast i8** %55 to %struct.nfs_server.233131** %57 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %56, align 16 %58 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %57, i64 0, i32 3 %59 = bitcast %struct.rpc_clnt** %58 to i64* %60 = load i64, i64* %59, align 8 store %struct.list_head** %15, %struct.list_head*** %16, align 8 %61 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %57, i64 0, i32 35, i64 0 store %struct.nfs_server.233131* %57, %struct.nfs_server.233131** %19, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %20, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 61), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %25, align 8 store %struct.nfs4_lookup_res* %7, %struct.nfs4_lookup_res** %27, align 8 store %struct.cred* null, %struct.cred** %28, align 8 store i32* %61, i32** %17, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #83 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %31, align 8 %62 = load i8, i8* %32, align 8 %63 = and i8 %62, -4 store i8 %63, i8* %32, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %33, align 8 %64 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %57, i64 0, i32 0 %65 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %64, align 8 %66 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %65, i64 0, i32 15 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 %69 = select i1 %68, i16 0, i16 4 store %struct.nfs_server.233131* %57, %struct.nfs_server.233131** %35, align 8 store %struct.nfs4_sequence_args.233141* %30, %struct.nfs4_sequence_args.233141** %36, align 8 store %struct.nfs4_sequence_res.233143* %29, %struct.nfs4_sequence_res.233143** %37, align 8 store %struct.rpc_task* null, %struct.rpc_task** %39, align 8 store i64 %60, i64* %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %43, align 8 %70 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %65, i64 0, i32 31 %71 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %70, align 8 %72 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %71, i64 0, i32 10 %73 = bitcast %struct.rpc_call_ops** %72 to i64* %74 = load i64, i64* %73, align 8 store i64 %74, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 %69, i16* %50, align 8 store i8 0, i8* %51, align 2 %75 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #83 %78 = ptrtoint %struct.rpc_task* %75 to i64 %79 = trunc i64 %78 to i32 br label %83 %84 = phi i32 [ %79, %77 ], [ %82, %80 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_lookupp to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_lookupp, %85)) #6 to label %105 [label %85], !srcloc !4 %106 = load %struct.super_block*, %struct.super_block** %12, align 8 %107 = getelementptr inbounds %struct.super_block, %struct.super_block* %106, i64 0, i32 28 %108 = bitcast i8** %107 to %struct.nfs_server.233131** %109 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %108, align 16 %110 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %109, i32 %84, %struct.nfs4_exception* nonnull %9) #84 %111 = load i8, i8* %52, align 8 %112 = and i8 %111, 8 %113 = icmp eq i8 %112, 0 br i1 %113, label %114, label %53 %54 = load %struct.super_block*, %struct.super_block** %12, align 8 %55 = getelementptr inbounds %struct.super_block, %struct.super_block* %54, i64 0, i32 28 %56 = bitcast i8** %55 to %struct.nfs_server.233131** %57 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %56, align 16 %58 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %57, i64 0, i32 3 %59 = bitcast %struct.rpc_clnt** %58 to i64* %60 = load i64, i64* %59, align 8 store %struct.list_head** %15, %struct.list_head*** %16, align 8 %61 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %57, i64 0, i32 35, i64 0 store %struct.nfs_server.233131* %57, %struct.nfs_server.233131** %19, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %20, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 61), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %25, align 8 store %struct.nfs4_lookup_res* %7, %struct.nfs4_lookup_res** %27, align 8 store %struct.cred* null, %struct.cred** %28, align 8 store i32* %61, i32** %17, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #83 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %31, align 8 %62 = load i8, i8* %32, align 8 %63 = and i8 %62, -4 store i8 %63, i8* %32, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %33, align 8 %64 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %57, i64 0, i32 0 %65 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %64, align 8 %66 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %65, i64 0, i32 15 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 %69 = select i1 %68, i16 0, i16 4 store %struct.nfs_server.233131* %57, %struct.nfs_server.233131** %35, align 8 store %struct.nfs4_sequence_args.233141* %30, %struct.nfs4_sequence_args.233141** %36, align 8 store %struct.nfs4_sequence_res.233143* %29, %struct.nfs4_sequence_res.233143** %37, align 8 store %struct.rpc_task* null, %struct.rpc_task** %39, align 8 store i64 %60, i64* %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %43, align 8 %70 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %65, i64 0, i32 31 %71 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %70, align 8 %72 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %71, i64 0, i32 10 %73 = bitcast %struct.rpc_call_ops** %72 to i64* %74 = load i64, i64* %73, align 8 store i64 %74, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 %69, i16* %50, align 8 store i8 0, i8* %51, align 2 %75 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 nfs4_proc_lookup_common 4 nfs4_proc_lookup ------------- Path:  Function:nfs4_proc_lookup %5 = alloca %struct.rpc_clnt*, align 8 %6 = bitcast %struct.rpc_clnt** %5 to i8* %7 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.233131** %11 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %11, i64 0, i32 3 %13 = bitcast %struct.rpc_clnt** %12 to i64* %14 = load i64, i64* %13, align 8 %15 = bitcast %struct.rpc_clnt** %5 to i64* store i64 %14, i64* %15, align 8 %16 = call fastcc i32 @nfs4_proc_lookup_common(%struct.rpc_clnt** nonnull %5, %struct.inode* %0, %struct.dentry* %1, %struct.nfs_fh* %2, %struct.nfs_fattr* %3) #83 Function:nfs4_proc_lookup_common %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.nfs4_lookup_arg, align 8 %9 = alloca %struct.nfs4_lookup_res, align 8 %10 = alloca %struct.rpc_message, align 8 %11 = alloca %struct.nfs4_exception, align 8 %12 = bitcast %struct.nfs4_exception* %11 to i8* %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 5 store i8 1, i8* %13, align 1 %14 = load %struct.rpc_clnt*, %struct.rpc_clnt** %0, align 8 %15 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %16 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %17 = bitcast %struct.nfs4_lookup_arg* %8 to i8* %18 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %8, i64 0, i32 0 %19 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %8, i64 0, i32 1 %20 = getelementptr %struct.inode, %struct.inode* %1, i64 -1, i32 24, i32 4, i32 1 %21 = bitcast %struct.nfs_fh** %19 to %struct.list_head*** %22 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %8, i64 0, i32 2 %23 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %8, i64 0, i32 3 %24 = bitcast %struct.nfs4_lookup_res* %9 to i8* %25 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %9, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %9, i64 0, i32 1 %27 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %9, i64 0, i32 2 %28 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %9, i64 0, i32 3 %29 = bitcast %struct.rpc_message* %10 to i8* %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 0 %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.nfs4_lookup_arg** %33 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 2 %34 = bitcast i8** %33 to %struct.nfs4_lookup_res** %35 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 3 %36 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 9 %37 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 0 %38 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %39 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %8, i64 0, i32 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %8, i64 0, i32 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %9, i64 0, i32 0, i32 0 %42 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %43 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 %44 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 %45 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 %46 = bitcast %struct.rpc_task_setup* %7 to i8* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 0 %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 1 %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 2 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 4 %51 = bitcast %struct.rpc_xprt** %49 to i8* %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 5 %53 = bitcast %struct.rpc_call_ops** %52 to i64* %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 6 %55 = bitcast i8** %54 to %struct.nfs4_call_sync_data** %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 7 %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 8 %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 9 %59 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 4 br label %60 %61 = phi %struct.rpc_clnt* [ %14, %5 ], [ %210, %208 ] %62 = load %struct.super_block*, %struct.super_block** %16, align 8 %63 = getelementptr inbounds %struct.super_block, %struct.super_block* %62, i64 0, i32 28 %64 = bitcast i8** %63 to %struct.nfs_server.233131** %65 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %64, align 16 store %struct.list_head** %20, %struct.list_head*** %21, align 8 store %struct.qstr* %15, %struct.qstr** %22, align 8 %66 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %65, i64 0, i32 35, i64 0 store i32* %66, i32** %23, align 8 store %struct.nfs_server.233131* %65, %struct.nfs_server.233131** %26, align 8 store %struct.nfs_fattr* %4, %struct.nfs_fattr** %27, align 8 store %struct.nfs_fh* %3, %struct.nfs_fh** %28, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 19), %struct.rpc_procinfo** %30, align 8 store %struct.nfs4_lookup_arg* %8, %struct.nfs4_lookup_arg** %32, align 8 store %struct.nfs4_lookup_res* %9, %struct.nfs4_lookup_res** %34, align 8 store %struct.cred* null, %struct.cred** %35, align 8 %67 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %65, i64 0, i32 0 %68 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %67, align 8 %69 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %68, i64 0, i32 15 %70 = load i32, i32* %69, align 8 %71 = icmp eq i32 %70, 0 %72 = select i1 %71, i16 0, i16 4 %73 = load %struct.super_block*, %struct.super_block** %36, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.233131** %76 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %75, align 16 %77 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %76, i64 0, i32 8 %78 = load i32, i32* %77, align 8 %79 = and i32 %78, 8388608 %80 = icmp eq i32 %79, 0 br i1 %80, label %93, label %81 %82 = load i32, i32* %37, align 8 %83 = and i32 %82, 7340032 %84 = icmp eq i32 %83, 0 br i1 %84, label %93, label %85 %86 = load %struct.inode*, %struct.inode** %38, align 8 %87 = getelementptr %struct.inode, %struct.inode* %86, i64 -1, i32 24, i32 4, i32 1 %88 = bitcast %struct.list_head** %87 to i16* %89 = load i16, i16* %88, align 2 %90 = icmp eq i16 %89, 0 %91 = or i16 %72, 4096 %92 = select i1 %90, i16 %72, i16 %91 br label %93 %94 = phi i16 [ %72, %81 ], [ %72, %60 ], [ %92, %85 ] store i32* %66, i32** %23, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %4) #83 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %39, align 8 %95 = load i8, i8* %40, align 8 %96 = and i8 %95, -4 store i8 %96, i8* %40, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %41, align 8 %97 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %67, align 8 store %struct.nfs_server.233131* %65, %struct.nfs_server.233131** %43, align 8 store %struct.nfs4_sequence_args.233141* %18, %struct.nfs4_sequence_args.233141** %44, align 8 store %struct.nfs4_sequence_res.233143* %25, %struct.nfs4_sequence_res.233143** %45, align 8 store %struct.rpc_task* null, %struct.rpc_task** %47, align 8 store %struct.rpc_clnt* %61, %struct.rpc_clnt** %48, align 8 store %struct.rpc_message* %10, %struct.rpc_message** %50, align 8 %98 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %97, i64 0, i32 31 %99 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %98, align 8 %100 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %99, i64 0, i32 10 %101 = bitcast %struct.rpc_call_ops** %100 to i64* %102 = load i64, i64* %101, align 8 store i64 %102, i64* %53, align 8 store %struct.nfs4_call_sync_data* %6, %struct.nfs4_call_sync_data** %55, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %56, align 8 store i16 %94, i16* %57, align 8 store i8 0, i8* %58, align 2 %103 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %7) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mempool_alloc 1 rpc_new_task 2 rpc_run_task 3 nfs4_proc_getattr ------------- Path:  Function:nfs4_proc_getattr %5 = alloca %struct.nfs4_call_sync_data, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs4_server_caps_arg, align 8 %9 = alloca %struct.nfs4_getattr_res, align 8 %10 = alloca %struct.rpc_message, align 8 %11 = alloca %struct.nfs4_exception, align 8 %12 = bitcast %struct.nfs4_exception* %11 to i8* %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 5 store i8 1, i8* %13, align 1 %14 = bitcast [3 x i32]* %7 to i8* %15 = bitcast %struct.nfs4_server_caps_arg* %8 to i8* %16 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %8, i64 0, i32 0 %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %8, i64 0, i32 1 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %8, i64 0, i32 2 %19 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 %20 = bitcast %struct.nfs4_getattr_res* %9 to i8* %21 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %9, i64 0, i32 0 %22 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %9, i64 0, i32 1 %23 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %9, i64 0, i32 2 %24 = bitcast %struct.rpc_message* %10 to i8* %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs4_server_caps_arg** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_getattr_res** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 3 %31 = icmp eq %struct.inode* %3, null %32 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 8 %33 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 35, i64 0 %34 = bitcast i32* %33 to i8* %35 = getelementptr %struct.inode, %struct.inode* %3, i64 -1, i32 24, i32 4 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 9, i32 1 %37 = bitcast %struct.list_head** %36 to i64* %38 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %39 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %8, i64 0, i32 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %8, i64 0, i32 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %9, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 3 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %45 = bitcast %struct.nfs4_call_sync_data* %5 to i8* %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 0 %47 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 1 %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 2 %49 = bitcast %struct.rpc_task_setup* %6 to i8* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 0 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %52 = bitcast %struct.rpc_clnt** %51 to i64* %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %55 = bitcast %struct.rpc_xprt** %53 to i8* %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %57 = bitcast %struct.rpc_call_ops** %56 to i64* %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %59 = bitcast i8** %58 to %struct.nfs4_call_sync_data** %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 7 %61 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 9 %63 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 4 br label %64 store %struct.nfs_fh* %1, %struct.nfs_fh** %17, align 8 store i32* %19, i32** %18, align 8 store %struct.nfs_server.233131* %0, %struct.nfs_server.233131** %22, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %23, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 18), %struct.rpc_procinfo** %25, align 8 store %struct.nfs4_server_caps_arg* %8, %struct.nfs4_server_caps_arg** %27, align 8 store %struct.nfs4_getattr_res* %9, %struct.nfs4_getattr_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 br i1 %31, label %65, label %66 %67 = load i32, i32* %32, align 8 %68 = lshr i32 %67, 11 %69 = trunc i32 %68 to i16 %70 = and i16 %69, 4096 %71 = call i32 @nfs4_have_delegation(%struct.inode* nonnull %3, i32 1) #83 %72 = icmp eq i32 %71, 0 br i1 %72, label %100, label %73 %74 = load volatile i64, i64* %37, align 8 %75 = load i32, i32* %38, align 4 %76 = and i32 %75, -513 store i32 %76, i32* %38, align 4 %77 = and i64 %74, 2048 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %82 %80 = load i32, i32* %19, align 4 %81 = and i32 %80, -17 store i32 %81, i32* %19, align 4 br label %82 %83 = and i64 %74, 256 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %88 %86 = load i32, i32* %19, align 4 %87 = and i32 %86, -9 store i32 %87, i32* %19, align 4 br label %88 %89 = and i64 %74, 131072 %90 = icmp eq i64 %89, 0 %91 = and i32 %75, -515 %92 = select i1 %90, i32 %91, i32 %76 %93 = and i64 %74, 135168 %94 = icmp eq i64 %93, 135168 br i1 %94, label %100, label %95 %96 = and i64 %74, 4096 %97 = icmp eq i64 %96, 0 %98 = and i32 %92, -561 %99 = select i1 %97, i32 %98, i32 %92 store i32 %99, i32* %38, align 4 br label %100 %101 = phi i16 [ 0, %65 ], [ %70, %66 ], [ %70, %88 ], [ %70, %95 ] call void @nfs_fattr_init(%struct.nfs_fattr* %2) #83 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %39, align 8 %102 = load i8, i8* %40, align 8 %103 = and i8 %102, -4 store i8 %103, i8* %40, align 8 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %41, align 8 %104 = load i64, i64* %43, align 8 %105 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %44, align 8 store %struct.nfs_server.233131* %0, %struct.nfs_server.233131** %46, align 8 store %struct.nfs4_sequence_args.233141* %16, %struct.nfs4_sequence_args.233141** %47, align 8 store %struct.nfs4_sequence_res.233143* %21, %struct.nfs4_sequence_res.233143** %48, align 8 store %struct.rpc_task* null, %struct.rpc_task** %50, align 8 store i64 %104, i64* %52, align 8 store %struct.rpc_message* %10, %struct.rpc_message** %54, align 8 %106 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %105, i64 0, i32 31 %107 = load %struct.nfs4_minor_version_ops.233199*, %struct.nfs4_minor_version_ops.233199** %106, align 8 %108 = getelementptr inbounds %struct.nfs4_minor_version_ops.233199, %struct.nfs4_minor_version_ops.233199* %107, i64 0, i32 10 %109 = bitcast %struct.rpc_call_ops** %108 to i64* %110 = load i64, i64* %109, align 8 store i64 %110, i64* %57, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %59, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %60, align 8 store i16 %101, i16* %61, align 8 store i8 0, i8* %62, align 2 %111 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #83 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #83 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #83 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __filemap_get_folio 1 pagecache_get_page 2 hugetlbfs_read_iter ------------- Path:  Function:hugetlbfs_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.hugetlbfs_sb_info** %11 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %10, align 16 %12 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %11, i64 0, i32 3 %13 = load %struct.hstate*, %struct.hstate** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %17 = load i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 3 %19 = load i32, i32* %18, align 8 %20 = add i32 %19, 12 %21 = zext i32 %20 to i64 %22 = ashr i64 %17, %21 %23 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 5 %24 = load i64, i64* %23, align 8 %25 = xor i64 %24, -1 %26 = and i64 %17, %25 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %133, label %30 %31 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = getelementptr inbounds %struct.inode, %struct.inode* %32, i64 0, i32 14 br label %34 %35 = phi i64 [ %24, %30 ], [ %129, %122 ] %36 = phi i32 [ %19, %30 ], [ %124, %122 ] %37 = phi i64 [ %22, %30 ], [ %128, %122 ] %38 = phi i64 [ 0, %30 ], [ %113, %122 ] %39 = phi i64 [ %26, %30 ], [ %131, %122 ] %40 = zext i32 %36 to i64 %41 = shl i64 4096, %40 %42 = load i64, i64* %33, align 8 %43 = icmp eq i64 %42, 0 br i1 %43, label %133, label %44 %45 = add i64 %42, -1 %46 = add i32 %36, 12 %47 = zext i32 %46 to i64 %48 = ashr i64 %45, %47 %49 = icmp ugt i64 %37, %48 br i1 %49, label %133, label %50 %51 = icmp eq i64 %37, %48 br i1 %51, label %52, label %57 %53 = xor i64 %35, -1 %54 = and i64 %45, %53 %55 = add nuw i64 %54, 1 %56 = icmp ult i64 %54, %39 br i1 %56, label %133, label %57 %58 = phi i64 [ %55, %52 ], [ %41, %50 ] %59 = sub i64 %58, %39 %60 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %15, i64 %37, i32 2, i32 0) #83 Function:pagecache_get_page %5 = tail call %struct.folio* @__filemap_get_folio(%struct.address_space* %0, i64 %1, i32 %2, i32 %3) #83 Function:__filemap_get_folio %5 = alloca i8*, align 8 %6 = alloca %struct.xa_state, align 8 %7 = bitcast %struct.xa_state* %6 to i8* %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 0 %9 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 4 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %14 = bitcast i8* %11 to i32* %15 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %16 = bitcast %struct.xa_node** %15 to i8* %17 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 %18 = bitcast i8** %5 to i8* br label %19 %20 = phi i32 [ %149, %214 ], [ %3, %4 ] %21 = phi i32 [ %186, %214 ], [ %2, %4 ] %22 = and i32 %21, 2 %23 = icmp eq i32 %22, 0 %24 = and i32 %21, 32 %25 = icmp eq i32 %24, 0 br label %26 store %struct.xarray* %9, %struct.xarray** %8, align 8 store i64 %1, i64* %10, align 8 store i32 0, i32* %14, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %13, align 8 call void @__rcu_read_lock() #83 br label %27 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %13, align 8 %28 = call i8* @xas_load(%struct.xa_state* nonnull %6) #83 %29 = ptrtoint i8* %28 to i64 switch i64 %29, label %31 [ i64 1030, label %67 i64 1026, label %30 i64 0, label %68 ] %32 = and i64 %29, 1 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %70 %35 = getelementptr inbounds i8, i8* %28, i64 52 %36 = bitcast i8* %35 to i32* %37 = load volatile i32, i32* %36, align 4 %38 = icmp eq i32 %37, 0 br i1 %38, label %67, label %39, !prof !4, !misexpect !5 %40 = phi i32 [ %47, %46 ], [ %37, %34 ] %41 = add i32 %40, 1 %42 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 %41, i32* %36, i32 %40) #6, !srcloc !6 %43 = extractvalue { i8, i32 } %42, 0 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %46, label %49, !prof !4, !misexpect !5 %50 = load %struct.xa_node*, %struct.xa_node** %13, align 8 %51 = icmp eq %struct.xa_node* %50, null %52 = load i8, i8* %12, align 2 %53 = sext i8 %52 to i64 %54 = and i64 %53, 4294967295 %55 = getelementptr %struct.xa_node, %struct.xa_node* %50, i64 0, i32 7, i64 %54 %56 = load %struct.xarray*, %struct.xarray** %8, align 8 %57 = getelementptr inbounds %struct.xarray, %struct.xarray* %56, i64 0, i32 2 %58 = select i1 %51, i8** %57, i8** %55 %59 = load volatile i8*, i8** %58, align 8 %60 = icmp eq i8* %28, %59 br i1 %60, label %70, label %61, !prof !7, !misexpect !5 %71 = phi i64 [ %69, %68 ], [ 1, %31 ], [ %32, %49 ] call void @__rcu_read_unlock() #83 %72 = bitcast i8* %28 to %struct.folio* %73 = icmp eq i64 %71, 0 br i1 %73, label %77, label %74 %78 = icmp eq i8* %28, null br i1 %78, label %130, label %79 br i1 %23, label %121, label %80 br i1 %25, label %94, label %81 %95 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __filemap_get_folio 1 pagecache_get_page 2 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %40 %10 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %8, i64 0, i32 0, i32 0) #83 Function:pagecache_get_page %5 = tail call %struct.folio* @__filemap_get_folio(%struct.address_space* %0, i64 %1, i32 %2, i32 %3) #83 Function:__filemap_get_folio %5 = alloca i8*, align 8 %6 = alloca %struct.xa_state, align 8 %7 = bitcast %struct.xa_state* %6 to i8* %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 0 %9 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 4 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %14 = bitcast i8* %11 to i32* %15 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %16 = bitcast %struct.xa_node** %15 to i8* %17 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 %18 = bitcast i8** %5 to i8* br label %19 %20 = phi i32 [ %149, %214 ], [ %3, %4 ] %21 = phi i32 [ %186, %214 ], [ %2, %4 ] %22 = and i32 %21, 2 %23 = icmp eq i32 %22, 0 %24 = and i32 %21, 32 %25 = icmp eq i32 %24, 0 br label %26 store %struct.xarray* %9, %struct.xarray** %8, align 8 store i64 %1, i64* %10, align 8 store i32 0, i32* %14, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %13, align 8 call void @__rcu_read_lock() #83 br label %27 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %13, align 8 %28 = call i8* @xas_load(%struct.xa_state* nonnull %6) #83 %29 = ptrtoint i8* %28 to i64 switch i64 %29, label %31 [ i64 1030, label %67 i64 1026, label %30 i64 0, label %68 ] %32 = and i64 %29, 1 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %70 %35 = getelementptr inbounds i8, i8* %28, i64 52 %36 = bitcast i8* %35 to i32* %37 = load volatile i32, i32* %36, align 4 %38 = icmp eq i32 %37, 0 br i1 %38, label %67, label %39, !prof !4, !misexpect !5 %40 = phi i32 [ %47, %46 ], [ %37, %34 ] %41 = add i32 %40, 1 %42 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 %41, i32* %36, i32 %40) #6, !srcloc !6 %43 = extractvalue { i8, i32 } %42, 0 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %46, label %49, !prof !4, !misexpect !5 %50 = load %struct.xa_node*, %struct.xa_node** %13, align 8 %51 = icmp eq %struct.xa_node* %50, null %52 = load i8, i8* %12, align 2 %53 = sext i8 %52 to i64 %54 = and i64 %53, 4294967295 %55 = getelementptr %struct.xa_node, %struct.xa_node* %50, i64 0, i32 7, i64 %54 %56 = load %struct.xarray*, %struct.xarray** %8, align 8 %57 = getelementptr inbounds %struct.xarray, %struct.xarray* %56, i64 0, i32 2 %58 = select i1 %51, i8** %57, i8** %55 %59 = load volatile i8*, i8** %58, align 8 %60 = icmp eq i8* %28, %59 br i1 %60, label %70, label %61, !prof !7, !misexpect !5 %71 = phi i64 [ %69, %68 ], [ 1, %31 ], [ %32, %49 ] call void @__rcu_read_unlock() #83 %72 = bitcast i8* %28 to %struct.folio* %73 = icmp eq i64 %71, 0 br i1 %73, label %77, label %74 %78 = icmp eq i8* %28, null br i1 %78, label %130, label %79 br i1 %23, label %121, label %80 br i1 %25, label %94, label %81 %95 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __filemap_get_folio 1 pagecache_get_page 2 shmem_getpage_gfp 3 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %136, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 br label %26 %27 = phi i64 [ %21, %23 ], [ %129, %126 ] %28 = phi i64 [ %20, %23 ], [ %128, %126 ] %29 = phi i64 [ %16, %23 ], [ %104, %126 ] %30 = phi i64 [ %17, %23 ], [ %105, %126 ] %31 = phi i64 [ 0, %23 ], [ %101, %126 ] %32 = icmp ne i64 %29, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %131 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %29, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #83 Function:shmem_getpage_gfp %8 = alloca %struct.vm_area_struct, align 8 %9 = alloca %struct.page*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %11 = load %struct.address_space*, %struct.address_space** %10, align 8 %12 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 6, i32 4, i32 1 %13 = bitcast %struct.page** %9 to i8* %14 = icmp ugt i64 %1, 2251799813685247 br i1 %14, label %461, label %15 %16 = icmp ult i32 %3, 3 %17 = shl nuw nsw i64 %1, 12 %18 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 14 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = icmp eq i32 %3, 3 %21 = icmp eq i32 %3, 0 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 1 %23 = bitcast %struct.list_head** %22 to i64* %24 = bitcast %struct.vm_area_struct* %8 to i8* %25 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 12 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10, i32 1 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 23 %30 = bitcast %struct.list_head** %29 to i64* %31 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 13 %32 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 9 %33 = bitcast %struct.list_head** %32 to %struct.shared_policy* %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 17 %35 = and i32 %4, 782048 %36 = bitcast %struct.list_head** %12 to %struct.raw_spinlock* %37 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 2 %38 = bitcast %struct.list_head** %37 to i64* %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 22 %40 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 3 %41 = bitcast %struct.list_head** %40 to i64* %42 = icmp eq i32 %3, 4 br label %43 %44 = phi i1 [ true, %15 ], [ false, %454 ] %45 = phi i32 [ 0, %15 ], [ %421, %454 ] br label %46 %47 = phi i32 [ %45, %43 ], [ %457, %455 ] br label %48 br i1 %16, label %49, label %52 %50 = load i64, i64* %18, align 8 %51 = icmp slt i64 %17, %50 br i1 %51, label %52, label %461 %53 = call %struct.page* @pagecache_get_page(%struct.address_space* %11, i64 %1, i32 386, i32 0) #83 Function:pagecache_get_page %5 = tail call %struct.folio* @__filemap_get_folio(%struct.address_space* %0, i64 %1, i32 %2, i32 %3) #83 Function:__filemap_get_folio %5 = alloca i8*, align 8 %6 = alloca %struct.xa_state, align 8 %7 = bitcast %struct.xa_state* %6 to i8* %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 0 %9 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 4 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %14 = bitcast i8* %11 to i32* %15 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %16 = bitcast %struct.xa_node** %15 to i8* %17 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 %18 = bitcast i8** %5 to i8* br label %19 %20 = phi i32 [ %149, %214 ], [ %3, %4 ] %21 = phi i32 [ %186, %214 ], [ %2, %4 ] %22 = and i32 %21, 2 %23 = icmp eq i32 %22, 0 %24 = and i32 %21, 32 %25 = icmp eq i32 %24, 0 br label %26 store %struct.xarray* %9, %struct.xarray** %8, align 8 store i64 %1, i64* %10, align 8 store i32 0, i32* %14, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %13, align 8 call void @__rcu_read_lock() #83 br label %27 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %13, align 8 %28 = call i8* @xas_load(%struct.xa_state* nonnull %6) #83 %29 = ptrtoint i8* %28 to i64 switch i64 %29, label %31 [ i64 1030, label %67 i64 1026, label %30 i64 0, label %68 ] %32 = and i64 %29, 1 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %70 %35 = getelementptr inbounds i8, i8* %28, i64 52 %36 = bitcast i8* %35 to i32* %37 = load volatile i32, i32* %36, align 4 %38 = icmp eq i32 %37, 0 br i1 %38, label %67, label %39, !prof !4, !misexpect !5 %40 = phi i32 [ %47, %46 ], [ %37, %34 ] %41 = add i32 %40, 1 %42 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 %41, i32* %36, i32 %40) #6, !srcloc !6 %43 = extractvalue { i8, i32 } %42, 0 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %46, label %49, !prof !4, !misexpect !5 %50 = load %struct.xa_node*, %struct.xa_node** %13, align 8 %51 = icmp eq %struct.xa_node* %50, null %52 = load i8, i8* %12, align 2 %53 = sext i8 %52 to i64 %54 = and i64 %53, 4294967295 %55 = getelementptr %struct.xa_node, %struct.xa_node* %50, i64 0, i32 7, i64 %54 %56 = load %struct.xarray*, %struct.xarray** %8, align 8 %57 = getelementptr inbounds %struct.xarray, %struct.xarray* %56, i64 0, i32 2 %58 = select i1 %51, i8** %57, i8** %55 %59 = load volatile i8*, i8** %58, align 8 %60 = icmp eq i8* %28, %59 br i1 %60, label %70, label %61, !prof !7, !misexpect !5 %71 = phi i64 [ %69, %68 ], [ 1, %31 ], [ %32, %49 ] call void @__rcu_read_unlock() #83 %72 = bitcast i8* %28 to %struct.folio* %73 = icmp eq i64 %71, 0 br i1 %73, label %77, label %74 %78 = icmp eq i8* %28, null br i1 %78, label %130, label %79 br i1 %23, label %121, label %80 br i1 %25, label %94, label %81 %95 = call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_read_lock 1 __sched_setscheduler 2 __se_sys_sched_setattr 3 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #83 %44 = icmp sgt i32 %43, 0 %45 = icmp eq i32 %43, 0 %46 = select i1 %45, i32 -7, i32 %43 br i1 %44, label %47, label %50 %48 = call i64 @_copy_from_user(i8* nonnull %7, i8* %29, i64 %33) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %54, label %64 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %31, %58 br i1 %59, label %64, label %67 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %69 = load i32, i32* %68, align 8 %70 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %71 = load i32, i32* %70, align 4 %72 = icmp slt i32 %71, 0 %73 = and i64 %56, 8 %74 = icmp sgt i32 %69, -20 br i1 %74, label %75, label %77 %76 = icmp slt i32 %69, 19 br i1 %76, label %77, label %79 store i32 19, i32* %68, align 8 br i1 %72, label %139, label %80 %81 = icmp eq i64 %73, 0 br i1 %81, label %83, label %82 store i32 -1, i32* %70, align 4 br label %83 %84 = phi i64* [ %53, %51 ], [ %55, %80 ], [ %55, %82 ] %85 = phi i32* [ %52, %51 ], [ %68, %80 ], [ %68, %82 ] call void @__rcu_read_lock() #83 %86 = icmp eq i32 %5, 0 br i1 %86, label %89, label %87 %90 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %91 = inttoptr i64 %90 to %struct.task_struct* br label %92 %93 = phi %struct.task_struct* [ %88, %87 ], [ %91, %89 ] %94 = icmp eq %struct.task_struct* %93, null br i1 %94, label %138, label %95, !prof !7, !misexpect !8 %96 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %93, i64 0, i32 3 %97 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %96, i64 0, i32 0, i32 0 %98 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %97, i32 1, i32* %97) #6, !srcloc !9 %99 = icmp eq i32 %98, 0 br i1 %99, label %104, label %100, !prof !7, !misexpect !10 %101 = add i32 %98, 1 %102 = or i32 %101, %98 %103 = icmp sgt i32 %102, -1 br i1 %103, label %106, label %104, !prof !11, !misexpect !10 %105 = phi i32 [ 2, %95 ], [ 1, %100 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %96, i32 %105) #83 br label %106 call void @__rcu_read_unlock() #83 %107 = load i64, i64* %84, align 8 %108 = and i64 %107, 16 %109 = icmp eq i64 %108, 0 br i1 %109, label %126, label %110 %111 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %93, i64 0, i32 26 %112 = load i32, i32* %111, align 4 %113 = icmp eq i32 %112, 6 br i1 %113, label %114, label %115 %116 = add i32 %112, -1 %117 = icmp ugt i32 %116, 1 br i1 %117, label %122, label %118 %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %93, i64 0, i32 15 %124 = load i32, i32* %123, align 16 %125 = add i32 %124, -120 store i32 %125, i32* %85, align 8 br label %126 %127 = call fastcc i32 @__sched_setscheduler(%struct.task_struct* nonnull %93, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #83 Function:__sched_setscheduler %5 = alloca i64, align 8 %6 = alloca %struct.rq_flags, align 8 %7 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 4 %9 = bitcast %struct.rq_flags* %6 to i8* br i1 %3, label %10, label %14 %15 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 26 %18 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %20 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 15 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 104 %22 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 17 %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 122 %26 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %6, i64 0, i32 0 br label %28 %29 = phi i32 [ %8, %14 ], [ -1, %262 ] %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %37 %38 = load i64, i64* %15, align 8 %39 = trunc i64 %38 to i32 %40 = and i32 %39, 1 switch i32 %29, label %459 [ i32 5, label %41 i32 3, label %41 i32 0, label %41 i32 6, label %41 i32 2, label %41 i32 1, label %41 ] %42 = phi i64 [ %36, %31 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ] %43 = phi i32 [ %34, %31 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ] %44 = phi i32 [ %35, %31 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ] %45 = phi i32 [ %35, %31 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ] %46 = and i64 %42, -268435584 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %459 %49 = load i32, i32* %18, align 4 %50 = icmp ugt i32 %49, 99 br i1 %50, label %459, label %51 %52 = icmp eq i32 %44, 6 %53 = xor i1 %52, true br i1 %52, label %54, label %59 %55 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #83 br i1 %55, label %56, label %459 %57 = load i32, i32* %18, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %64, label %459 %65 = phi i1 [ false, %56 ], [ %61, %59 ] %66 = phi i32 [ 5, %56 ], [ %60, %59 ] br i1 %2, label %67, label %153 %154 = load i64, i64* %15, align 8 %155 = and i64 %154, 96 %156 = icmp eq i64 %155, 0 br i1 %156, label %157, label %459 br i1 %3, label %158, label %159 tail call void @cpuset_read_lock() #83 Function:cpuset_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_read_lock 1 __sched_setscheduler 2 __se_sys_sched_setattr 3 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #83 %44 = icmp sgt i32 %43, 0 %45 = icmp eq i32 %43, 0 %46 = select i1 %45, i32 -7, i32 %43 br i1 %44, label %47, label %50 %48 = call i64 @_copy_from_user(i8* nonnull %7, i8* %29, i64 %33) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %54, label %64 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %31, %58 br i1 %59, label %64, label %67 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %69 = load i32, i32* %68, align 8 %70 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %71 = load i32, i32* %70, align 4 %72 = icmp slt i32 %71, 0 %73 = and i64 %56, 8 %74 = icmp sgt i32 %69, -20 br i1 %74, label %75, label %77 %76 = icmp slt i32 %69, 19 br i1 %76, label %77, label %79 store i32 19, i32* %68, align 8 br i1 %72, label %139, label %80 %81 = icmp eq i64 %73, 0 br i1 %81, label %83, label %82 store i32 -1, i32* %70, align 4 br label %83 %84 = phi i64* [ %53, %51 ], [ %55, %80 ], [ %55, %82 ] %85 = phi i32* [ %52, %51 ], [ %68, %80 ], [ %68, %82 ] call void @__rcu_read_lock() #83 %86 = icmp eq i32 %5, 0 br i1 %86, label %89, label %87 %90 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %91 = inttoptr i64 %90 to %struct.task_struct* br label %92 %93 = phi %struct.task_struct* [ %88, %87 ], [ %91, %89 ] %94 = icmp eq %struct.task_struct* %93, null br i1 %94, label %138, label %95, !prof !7, !misexpect !8 %96 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %93, i64 0, i32 3 %97 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %96, i64 0, i32 0, i32 0 %98 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %97, i32 1, i32* %97) #6, !srcloc !9 %99 = icmp eq i32 %98, 0 br i1 %99, label %104, label %100, !prof !7, !misexpect !10 %101 = add i32 %98, 1 %102 = or i32 %101, %98 %103 = icmp sgt i32 %102, -1 br i1 %103, label %106, label %104, !prof !11, !misexpect !10 %105 = phi i32 [ 2, %95 ], [ 1, %100 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %96, i32 %105) #83 br label %106 call void @__rcu_read_unlock() #83 %107 = load i64, i64* %84, align 8 %108 = and i64 %107, 16 %109 = icmp eq i64 %108, 0 br i1 %109, label %126, label %110 %111 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %93, i64 0, i32 26 %112 = load i32, i32* %111, align 4 %113 = icmp eq i32 %112, 6 br i1 %113, label %114, label %115 %116 = add i32 %112, -1 %117 = icmp ugt i32 %116, 1 br i1 %117, label %122, label %118 %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %93, i64 0, i32 15 %124 = load i32, i32* %123, align 16 %125 = add i32 %124, -120 store i32 %125, i32* %85, align 8 br label %126 %127 = call fastcc i32 @__sched_setscheduler(%struct.task_struct* nonnull %93, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #83 Function:__sched_setscheduler %5 = alloca i64, align 8 %6 = alloca %struct.rq_flags, align 8 %7 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 4 %9 = bitcast %struct.rq_flags* %6 to i8* br i1 %3, label %10, label %14 %15 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 26 %18 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %20 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 15 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 104 %22 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 17 %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 122 %26 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %6, i64 0, i32 0 br label %28 %29 = phi i32 [ %8, %14 ], [ -1, %262 ] %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %37 %38 = load i64, i64* %15, align 8 %39 = trunc i64 %38 to i32 %40 = and i32 %39, 1 switch i32 %29, label %459 [ i32 5, label %41 i32 3, label %41 i32 0, label %41 i32 6, label %41 i32 2, label %41 i32 1, label %41 ] %42 = phi i64 [ %36, %31 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ] %43 = phi i32 [ %34, %31 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ] %44 = phi i32 [ %35, %31 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ] %45 = phi i32 [ %35, %31 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ] %46 = and i64 %42, -268435584 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %459 %49 = load i32, i32* %18, align 4 %50 = icmp ugt i32 %49, 99 br i1 %50, label %459, label %51 %52 = icmp eq i32 %44, 6 %53 = xor i1 %52, true br i1 %52, label %54, label %59 %55 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #83 br i1 %55, label %56, label %459 %57 = load i32, i32* %18, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %64, label %459 %65 = phi i1 [ false, %56 ], [ %61, %59 ] %66 = phi i32 [ 5, %56 ], [ %60, %59 ] br i1 %2, label %67, label %153 %154 = load i64, i64* %15, align 8 %155 = and i64 %154, 96 %156 = icmp eq i64 %155, 0 br i1 %156, label %157, label %459 br i1 %3, label %158, label %159 tail call void @cpuset_read_lock() #83 Function:cpuset_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_read_lock 1 __sched_setscheduler 2 do_sched_setscheduler 3 __ia32_sys_sched_setparam ------------- Path:  Function:__ia32_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = inttoptr i64 %6 to %struct.kuid_t* %9 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %8) #83 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void @__rcu_read_lock() #83 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %21 %22 = phi %struct.task_struct* [ %17, %16 ], [ %20, %18 ] %23 = icmp eq %struct.task_struct* %22, null br i1 %23, label %62, label %24, !prof !5, !misexpect !6 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 3 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 0, i32 0, i32 0 %27 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %26, i32 1, i32* %26) #6, !srcloc !7 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !5, !misexpect !8 %30 = add i32 %27, 1 %31 = or i32 %30, %27 %32 = icmp sgt i32 %31, -1 br i1 %32, label %35, label %33, !prof !9, !misexpect !8 %34 = phi i32 [ 2, %24 ], [ 1, %29 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %25, i32 %34) #83 br label %35 call void @__rcu_read_unlock() #83 %36 = bitcast %struct.sched_attr* %4 to i8* %37 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %1, i32* %37, align 4 %38 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 15 %40 = load i32, i32* %39, align 16 %41 = add i32 %40, -120 store i32 %41, i32* %38, align 8 %42 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %43 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %44 = load i32, i32* %43, align 4 store i32 %44, i32* %42, align 4 %45 = icmp eq i32 %1, -1 %46 = and i32 %1, 1073741824 %47 = icmp eq i32 %46, 0 %48 = or i1 %45, %47 br i1 %48, label %52, label %49 %53 = call fastcc i32 @__sched_setscheduler(%struct.task_struct* nonnull %22, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #83 Function:__sched_setscheduler %5 = alloca i64, align 8 %6 = alloca %struct.rq_flags, align 8 %7 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 4 %9 = bitcast %struct.rq_flags* %6 to i8* br i1 %3, label %10, label %14 %15 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 26 %18 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %20 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 15 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 104 %22 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 17 %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 122 %26 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %6, i64 0, i32 0 br label %28 %29 = phi i32 [ %8, %14 ], [ -1, %262 ] %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %37 %38 = load i64, i64* %15, align 8 %39 = trunc i64 %38 to i32 %40 = and i32 %39, 1 switch i32 %29, label %459 [ i32 5, label %41 i32 3, label %41 i32 0, label %41 i32 6, label %41 i32 2, label %41 i32 1, label %41 ] %42 = phi i64 [ %36, %31 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ] %43 = phi i32 [ %34, %31 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ] %44 = phi i32 [ %35, %31 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ] %45 = phi i32 [ %35, %31 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ] %46 = and i64 %42, -268435584 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %459 %49 = load i32, i32* %18, align 4 %50 = icmp ugt i32 %49, 99 br i1 %50, label %459, label %51 %52 = icmp eq i32 %44, 6 %53 = xor i1 %52, true br i1 %52, label %54, label %59 %55 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #83 br i1 %55, label %56, label %459 %57 = load i32, i32* %18, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %64, label %459 %65 = phi i1 [ false, %56 ], [ %61, %59 ] %66 = phi i32 [ 5, %56 ], [ %60, %59 ] br i1 %2, label %67, label %153 %154 = load i64, i64* %15, align 8 %155 = and i64 %154, 96 %156 = icmp eq i64 %155, 0 br i1 %156, label %157, label %459 br i1 %3, label %158, label %159 tail call void @cpuset_read_lock() #83 Function:cpuset_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_read_lock 1 __sched_setscheduler 2 do_sched_setscheduler 3 __ia32_sys_sched_setscheduler ------------- Path:  Function:__ia32_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %16, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %9 to %struct.kuid_t* %13 = trunc i64 %11 to i32 %14 = tail call fastcc i32 @do_sched_setscheduler(i32 %13, i32 %4, %struct.kuid_t* %12) #83 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void @__rcu_read_lock() #83 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %21 %22 = phi %struct.task_struct* [ %17, %16 ], [ %20, %18 ] %23 = icmp eq %struct.task_struct* %22, null br i1 %23, label %62, label %24, !prof !5, !misexpect !6 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 3 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 0, i32 0, i32 0 %27 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %26, i32 1, i32* %26) #6, !srcloc !7 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !5, !misexpect !8 %30 = add i32 %27, 1 %31 = or i32 %30, %27 %32 = icmp sgt i32 %31, -1 br i1 %32, label %35, label %33, !prof !9, !misexpect !8 %34 = phi i32 [ 2, %24 ], [ 1, %29 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %25, i32 %34) #83 br label %35 call void @__rcu_read_unlock() #83 %36 = bitcast %struct.sched_attr* %4 to i8* %37 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %1, i32* %37, align 4 %38 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 15 %40 = load i32, i32* %39, align 16 %41 = add i32 %40, -120 store i32 %41, i32* %38, align 8 %42 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %43 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %44 = load i32, i32* %43, align 4 store i32 %44, i32* %42, align 4 %45 = icmp eq i32 %1, -1 %46 = and i32 %1, 1073741824 %47 = icmp eq i32 %46, 0 %48 = or i1 %45, %47 br i1 %48, label %52, label %49 %53 = call fastcc i32 @__sched_setscheduler(%struct.task_struct* nonnull %22, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #83 Function:__sched_setscheduler %5 = alloca i64, align 8 %6 = alloca %struct.rq_flags, align 8 %7 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 4 %9 = bitcast %struct.rq_flags* %6 to i8* br i1 %3, label %10, label %14 %15 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 26 %18 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %20 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 15 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 104 %22 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 17 %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 122 %26 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %6, i64 0, i32 0 br label %28 %29 = phi i32 [ %8, %14 ], [ -1, %262 ] %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %37 %38 = load i64, i64* %15, align 8 %39 = trunc i64 %38 to i32 %40 = and i32 %39, 1 switch i32 %29, label %459 [ i32 5, label %41 i32 3, label %41 i32 0, label %41 i32 6, label %41 i32 2, label %41 i32 1, label %41 ] %42 = phi i64 [ %36, %31 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ] %43 = phi i32 [ %34, %31 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ] %44 = phi i32 [ %35, %31 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ] %45 = phi i32 [ %35, %31 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ] %46 = and i64 %42, -268435584 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %459 %49 = load i32, i32* %18, align 4 %50 = icmp ugt i32 %49, 99 br i1 %50, label %459, label %51 %52 = icmp eq i32 %44, 6 %53 = xor i1 %52, true br i1 %52, label %54, label %59 %55 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #83 br i1 %55, label %56, label %459 %57 = load i32, i32* %18, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %64, label %459 %65 = phi i1 [ false, %56 ], [ %61, %59 ] %66 = phi i32 [ 5, %56 ], [ %60, %59 ] br i1 %2, label %67, label %153 %154 = load i64, i64* %15, align 8 %155 = and i64 %154, 96 %156 = icmp eq i64 %155, 0 br i1 %156, label %157, label %459 br i1 %3, label %158, label %159 tail call void @cpuset_read_lock() #83 Function:cpuset_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_read_lock 1 __sched_setscheduler 2 do_sched_setscheduler 3 __x64_sys_sched_setparam ------------- Path:  Function:__x64_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.kuid_t** %6 = load %struct.kuid_t*, %struct.kuid_t** %5, align 8 %7 = trunc i64 %3 to i32 %8 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %6) #83 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void @__rcu_read_lock() #83 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %21 %22 = phi %struct.task_struct* [ %17, %16 ], [ %20, %18 ] %23 = icmp eq %struct.task_struct* %22, null br i1 %23, label %62, label %24, !prof !5, !misexpect !6 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 3 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 0, i32 0, i32 0 %27 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %26, i32 1, i32* %26) #6, !srcloc !7 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !5, !misexpect !8 %30 = add i32 %27, 1 %31 = or i32 %30, %27 %32 = icmp sgt i32 %31, -1 br i1 %32, label %35, label %33, !prof !9, !misexpect !8 %34 = phi i32 [ 2, %24 ], [ 1, %29 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %25, i32 %34) #83 br label %35 call void @__rcu_read_unlock() #83 %36 = bitcast %struct.sched_attr* %4 to i8* %37 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %1, i32* %37, align 4 %38 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 15 %40 = load i32, i32* %39, align 16 %41 = add i32 %40, -120 store i32 %41, i32* %38, align 8 %42 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %43 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %44 = load i32, i32* %43, align 4 store i32 %44, i32* %42, align 4 %45 = icmp eq i32 %1, -1 %46 = and i32 %1, 1073741824 %47 = icmp eq i32 %46, 0 %48 = or i1 %45, %47 br i1 %48, label %52, label %49 %53 = call fastcc i32 @__sched_setscheduler(%struct.task_struct* nonnull %22, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #83 Function:__sched_setscheduler %5 = alloca i64, align 8 %6 = alloca %struct.rq_flags, align 8 %7 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 4 %9 = bitcast %struct.rq_flags* %6 to i8* br i1 %3, label %10, label %14 %15 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 26 %18 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %20 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 15 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 104 %22 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 17 %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 122 %26 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %6, i64 0, i32 0 br label %28 %29 = phi i32 [ %8, %14 ], [ -1, %262 ] %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %37 %38 = load i64, i64* %15, align 8 %39 = trunc i64 %38 to i32 %40 = and i32 %39, 1 switch i32 %29, label %459 [ i32 5, label %41 i32 3, label %41 i32 0, label %41 i32 6, label %41 i32 2, label %41 i32 1, label %41 ] %42 = phi i64 [ %36, %31 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ] %43 = phi i32 [ %34, %31 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ] %44 = phi i32 [ %35, %31 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ] %45 = phi i32 [ %35, %31 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ] %46 = and i64 %42, -268435584 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %459 %49 = load i32, i32* %18, align 4 %50 = icmp ugt i32 %49, 99 br i1 %50, label %459, label %51 %52 = icmp eq i32 %44, 6 %53 = xor i1 %52, true br i1 %52, label %54, label %59 %55 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #83 br i1 %55, label %56, label %459 %57 = load i32, i32* %18, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %64, label %459 %65 = phi i1 [ false, %56 ], [ %61, %59 ] %66 = phi i32 [ 5, %56 ], [ %60, %59 ] br i1 %2, label %67, label %153 %154 = load i64, i64* %15, align 8 %155 = and i64 %154, 96 %156 = icmp eq i64 %155, 0 br i1 %156, label %157, label %459 br i1 %3, label %158, label %159 tail call void @cpuset_read_lock() #83 Function:cpuset_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_read_lock 1 __sched_setscheduler 2 do_sched_setscheduler 3 __x64_sys_sched_setscheduler ------------- Path:  Function:__x64_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %15, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to %struct.kuid_t** %9 = load %struct.kuid_t*, %struct.kuid_t** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %11 to i32 %13 = tail call fastcc i32 @do_sched_setscheduler(i32 %12, i32 %4, %struct.kuid_t* %9) #83 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void @__rcu_read_lock() #83 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %21 %22 = phi %struct.task_struct* [ %17, %16 ], [ %20, %18 ] %23 = icmp eq %struct.task_struct* %22, null br i1 %23, label %62, label %24, !prof !5, !misexpect !6 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 3 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 0, i32 0, i32 0 %27 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %26, i32 1, i32* %26) #6, !srcloc !7 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !5, !misexpect !8 %30 = add i32 %27, 1 %31 = or i32 %30, %27 %32 = icmp sgt i32 %31, -1 br i1 %32, label %35, label %33, !prof !9, !misexpect !8 %34 = phi i32 [ 2, %24 ], [ 1, %29 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %25, i32 %34) #83 br label %35 call void @__rcu_read_unlock() #83 %36 = bitcast %struct.sched_attr* %4 to i8* %37 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %1, i32* %37, align 4 %38 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 15 %40 = load i32, i32* %39, align 16 %41 = add i32 %40, -120 store i32 %41, i32* %38, align 8 %42 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %43 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %44 = load i32, i32* %43, align 4 store i32 %44, i32* %42, align 4 %45 = icmp eq i32 %1, -1 %46 = and i32 %1, 1073741824 %47 = icmp eq i32 %46, 0 %48 = or i1 %45, %47 br i1 %48, label %52, label %49 %53 = call fastcc i32 @__sched_setscheduler(%struct.task_struct* nonnull %22, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #83 Function:__sched_setscheduler %5 = alloca i64, align 8 %6 = alloca %struct.rq_flags, align 8 %7 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 4 %9 = bitcast %struct.rq_flags* %6 to i8* br i1 %3, label %10, label %14 %15 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 26 %18 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %20 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 15 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 104 %22 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 17 %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 122 %26 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %6, i64 0, i32 0 br label %28 %29 = phi i32 [ %8, %14 ], [ -1, %262 ] %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %37 %38 = load i64, i64* %15, align 8 %39 = trunc i64 %38 to i32 %40 = and i32 %39, 1 switch i32 %29, label %459 [ i32 5, label %41 i32 3, label %41 i32 0, label %41 i32 6, label %41 i32 2, label %41 i32 1, label %41 ] %42 = phi i64 [ %36, %31 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ], [ %38, %37 ] %43 = phi i32 [ %34, %31 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ], [ %40, %37 ] %44 = phi i32 [ %35, %31 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ], [ %29, %37 ] %45 = phi i32 [ %35, %31 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ], [ -1, %37 ] %46 = and i64 %42, -268435584 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %459 %49 = load i32, i32* %18, align 4 %50 = icmp ugt i32 %49, 99 br i1 %50, label %459, label %51 %52 = icmp eq i32 %44, 6 %53 = xor i1 %52, true br i1 %52, label %54, label %59 %55 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #83 br i1 %55, label %56, label %459 %57 = load i32, i32* %18, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %64, label %459 %65 = phi i1 [ false, %56 ], [ %61, %59 ] %66 = phi i32 [ 5, %56 ], [ %60, %59 ] br i1 %2, label %67, label %153 %154 = load i64, i64* %15, align 8 %155 = and i64 %154, 96 %156 = icmp eq i64 %155, 0 br i1 %156, label %157, label %459 br i1 %3, label %158, label %159 tail call void @cpuset_read_lock() #83 Function:cpuset_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 dma_fence_release 2 sync_file_release ------------- Path:  Function:sync_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 80 %6 = bitcast i8* %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 1 %9 = icmp eq i64 %8, 0 br i1 %9, label %17, label %10 %18 = getelementptr inbounds i8, i8* %4, i64 88 %19 = bitcast i8* %18 to %struct.dma_fence** %20 = load %struct.dma_fence*, %struct.dma_fence** %19, align 8 %21 = icmp eq %struct.dma_fence* %20, null br i1 %21, label %34, label %22 %23 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %20, i64 0, i32 6 %24 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %23, i64 0, i32 0 %25 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %23, i64 0, i32 0, i32 0, i32 0 %26 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 -1, i32* %25) #6, !srcloc !4 %27 = icmp eq i32 %26, 1 br i1 %27, label %33, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @dma_fence_release(%struct.qspinlock* %23) #83 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 dma_fence_release 2 dma_resv_iter_walk_unlocked 3 dma_resv_iter_first_unlocked 4 dma_resv_wait_timeout 5 dma_buf_ioctl ------------- Path:  Function:dma_buf_ioctl %4 = alloca %struct.anon.1, align 8 %5 = bitcast %struct.anon.1* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.dma_buf** %8 = load %struct.dma_buf*, %struct.dma_buf** %7, align 8 switch i32 %1, label %82 [ i32 1074291200, label %9 i32 1074029057, label %58 i32 1074291201, label %58 ] %10 = inttoptr i64 %2 to i8* %11 = call i64 @_copy_from_user(i8* nonnull %5, i8* %10, i64 8) #83 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %82 %14 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %4, i64 0, i32 0 %15 = load i64, i64* %14, align 8 %16 = icmp ult i64 %15, 8 br i1 %16, label %17, label %82 %18 = and i64 %15, 3 switch i64 %18, label %82 [ i64 1, label %21 i64 2, label %19 i64 3, label %20 ] %22 = phi i1 [ false, %17 ], [ true, %20 ], [ true, %19 ] %23 = phi i32 [ 2, %17 ], [ 0, %20 ], [ 1, %19 ] %24 = and i64 %15, 4 %25 = icmp eq i64 %24, 0 %26 = icmp eq %struct.dma_buf* %8, null br i1 %25, label %37, label %27 br i1 %26, label %38, label %39, !prof !4, !misexpect !5 %40 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %8, i64 0, i32 3 %41 = load %struct.dma_buf_ops*, %struct.dma_buf_ops** %40, align 8 %42 = getelementptr inbounds %struct.dma_buf_ops, %struct.dma_buf_ops* %41, i64 0, i32 8 %43 = load i32 (%struct.dma_buf*, i32)*, i32 (%struct.dma_buf*, i32)** %42, align 8 %44 = icmp eq i32 (%struct.dma_buf*, i32)* %43, null br i1 %44, label %48, label %45 %46 = call i32 %43(%struct.dma_buf* nonnull %8, i32 %23) #83 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %55 %49 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %8, i64 0, i32 13 %50 = load %struct.dma_resv*, %struct.dma_resv** %49, align 8 %51 = call i64 @dma_resv_wait_timeout(%struct.dma_resv* %50, i1 zeroext %22, i1 zeroext true, i64 9223372036854775807) #83 Function:dma_resv_wait_timeout %5 = alloca %struct.dma_resv_iter, align 8 %6 = icmp eq i64 %3, 0 %7 = select i1 %6, i64 1, i64 %3 %8 = bitcast %struct.dma_resv_iter* %5 to i8* %9 = zext i1 %1 to i8 %10 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 0 store %struct.dma_resv* %0, %struct.dma_resv** %10, align 8 %11 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 1 store i8 %9, i8* %11, align 8 %12 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 2 store %struct.dma_fence* null, %struct.dma_fence** %12, align 8 %13 = call %struct.dma_fence* @dma_resv_iter_first_unlocked(%struct.dma_resv_iter* nonnull %5) #83 Function:dma_resv_iter_first_unlocked tail call void @__rcu_read_lock() #83 %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 3 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 1 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %8 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 7 br label %9 %10 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %11 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %10, i64 0, i32 1, i32 0, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %17 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %16, i64 0, i32 1, i32 0, i32 0 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 1 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %15 %22 = phi i32 [ %12, %9 ], [ %18, %15 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i32 %22, i32* %3, align 8 store i32 -1, i32* %4, align 4 store i32 0, i32* %5, align 8 %23 = load i8, i8* %6, align 8, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %27 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %26, i64 0, i32 3 %28 = load volatile %struct.dma_resv_list*, %struct.dma_resv_list** %27, align 8 store %struct.dma_resv_list* %28, %struct.dma_resv_list** %7, align 8 %29 = icmp eq %struct.dma_resv_list* %28, null br i1 %29, label %34, label %30 store i8 1, i8* %8, align 4 tail call fastcc void @dma_resv_iter_walk_unlocked(%struct.dma_resv_iter* %0) #84 Function:dma_resv_iter_walk_unlocked %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %3, i64 0, i32 2 br label %9 %10 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 %11 = icmp eq %struct.dma_fence* %10, null br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %10, i64 0, i32 6 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0 %15 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 -1, i32* %15) #6, !srcloc !4 %17 = icmp eq i32 %16, 1 br i1 %17, label %23, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @dma_fence_release(%struct.qspinlock* %13) #83 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 dma_fence_release 2 dma_fence_chain_find_seqno 3 syncobj_wait_syncobj_func 4 drm_syncobj_replace_fence 5 drm_syncobj_file_release ------------- Path:  Function:drm_syncobj_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_syncobj** %5 = load %struct.drm_syncobj*, %struct.drm_syncobj** %4, align 8 %6 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0 %7 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 -1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %16 = bitcast %struct.drm_syncobj* %5 to i8* tail call void @drm_syncobj_replace_fence(%struct.drm_syncobj* %5, %struct.dma_fence* null) #83 Function:drm_syncobj_replace_fence %3 = icmp eq %struct.dma_fence* %1, null br i1 %3, label %16, label %4 %5 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %1, i64 0, i32 6 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11, !prof !5, !misexpect !6 %12 = add i32 %8, 1 %13 = or i32 %12, %8 %14 = icmp sgt i32 %13, -1 br i1 %14, label %16, label %15, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %6, i32 1) #83 br label %16 %17 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %17) #83 %18 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %19 = load %struct.dma_fence*, %struct.dma_fence** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile %struct.dma_fence* %1, %struct.dma_fence** %18, align 8 %20 = icmp eq %struct.dma_fence* %19, %1 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 2 %23 = bitcast %struct.list_head* %22 to %struct.syncobj_wait_entry** %24 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %23, align 8 %25 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %24, i64 0, i32 0 %26 = icmp eq %struct.list_head* %25, %22 br i1 %26, label %33, label %27 %28 = phi %struct.syncobj_wait_entry* [ %30, %27 ], [ %24, %21 ] %29 = bitcast %struct.syncobj_wait_entry* %28 to %struct.syncobj_wait_entry** %30 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %29, align 8 tail call fastcc void @syncobj_wait_syncobj_func(%struct.drm_syncobj* %0, %struct.syncobj_wait_entry* %28) #84 Function:syncobj_wait_syncobj_func %3 = alloca %struct.dma_fence*, align 8 %4 = bitcast %struct.dma_fence** %3 to i8* %5 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %6 = load %struct.dma_fence*, %struct.dma_fence** %5, align 8 store %struct.dma_fence* %6, %struct.dma_fence** %3, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %56, label %8 %9 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %6, i64 0, i32 6 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !5, !misexpect !6 %15 = add i32 %12, 1 %16 = or i32 %15, %12 %17 = icmp sgt i32 %16, -1 br i1 %17, label %20, label %18, !prof !7, !misexpect !6 %19 = phi i32 [ 2, %8 ], [ 1, %14 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 %19) #83 br label %20 %21 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %1, i64 0, i32 4 %22 = load i64, i64* %21, align 8 %23 = call i32 @dma_fence_chain_find_seqno(%struct.dma_fence** nonnull %3, i64 %22) #83 Function:dma_fence_chain_find_seqno %3 = icmp eq i64 %1, 0 br i1 %3, label %56, label %4 %5 = load %struct.dma_fence*, %struct.dma_fence** %0, align 8 %6 = icmp eq %struct.dma_fence* %5, null br i1 %6, label %56, label %7 %8 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 1 %9 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %8, align 8 %10 = icmp eq %struct.dma_fence_ops* %9, @dma_fence_chain_ops br i1 %10, label %11, label %56 %12 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = icmp ult i64 %13, %1 br i1 %14, label %56, label %15 %16 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 6 %17 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %16, i64 0, i32 0 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %16, i64 0, i32 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !5, !misexpect !6 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !7, !misexpect !6 %26 = phi i32 [ 2, %15 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %26) #83 br label %27 store %struct.dma_fence* %5, %struct.dma_fence** %0, align 8 %28 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 3 br label %29 %30 = phi %struct.dma_fence* [ %5, %27 ], [ %45, %44 ] %31 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %30, i64 0, i32 3 %32 = load i64, i64* %31, align 8 %33 = load i64, i64* %28, align 8 %34 = icmp eq i64 %32, %33 br i1 %34, label %35, label %47 %48 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 -1, i32* %18) #6, !srcloc !8 %49 = icmp eq i32 %48, 1 br i1 %49, label %55, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @dma_fence_release(%struct.qspinlock* %16) #83 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 dma_fence_release 2 dma_resv_get_excl_unlocked 3 i915_gem_object_wait 4 i915_gem_wait_ioctl ------------- Path:  Function:i915_gem_wait_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %85 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 8 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file.490674, %struct.drm_file.490674* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.490854* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = tail call i64 @ktime_get() #83 %42 = getelementptr inbounds i8, i8* %1, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %53, label %46 %54 = phi i64 [ %52, %48 ], [ 9223372036854775807, %40 ], [ 0, %46 ] %55 = tail call i32 @i915_gem_object_wait(%struct.drm_i915_gem_object.490854* nonnull %14, i32 7, i64 %54) #84 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %45, label %33 %34 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %35 = icmp eq %struct.dma_fence* %9, %34 br i1 %35, label %48, label %36 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !8 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @dma_fence_release(%struct.qspinlock* %10) #83, !callees !10 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 dma_fence_release 2 dma_resv_get_excl_unlocked 3 i915_gem_object_wait 4 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %396, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %396, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %396, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %385 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %385, label %75 %76 = getelementptr inbounds i8, i8* %36, i64 584 %77 = bitcast i8* %76 to i64* %78 = load i64, i64* %77, align 8 %79 = and i64 %78, 64 %80 = icmp eq i64 %79, 0 br i1 %80, label %81, label %385 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pwrite to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pwrite_ioctl, %82)) #6 to label %102 [label %82], !srcloc !10 %103 = getelementptr inbounds i8, i8* %36, i64 440 %104 = bitcast i8* %103 to %struct.drm_i915_gem_object_ops.436016** %105 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %104, align 8 %106 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %105, i64 0, i32 6 %107 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %106, align 8 %108 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %107, null br i1 %108, label %112, label %109 %113 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 5, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %45, label %33 %34 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %35 = icmp eq %struct.dma_fence* %9, %34 br i1 %35, label %48, label %36 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !8 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @dma_fence_release(%struct.qspinlock* %10) #83, !callees !10 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 dma_fence_release 2 dma_resv_get_excl_unlocked 3 i915_gem_object_wait 4 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %331, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %331, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %331, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %320 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %320, label %75 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pread to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pread_ioctl, %76)) #6 to label %96 [label %76], !srcloc !10 %97 = getelementptr inbounds i8, i8* %36, i64 440 %98 = bitcast i8* %97 to %struct.drm_i915_gem_object_ops.436016** %99 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %98, align 8 %100 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %99, i64 0, i32 5 %101 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %100, align 8 %102 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %101, null br i1 %102, label %106, label %103 %107 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 1, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %45, label %33 %34 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %35 = icmp eq %struct.dma_fence* %9, %34 br i1 %35, label %48, label %36 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !8 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @dma_fence_release(%struct.qspinlock* %10) #83, !callees !10 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_inode_make_writeable 4 _nfs4_do_setattr 5 nfs4_do_setattr 6 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 store %struct.cred* null, %struct.cred** %194, align 8 %204 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 10 tail call void @kvfree_call_rcu(%struct.callback_head* %204, void (%struct.callback_head*)* nonnull inttoptr (i64 88 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_inode_make_writeable 4 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.233146** %6 = load %struct.nfs_renameargs.233146*, %struct.nfs_renameargs.233146** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.233147** %9 = load %struct.nfs_renameres.233147*, %struct.nfs_renameres.233147** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 store %struct.cred* null, %struct.cred** %194, align 8 %204 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 10 tail call void @kvfree_call_rcu(%struct.callback_head* %204, void (%struct.callback_head*)* nonnull inttoptr (i64 88 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_inode_make_writeable 4 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 store %struct.cred* null, %struct.cred** %194, align 8 %204 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 10 tail call void @kvfree_call_rcu(%struct.callback_head* %204, void (%struct.callback_head*)* nonnull inttoptr (i64 88 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.233142** %6 = load %struct.nfs_removeargs.233142*, %struct.nfs_removeargs.233142** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.233144** %9 = load %struct.nfs_removeres.233144*, %struct.nfs_removeres.233144** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.233131** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #83 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 store %struct.cred* null, %struct.cred** %194, align 8 %204 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 10 tail call void @kvfree_call_rcu(%struct.callback_head* %204, void (%struct.callback_head*)* nonnull inttoptr (i64 88 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs3_set_acl ------------- Path:  Function:nfs3_set_acl %5 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %1, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, -4096 %8 = icmp eq i16 %7, 16384 br i1 %8, label %9, label %16 switch i32 %3, label %16 [ i32 32768, label %10 i32 16384, label %13 ] %14 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.232196*, i32)*)(%struct.inode.232196* %1, i32 32768) #83 %15 = icmp ugt %struct.posix_acl* %14, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %15, label %63, label %16 %17 = phi %struct.posix_acl* [ %2, %9 ], [ %2, %4 ], [ %2, %10 ], [ %14, %13 ] %18 = phi %struct.posix_acl* [ null, %9 ], [ null, %4 ], [ %11, %10 ], [ %2, %13 ] %19 = icmp eq %struct.posix_acl* %17, null br i1 %19, label %20, label %24 %21 = load i16, i16* %5, align 8 %22 = tail call %struct.posix_acl* @posix_acl_from_mode(i16 zeroext %21, i32 3264) #83 %23 = icmp ugt %struct.posix_acl* %22, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %23, label %63, label %24 %64 = phi %struct.posix_acl* [ null, %20 ], [ %2, %13 ], [ %2, %10 ] %65 = phi %struct.posix_acl* [ %18, %20 ], [ null, %13 ], [ null, %10 ] %66 = phi %struct.posix_acl* [ %22, %20 ], [ %14, %13 ], [ %11, %10 ] %67 = ptrtoint %struct.posix_acl* %66 to i64 %68 = trunc i64 %67 to i32 br label %27 %28 = phi %struct.posix_acl* [ %64, %63 ], [ %25, %24 ] %29 = phi %struct.posix_acl* [ %65, %63 ], [ %18, %24 ] %30 = phi i32 [ %68, %63 ], [ %26, %24 ] %31 = icmp eq %struct.posix_acl* %28, %2 %32 = icmp eq %struct.posix_acl* %28, null %33 = or i1 %31, %32 br i1 %33, label %46, label %34 %35 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 0 %36 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 0, i32 0, i32 0 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 -1, i32* %36) #6, !srcloc !4 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %45 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 1 tail call void @kvfree_call_rcu(%struct.callback_head* %45, void (%struct.callback_head*)* nonnull inttoptr (i64 8 to void (%struct.callback_head*)*)) #83 br label %46 %47 = icmp eq %struct.posix_acl* %29, %2 %48 = icmp eq %struct.posix_acl* %29, null %49 = or i1 %47, %48 br i1 %49, label %62, label %50 %51 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %29, i64 0, i32 0 %52 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %29, i64 0, i32 0, i32 0, i32 0 %53 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %52, i32 -1, i32* %52) #6, !srcloc !4 %54 = icmp eq i32 %53, 1 br i1 %54, label %60, label %55 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %61 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %29, i64 0, i32 1 tail call void @kvfree_call_rcu(%struct.callback_head* %61, void (%struct.callback_head*)* nonnull inttoptr (i64 8 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_access_zap_cache 2 nfs_access_get_cached 3 nfs_do_access 4 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_access_zap_cache 2 nfs_access_get_cached 3 nfs_do_access 4 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_access_zap_cache 2 nfs_access_get_cached 3 nfs_do_access 4 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_access_zap_cache 2 nfs_access_get_cached 3 nfs_do_access 4 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_access_zap_cache 2 nfs_access_get_cached 3 nfs_do_access 4 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_access_zap_cache 2 nfs_access_get_cached 3 nfs_do_access 4 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 timerfd_release ------------- Path:  Function:timerfd_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.timerfd_ctx** %5 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 10, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #83 %7 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 11 %8 = load i8, i8* %7, align 4, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %17, label %10 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %6) #83 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 5 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, -2 %21 = icmp eq i32 %20, 8 br i1 %21, label %22, label %25 %23 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 0, i32 0 %24 = tail call i32 @alarm_cancel(%struct.alarm* %23) #83 br label %28 %29 = icmp eq %struct.timerfd_ctx* %5, null br i1 %29, label %32, label %30 %31 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 8 tail call void @kvfree_call_rcu(%struct.callback_head* %31, void (%struct.callback_head*)* nonnull inttoptr (i64 176 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 __d_move 2 d_move 3 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #83 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.148048* %0, %struct.dentry.148048* %1, i1 zeroext false) #84 Function:__d_move %4 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 5 %5 = load %struct.inode.148060*, %struct.inode.148060** %4, align 8 %6 = icmp eq %struct.inode.148060* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16761, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "345:\0A\09.pushsection .discard.reachable\0A\09.long 345b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.148048* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.148048* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %12, i64 0, i32 3 %14 = load %struct.dentry.148048*, %struct.dentry.148048** %13, align 8 %15 = icmp eq %struct.dentry.148048* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %23 = load %struct.dentry.148048*, %struct.dentry.148048** %22, align 8 br label %24 %25 = phi %struct.dentry.148048* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %25, i64 0, i32 3 %27 = load %struct.dentry.148048*, %struct.dentry.148048** %26, align 8 %28 = icmp eq %struct.dentry.148048* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.148048* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.148048* %23, %0 %34 = icmp eq %struct.dentry.148048* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %43 = load %struct.dentry.148048*, %struct.dentry.148048** %42, align 8 %44 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #83 br label %56 %57 = phi %struct.dentry.148048* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #83 br label %60 %61 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #83 %63 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #83 %65 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %88 = phi i32 [ %86, %85 ], [ undef, %60 ] %89 = phi %struct.inode.148060* [ %73, %85 ], [ null, %60 ] %90 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 1, i32 0, i32 0 %91 = load i32, i32* %90, align 4 %92 = add i32 %91, 1 store i32 %92, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %93 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 1, i32 0, i32 0 %94 = load i32, i32* %93, align 4 %95 = add i32 %94, 1 store i32 %95, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %96 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 2, i32 1 %97 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %96, align 8 %98 = icmp eq %struct.hlist_bl_node** %97, null br i1 %98, label %155, label %99 %156 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 2, i32 1 %157 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %156, align 8 %158 = icmp eq %struct.hlist_bl_node** %157, null br i1 %158, label %216, label %159 %217 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %218 = bitcast %struct.dentry.148048** %217 to i64* %219 = load i64, i64* %218, align 8 %220 = bitcast %struct.dentry.148048** %22 to i64* store i64 %219, i64* %220, align 8 br i1 %2, label %274, label %221 %222 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 1 %223 = load i8*, i8** %222, align 8 %224 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 6, i64 0 %225 = icmp eq i8* %223, %224 %226 = getelementptr i8, i8* %223, i64 -16 %227 = bitcast i8* %226 to %struct.external_name* %228 = select i1 %225, %struct.external_name* null, %struct.external_name* %227, !prof !10 %229 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 1 %230 = load i8*, i8** %229, align 8 %231 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 6, i64 0 %232 = icmp eq i8* %230, %231 br i1 %232, label %240, label %233, !prof !10, !misexpect !5 %241 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 0 %242 = bitcast %struct.anon.1* %241 to %struct.static_call_site* %243 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %242, i64 0, i32 1 %244 = load i32, i32* %243, align 4 %245 = add i32 %244, 1 %246 = zext i32 %245 to i64 store i8* %224, i8** %222, align 8 %247 = getelementptr %struct.anon.1, %struct.anon.1* %241, i64 0, i32 0 %248 = load i64, i64* %247, align 8 %249 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 0, i32 0 store i64 %248, i64* %249, align 8 br label %250 %251 = icmp eq %struct.external_name* %228, null br i1 %251, label %259, label %252 %253 = bitcast %struct.external_name* %228 to i32* %254 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %253, i32* nonnull %253) #6, !srcloc !30 %255 = and i8 %254, 1 %256 = icmp eq i8 %255, 0 br i1 %256, label %259, label %257, !prof !4, !misexpect !31 %258 = getelementptr inbounds %struct.external_name, %struct.external_name* %228, i64 0, i32 0, i32 0 tail call void @kvfree_call_rcu(%struct.callback_head* %258, void (%struct.callback_head*)* null) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 __d_move 2 d_move 3 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #83 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.148048* %0, %struct.dentry.148048* %1, i1 zeroext false) #84 Function:__d_move %4 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 5 %5 = load %struct.inode.148060*, %struct.inode.148060** %4, align 8 %6 = icmp eq %struct.inode.148060* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16761, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "345:\0A\09.pushsection .discard.reachable\0A\09.long 345b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.148048* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.148048* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %12, i64 0, i32 3 %14 = load %struct.dentry.148048*, %struct.dentry.148048** %13, align 8 %15 = icmp eq %struct.dentry.148048* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %23 = load %struct.dentry.148048*, %struct.dentry.148048** %22, align 8 br label %24 %25 = phi %struct.dentry.148048* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %25, i64 0, i32 3 %27 = load %struct.dentry.148048*, %struct.dentry.148048** %26, align 8 %28 = icmp eq %struct.dentry.148048* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.148048* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.148048* %23, %0 %34 = icmp eq %struct.dentry.148048* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %43 = load %struct.dentry.148048*, %struct.dentry.148048** %42, align 8 %44 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #83 br label %56 %57 = phi %struct.dentry.148048* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #83 br label %60 %61 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #83 %63 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #83 %65 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %88 = phi i32 [ %86, %85 ], [ undef, %60 ] %89 = phi %struct.inode.148060* [ %73, %85 ], [ null, %60 ] %90 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 1, i32 0, i32 0 %91 = load i32, i32* %90, align 4 %92 = add i32 %91, 1 store i32 %92, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %93 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 1, i32 0, i32 0 %94 = load i32, i32* %93, align 4 %95 = add i32 %94, 1 store i32 %95, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %96 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 2, i32 1 %97 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %96, align 8 %98 = icmp eq %struct.hlist_bl_node** %97, null br i1 %98, label %155, label %99 %156 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 2, i32 1 %157 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %156, align 8 %158 = icmp eq %struct.hlist_bl_node** %157, null br i1 %158, label %216, label %159 %217 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %218 = bitcast %struct.dentry.148048** %217 to i64* %219 = load i64, i64* %218, align 8 %220 = bitcast %struct.dentry.148048** %22 to i64* store i64 %219, i64* %220, align 8 br i1 %2, label %274, label %221 %222 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 1 %223 = load i8*, i8** %222, align 8 %224 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 6, i64 0 %225 = icmp eq i8* %223, %224 %226 = getelementptr i8, i8* %223, i64 -16 %227 = bitcast i8* %226 to %struct.external_name* %228 = select i1 %225, %struct.external_name* null, %struct.external_name* %227, !prof !10 %229 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 1 %230 = load i8*, i8** %229, align 8 %231 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 6, i64 0 %232 = icmp eq i8* %230, %231 br i1 %232, label %240, label %233, !prof !10, !misexpect !5 %241 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 0 %242 = bitcast %struct.anon.1* %241 to %struct.static_call_site* %243 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %242, i64 0, i32 1 %244 = load i32, i32* %243, align 4 %245 = add i32 %244, 1 %246 = zext i32 %245 to i64 store i8* %224, i8** %222, align 8 %247 = getelementptr %struct.anon.1, %struct.anon.1* %241, i64 0, i32 0 %248 = load i64, i64* %247, align 8 %249 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 0, i32 0 store i64 %248, i64* %249, align 8 br label %250 %251 = icmp eq %struct.external_name* %228, null br i1 %251, label %259, label %252 %253 = bitcast %struct.external_name* %228 to i32* %254 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %253, i32* nonnull %253) #6, !srcloc !30 %255 = and i8 %254, 1 %256 = icmp eq i8 %255, 0 br i1 %256, label %259, label %257, !prof !4, !misexpect !31 %258 = getelementptr inbounds %struct.external_name, %struct.external_name* %228, i64 0, i32 0, i32 0 tail call void @kvfree_call_rcu(%struct.callback_head* %258, void (%struct.callback_head*)* null) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 __d_move 2 d_move 3 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #83 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.148048* %0, %struct.dentry.148048* %1, i1 zeroext false) #84 Function:__d_move %4 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 5 %5 = load %struct.inode.148060*, %struct.inode.148060** %4, align 8 %6 = icmp eq %struct.inode.148060* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16761, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "345:\0A\09.pushsection .discard.reachable\0A\09.long 345b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.148048* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.148048* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %12, i64 0, i32 3 %14 = load %struct.dentry.148048*, %struct.dentry.148048** %13, align 8 %15 = icmp eq %struct.dentry.148048* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %23 = load %struct.dentry.148048*, %struct.dentry.148048** %22, align 8 br label %24 %25 = phi %struct.dentry.148048* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %25, i64 0, i32 3 %27 = load %struct.dentry.148048*, %struct.dentry.148048** %26, align 8 %28 = icmp eq %struct.dentry.148048* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.148048* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.148048* %23, %0 %34 = icmp eq %struct.dentry.148048* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %43 = load %struct.dentry.148048*, %struct.dentry.148048** %42, align 8 %44 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #83 br label %56 %57 = phi %struct.dentry.148048* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #83 br label %60 %61 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #83 %63 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #83 %65 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %88 = phi i32 [ %86, %85 ], [ undef, %60 ] %89 = phi %struct.inode.148060* [ %73, %85 ], [ null, %60 ] %90 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 1, i32 0, i32 0 %91 = load i32, i32* %90, align 4 %92 = add i32 %91, 1 store i32 %92, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %93 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 1, i32 0, i32 0 %94 = load i32, i32* %93, align 4 %95 = add i32 %94, 1 store i32 %95, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %96 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 2, i32 1 %97 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %96, align 8 %98 = icmp eq %struct.hlist_bl_node** %97, null br i1 %98, label %155, label %99 %156 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 2, i32 1 %157 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %156, align 8 %158 = icmp eq %struct.hlist_bl_node** %157, null br i1 %158, label %216, label %159 %217 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %218 = bitcast %struct.dentry.148048** %217 to i64* %219 = load i64, i64* %218, align 8 %220 = bitcast %struct.dentry.148048** %22 to i64* store i64 %219, i64* %220, align 8 br i1 %2, label %274, label %221 %222 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 1 %223 = load i8*, i8** %222, align 8 %224 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 6, i64 0 %225 = icmp eq i8* %223, %224 %226 = getelementptr i8, i8* %223, i64 -16 %227 = bitcast i8* %226 to %struct.external_name* %228 = select i1 %225, %struct.external_name* null, %struct.external_name* %227, !prof !10 %229 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 1 %230 = load i8*, i8** %229, align 8 %231 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 6, i64 0 %232 = icmp eq i8* %230, %231 br i1 %232, label %240, label %233, !prof !10, !misexpect !5 %241 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 0 %242 = bitcast %struct.anon.1* %241 to %struct.static_call_site* %243 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %242, i64 0, i32 1 %244 = load i32, i32* %243, align 4 %245 = add i32 %244, 1 %246 = zext i32 %245 to i64 store i8* %224, i8** %222, align 8 %247 = getelementptr %struct.anon.1, %struct.anon.1* %241, i64 0, i32 0 %248 = load i64, i64* %247, align 8 %249 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 0, i32 0 store i64 %248, i64* %249, align 8 br label %250 %251 = icmp eq %struct.external_name* %228, null br i1 %251, label %259, label %252 %253 = bitcast %struct.external_name* %228 to i32* %254 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %253, i32* nonnull %253) #6, !srcloc !30 %255 = and i8 %254, 1 %256 = icmp eq i8 %255, 0 br i1 %256, label %259, label %257, !prof !4, !misexpect !31 %258 = getelementptr inbounds %struct.external_name, %struct.external_name* %228, i64 0, i32 0, i32 0 tail call void @kvfree_call_rcu(%struct.callback_head* %258, void (%struct.callback_head*)* null) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_lock 1 con_font_op 2 vt_compat_ioctl ------------- Path:  Function:vt_compat_ioctl %4 = alloca %struct.compat_sock_fprog, align 4 %5 = alloca %struct.console_font_op, align 8 %6 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %7 = bitcast i8** %6 to %struct.vc_data.355841** %8 = load %struct.vc_data.355841*, %struct.vc_data.355841** %7, align 8 %9 = bitcast %struct.console_font_op* %5 to i8* %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.355747* %14 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %13, i64 0, i32 104 %15 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %14, align 8 %16 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %15, i64 0, i32 25 %17 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %16, align 8 %18 = icmp eq %struct.tty_struct.355831* %17, %0 br i1 %18, label %21, label %19 %20 = tail call zeroext i1 @capable(i32 26) #83 br i1 %20, label %21, label %22 br label %22 %23 = phi i1 [ false, %21 ], [ true, %19 ] switch i32 %1, label %79 [ i32 19314, label %24 i32 19303, label %48 i32 19302, label %48 i32 19247, label %77 i32 19248, label %77 i32 19252, label %77 i32 19253, label %77 i32 19258, label %77 i32 19260, label %77 i32 19261, label %77 i32 19269, label %77 i32 19299, label %77 i32 19301, label %77 i32 19250, label %77 i32 19278, label %77 i32 22022, label %77 i32 22023, label %77 i32 22021, label %77 i32 22024, label %77 i32 22025, label %77 i32 22026, label %77 ] %25 = call i64 @_copy_from_user(i8* nonnull %9, i8* %11, i64 24) #83 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %81 br i1 %23, label %28, label %32 %29 = getelementptr inbounds %struct.console_font_op, %struct.console_font_op* %5, i64 0, i32 0 %30 = load i32, i32* %29, align 8 %31 = icmp eq i32 %30, 1 br i1 %31, label %32, label %81 %33 = bitcast %struct.console_font_op* %5 to %struct.mmap_arg_struct32* %34 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %33, i64 0, i32 5 %35 = load i32, i32* %34, align 4 %36 = zext i32 %35 to i64 %37 = inttoptr i64 %36 to i8* %38 = getelementptr inbounds %struct.console_font_op, %struct.console_font_op* %5, i64 0, i32 5 store i8* %37, i8** %38, align 8 %39 = call i32 bitcast (i32 (%struct.vc_data.357703*, %struct.console_font_op*)* @con_font_op to i32 (%struct.vc_data.355841*, %struct.console_font_op*)*)(%struct.vc_data.355841* %8, %struct.console_font_op* nonnull %5) #83 Function:con_font_op %3 = alloca %struct.nfs4_label, align 8 %4 = alloca [32 x i8], align 16 %5 = alloca %struct.nfs4_label, align 8 %6 = alloca %struct.nfs4_label, align 8 %7 = getelementptr inbounds %struct.console_font_op, %struct.console_font_op* %1, i64 0, i32 0 %8 = load i32, i32* %7, align 8 switch i32 %8, label %183 [ i32 0, label %9 i32 1, label %68 i32 2, label %143 i32 3, label %184 ] %144 = bitcast %struct.nfs4_label* %3 to i8* %145 = getelementptr inbounds %struct.nfs4_label, %struct.nfs4_label* %3, i64 0, i32 0 %146 = getelementptr inbounds %struct.console_font_op, %struct.console_font_op* %1, i64 0, i32 2 %147 = load i32, i32* %146, align 8 store i32 %147, i32* %145, align 8 %148 = getelementptr inbounds %struct.nfs4_label, %struct.nfs4_label* %3, i64 0, i32 1 %149 = getelementptr inbounds %struct.console_font_op, %struct.console_font_op* %1, i64 0, i32 3 %150 = load i32, i32* %149, align 4 store i32 %150, i32* %148, align 4 %151 = getelementptr inbounds %struct.nfs4_label, %struct.nfs4_label* %3, i64 0, i32 2 store i32 0, i32* %151, align 8 %152 = getelementptr inbounds %struct.nfs4_label, %struct.nfs4_label* %3, i64 0, i32 3 store i8* null, i8** %152, align 8 %153 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %154 = getelementptr inbounds %struct.console_font_op, %struct.console_font_op* %1, i64 0, i32 5 %155 = load i8*, i8** %154, align 8 %156 = icmp eq i8* %155, null br i1 %156, label %162, label %157 %158 = call i64 @strncpy_from_user(i8* nonnull %153, i8* nonnull %155, i64 31) #83 %159 = icmp slt i64 %158, 0 br i1 %159, label %181, label %160 %161 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 31 store i8 0, i8* %161, align 1 br label %162 %163 = phi i8* [ %153, %160 ], [ null, %143 ] call void @console_lock() #83 Function:console_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_lock 1 con_font_op 2 vt_ioctl ------------- Path:  Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.355841*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.static_call_site, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.355841** %15 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.355747* %19 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %18, i64 0, i32 104 %20 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %19, align 8 %21 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %20, i64 0, i32 25 %22 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %21, align 8 %23 = icmp eq %struct.tty_struct.355831* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #83 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.355841, %struct.vc_data.355841* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] %197 = bitcast %struct.console_font_op* %10 to i8* %198 = call i64 @_copy_from_user(i8* nonnull %197, i8* %16, i64 32) #83 %199 = icmp eq i64 %198, 0 br i1 %199, label %200, label %208 br i1 %28, label %205, label %201 %202 = getelementptr inbounds %struct.console_font_op, %struct.console_font_op* %10, i64 0, i32 0 %203 = load i32, i32* %202, align 8 %204 = icmp eq i32 %203, 1 br i1 %204, label %205, label %208 %206 = call i32 bitcast (i32 (%struct.vc_data.357703*, %struct.console_font_op*)* @con_font_op to i32 (%struct.vc_data.355841*, %struct.console_font_op*)*)(%struct.vc_data.355841* %29, %struct.console_font_op* nonnull %10) #83 Function:con_font_op %3 = alloca %struct.nfs4_label, align 8 %4 = alloca [32 x i8], align 16 %5 = alloca %struct.nfs4_label, align 8 %6 = alloca %struct.nfs4_label, align 8 %7 = getelementptr inbounds %struct.console_font_op, %struct.console_font_op* %1, i64 0, i32 0 %8 = load i32, i32* %7, align 8 switch i32 %8, label %183 [ i32 0, label %9 i32 1, label %68 i32 2, label %143 i32 3, label %184 ] %144 = bitcast %struct.nfs4_label* %3 to i8* %145 = getelementptr inbounds %struct.nfs4_label, %struct.nfs4_label* %3, i64 0, i32 0 %146 = getelementptr inbounds %struct.console_font_op, %struct.console_font_op* %1, i64 0, i32 2 %147 = load i32, i32* %146, align 8 store i32 %147, i32* %145, align 8 %148 = getelementptr inbounds %struct.nfs4_label, %struct.nfs4_label* %3, i64 0, i32 1 %149 = getelementptr inbounds %struct.console_font_op, %struct.console_font_op* %1, i64 0, i32 3 %150 = load i32, i32* %149, align 4 store i32 %150, i32* %148, align 4 %151 = getelementptr inbounds %struct.nfs4_label, %struct.nfs4_label* %3, i64 0, i32 2 store i32 0, i32* %151, align 8 %152 = getelementptr inbounds %struct.nfs4_label, %struct.nfs4_label* %3, i64 0, i32 3 store i8* null, i8** %152, align 8 %153 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %154 = getelementptr inbounds %struct.console_font_op, %struct.console_font_op* %1, i64 0, i32 5 %155 = load i8*, i8** %154, align 8 %156 = icmp eq i8* %155, null br i1 %156, label %162, label %157 %158 = call i64 @strncpy_from_user(i8* nonnull %153, i8* nonnull %155, i64 31) #83 %159 = icmp slt i64 %158, 0 br i1 %159, label %181, label %160 %161 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 31 store i8 0, i8* %161, align 1 br label %162 %163 = phi i8* [ %153, %160 ], [ null, %143 ] call void @console_lock() #83 Function:console_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_lock 1 con_install ------------- Path:  Function:con_install %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %4 = load i32, i32* %3, align 8 tail call void @console_lock() #83 Function:console_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_lock 1 con_shutdown ------------- Path:  Function:con_shutdown %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %3 = bitcast i8** %2 to %struct.vc_data.357703** %4 = load %struct.vc_data.357703*, %struct.vc_data.357703** %3, align 8 %5 = icmp eq %struct.vc_data.357703* %4, null br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void @console_lock() #83 Function:console_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_lock 1 do_con_write 2 con_put_char ------------- Path:  Function:con_put_char %3 = alloca i8, align 1 store i8 %1, i8* %3, align 1 %4 = call fastcc i32 @do_con_write(%struct.tty_struct* %0, i8* nonnull %3, i32 1) #83 Function:do_con_write %4 = alloca [40 x i8], align 16 %5 = alloca %struct.vt_notifier_param, align 8 %6 = alloca %struct.vt_notifier_param, align 8 %7 = alloca %struct.vt_notifier_param, align 8 %8 = alloca %struct.vt_notifier_param, align 8 %9 = alloca %struct.vt_notifier_param, align 8 %10 = alloca %struct.vt_notifier_param, align 8 %11 = alloca %struct.vt_notifier_param, align 8 %12 = alloca %struct.vt_notifier_param, align 8 %13 = alloca %struct.vt_notifier_param, align 8 %14 = alloca %struct.vt_notifier_param, align 8 %15 = alloca i32, align 4 %16 = alloca %struct.vt_notifier_param, align 8 %17 = alloca %struct.vt_notifier_param, align 8 %18 = bitcast %struct.vt_notifier_param* %17 to i8* %19 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %20 = and i32 %19, 16776960 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %2031 tail call void @console_lock() #83 Function:console_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_lock 1 con_flush_chars ------------- Path:  Function:con_flush_chars %2 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %3 = and i32 %2, 16776960 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %12 tail call void @console_lock() #83 Function:console_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_lock 1 vt_resize ------------- Path:  Function:vt_resize %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.vc_data.357703** %5 = load %struct.vc_data.357703*, %struct.vc_data.357703** %4, align 8 tail call void @console_lock() #83 Function:console_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_lock 1 show_bind ------------- Path:  Function:show_bind %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = bitcast i8** %4 to %struct.consw.357699*** %6 = load %struct.consw.357699**, %struct.consw.357699*** %5, align 8 tail call void @console_lock() #83 Function:console_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_lock 1 store_bind ------------- Path:  Function:store_bind %5 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 0) #83 tail call void @console_lock() #83 Function:console_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_lock 1 vcs_lseek ------------- Path:  Function:vcs_lseek %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @console_lock() #83 Function:console_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_lock 1 vcs_open ------------- Path:  Function:vcs_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 13 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 63 %6 = and i32 %4, 192 %7 = icmp eq i32 %6, 192 br i1 %7, label %17, label %8 tail call void @console_lock() #83 Function:console_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_lock 1 show_cons_active ------------- Path:  Function:show_cons_active %4 = alloca [16 x %struct.console*], align 16 %5 = alloca i32, align 4 %6 = bitcast [16 x %struct.console*]* %4 to i8* tail call void @console_lock() #83 Function:console_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_read_killable 1 __access_remote_vm 2 access_remote_vm 3 environ_read ------------- Path:  Function:environ_read %5 = load i64, i64* %3, align 8 %6 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mm_struct.176084** %8 = load %struct.mm_struct.176084*, %struct.mm_struct.176084** %7, align 8 %9 = icmp eq %struct.mm_struct.176084* %8, null br i1 %9, label %73, label %10 %11 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 40 %12 = load i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %73, label %14 %15 = tail call i64 @__get_free_pages(i32 3264, i32 0) #83 %16 = inttoptr i64 %15 to i8* %17 = icmp eq i64 %15, 0 br i1 %17, label %73, label %18 %19 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 12, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %70, label %22, !prof !4, !misexpect !5 %23 = phi i32 [ %30, %29 ], [ %20, %18 ] %24 = add i32 %23, 1 %25 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 %24, i32* %19, i32 %23) #6, !srcloc !6 %26 = extractvalue { i8, i32 } %25, 0 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %29, label %32, !prof !4, !misexpect !5 %33 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 29, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #83 %34 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 39 %35 = load i64, i64* %34, align 8 %36 = load i64, i64* %11, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %33) #83 %37 = icmp ne i64 %2, 0 %38 = sub i64 %36, %35 %39 = icmp ult i64 %5, %38 %40 = and i1 %39, %37 br i1 %40, label %41, label %67 %42 = phi i8* [ %62, %59 ], [ %1, %32 ] %43 = phi i64 [ %63, %59 ], [ %2, %32 ] %44 = phi i64 [ %61, %59 ], [ %5, %32 ] %45 = phi i32 [ %60, %59 ], [ 0, %32 ] %46 = add i64 %44, %35 %47 = sub i64 %36, %46 %48 = icmp ult i64 %43, 4096 %49 = select i1 %48, i64 %43, i64 4096 %50 = icmp ult i64 %49, %47 %51 = select i1 %50, i64 %49, i64 %47 %52 = trunc i64 %51 to i32 %53 = tail call i32 bitcast (i32 (%struct.mm_struct*, i64, i8*, i32, i32)* @access_remote_vm to i32 (%struct.mm_struct.176084*, i64, i8*, i32, i32)*)(%struct.mm_struct.176084* nonnull %8, i64 %46, i8* nonnull %16, i32 %52, i32 32768) #83 Function:access_remote_vm %6 = tail call i32 @__access_remote_vm(%struct.mm_struct* %0, i64 %1, i8* %2, i32 %3, i32 %4) #83 Function:__access_remote_vm %6 = alloca %struct.vm_area_struct*, align 8 %7 = alloca %struct.page*, align 8 %8 = bitcast %struct.vm_area_struct** %6 to i8* %9 = and i32 %4, 1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__access_remote_vm, %10)) #6 to label %11 [label %10], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %13 = tail call i32 @down_read_killable(%struct.rw_semaphore* %12) #83 Function:down_read_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_read_killable 1 __access_remote_vm 2 access_remote_vm 3 mem_rw 4 mem_read ------------- Path:  Function:mem_read %5 = tail call fastcc i64 @mem_rw(%struct.file.175888* %0, i8* %1, i64 %2, i64* %3, i32 0) #83 Function:mem_rw %6 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mm_struct.176084** %8 = load %struct.mm_struct.176084*, %struct.mm_struct.176084** %7, align 8 %9 = load i64, i64* %3, align 8 %10 = icmp eq %struct.mm_struct.176084* %8, null br i1 %10, label %71, label %11 %12 = tail call i64 @__get_free_pages(i32 3264, i32 0) #83 %13 = inttoptr i64 %12 to i8* %14 = icmp eq i64 %12, 0 br i1 %14, label %71, label %15 %16 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 12, i32 0 %17 = load volatile i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %69, label %19, !prof !4, !misexpect !5 %20 = phi i32 [ %27, %26 ], [ %17, %15 ] %21 = add i32 %20, 1 %22 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 %21, i32* %16, i32 %20) #6, !srcloc !6 %23 = extractvalue { i8, i32 } %22, 0 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %30 = icmp eq i32 %4, 0 %31 = xor i1 %30, true %32 = zext i1 %31 to i32 %33 = or i32 %32, 16 %34 = icmp eq i64 %2, 0 br i1 %34, label %66, label %35 %36 = phi i8* [ %61, %60 ], [ %1, %29 ] %37 = phi i64 [ %64, %60 ], [ %2, %29 ] %38 = phi i64 [ %62, %60 ], [ %9, %29 ] %39 = phi i64 [ %63, %60 ], [ 0, %29 ] %40 = icmp ult i64 %37, 4096 %41 = select i1 %40, i64 %37, i64 4096 br i1 %30, label %45, label %42 %43 = tail call i64 @_copy_from_user(i8* nonnull %13, i8* %36, i64 %41) #83 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %66 %46 = trunc i64 %41 to i32 %47 = tail call i32 bitcast (i32 (%struct.mm_struct*, i64, i8*, i32, i32)* @access_remote_vm to i32 (%struct.mm_struct.176084*, i64, i8*, i32, i32)*)(%struct.mm_struct.176084* nonnull %8, i64 %38, i8* nonnull %13, i32 %46, i32 %33) #83 Function:access_remote_vm %6 = tail call i32 @__access_remote_vm(%struct.mm_struct* %0, i64 %1, i8* %2, i32 %3, i32 %4) #83 Function:__access_remote_vm %6 = alloca %struct.vm_area_struct*, align 8 %7 = alloca %struct.page*, align 8 %8 = bitcast %struct.vm_area_struct** %6 to i8* %9 = and i32 %4, 1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__access_remote_vm, %10)) #6 to label %11 [label %10], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %13 = tail call i32 @down_read_killable(%struct.rw_semaphore* %12) #83 Function:down_read_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_read_killable 1 __access_remote_vm 2 access_remote_vm 3 mem_rw 4 mem_write ------------- Path:  Function:mem_write %5 = tail call fastcc i64 @mem_rw(%struct.file.175888* %0, i8* %1, i64 %2, i64* %3, i32 1) #83 Function:mem_rw %6 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mm_struct.176084** %8 = load %struct.mm_struct.176084*, %struct.mm_struct.176084** %7, align 8 %9 = load i64, i64* %3, align 8 %10 = icmp eq %struct.mm_struct.176084* %8, null br i1 %10, label %71, label %11 %12 = tail call i64 @__get_free_pages(i32 3264, i32 0) #83 %13 = inttoptr i64 %12 to i8* %14 = icmp eq i64 %12, 0 br i1 %14, label %71, label %15 %16 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 12, i32 0 %17 = load volatile i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %69, label %19, !prof !4, !misexpect !5 %20 = phi i32 [ %27, %26 ], [ %17, %15 ] %21 = add i32 %20, 1 %22 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 %21, i32* %16, i32 %20) #6, !srcloc !6 %23 = extractvalue { i8, i32 } %22, 0 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %30 = icmp eq i32 %4, 0 %31 = xor i1 %30, true %32 = zext i1 %31 to i32 %33 = or i32 %32, 16 %34 = icmp eq i64 %2, 0 br i1 %34, label %66, label %35 %36 = phi i8* [ %61, %60 ], [ %1, %29 ] %37 = phi i64 [ %64, %60 ], [ %2, %29 ] %38 = phi i64 [ %62, %60 ], [ %9, %29 ] %39 = phi i64 [ %63, %60 ], [ 0, %29 ] %40 = icmp ult i64 %37, 4096 %41 = select i1 %40, i64 %37, i64 4096 br i1 %30, label %45, label %42 %43 = tail call i64 @_copy_from_user(i8* nonnull %13, i8* %36, i64 %41) #83 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %66 %46 = trunc i64 %41 to i32 %47 = tail call i32 bitcast (i32 (%struct.mm_struct*, i64, i8*, i32, i32)* @access_remote_vm to i32 (%struct.mm_struct.176084*, i64, i8*, i32, i32)*)(%struct.mm_struct.176084* nonnull %8, i64 %38, i8* nonnull %13, i32 %46, i32 %33) #83 Function:access_remote_vm %6 = tail call i32 @__access_remote_vm(%struct.mm_struct* %0, i64 %1, i8* %2, i32 %3, i32 %4) #83 Function:__access_remote_vm %6 = alloca %struct.vm_area_struct*, align 8 %7 = alloca %struct.page*, align 8 %8 = bitcast %struct.vm_area_struct** %6 to i8* %9 = and i32 %4, 1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__access_remote_vm, %10)) #6 to label %11 [label %10], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %13 = tail call i32 @down_read_killable(%struct.rw_semaphore* %12) #83 Function:down_read_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 ksys_shmdt 2 compat_ksys_ipc 3 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #83 Function:compat_ksys_ipc %7 = alloca %struct.static_call_site, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %101 = zext i32 %4 to i64 %102 = inttoptr i64 %101 to i8* %103 = tail call i64 @ksys_shmdt(i8* %102) #83 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 47 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 8 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %5, i64 0, i32 0, i32 17 %13 = tail call i32 @down_write_killable(%struct.rw_semaphore* %12) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 ksys_shmdt 2 __ia32_sys_shmdt ------------- Path:  Function:__ia32_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = inttoptr i64 %4 to i8* %6 = tail call i64 @ksys_shmdt(i8* %5) #83 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 47 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 8 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %5, i64 0, i32 0, i32 17 %13 = tail call i32 @down_write_killable(%struct.rw_semaphore* %12) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 ksys_shmdt 2 __x64_sys_shmdt ------------- Path:  Function:__x64_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = tail call i64 @ksys_shmdt(i8* %4) #83 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 47 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 8 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %5, i64 0, i32 0, i32 17 %13 = tail call i32 @down_write_killable(%struct.rw_semaphore* %12) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 dump_vma_snapshot 2 elf_core_dump.18500 ------------- Path:  Function:elf_core_dump.18500 %2 = alloca %struct.perf_branch_entry, align 8 %3 = alloca i8*, align 8 %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.elf32_hdr, align 4 %7 = alloca %struct.elf_note_info.167938, align 8 %8 = alloca %struct.sched_info*, align 8 %9 = alloca %struct.efi_info, align 4 %10 = bitcast i32* %4 to i8* %11 = bitcast i64* %5 to i8* %12 = getelementptr inbounds %struct.elf32_hdr, %struct.elf32_hdr* %6, i64 0, i32 0, i64 0 %13 = bitcast %struct.elf_note_info.167938* %7 to i8* %14 = bitcast %struct.sched_info** %8 to i8* %15 = call i32 bitcast (i32 (%struct.coredump_params.169047*, i32*, %struct.sched_info**, i64*)* @dump_vma_snapshot to i32 (%struct.coredump_params*, i32*, %struct.sched_info**, i64*)*)(%struct.coredump_params* %0, i32* nonnull %4, %struct.sched_info** nonnull %8, i64* nonnull %5) #83 Function:dump_vma_snapshot %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.169153** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.169153**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.169153* %7 = getelementptr inbounds %struct.task_struct.169153, %struct.task_struct.169153* %6, i64 0, i32 47 %8 = load %struct.mm_struct.169058*, %struct.mm_struct.169058** %7, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@dump_vma_snapshot, %9)) #6 to label %10 [label %9], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.169058*, i1)*)(%struct.mm_struct.169058* %8, i1 zeroext true) #83 br label %10 %11 = getelementptr inbounds %struct.mm_struct.169058, %struct.mm_struct.169058* %8, i64 0, i32 0, i32 17 %12 = tail call i32 @down_write_killable(%struct.rw_semaphore* %11) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 dump_vma_snapshot 2 elf_core_dump ------------- Path:  Function:elf_core_dump %2 = alloca %struct.perf_branch_entry, align 8 %3 = alloca i8*, align 8 %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.elf64_hdr, align 8 %7 = alloca %struct.elf_note_info, align 8 %8 = alloca %struct.sched_info*, align 8 %9 = alloca %struct.elf64_phdr, align 8 %10 = bitcast i32* %4 to i8* %11 = bitcast i64* %5 to i8* %12 = getelementptr inbounds %struct.elf64_hdr, %struct.elf64_hdr* %6, i64 0, i32 0, i64 0 %13 = bitcast %struct.elf_note_info* %7 to i8* %14 = bitcast %struct.sched_info** %8 to i8* %15 = call i32 bitcast (i32 (%struct.coredump_params.169047*, i32*, %struct.sched_info**, i64*)* @dump_vma_snapshot to i32 (%struct.coredump_params*, i32*, %struct.sched_info**, i64*)*)(%struct.coredump_params* %0, i32* nonnull %4, %struct.sched_info** nonnull %8, i64* nonnull %5) #83 Function:dump_vma_snapshot %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.169153** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.169153**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.169153* %7 = getelementptr inbounds %struct.task_struct.169153, %struct.task_struct.169153* %6, i64 0, i32 47 %8 = load %struct.mm_struct.169058*, %struct.mm_struct.169058** %7, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@dump_vma_snapshot, %9)) #6 to label %10 [label %9], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.169058*, i1)*)(%struct.mm_struct.169058* %8, i1 zeroext true) #83 br label %10 %11 = getelementptr inbounds %struct.mm_struct.169058, %struct.mm_struct.169058* %8, i64 0, i32 0, i32 17 %12 = tail call i32 @down_write_killable(%struct.rw_semaphore* %11) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 do_madvise 2 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #83 br label %32 %33 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %34 = tail call i32 @down_write_killable(%struct.rw_semaphore* %33) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 do_madvise 2 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #83 br label %32 %33 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %34 = tail call i32 @down_write_killable(%struct.rw_semaphore* %33) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 __do_sys_mremap 2 __ia32_sys_mremap ------------- Path:  Function:__ia32_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_mremap(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__do_sys_mremap %6 = alloca i8, align 1 %7 = alloca %struct.list_head, align 8 %8 = alloca %struct.list_head, align 8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131842** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131842**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.131842* %11 = getelementptr inbounds %struct.task_struct.131842, %struct.task_struct.131842* %10, i64 0, i32 47 %12 = load %struct.mm_struct.131735*, %struct.mm_struct.131735** %11, align 8 store i8 0, i8* %6, align 1 %13 = bitcast %struct.list_head* %7 to i8* %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store %struct.list_head* %7, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 1 store %struct.list_head* %7, %struct.list_head** %15, align 8 %16 = bitcast %struct.list_head* %8 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %18, align 8 %19 = icmp ult i64 %3, 8 br i1 %19, label %20, label %327 %21 = and i64 %3, 2 %22 = and i64 %3, 1 %23 = icmp eq i64 %22, 0 %24 = and i64 %3, 3 %25 = icmp eq i64 %24, 2 br i1 %25, label %327, label %26 %27 = and i64 %3, 4 %28 = icmp eq i64 %27, 0 br i1 %28, label %33, label %29 %30 = icmp ne i64 %22, 0 %31 = icmp eq i64 %1, %2 %32 = and i1 %31, %30 br i1 %32, label %33, label %327 %34 = and i64 %0, 4095 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %327 %37 = add i64 %1, 4095 %38 = and i64 %37, -4096 %39 = add i64 %2, 4095 %40 = and i64 %39, -4096 %41 = icmp eq i64 %40, 0 br i1 %41, label %327, label %42 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %43)) #6 to label %44 [label %43], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131735*, i1)*)(%struct.mm_struct.131735* %12, i1 zeroext true) #83 br label %44 %45 = getelementptr inbounds %struct.mm_struct.131735, %struct.mm_struct.131735* %12, i64 0, i32 0, i32 17 %46 = call i32 @down_write_killable(%struct.rw_semaphore* %45) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 __do_sys_mremap 2 __x64_sys_mremap ------------- Path:  Function:__x64_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_mremap(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__do_sys_mremap %6 = alloca i8, align 1 %7 = alloca %struct.list_head, align 8 %8 = alloca %struct.list_head, align 8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131842** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131842**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.131842* %11 = getelementptr inbounds %struct.task_struct.131842, %struct.task_struct.131842* %10, i64 0, i32 47 %12 = load %struct.mm_struct.131735*, %struct.mm_struct.131735** %11, align 8 store i8 0, i8* %6, align 1 %13 = bitcast %struct.list_head* %7 to i8* %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store %struct.list_head* %7, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 1 store %struct.list_head* %7, %struct.list_head** %15, align 8 %16 = bitcast %struct.list_head* %8 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %18, align 8 %19 = icmp ult i64 %3, 8 br i1 %19, label %20, label %327 %21 = and i64 %3, 2 %22 = and i64 %3, 1 %23 = icmp eq i64 %22, 0 %24 = and i64 %3, 3 %25 = icmp eq i64 %24, 2 br i1 %25, label %327, label %26 %27 = and i64 %3, 4 %28 = icmp eq i64 %27, 0 br i1 %28, label %33, label %29 %30 = icmp ne i64 %22, 0 %31 = icmp eq i64 %1, %2 %32 = and i1 %31, %30 br i1 %32, label %33, label %327 %34 = and i64 %0, 4095 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %327 %37 = add i64 %1, 4095 %38 = and i64 %37, -4096 %39 = add i64 %2, 4095 %40 = and i64 %39, -4096 %41 = icmp eq i64 %40, 0 br i1 %41, label %327, label %42 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %43)) #6 to label %44 [label %43], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131735*, i1)*)(%struct.mm_struct.131735* %12, i1 zeroext true) #83 br label %44 %45 = getelementptr inbounds %struct.mm_struct.131735, %struct.mm_struct.131735* %12, i64 0, i32 0, i32 17 %46 = call i32 @down_write_killable(%struct.rw_semaphore* %45) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 do_mprotect_pkey 2 __ia32_sys_mprotect ------------- Path:  Function:__ia32_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 -1) #83 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131375*, align 8 %6 = bitcast %struct.vm_area_struct.131375** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 56 %10 = load i32, i32* %9, align 16 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %168 %23 = icmp eq i64 %1, 0 br i1 %23, label %168, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %168 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %168 %32 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %33 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %32, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %33, i1 zeroext true) #83 br label %35 %36 = getelementptr inbounds %struct.mm_struct.131386, %struct.mm_struct.131386* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 do_mprotect_pkey 2 __ia32_sys_pkey_mprotect ------------- Path:  Function:__ia32_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 %13) #83 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131375*, align 8 %6 = bitcast %struct.vm_area_struct.131375** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 56 %10 = load i32, i32* %9, align 16 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %168 %23 = icmp eq i64 %1, 0 br i1 %23, label %168, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %168 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %168 %32 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %33 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %32, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %33, i1 zeroext true) #83 br label %35 %36 = getelementptr inbounds %struct.mm_struct.131386, %struct.mm_struct.131386* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 do_mprotect_pkey 2 __x64_sys_mprotect ------------- Path:  Function:__x64_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 -1) #83 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131375*, align 8 %6 = bitcast %struct.vm_area_struct.131375** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 56 %10 = load i32, i32* %9, align 16 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %168 %23 = icmp eq i64 %1, 0 br i1 %23, label %168, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %168 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %168 %32 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %33 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %32, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %33, i1 zeroext true) #83 br label %35 %36 = getelementptr inbounds %struct.mm_struct.131386, %struct.mm_struct.131386* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 do_mprotect_pkey 2 __x64_sys_pkey_mprotect ------------- Path:  Function:__x64_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 %10) #83 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131375*, align 8 %6 = bitcast %struct.vm_area_struct.131375** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 56 %10 = load i32, i32* %9, align 16 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %168 %23 = icmp eq i64 %1, 0 br i1 %23, label %168, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %168 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %168 %32 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %33 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %32, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %33, i1 zeroext true) #83 br label %35 %36 = getelementptr inbounds %struct.mm_struct.131386, %struct.mm_struct.131386* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 __do_sys_brk 2 __ia32_sys_brk ------------- Path:  Function:__ia32_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__do_sys_brk(i64 %4) #83 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 47 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %6, i64 0, i32 0, i32 17 %13 = call i32 @down_write_killable(%struct.rw_semaphore* %12) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 __do_sys_brk 2 __x64_sys_brk ------------- Path:  Function:__x64_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__do_sys_brk(i64 %3) #83 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 47 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %6, i64 0, i32 0, i32 17 %13 = call i32 @down_write_killable(%struct.rw_semaphore* %12) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 __do_sys_remap_file_pages 2 __ia32_sys_remap_file_pages ------------- Path:  Function:__ia32_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 8 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #84 br label %31 %32 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %10, i64 0, i32 0, i32 17 %33 = tail call i32 @down_write_killable(%struct.rw_semaphore* %32) #84 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 __do_sys_remap_file_pages 2 __x64_sys_remap_file_pages ------------- Path:  Function:__x64_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 8 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #84 br label %31 %32 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %10, i64 0, i32 0, i32 17 %33 = tail call i32 @down_write_killable(%struct.rw_semaphore* %32) #84 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 do_mlock 2 __ia32_sys_mlock ------------- Path:  Function:__ia32_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i32 @do_mlock(i64 %4, i64 %7, i64 8192) #83 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130092* %6 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 104 %7 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 %8 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %7, i64 0, i32 50, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #83 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 br label %15 %16 = phi %struct.signal_struct.130035* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %16, i64 0, i32 50, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 47 %26 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %25, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %26, i1 zeroext true) #83 br label %28 %29 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 do_mlock 2 __ia32_sys_mlock2 ------------- Path:  Function:__ia32_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %17 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = icmp eq i32 %4, 0 %14 = select i1 %13, i64 8192, i64 532480 %15 = tail call fastcc i32 @do_mlock(i64 %12, i64 %9, i64 %14) #83 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130092* %6 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 104 %7 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 %8 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %7, i64 0, i32 50, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #83 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 br label %15 %16 = phi %struct.signal_struct.130035* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %16, i64 0, i32 50, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 47 %26 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %25, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %26, i1 zeroext true) #83 br label %28 %29 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 do_mlock 2 __x64_sys_mlock ------------- Path:  Function:__x64_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i32 @do_mlock(i64 %3, i64 %5, i64 8192) #83 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130092* %6 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 104 %7 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 %8 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %7, i64 0, i32 50, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #83 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 br label %15 %16 = phi %struct.signal_struct.130035* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %16, i64 0, i32 50, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 47 %26 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %25, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %26, i1 zeroext true) #83 br label %28 %29 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 do_mlock 2 __x64_sys_mlock2 ------------- Path:  Function:__x64_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %15 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = icmp eq i32 %4, 0 %12 = select i1 %11, i64 8192, i64 532480 %13 = tail call fastcc i32 @do_mlock(i64 %10, i64 %8, i64 %12) #83 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130092* %6 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 104 %7 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 %8 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %7, i64 0, i32 50, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #83 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 br label %15 %16 = phi %struct.signal_struct.130035* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %16, i64 0, i32 50, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 47 %26 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %25, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %26, i1 zeroext true) #83 br label %28 %29 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 __do_sys_mlockall 2 __ia32_sys_mlockall ------------- Path:  Function:__ia32_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #83 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.130092* %10 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %9, i64 0, i32 104 %11 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %10, align 8 %12 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %11, i64 0, i32 50, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #83 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %10, align 8 br label %19 %20 = phi %struct.signal_struct.130035* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %20, i64 0, i32 50, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %9, i64 0, i32 47 %25 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %24, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %25, i1 zeroext true) #83 br label %27 %28 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %25, i64 0, i32 0, i32 17 %29 = tail call i32 @down_write_killable(%struct.rw_semaphore* %28) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 __do_sys_mlockall 2 __x64_sys_mlockall ------------- Path:  Function:__x64_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #83 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.130092* %10 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %9, i64 0, i32 104 %11 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %10, align 8 %12 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %11, i64 0, i32 50, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #83 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %10, align 8 br label %19 %20 = phi %struct.signal_struct.130035* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %20, i64 0, i32 50, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %9, i64 0, i32 47 %25 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %24, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %25, i1 zeroext true) #83 br label %27 %28 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %25, i64 0, i32 0, i32 17 %29 = tail call i32 @down_write_killable(%struct.rw_semaphore* %28) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 __do_sys_munlock 2 __ia32_sys_munlock ------------- Path:  Function:__ia32_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__do_sys_munlock(i64 %4, i64 %7) #83 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130092* %5 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %4, i64 0, i32 47 %6 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %5, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %6, i1 zeroext true) #83 br label %8 %9 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %6, i64 0, i32 0, i32 17 %10 = tail call i32 @down_write_killable(%struct.rw_semaphore* %9) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 __do_sys_munlock 2 __x64_sys_munlock ------------- Path:  Function:__x64_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__do_sys_munlock(i64 %3, i64 %5) #83 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130092* %5 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %4, i64 0, i32 47 %6 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %5, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %6, i1 zeroext true) #83 br label %8 %9 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %6, i64 0, i32 0, i32 17 %10 = tail call i32 @down_write_killable(%struct.rw_semaphore* %9) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 __do_sys_munlockall ------------- Path:  Function:__do_sys_munlockall %2 = alloca %struct.vm_area_struct.129974*, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130092* %5 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %4, i64 0, i32 47 %6 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %5, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlockall, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %6, i1 zeroext true) #83 br label %8 %9 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %6, i64 0, i32 0, i32 17 %10 = tail call i32 @down_write_killable(%struct.rw_semaphore* %9) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 write_ldt 2 __se_sys_modify_ldt 3 __ia32_sys_modify_ldt ------------- Path:  Function:__ia32_sys_modify_ldt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_modify_ldt(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_modify_ldt %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to i8* switch i32 %4, label %50 [ i32 0, label %6 i32 1, label %39 i32 2, label %41 i32 17, label %48 ] %49 = tail call fastcc i32 @write_ldt(i8* %5, i64 %2, i32 0) #83 Function:write_ldt %4 = alloca i64, align 8 %5 = alloca %struct.spinlock*, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.user_desc, align 4 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 47 %11 = load %struct.mm_struct*, %struct.mm_struct** %10, align 8 %12 = bitcast %struct.user_desc* %7 to i8* %13 = icmp eq i64 %1, 16 br i1 %13, label %14, label %267 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %0, i64 16) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %267 %18 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp ugt i32 %19, 8191 br i1 %20, label %267, label %21 %22 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 3 %23 = load i8, i8* %22, align 4 %24 = and i8 %23, 6 %25 = icmp eq i8 %24, 6 br i1 %25, label %26, label %31 %27 = icmp ne i32 %2, 0 %28 = and i8 %23, 32 %29 = icmp eq i8 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %267, label %41 %42 = phi i1 [ false, %37 ], [ false, %33 ], [ true, %31 ], [ true, %26 ] %43 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %44, 0 %46 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 2 %47 = load i32, i32* %46, align 4 br i1 %45, label %48, label %53 %49 = icmp eq i32 %47, 0 %50 = and i8 %23, 127 %51 = icmp eq i8 %50, 40 %52 = and i1 %51, %49 br i1 %52, label %97, label %53 %98 = phi i64 [ 0, %37 ], [ %92, %53 ], [ 0, %48 ] %99 = phi i64 [ 0, %37 ], [ %94, %53 ], [ 0, %48 ] %100 = phi i64 [ 0, %37 ], [ %96, %53 ], [ 0, %48 ] %101 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %11, i64 0, i32 0, i32 44, i32 2 %102 = call i32 @down_write_killable(%struct.rw_semaphore* %101) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 write_ldt 2 __se_sys_modify_ldt 3 __x64_sys_modify_ldt ------------- Path:  Function:__x64_sys_modify_ldt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_modify_ldt(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_modify_ldt %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to i8* switch i32 %4, label %50 [ i32 0, label %6 i32 1, label %39 i32 2, label %41 i32 17, label %48 ] %49 = tail call fastcc i32 @write_ldt(i8* %5, i64 %2, i32 0) #83 Function:write_ldt %4 = alloca i64, align 8 %5 = alloca %struct.spinlock*, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.user_desc, align 4 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 47 %11 = load %struct.mm_struct*, %struct.mm_struct** %10, align 8 %12 = bitcast %struct.user_desc* %7 to i8* %13 = icmp eq i64 %1, 16 br i1 %13, label %14, label %267 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %0, i64 16) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %267 %18 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp ugt i32 %19, 8191 br i1 %20, label %267, label %21 %22 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 3 %23 = load i8, i8* %22, align 4 %24 = and i8 %23, 6 %25 = icmp eq i8 %24, 6 br i1 %25, label %26, label %31 %27 = icmp ne i32 %2, 0 %28 = and i8 %23, 32 %29 = icmp eq i8 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %267, label %41 %42 = phi i1 [ false, %37 ], [ false, %33 ], [ true, %31 ], [ true, %26 ] %43 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %44, 0 %46 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 2 %47 = load i32, i32* %46, align 4 br i1 %45, label %48, label %53 %49 = icmp eq i32 %47, 0 %50 = and i8 %23, 127 %51 = icmp eq i8 %50, 40 %52 = and i1 %51, %49 br i1 %52, label %97, label %53 %98 = phi i64 [ 0, %37 ], [ %92, %53 ], [ 0, %48 ] %99 = phi i64 [ 0, %37 ], [ %94, %53 ], [ 0, %48 ] %100 = phi i64 [ 0, %37 ], [ %96, %53 ], [ 0, %48 ] %101 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %11, i64 0, i32 0, i32 44, i32 2 %102 = call i32 @down_write_killable(%struct.rw_semaphore* %101) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 __do_sys_prctl 2 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #83 br label %188 %189 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %186, i64 0, i32 0, i32 17 %190 = tail call i32 @down_write_killable(%struct.rw_semaphore* %189) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 down_write_killable 1 __do_sys_prctl 2 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #83 br label %188 %189 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %186, i64 0, i32 0, i32 17 %190 = tail call i32 @down_write_killable(%struct.rw_semaphore* %189) #83 Function:down_write_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __mutex_lock 1 __mutex_lock_killable_slowpath 2 mutex_lock_killable 3 mac_hid_toggle_emumouse ------------- Path:  Function:mac_hid_toggle_emumouse %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @mac_hid_emumouse_mutex) #83 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = getelementptr inbounds %struct.mutex, %struct.mutex* %0, i64 0, i32 0, i32 0 %5 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4, i64 0) #6, !srcloc !5 %6 = extractvalue { i8, i64 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %11 %10 = tail call fastcc i32 @__mutex_lock_killable_slowpath(%struct.mutex* %0) #84 Function:__mutex_lock_killable_slowpath %2 = tail call fastcc i32 @__mutex_lock(%struct.mutex* %0, i32 258) #83 Function:__mutex_lock %3 = alloca %struct.mutex_waiter, align 8 %4 = bitcast %struct.mutex_waiter* %3 to i8* %5 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __mutex_lock 1 __mutex_lock_killable_slowpath 2 mutex_lock_killable 3 lo_open ------------- Path:  Function:lo_open %3 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %4 = load %struct.gendisk.604060*, %struct.gendisk.604060** %3, align 8 %5 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %4, i64 0, i32 10 %6 = bitcast i8** %5 to %struct.loop_device** %7 = load %struct.loop_device*, %struct.loop_device** %6, align 8 %8 = getelementptr inbounds %struct.loop_device, %struct.loop_device* %7, i64 0, i32 23 %9 = tail call i32 @mutex_lock_killable(%struct.mutex* %8) #83 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = getelementptr inbounds %struct.mutex, %struct.mutex* %0, i64 0, i32 0, i32 0 %5 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4, i64 0) #6, !srcloc !5 %6 = extractvalue { i8, i64 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %11 %10 = tail call fastcc i32 @__mutex_lock_killable_slowpath(%struct.mutex* %0) #84 Function:__mutex_lock_killable_slowpath %2 = tail call fastcc i32 @__mutex_lock(%struct.mutex* %0, i32 258) #83 Function:__mutex_lock %3 = alloca %struct.mutex_waiter, align 8 %4 = bitcast %struct.mutex_waiter* %3 to i8* %5 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __mutex_lock 1 __mutex_lock_killable_slowpath 2 mutex_lock_killable 3 lo_ioctl 4 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %8 = load %struct.gendisk.604060*, %struct.gendisk.604060** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.604038* %0, i32 %1, i32 %2, i64 %35) #84 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %14 = load %struct.gendisk.604060*, %struct.gendisk.604060** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %332 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %262 i32 19460, label %300 i32 19461, label %314 i32 19463, label %327 i32 19464, label %327 i32 19465, label %327 ] %328 = and i32 %1, 2 %329 = icmp eq i32 %328, 0 br i1 %329, label %330, label %332 %333 = getelementptr inbounds %struct.loop_device, %struct.loop_device* %17, i64 0, i32 23 %334 = tail call i32 @mutex_lock_killable(%struct.mutex* %333) #84 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = getelementptr inbounds %struct.mutex, %struct.mutex* %0, i64 0, i32 0, i32 0 %5 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4, i64 0) #6, !srcloc !5 %6 = extractvalue { i8, i64 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %11 %10 = tail call fastcc i32 @__mutex_lock_killable_slowpath(%struct.mutex* %0) #84 Function:__mutex_lock_killable_slowpath %2 = tail call fastcc i32 @__mutex_lock(%struct.mutex* %0, i32 258) #83 Function:__mutex_lock %3 = alloca %struct.mutex_waiter, align 8 %4 = bitcast %struct.mutex_waiter* %3 to i8* %5 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __mutex_lock 1 __mutex_lock_killable_slowpath 2 mutex_lock_killable 3 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %14 = load %struct.gendisk.604060*, %struct.gendisk.604060** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %332 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %262 i32 19460, label %300 i32 19461, label %314 i32 19463, label %327 i32 19464, label %327 i32 19465, label %327 ] %328 = and i32 %1, 2 %329 = icmp eq i32 %328, 0 br i1 %329, label %330, label %332 %333 = getelementptr inbounds %struct.loop_device, %struct.loop_device* %17, i64 0, i32 23 %334 = tail call i32 @mutex_lock_killable(%struct.mutex* %333) #84 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = getelementptr inbounds %struct.mutex, %struct.mutex* %0, i64 0, i32 0, i32 0 %5 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4, i64 0) #6, !srcloc !5 %6 = extractvalue { i8, i64 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %11 %10 = tail call fastcc i32 @__mutex_lock_killable_slowpath(%struct.mutex* %0) #84 Function:__mutex_lock_killable_slowpath %2 = tail call fastcc i32 @__mutex_lock(%struct.mutex* %0, i32 258) #83 Function:__mutex_lock %3 = alloca %struct.mutex_waiter, align 8 %4 = bitcast %struct.mutex_waiter* %3 to i8* %5 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __mutex_lock 1 __mutex_lock_killable_slowpath 2 mutex_lock_killable 3 loop_control_ioctl ------------- Path:  Function:loop_control_ioctl %4 = alloca i32, align 4 switch i32 %1, label %89 [ i32 19584, label %5 i32 19585, label %9 i32 19586, label %60 ] %61 = bitcast i32* %4 to i8* %62 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #85 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = getelementptr inbounds %struct.mutex, %struct.mutex* %0, i64 0, i32 0, i32 0 %5 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4, i64 0) #6, !srcloc !5 %6 = extractvalue { i8, i64 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %11 %10 = tail call fastcc i32 @__mutex_lock_killable_slowpath(%struct.mutex* %0) #84 Function:__mutex_lock_killable_slowpath %2 = tail call fastcc i32 @__mutex_lock(%struct.mutex* %0, i32 258) #83 Function:__mutex_lock %3 = alloca %struct.mutex_waiter, align 8 %4 = bitcast %struct.mutex_waiter* %3 to i8* %5 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __mutex_lock 1 __mutex_lock_killable_slowpath 2 mutex_lock_killable 3 loop_control_ioctl ------------- Path:  Function:loop_control_ioctl %4 = alloca i32, align 4 switch i32 %1, label %89 [ i32 19584, label %5 i32 19585, label %9 i32 19586, label %60 ] %61 = bitcast i32* %4 to i8* %62 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #85 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = getelementptr inbounds %struct.mutex, %struct.mutex* %0, i64 0, i32 0, i32 0 %5 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4, i64 0) #6, !srcloc !5 %6 = extractvalue { i8, i64 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %11 %10 = tail call fastcc i32 @__mutex_lock_killable_slowpath(%struct.mutex* %0) #84 Function:__mutex_lock_killable_slowpath %2 = tail call fastcc i32 @__mutex_lock(%struct.mutex* %0, i32 258) #83 Function:__mutex_lock %3 = alloca %struct.mutex_waiter, align 8 %4 = bitcast %struct.mutex_waiter* %3 to i8* %5 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __mutex_lock 1 __mutex_lock_killable_slowpath 2 mutex_lock_killable 3 pci_vpd_read 4 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 br i1 %8, label %9, label %91 %10 = icmp slt i64 %1, 0 br i1 %10, label %91, label %11 br i1 %4, label %12, label %16 %17 = phi i64 [ %15, %12 ], [ 32768, %11 ] %18 = icmp sgt i64 %17, %1 br i1 %18, label %19, label %91 %20 = icmp sgt i64 %7, %17 %21 = sub nsw i64 %17, %1 %22 = select i1 %20, i64 %21, i64 %2 %23 = select i1 %20, i64 %17, i64 %7 %24 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 0 %25 = tail call i32 @mutex_lock_killable(%struct.mutex* %24) #84 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = getelementptr inbounds %struct.mutex, %struct.mutex* %0, i64 0, i32 0, i32 0 %5 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4, i64 0) #6, !srcloc !5 %6 = extractvalue { i8, i64 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %11 %10 = tail call fastcc i32 @__mutex_lock_killable_slowpath(%struct.mutex* %0) #84 Function:__mutex_lock_killable_slowpath %2 = tail call fastcc i32 @__mutex_lock(%struct.mutex* %0, i32 258) #83 Function:__mutex_lock %3 = alloca %struct.mutex_waiter, align 8 %4 = bitcast %struct.mutex_waiter* %3 to i8* %5 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __mutex_lock 1 __mutex_lock_killable_slowpath 2 mutex_lock_killable 3 pci_vpd_read 4 pci_vpd_available 5 pci_vpd_write 6 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_write %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %58 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %0, i64 %45, i64 2, i8* %18, i1 zeroext false) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 br i1 %8, label %9, label %91 %10 = icmp slt i64 %1, 0 br i1 %10, label %91, label %11 br i1 %4, label %12, label %16 %17 = phi i64 [ %15, %12 ], [ 32768, %11 ] %18 = icmp sgt i64 %17, %1 br i1 %18, label %19, label %91 %20 = icmp sgt i64 %7, %17 %21 = sub nsw i64 %17, %1 %22 = select i1 %20, i64 %21, i64 %2 %23 = select i1 %20, i64 %17, i64 %7 %24 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 0 %25 = tail call i32 @mutex_lock_killable(%struct.mutex* %24) #84 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = getelementptr inbounds %struct.mutex, %struct.mutex* %0, i64 0, i32 0, i32 0 %5 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4, i64 0) #6, !srcloc !5 %6 = extractvalue { i8, i64 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %11 %10 = tail call fastcc i32 @__mutex_lock_killable_slowpath(%struct.mutex* %0) #84 Function:__mutex_lock_killable_slowpath %2 = tail call fastcc i32 @__mutex_lock(%struct.mutex* %0, i32 258) #83 Function:__mutex_lock %3 = alloca %struct.mutex_waiter, align 8 %4 = bitcast %struct.mutex_waiter* %3 to i8* %5 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mutex_lock_killable 1 mac_hid_toggle_emumouse ------------- Path:  Function:mac_hid_toggle_emumouse %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @mac_hid_emumouse_mutex) #83 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mutex_lock_killable 1 lo_open ------------- Path:  Function:lo_open %3 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %4 = load %struct.gendisk.604060*, %struct.gendisk.604060** %3, align 8 %5 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %4, i64 0, i32 10 %6 = bitcast i8** %5 to %struct.loop_device** %7 = load %struct.loop_device*, %struct.loop_device** %6, align 8 %8 = getelementptr inbounds %struct.loop_device, %struct.loop_device* %7, i64 0, i32 23 %9 = tail call i32 @mutex_lock_killable(%struct.mutex* %8) #83 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mutex_lock_killable 1 lo_ioctl 2 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %8 = load %struct.gendisk.604060*, %struct.gendisk.604060** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.604038* %0, i32 %1, i32 %2, i64 %35) #84 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %14 = load %struct.gendisk.604060*, %struct.gendisk.604060** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %332 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %262 i32 19460, label %300 i32 19461, label %314 i32 19463, label %327 i32 19464, label %327 i32 19465, label %327 ] %328 = and i32 %1, 2 %329 = icmp eq i32 %328, 0 br i1 %329, label %330, label %332 %333 = getelementptr inbounds %struct.loop_device, %struct.loop_device* %17, i64 0, i32 23 %334 = tail call i32 @mutex_lock_killable(%struct.mutex* %333) #84 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mutex_lock_killable 1 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %14 = load %struct.gendisk.604060*, %struct.gendisk.604060** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %332 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %262 i32 19460, label %300 i32 19461, label %314 i32 19463, label %327 i32 19464, label %327 i32 19465, label %327 ] %328 = and i32 %1, 2 %329 = icmp eq i32 %328, 0 br i1 %329, label %330, label %332 %333 = getelementptr inbounds %struct.loop_device, %struct.loop_device* %17, i64 0, i32 23 %334 = tail call i32 @mutex_lock_killable(%struct.mutex* %333) #84 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mutex_lock_killable 1 loop_control_ioctl ------------- Path:  Function:loop_control_ioctl %4 = alloca i32, align 4 switch i32 %1, label %89 [ i32 19584, label %5 i32 19585, label %9 i32 19586, label %60 ] %61 = bitcast i32* %4 to i8* %62 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #85 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mutex_lock_killable 1 loop_control_ioctl ------------- Path:  Function:loop_control_ioctl %4 = alloca i32, align 4 switch i32 %1, label %89 [ i32 19584, label %5 i32 19585, label %9 i32 19586, label %60 ] %61 = bitcast i32* %4 to i8* %62 = tail call i32 @mutex_lock_killable(%struct.mutex* nonnull @loop_ctl_mutex) #85 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mutex_lock_killable 1 pci_vpd_read 2 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 br i1 %8, label %9, label %91 %10 = icmp slt i64 %1, 0 br i1 %10, label %91, label %11 br i1 %4, label %12, label %16 %17 = phi i64 [ %15, %12 ], [ 32768, %11 ] %18 = icmp sgt i64 %17, %1 br i1 %18, label %19, label %91 %20 = icmp sgt i64 %7, %17 %21 = sub nsw i64 %17, %1 %22 = select i1 %20, i64 %21, i64 %2 %23 = select i1 %20, i64 %17, i64 %7 %24 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 0 %25 = tail call i32 @mutex_lock_killable(%struct.mutex* %24) #84 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 mutex_lock_killable 1 pci_vpd_read 2 pci_vpd_available 3 pci_vpd_write 4 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_write %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %58 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %0, i64 %45, i64 2, i8* %18, i1 zeroext false) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 br i1 %8, label %9, label %91 %10 = icmp slt i64 %1, 0 br i1 %10, label %91, label %11 br i1 %4, label %12, label %16 %17 = phi i64 [ %15, %12 ], [ 32768, %11 ] %18 = icmp sgt i64 %17, %1 br i1 %18, label %19, label %91 %20 = icmp sgt i64 %7, %17 %21 = sub nsw i64 %17, %1 %22 = select i1 %20, i64 %21, i64 %2 %23 = select i1 %20, i64 %17, i64 %7 %24 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 0 %25 = tail call i32 @mutex_lock_killable(%struct.mutex* %24) #84 Function:mutex_lock_killable %2 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ww_mutex_lock 1 dma_buf_poll ------------- Path:  Function:dma_buf_poll %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.dma_buf** %5 = load %struct.dma_buf*, %struct.dma_buf** %4, align 8 %6 = icmp eq %struct.dma_buf* %5, null br i1 %6, label %112, label %7 %8 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %5, i64 0, i32 13 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = icmp eq %struct.dma_resv* %9, null br i1 %10, label %112, label %11 %12 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %5, i64 0, i32 14 %13 = icmp eq %struct.poll_table_struct* %1, null br i1 %13, label %26, label %14 %27 = phi i32 [ %24, %21 ], [ 5, %11 ] %28 = phi i32 [ %23, %21 ], [ -1, %11 ] %29 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %9, i64 0, i32 0 %30 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %29, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ww_mutex_lock 1 i915_gem_object_set_tiling 2 i915_gem_set_tiling_ioctl ------------- Path:  Function:i915_gem_set_tiling_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.426623* %5 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %4, i64 0, i32 67, i32 12 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %149, label %8 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.426638* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = getelementptr inbounds i8, i8* %13, i64 440 %42 = bitcast i8* %41 to %struct.drm_i915_gem_object_ops.426626** %43 = load %struct.drm_i915_gem_object_ops.426626*, %struct.drm_i915_gem_object_ops.426626** %42, align 8 %44 = getelementptr inbounds %struct.drm_i915_gem_object_ops.426626, %struct.drm_i915_gem_object_ops.426626* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %138 %49 = getelementptr inbounds i8, i8* %1, i64 4 %50 = bitcast i8* %49 to i32* %51 = load i32, i32* %50, align 4 %52 = getelementptr inbounds i8, i8* %1, i64 8 %53 = bitcast i8* %52 to i32* %54 = load i32, i32* %53, align 4 %55 = getelementptr inbounds i8, i8* %13, i64 8 %56 = bitcast i8* %55 to %struct.drm_i915_private.426623** %57 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %56, align 8 %58 = icmp eq i32 %51, 0 br i1 %58, label %105, label %59 %60 = icmp ugt i32 %51, 2 br i1 %60, label %138, label %61 %62 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %57, i64 0, i32 3, i32 0 %63 = load i8, i8* %62, align 8 %64 = icmp ugt i8 %63, 6 br i1 %64, label %65, label %67 %68 = icmp ugt i8 %63, 3 br i1 %68, label %69, label %71 %72 = icmp ugt i32 %54, 8192 br i1 %72, label %138, label %73 %74 = zext i32 %54 to i64 %76 = icmp eq i64 %75, 1 br i1 %76, label %77, label %138 %78 = icmp eq i8 %63, 2 br i1 %78, label %87, label %79 %80 = icmp eq i32 %51, 2 br i1 %80, label %81, label %92 %82 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %57, i64 0, i32 4, i32 0, i64 0 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 384 %85 = icmp eq i32 %84, 0 %86 = icmp ne i32 %54, 0 br i1 %85, label %101, label %97 %98 = and i32 %54, 511 %99 = icmp eq i32 %98, 0 %100 = and i1 %86, %99 br i1 %100, label %116, label %138 %117 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 30, i32 97 %118 = bitcast i8* %117 to i32* %119 = load i32, i32* %118, align 4 %120 = getelementptr inbounds i8, i8* %1, i64 12 %121 = bitcast i8* %120 to i32* store i32 %119, i32* %121, align 4 br label %122 %123 = phi i32* [ %121, %116 ], [ %115, %110 ] %124 = phi i32 [ %119, %116 ], [ %113, %110 ] switch i32 %124, label %128 [ i32 6, label %125 i32 7, label %126 i32 5, label %127 ] %129 = phi i32 [ %54, %122 ], [ %54, %126 ], [ %54, %125 ], [ 0, %127 ], [ 0, %105 ] %130 = phi i32 [ %51, %122 ], [ %51, %126 ], [ %51, %125 ], [ 0, %127 ], [ 0, %105 ] %131 = tail call i32 @i915_gem_object_set_tiling(%struct.drm_i915_gem_object.426638* nonnull %14, i32 %130, i32 %129) #84 Function:i915_gem_object_set_tiling %4 = alloca %struct.list_head, align 8 %5 = getelementptr inbounds %struct.drm_i915_gem_object.426638, %struct.drm_i915_gem_object.426638* %0, i64 0, i32 0, i32 0, i32 0, i32 2 %6 = bitcast %struct.drm_device.373290** %5 to %struct.drm_i915_private.426623** %7 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %6, align 8 %8 = or i32 %2, %1 %9 = getelementptr inbounds %struct.drm_i915_gem_object.426638, %struct.drm_i915_gem_object.426638* %0, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %8, %10 br i1 %11, label %313, label %12 %13 = getelementptr inbounds %struct.drm_i915_gem_object.426638, %struct.drm_i915_gem_object.426638* %0, i64 0, i32 16 %14 = load volatile %struct.intel_frontbuffer.426560*, %struct.intel_frontbuffer.426560** %13, align 8 %15 = icmp eq %struct.intel_frontbuffer.426560* %14, null br i1 %15, label %16, label %313 %17 = getelementptr inbounds %struct.drm_i915_gem_object.426638, %struct.drm_i915_gem_object.426638* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %18 = load %struct.dma_resv*, %struct.dma_resv** %17, align 8 %19 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %18, i64 0, i32 0 %20 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %19, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ww_mutex_lock 1 i915_gem_object_flush_if_display 2 i915_gem_sw_finish_ioctl ------------- Path:  Function:i915_gem_sw_finish_ioctl %4 = bitcast i8* %1 to i32* %5 = load i32, i32* %4, align 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %7 = zext i32 %5 to i64 %8 = tail call i8* @idr_find(%struct.idr* %6, i64 %7) #83 %9 = bitcast i8* %8 to %struct.drm_i915_gem_object.436033* %10 = icmp eq i8* %8, null br i1 %10, label %34, label %11 %12 = bitcast i8* %8 to %struct.seqcount_spinlock* %13 = bitcast i8* %8 to i32* %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %26, label %16 %17 = phi i32 [ %24, %23 ], [ %14, %11 ] %18 = add i32 %17, 1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %13, i32 %18, i32* nonnull %13, i32 %17) #6, !srcloc !4 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %26, !prof !5, !misexpect !6 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %16 %27 = phi i32 [ 0, %11 ], [ %17, %16 ], [ 0, %23 ] %28 = add i32 %27, 1 %29 = or i32 %28, %27 %30 = icmp sgt i32 %29, -1 br i1 %30, label %32, label %31, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %12, i32 0) #83 br label %32 %33 = icmp eq i32 %27, 0 br i1 %33, label %34, label %35 tail call void @__rcu_read_unlock() #83 tail call void bitcast (void (%struct.drm_i915_gem_object.474999*)* @i915_gem_object_flush_if_display to void (%struct.drm_i915_gem_object.436033*)*)(%struct.drm_i915_gem_object.436033* nonnull %9) #83 Function:i915_gem_object_flush_if_display %2 = getelementptr inbounds %struct.drm_i915_gem_object.474999, %struct.drm_i915_gem_object.474999* %0, i64 0, i32 16 %3 = load volatile %struct.intel_frontbuffer.474989*, %struct.intel_frontbuffer.474989** %2, align 8 %4 = icmp eq %struct.intel_frontbuffer.474989* %3, null br i1 %4, label %42, label %5 %6 = getelementptr inbounds %struct.drm_i915_gem_object.474999, %struct.drm_i915_gem_object.474999* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %7 = load %struct.dma_resv*, %struct.dma_resv** %6, align 8 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %7, i64 0, i32 0 %9 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %8, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __ww_mutex_lock 1 __ww_mutex_lock_slowpath 2 ww_mutex_lock 3 dma_buf_poll ------------- Path:  Function:dma_buf_poll %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.dma_buf** %5 = load %struct.dma_buf*, %struct.dma_buf** %4, align 8 %6 = icmp eq %struct.dma_buf* %5, null br i1 %6, label %112, label %7 %8 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %5, i64 0, i32 13 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = icmp eq %struct.dma_resv* %9, null br i1 %10, label %112, label %11 %12 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %5, i64 0, i32 14 %13 = icmp eq %struct.poll_table_struct* %1, null br i1 %13, label %26, label %14 %27 = phi i32 [ %24, %21 ], [ 5, %11 ] %28 = phi i32 [ %23, %21 ], [ -1, %11 ] %29 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %9, i64 0, i32 0 %30 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %29, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock %3 = tail call i32 @__SCT__might_resched() #83 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0, i32 0, i32 0 %6 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4, i64* %5, i64 0) #6, !srcloc !5 %7 = extractvalue { i8, i64 } %6, 0 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %83, label %10 %84 = tail call fastcc i32 @__ww_mutex_lock_slowpath(%struct.ww_mutex* %0, %struct.ww_acquire_ctx* %1) #84 Function:__ww_mutex_lock_slowpath %3 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0 %4 = tail call fastcc i32 @__ww_mutex_lock(%struct.mutex* %3, i32 2, %struct.ww_acquire_ctx* %1) #83 Function:__ww_mutex_lock %4 = alloca %struct.mutex_waiter, align 8 %5 = bitcast %struct.mutex_waiter* %4 to i8* %6 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __ww_mutex_lock 1 __ww_mutex_lock_slowpath 2 ww_mutex_lock 3 i915_gem_object_set_tiling 4 i915_gem_set_tiling_ioctl ------------- Path:  Function:i915_gem_set_tiling_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.426623* %5 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %4, i64 0, i32 67, i32 12 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %149, label %8 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.426638* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = getelementptr inbounds i8, i8* %13, i64 440 %42 = bitcast i8* %41 to %struct.drm_i915_gem_object_ops.426626** %43 = load %struct.drm_i915_gem_object_ops.426626*, %struct.drm_i915_gem_object_ops.426626** %42, align 8 %44 = getelementptr inbounds %struct.drm_i915_gem_object_ops.426626, %struct.drm_i915_gem_object_ops.426626* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %138 %49 = getelementptr inbounds i8, i8* %1, i64 4 %50 = bitcast i8* %49 to i32* %51 = load i32, i32* %50, align 4 %52 = getelementptr inbounds i8, i8* %1, i64 8 %53 = bitcast i8* %52 to i32* %54 = load i32, i32* %53, align 4 %55 = getelementptr inbounds i8, i8* %13, i64 8 %56 = bitcast i8* %55 to %struct.drm_i915_private.426623** %57 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %56, align 8 %58 = icmp eq i32 %51, 0 br i1 %58, label %105, label %59 %60 = icmp ugt i32 %51, 2 br i1 %60, label %138, label %61 %62 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %57, i64 0, i32 3, i32 0 %63 = load i8, i8* %62, align 8 %64 = icmp ugt i8 %63, 6 br i1 %64, label %65, label %67 %68 = icmp ugt i8 %63, 3 br i1 %68, label %69, label %71 %72 = icmp ugt i32 %54, 8192 br i1 %72, label %138, label %73 %74 = zext i32 %54 to i64 %76 = icmp eq i64 %75, 1 br i1 %76, label %77, label %138 %78 = icmp eq i8 %63, 2 br i1 %78, label %87, label %79 %80 = icmp eq i32 %51, 2 br i1 %80, label %81, label %92 %82 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %57, i64 0, i32 4, i32 0, i64 0 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 384 %85 = icmp eq i32 %84, 0 %86 = icmp ne i32 %54, 0 br i1 %85, label %101, label %97 %98 = and i32 %54, 511 %99 = icmp eq i32 %98, 0 %100 = and i1 %86, %99 br i1 %100, label %116, label %138 %117 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 30, i32 97 %118 = bitcast i8* %117 to i32* %119 = load i32, i32* %118, align 4 %120 = getelementptr inbounds i8, i8* %1, i64 12 %121 = bitcast i8* %120 to i32* store i32 %119, i32* %121, align 4 br label %122 %123 = phi i32* [ %121, %116 ], [ %115, %110 ] %124 = phi i32 [ %119, %116 ], [ %113, %110 ] switch i32 %124, label %128 [ i32 6, label %125 i32 7, label %126 i32 5, label %127 ] %129 = phi i32 [ %54, %122 ], [ %54, %126 ], [ %54, %125 ], [ 0, %127 ], [ 0, %105 ] %130 = phi i32 [ %51, %122 ], [ %51, %126 ], [ %51, %125 ], [ 0, %127 ], [ 0, %105 ] %131 = tail call i32 @i915_gem_object_set_tiling(%struct.drm_i915_gem_object.426638* nonnull %14, i32 %130, i32 %129) #84 Function:i915_gem_object_set_tiling %4 = alloca %struct.list_head, align 8 %5 = getelementptr inbounds %struct.drm_i915_gem_object.426638, %struct.drm_i915_gem_object.426638* %0, i64 0, i32 0, i32 0, i32 0, i32 2 %6 = bitcast %struct.drm_device.373290** %5 to %struct.drm_i915_private.426623** %7 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %6, align 8 %8 = or i32 %2, %1 %9 = getelementptr inbounds %struct.drm_i915_gem_object.426638, %struct.drm_i915_gem_object.426638* %0, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %8, %10 br i1 %11, label %313, label %12 %13 = getelementptr inbounds %struct.drm_i915_gem_object.426638, %struct.drm_i915_gem_object.426638* %0, i64 0, i32 16 %14 = load volatile %struct.intel_frontbuffer.426560*, %struct.intel_frontbuffer.426560** %13, align 8 %15 = icmp eq %struct.intel_frontbuffer.426560* %14, null br i1 %15, label %16, label %313 %17 = getelementptr inbounds %struct.drm_i915_gem_object.426638, %struct.drm_i915_gem_object.426638* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %18 = load %struct.dma_resv*, %struct.dma_resv** %17, align 8 %19 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %18, i64 0, i32 0 %20 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %19, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock %3 = tail call i32 @__SCT__might_resched() #83 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0, i32 0, i32 0 %6 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4, i64* %5, i64 0) #6, !srcloc !5 %7 = extractvalue { i8, i64 } %6, 0 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %83, label %10 %84 = tail call fastcc i32 @__ww_mutex_lock_slowpath(%struct.ww_mutex* %0, %struct.ww_acquire_ctx* %1) #84 Function:__ww_mutex_lock_slowpath %3 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0 %4 = tail call fastcc i32 @__ww_mutex_lock(%struct.mutex* %3, i32 2, %struct.ww_acquire_ctx* %1) #83 Function:__ww_mutex_lock %4 = alloca %struct.mutex_waiter, align 8 %5 = bitcast %struct.mutex_waiter* %4 to i8* %6 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __ww_mutex_lock 1 __ww_mutex_lock_slowpath 2 ww_mutex_lock 3 i915_gem_object_flush_if_display 4 i915_gem_sw_finish_ioctl ------------- Path:  Function:i915_gem_sw_finish_ioctl %4 = bitcast i8* %1 to i32* %5 = load i32, i32* %4, align 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %7 = zext i32 %5 to i64 %8 = tail call i8* @idr_find(%struct.idr* %6, i64 %7) #83 %9 = bitcast i8* %8 to %struct.drm_i915_gem_object.436033* %10 = icmp eq i8* %8, null br i1 %10, label %34, label %11 %12 = bitcast i8* %8 to %struct.seqcount_spinlock* %13 = bitcast i8* %8 to i32* %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %26, label %16 %17 = phi i32 [ %24, %23 ], [ %14, %11 ] %18 = add i32 %17, 1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %13, i32 %18, i32* nonnull %13, i32 %17) #6, !srcloc !4 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %26, !prof !5, !misexpect !6 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %16 %27 = phi i32 [ 0, %11 ], [ %17, %16 ], [ 0, %23 ] %28 = add i32 %27, 1 %29 = or i32 %28, %27 %30 = icmp sgt i32 %29, -1 br i1 %30, label %32, label %31, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %12, i32 0) #83 br label %32 %33 = icmp eq i32 %27, 0 br i1 %33, label %34, label %35 tail call void @__rcu_read_unlock() #83 tail call void bitcast (void (%struct.drm_i915_gem_object.474999*)* @i915_gem_object_flush_if_display to void (%struct.drm_i915_gem_object.436033*)*)(%struct.drm_i915_gem_object.436033* nonnull %9) #83 Function:i915_gem_object_flush_if_display %2 = getelementptr inbounds %struct.drm_i915_gem_object.474999, %struct.drm_i915_gem_object.474999* %0, i64 0, i32 16 %3 = load volatile %struct.intel_frontbuffer.474989*, %struct.intel_frontbuffer.474989** %2, align 8 %4 = icmp eq %struct.intel_frontbuffer.474989* %3, null br i1 %4, label %42, label %5 %6 = getelementptr inbounds %struct.drm_i915_gem_object.474999, %struct.drm_i915_gem_object.474999* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %7 = load %struct.dma_resv*, %struct.dma_resv** %6, align 8 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %7, i64 0, i32 0 %9 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %8, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock %3 = tail call i32 @__SCT__might_resched() #83 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0, i32 0, i32 0 %6 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4, i64* %5, i64 0) #6, !srcloc !5 %7 = extractvalue { i8, i64 } %6, 0 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %83, label %10 %84 = tail call fastcc i32 @__ww_mutex_lock_slowpath(%struct.ww_mutex* %0, %struct.ww_acquire_ctx* %1) #84 Function:__ww_mutex_lock_slowpath %3 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0 %4 = tail call fastcc i32 @__ww_mutex_lock(%struct.mutex* %3, i32 2, %struct.ww_acquire_ctx* %1) #83 Function:__ww_mutex_lock %4 = alloca %struct.mutex_waiter, align 8 %5 = bitcast %struct.mutex_waiter* %4 to i8* %6 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __ww_mutex_lock 1 __ww_mutex_lock_interruptible_slowpath 2 ww_mutex_lock_interruptible 3 i915_gem_madvise_ioctl ------------- Path:  Function:i915_gem_madvise_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp ult i32 %6, 2 br i1 %7, label %8, label %177 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.436033* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = getelementptr inbounds i8, i8* %13, i64 248 %42 = bitcast i8* %41 to %struct.dma_resv** %43 = load %struct.dma_resv*, %struct.dma_resv** %42, align 8 %44 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %43, i64 0, i32 0 %45 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %44, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock_interruptible %3 = tail call i32 @__SCT__might_resched() #83 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0, i32 0, i32 0 %6 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4, i64* %5, i64 0) #6, !srcloc !5 %7 = extractvalue { i8, i64 } %6, 0 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %83, label %10 %84 = tail call fastcc i32 @__ww_mutex_lock_interruptible_slowpath(%struct.ww_mutex* %0, %struct.ww_acquire_ctx* %1) #84 Function:__ww_mutex_lock_interruptible_slowpath %3 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0 %4 = tail call fastcc i32 @__ww_mutex_lock(%struct.mutex* %3, i32 1, %struct.ww_acquire_ctx* %1) #83 Function:__ww_mutex_lock %4 = alloca %struct.mutex_waiter, align 8 %5 = bitcast %struct.mutex_waiter* %4 to i8* %6 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __ww_mutex_lock 1 __ww_mutex_lock_interruptible_slowpath 2 ww_mutex_lock_interruptible 3 __assign_mmap_offset_handle 4 i915_gem_mmap_offset_ioctl ------------- Path:  Function:i915_gem_mmap_offset_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 24 %5 = bitcast i8* %4 to %struct.i915_user_extension** %6 = load %struct.i915_user_extension*, %struct.i915_user_extension** %5, align 8 %7 = tail call i32 @i915_user_extensions(%struct.i915_user_extension* %6, i32 (%struct.i915_user_extension*, i8*)** null, i32 0, i8* null) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %35 %10 = getelementptr inbounds i8, i8* %1, i64 16 %11 = bitcast i8* %10 to i64* %12 = load i64, i64* %11, align 8 switch i64 %12, label %35 [ i64 0, label %13 i64 1, label %19 i64 2, label %28 i64 3, label %23 i64 4, label %27 ] %14 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 30, i32 16 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 43 %16 = bitcast %struct.list_head* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %35, label %28 %29 = phi i32 [ 4, %27 ], [ 0, %13 ], [ 1, %19 ], [ 2, %9 ], [ 3, %23 ] %30 = bitcast i8* %1 to i32* %31 = load i32, i32* %30, align 8 %32 = getelementptr inbounds i8, i8* %1, i64 8 %33 = bitcast i8* %32 to i64* %34 = tail call fastcc i32 @__assign_mmap_offset_handle(%struct.drm_file* %2, i32 %31, i32 %29, i64* %33) #84 Function:__assign_mmap_offset_handle tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %0, i64 0, i32 14 %6 = zext i32 %1 to i64 %7 = tail call i8* @idr_find(%struct.idr* %5, i64 %6) #83 %8 = bitcast i8* %7 to %struct.drm_i915_gem_object.436033* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = bitcast i8* %7 to %struct.seqcount_spinlock* %12 = bitcast i8* %7 to i32* %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %10 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %12, i32 %17, i32* nonnull %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %10 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %33, label %34 tail call void @__rcu_read_unlock() #83 %35 = getelementptr inbounds i8, i8* %7, i64 248 %36 = bitcast i8* %35 to %struct.dma_resv** %37 = load %struct.dma_resv*, %struct.dma_resv** %36, align 8 %38 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %37, i64 0, i32 0 %39 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %38, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock_interruptible %3 = tail call i32 @__SCT__might_resched() #83 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0, i32 0, i32 0 %6 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4, i64* %5, i64 0) #6, !srcloc !5 %7 = extractvalue { i8, i64 } %6, 0 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %83, label %10 %84 = tail call fastcc i32 @__ww_mutex_lock_interruptible_slowpath(%struct.ww_mutex* %0, %struct.ww_acquire_ctx* %1) #84 Function:__ww_mutex_lock_interruptible_slowpath %3 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0 %4 = tail call fastcc i32 @__ww_mutex_lock(%struct.mutex* %3, i32 1, %struct.ww_acquire_ctx* %1) #83 Function:__ww_mutex_lock %4 = alloca %struct.mutex_waiter, align 8 %5 = bitcast %struct.mutex_waiter* %4 to i8* %6 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __ww_mutex_lock 1 __ww_mutex_lock_interruptible_slowpath 2 ww_mutex_lock_interruptible 3 i915_gem_set_caching_ioctl ------------- Path:  Function:i915_gem_set_caching_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.474981* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %6 = bitcast %struct.mutex* %5 to i24* %7 = load i24, i24* %6, align 8 %8 = and i24 %7, 8 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %131 %11 = getelementptr inbounds i8, i8* %1, i64 4 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 4 switch i32 %13, label %131 [ i32 0, label %22 i32 1, label %14 i32 2, label %17 ] %15 = and i24 %7, 1049600 %16 = icmp eq i24 %15, 0 br i1 %16, label %131, label %22 %23 = phi i32 [ %21, %17 ], [ %13, %10 ], [ 1, %14 ] %24 = bitcast i8* %1 to i32* %25 = load i32, i32* %24, align 4 tail call void @__rcu_read_lock() #83 %26 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %27 = zext i32 %25 to i64 %28 = tail call i8* @idr_find(%struct.idr* %26, i64 %27) #83 %29 = bitcast i8* %28 to %struct.drm_i915_gem_object.474999* %30 = icmp eq i8* %28, null br i1 %30, label %54, label %31 %32 = bitcast i8* %28 to %struct.seqcount_spinlock* %33 = bitcast i8* %28 to i32* %34 = load volatile i32, i32* %33, align 4 %35 = icmp eq i32 %34, 0 br i1 %35, label %46, label %36 %37 = phi i32 [ %44, %43 ], [ %34, %31 ] %38 = add i32 %37, 1 %39 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %33, i32 %38, i32* nonnull %33, i32 %37) #6, !srcloc !4 %40 = extractvalue { i8, i32 } %39, 0 %41 = and i8 %40, 1 %42 = icmp eq i8 %41, 0 br i1 %42, label %43, label %46, !prof !5, !misexpect !6 %44 = extractvalue { i8, i32 } %39, 1 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %36 %47 = phi i32 [ 0, %31 ], [ %37, %36 ], [ 0, %43 ] %48 = add i32 %47, 1 %49 = or i32 %48, %47 %50 = icmp sgt i32 %49, -1 br i1 %50, label %52, label %51, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %32, i32 0) #83 br label %52 %53 = icmp eq i32 %47, 0 br i1 %53, label %54, label %55 tail call void @__rcu_read_unlock() #83 %56 = getelementptr inbounds i8, i8* %28, i64 440 %57 = bitcast i8* %56 to %struct.drm_i915_gem_object_ops.474985** %58 = load %struct.drm_i915_gem_object_ops.474985*, %struct.drm_i915_gem_object_ops.474985** %57, align 8 %59 = getelementptr inbounds %struct.drm_i915_gem_object_ops.474985, %struct.drm_i915_gem_object_ops.474985* %58, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 4 %62 = icmp eq i32 %61, 0 br i1 %62, label %72, label %63 %73 = getelementptr inbounds i8, i8* %28, i64 248 %74 = bitcast i8* %73 to %struct.dma_resv** %75 = load %struct.dma_resv*, %struct.dma_resv** %74, align 8 %76 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %75, i64 0, i32 0 %77 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %76, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock_interruptible %3 = tail call i32 @__SCT__might_resched() #83 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0, i32 0, i32 0 %6 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4, i64* %5, i64 0) #6, !srcloc !5 %7 = extractvalue { i8, i64 } %6, 0 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %83, label %10 %84 = tail call fastcc i32 @__ww_mutex_lock_interruptible_slowpath(%struct.ww_mutex* %0, %struct.ww_acquire_ctx* %1) #84 Function:__ww_mutex_lock_interruptible_slowpath %3 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0 %4 = tail call fastcc i32 @__ww_mutex_lock(%struct.mutex* %3, i32 1, %struct.ww_acquire_ctx* %1) #83 Function:__ww_mutex_lock %4 = alloca %struct.mutex_waiter, align 8 %5 = bitcast %struct.mutex_waiter* %4 to i8* %6 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __ww_mutex_lock 1 __ww_mutex_lock_interruptible_slowpath 2 ww_mutex_lock_interruptible 3 drm_modeset_lock_single_interruptible 4 i915_fifo_underrun_reset_write ------------- Path:  Function:i915_fifo_underrun_reset_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_i915_private.428426** %8 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %7, align 8 %9 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i8, i8* %5, align 1, !range !4 %15 = icmp eq i8 %14, 0 br i1 %15, label %77, label %16 %17 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %8, i64 0, i32 0, i32 30, i32 20 %18 = bitcast %struct.list_head* %17 to i8** %19 = load i8*, i8** %18, align 8 %20 = bitcast i8* %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %72, label %22 %23 = icmp eq %struct.drm_i915_private.428426* %8, null %24 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %8, i64 0, i32 0, i32 2 br label %25 %26 = phi i8* [ %19, %22 ], [ %69, %67 ] %27 = getelementptr i8, i8* %26, i64 -16 %28 = bitcast i8* %27 to %struct.intel_crtc.428263* %29 = getelementptr i8, i8* %26, i64 24 %30 = bitcast i8* %29 to %struct.drm_modeset_lock* %31 = call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %30) #83 Function:drm_modeset_lock_single_interruptible %2 = getelementptr inbounds %struct.drm_modeset_lock, %struct.drm_modeset_lock* %0, i64 0, i32 0 %3 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %2, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock_interruptible %3 = tail call i32 @__SCT__might_resched() #83 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0, i32 0, i32 0 %6 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4, i64* %5, i64 0) #6, !srcloc !5 %7 = extractvalue { i8, i64 } %6, 0 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %83, label %10 %84 = tail call fastcc i32 @__ww_mutex_lock_interruptible_slowpath(%struct.ww_mutex* %0, %struct.ww_acquire_ctx* %1) #84 Function:__ww_mutex_lock_interruptible_slowpath %3 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0 %4 = tail call fastcc i32 @__ww_mutex_lock(%struct.mutex* %3, i32 1, %struct.ww_acquire_ctx* %1) #83 Function:__ww_mutex_lock %4 = alloca %struct.mutex_waiter, align 8 %5 = bitcast %struct.mutex_waiter* %4 to i8* %6 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __ww_mutex_lock 1 __ww_mutex_lock_interruptible_slowpath 2 ww_mutex_lock_interruptible 3 drm_modeset_lock_single_interruptible 4 crtc_crc_open ------------- Path:  Function:crtc_crc_open %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %5 = bitcast i8** %4 to %struct.drm_crtc.400184** %6 = load %struct.drm_crtc.400184*, %struct.drm_crtc.400184** %5, align 8 %7 = bitcast i64* %3 to i8* %8 = getelementptr inbounds %struct.drm_crtc.400184, %struct.drm_crtc.400184* %6, i64 0, i32 0 %9 = load %struct.drm_device.373290*, %struct.drm_device.373290** %8, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 4 %11 = load %struct.drm_driver*, %struct.drm_driver** %10, align 8 %12 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %11, i64 0, i32 24 %13 = load i32, i32* %12, align 8 %14 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 10 %15 = load i32, i32* %14, align 8 %16 = and i32 %13, 16 %17 = and i32 %16, %15 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %27 %20 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 30, i32 27 %21 = load %struct.drm_mode_config_funcs.373271*, %struct.drm_mode_config_funcs.373271** %20, align 8 %22 = icmp eq %struct.drm_mode_config_funcs.373271* %21, null br i1 %22, label %37, label %23 %24 = getelementptr inbounds %struct.drm_mode_config_funcs.373271, %struct.drm_mode_config_funcs.373271* %21, i64 0, i32 5 %25 = load i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)*, i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)** %24, align 8 %26 = icmp eq i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)* %25, null br i1 %26, label %37, label %27 %28 = getelementptr inbounds %struct.drm_crtc.400184, %struct.drm_crtc.400184* %6, i64 0, i32 4 %29 = tail call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %28) #83 Function:drm_modeset_lock_single_interruptible %2 = getelementptr inbounds %struct.drm_modeset_lock, %struct.drm_modeset_lock* %0, i64 0, i32 0 %3 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %2, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock_interruptible %3 = tail call i32 @__SCT__might_resched() #83 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0, i32 0, i32 0 %6 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4, i64* %5, i64 0) #6, !srcloc !5 %7 = extractvalue { i8, i64 } %6, 0 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %83, label %10 %84 = tail call fastcc i32 @__ww_mutex_lock_interruptible_slowpath(%struct.ww_mutex* %0, %struct.ww_acquire_ctx* %1) #84 Function:__ww_mutex_lock_interruptible_slowpath %3 = getelementptr inbounds %struct.ww_mutex, %struct.ww_mutex* %0, i64 0, i32 0 %4 = tail call fastcc i32 @__ww_mutex_lock(%struct.mutex* %3, i32 1, %struct.ww_acquire_ctx* %1) #83 Function:__ww_mutex_lock %4 = alloca %struct.mutex_waiter, align 8 %5 = bitcast %struct.mutex_waiter* %4 to i8* %6 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ww_mutex_lock_interruptible 1 i915_gem_madvise_ioctl ------------- Path:  Function:i915_gem_madvise_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp ult i32 %6, 2 br i1 %7, label %8, label %177 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.436033* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = getelementptr inbounds i8, i8* %13, i64 248 %42 = bitcast i8* %41 to %struct.dma_resv** %43 = load %struct.dma_resv*, %struct.dma_resv** %42, align 8 %44 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %43, i64 0, i32 0 %45 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %44, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock_interruptible %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ww_mutex_lock_interruptible 1 __assign_mmap_offset_handle 2 i915_gem_mmap_offset_ioctl ------------- Path:  Function:i915_gem_mmap_offset_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 24 %5 = bitcast i8* %4 to %struct.i915_user_extension** %6 = load %struct.i915_user_extension*, %struct.i915_user_extension** %5, align 8 %7 = tail call i32 @i915_user_extensions(%struct.i915_user_extension* %6, i32 (%struct.i915_user_extension*, i8*)** null, i32 0, i8* null) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %35 %10 = getelementptr inbounds i8, i8* %1, i64 16 %11 = bitcast i8* %10 to i64* %12 = load i64, i64* %11, align 8 switch i64 %12, label %35 [ i64 0, label %13 i64 1, label %19 i64 2, label %28 i64 3, label %23 i64 4, label %27 ] %14 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 30, i32 16 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 43 %16 = bitcast %struct.list_head* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %35, label %28 %29 = phi i32 [ 4, %27 ], [ 0, %13 ], [ 1, %19 ], [ 2, %9 ], [ 3, %23 ] %30 = bitcast i8* %1 to i32* %31 = load i32, i32* %30, align 8 %32 = getelementptr inbounds i8, i8* %1, i64 8 %33 = bitcast i8* %32 to i64* %34 = tail call fastcc i32 @__assign_mmap_offset_handle(%struct.drm_file* %2, i32 %31, i32 %29, i64* %33) #84 Function:__assign_mmap_offset_handle tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %0, i64 0, i32 14 %6 = zext i32 %1 to i64 %7 = tail call i8* @idr_find(%struct.idr* %5, i64 %6) #83 %8 = bitcast i8* %7 to %struct.drm_i915_gem_object.436033* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = bitcast i8* %7 to %struct.seqcount_spinlock* %12 = bitcast i8* %7 to i32* %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %10 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %12, i32 %17, i32* nonnull %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %10 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %33, label %34 tail call void @__rcu_read_unlock() #83 %35 = getelementptr inbounds i8, i8* %7, i64 248 %36 = bitcast i8* %35 to %struct.dma_resv** %37 = load %struct.dma_resv*, %struct.dma_resv** %36, align 8 %38 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %37, i64 0, i32 0 %39 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %38, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock_interruptible %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ww_mutex_lock_interruptible 1 i915_gem_set_caching_ioctl ------------- Path:  Function:i915_gem_set_caching_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.474981* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %6 = bitcast %struct.mutex* %5 to i24* %7 = load i24, i24* %6, align 8 %8 = and i24 %7, 8 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %131 %11 = getelementptr inbounds i8, i8* %1, i64 4 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 4 switch i32 %13, label %131 [ i32 0, label %22 i32 1, label %14 i32 2, label %17 ] %15 = and i24 %7, 1049600 %16 = icmp eq i24 %15, 0 br i1 %16, label %131, label %22 %23 = phi i32 [ %21, %17 ], [ %13, %10 ], [ 1, %14 ] %24 = bitcast i8* %1 to i32* %25 = load i32, i32* %24, align 4 tail call void @__rcu_read_lock() #83 %26 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %27 = zext i32 %25 to i64 %28 = tail call i8* @idr_find(%struct.idr* %26, i64 %27) #83 %29 = bitcast i8* %28 to %struct.drm_i915_gem_object.474999* %30 = icmp eq i8* %28, null br i1 %30, label %54, label %31 %32 = bitcast i8* %28 to %struct.seqcount_spinlock* %33 = bitcast i8* %28 to i32* %34 = load volatile i32, i32* %33, align 4 %35 = icmp eq i32 %34, 0 br i1 %35, label %46, label %36 %37 = phi i32 [ %44, %43 ], [ %34, %31 ] %38 = add i32 %37, 1 %39 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %33, i32 %38, i32* nonnull %33, i32 %37) #6, !srcloc !4 %40 = extractvalue { i8, i32 } %39, 0 %41 = and i8 %40, 1 %42 = icmp eq i8 %41, 0 br i1 %42, label %43, label %46, !prof !5, !misexpect !6 %44 = extractvalue { i8, i32 } %39, 1 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %36 %47 = phi i32 [ 0, %31 ], [ %37, %36 ], [ 0, %43 ] %48 = add i32 %47, 1 %49 = or i32 %48, %47 %50 = icmp sgt i32 %49, -1 br i1 %50, label %52, label %51, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %32, i32 0) #83 br label %52 %53 = icmp eq i32 %47, 0 br i1 %53, label %54, label %55 tail call void @__rcu_read_unlock() #83 %56 = getelementptr inbounds i8, i8* %28, i64 440 %57 = bitcast i8* %56 to %struct.drm_i915_gem_object_ops.474985** %58 = load %struct.drm_i915_gem_object_ops.474985*, %struct.drm_i915_gem_object_ops.474985** %57, align 8 %59 = getelementptr inbounds %struct.drm_i915_gem_object_ops.474985, %struct.drm_i915_gem_object_ops.474985* %58, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 4 %62 = icmp eq i32 %61, 0 br i1 %62, label %72, label %63 %73 = getelementptr inbounds i8, i8* %28, i64 248 %74 = bitcast i8* %73 to %struct.dma_resv** %75 = load %struct.dma_resv*, %struct.dma_resv** %74, align 8 %76 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %75, i64 0, i32 0 %77 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %76, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock_interruptible %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ww_mutex_lock_interruptible 1 drm_modeset_lock_single_interruptible 2 i915_fifo_underrun_reset_write ------------- Path:  Function:i915_fifo_underrun_reset_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_i915_private.428426** %8 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %7, align 8 %9 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i8, i8* %5, align 1, !range !4 %15 = icmp eq i8 %14, 0 br i1 %15, label %77, label %16 %17 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %8, i64 0, i32 0, i32 30, i32 20 %18 = bitcast %struct.list_head* %17 to i8** %19 = load i8*, i8** %18, align 8 %20 = bitcast i8* %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %72, label %22 %23 = icmp eq %struct.drm_i915_private.428426* %8, null %24 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %8, i64 0, i32 0, i32 2 br label %25 %26 = phi i8* [ %19, %22 ], [ %69, %67 ] %27 = getelementptr i8, i8* %26, i64 -16 %28 = bitcast i8* %27 to %struct.intel_crtc.428263* %29 = getelementptr i8, i8* %26, i64 24 %30 = bitcast i8* %29 to %struct.drm_modeset_lock* %31 = call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %30) #83 Function:drm_modeset_lock_single_interruptible %2 = getelementptr inbounds %struct.drm_modeset_lock, %struct.drm_modeset_lock* %0, i64 0, i32 0 %3 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %2, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock_interruptible %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ww_mutex_lock_interruptible 1 drm_modeset_lock_single_interruptible 2 crtc_crc_open ------------- Path:  Function:crtc_crc_open %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %5 = bitcast i8** %4 to %struct.drm_crtc.400184** %6 = load %struct.drm_crtc.400184*, %struct.drm_crtc.400184** %5, align 8 %7 = bitcast i64* %3 to i8* %8 = getelementptr inbounds %struct.drm_crtc.400184, %struct.drm_crtc.400184* %6, i64 0, i32 0 %9 = load %struct.drm_device.373290*, %struct.drm_device.373290** %8, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 4 %11 = load %struct.drm_driver*, %struct.drm_driver** %10, align 8 %12 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %11, i64 0, i32 24 %13 = load i32, i32* %12, align 8 %14 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 10 %15 = load i32, i32* %14, align 8 %16 = and i32 %13, 16 %17 = and i32 %16, %15 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %27 %20 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 30, i32 27 %21 = load %struct.drm_mode_config_funcs.373271*, %struct.drm_mode_config_funcs.373271** %20, align 8 %22 = icmp eq %struct.drm_mode_config_funcs.373271* %21, null br i1 %22, label %37, label %23 %24 = getelementptr inbounds %struct.drm_mode_config_funcs.373271, %struct.drm_mode_config_funcs.373271* %21, i64 0, i32 5 %25 = load i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)*, i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)** %24, align 8 %26 = icmp eq i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)* %25, null br i1 %26, label %37, label %27 %28 = getelementptr inbounds %struct.drm_crtc.400184, %struct.drm_crtc.400184* %6, i64 0, i32 4 %29 = tail call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %28) #83 Function:drm_modeset_lock_single_interruptible %2 = getelementptr inbounds %struct.drm_modeset_lock, %struct.drm_modeset_lock* %0, i64 0, i32 0 %3 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %2, %struct.ww_acquire_ctx* null) #83 Function:ww_mutex_lock_interruptible %3 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 __kmem_cache_shrink 2 kmem_cache_shrink 3 shrink_store ------------- Path:  Function:shrink_store %4 = load i8, i8* %1, align 1 %5 = icmp eq i8 %4, 49 br i1 %5, label %6, label %8 %7 = tail call i32 @kmem_cache_shrink(%struct.kmem_cache* %0) #83 Function:kmem_cache_shrink %2 = tail call i32 @__kmem_cache_shrink(%struct.kmem_cache* %0) #83 Function:__kmem_cache_shrink %2 = alloca %struct.list_head, align 8 %3 = alloca [32 x %struct.list_head], align 16 tail call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 cpu_partial_store ------------- Path:  Function:cpu_partial_store %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* %6 = call i32 @kstrtouint(i8* %1, i32 10, i32* nonnull %4) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %10, label %8 %11 = load i32, i32* %4, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %19, label %13 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@cpu_partial_store, %14)) #6 to label %19 [label %14], !srcloc !4 %20 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 7 store i32 %11, i32* %20, align 4 %21 = shl i32 %11, 1 %22 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 9, i32 0 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 65535 %25 = add i32 %21, -1 %26 = add i32 %25, %24 %27 = udiv i32 %26, %24 %28 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8 store i32 %27, i32* %28, align 8 call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 membarrier_private_expedited 2 __se_sys_membarrier 3 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %114, !prof !6, !misexpect !5 switch i32 %5, label %114 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %68 i32 8, label %78 i32 16, label %81 i32 32, label %91 i32 64, label %94 i32 256, label %104 ] %92 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #83 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 47 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 8 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %98, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 %59 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %59, align 8 tail call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 membarrier_private_expedited 2 __se_sys_membarrier 3 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %114, !prof !6, !misexpect !5 switch i32 %5, label %114 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %68 i32 8, label %78 i32 16, label %81 i32 32, label %91 i32 64, label %94 i32 256, label %104 ] %92 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #83 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 47 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 8 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %98, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 %59 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %59, align 8 tail call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 wq_pool_ids_show ------------- Path:  Function:wq_pool_ids_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %5 = bitcast i32* %4 to %struct.workqueue_struct** %6 = load %struct.workqueue_struct*, %struct.workqueue_struct** %5, align 8 tail call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 wq_nice_store ------------- Path:  Function:wq_nice_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %6 = bitcast i32* %5 to %struct.workqueue_struct** %7 = load %struct.workqueue_struct*, %struct.workqueue_struct** %6, align 8 tail call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 wq_cpumask_store ------------- Path:  Function:wq_cpumask_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %6 = bitcast i32* %5 to %struct.workqueue_struct** %7 = load %struct.workqueue_struct*, %struct.workqueue_struct** %6, align 8 tail call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 wq_numa_store ------------- Path:  Function:wq_numa_store %5 = alloca i32, align 4 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %7 = bitcast i32* %6 to %struct.workqueue_struct** %8 = load %struct.workqueue_struct*, %struct.workqueue_struct** %7, align 8 %9 = bitcast i32* %5 to i8* tail call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 workqueue_set_unbound_cpumask 2 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #83 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %13 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0 %12 = call i32 @workqueue_set_unbound_cpumask(%struct.cpumask* nonnull %11) #84 Function:workqueue_set_unbound_cpumask %2 = alloca %struct.list_head, align 8 %3 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %4 = load i64, i64* %3, align 8 %5 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %6 = and i64 %5, %4 store i64 %6, i64* %3, align 8 %7 = icmp eq i64 %6, 0 br i1 %7, label %69, label %8 tail call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 set_sysctl_tfa ------------- Path:  Function:set_sysctl_tfa %5 = alloca i8, align 1 %6 = call i32 @kstrtobool(i8* %2, i8* nonnull %5) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %10, label %8 %11 = load i8, i8* %5, align 1, !range !4 %12 = load i8, i8* @allow_tsx_force_abort, align 1, !range !4 %13 = icmp eq i8 %11, %12 br i1 %13, label %15, label %14 store i8 %11, i8* @allow_tsx_force_abort, align 1 call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 mtrr_del_page 2 mtrr_write ------------- Path:  Function:mtrr_write %5 = alloca i8*, align 8 %6 = alloca [80 x i8], align 16 %7 = bitcast i8** %5 to i8* %8 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %9 = icmp ult i64 %2, 79 %10 = select i1 %9, i64 %2, i64 79 %11 = call i64 @strncpy_from_user(i8* nonnull %8, i8* %1, i64 %10) #83 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %14, label %17 %18 = call i64 @strlen(i8* nonnull %8) #84 %19 = getelementptr [80 x i8], [80 x i8]* %6, i64 0, i64 %18 %20 = getelementptr i8, i8* %19, i64 -1 store i8* %20, i8** %5, align 8 %21 = icmp eq i64 %18, 0 br i1 %21, label %26, label %22 %27 = bitcast [80 x i8]* %6 to i64* %28 = load i64, i64* %27, align 16 %29 = icmp eq i64 %28, 4424061378758928740 br i1 %29, label %30, label %38 %31 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 8 %32 = call i64 @simple_strtoul(i8* %31, i8** nonnull %5, i32 0) #83 %33 = trunc i64 %32 to i32 %34 = call i32 @mtrr_del_page(i32 %33, i64 0, i64 0) #83 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 mtrr_del_page 2 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* switch i32 %1, label %302 [ i32 1074810112, label %14 i32 1074810113, label %14 i32 1074810114, label %14 i32 1074810116, label %14 i32 1074810117, label %14 i32 1074810118, label %14 i32 1074810119, label %14 i32 1074810121, label %14 i32 -1072149245, label %17 i32 -1072149240, label %17 i32 1074547968, label %20 i32 1074547969, label %20 i32 1074547970, label %20 i32 1074547972, label %20 i32 1074547973, label %20 i32 1074547974, label %20 i32 1074547975, label %20 i32 1074547977, label %20 i32 -1072673533, label %53 i32 -1072673528, label %53 ] %15 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %95, label %302 switch i32 %1, label %302 [ i32 1074810112, label %96 i32 1074547968, label %96 i32 1074810113, label %105 i32 1074547969, label %105 i32 1074810114, label %114 i32 1074547970, label %114 i32 1074810116, label %143 i32 1074547972, label %143 i32 -1072149245, label %150 i32 -1072673533, label %150 i32 1074810117, label %178 i32 1074547973, label %178 i32 1074810118, label %187 i32 1074547974, label %187 i32 1074810119, label %196 i32 1074547975, label %196 i32 1074810121, label %219 i32 1074547977, label %219 i32 -1072149240, label %226 i32 -1072673528, label %226 ] %220 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %221 = load i64, i64* %220, align 8 %222 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %223 = load i32, i32* %222, align 8 %224 = zext i32 %223 to i64 %225 = call i32 @mtrr_del_page(i32 -1, i64 %221, i64 %224) #83 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 mtrr_del_page 2 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* switch i32 %1, label %302 [ i32 1074810112, label %14 i32 1074810113, label %14 i32 1074810114, label %14 i32 1074810116, label %14 i32 1074810117, label %14 i32 1074810118, label %14 i32 1074810119, label %14 i32 1074810121, label %14 i32 -1072149245, label %17 i32 -1072149240, label %17 i32 1074547968, label %20 i32 1074547969, label %20 i32 1074547970, label %20 i32 1074547972, label %20 i32 1074547973, label %20 i32 1074547974, label %20 i32 1074547975, label %20 i32 1074547977, label %20 i32 -1072673533, label %53 i32 -1072673528, label %53 ] %15 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %95, label %302 switch i32 %1, label %302 [ i32 1074810112, label %96 i32 1074547968, label %96 i32 1074810113, label %105 i32 1074547969, label %105 i32 1074810114, label %114 i32 1074547970, label %114 i32 1074810116, label %143 i32 1074547972, label %143 i32 -1072149245, label %150 i32 -1072673533, label %150 i32 1074810117, label %178 i32 1074547973, label %178 i32 1074810118, label %187 i32 1074547974, label %187 i32 1074810119, label %196 i32 1074547975, label %196 i32 1074810121, label %219 i32 1074547977, label %219 i32 -1072149240, label %226 i32 -1072673528, label %226 ] %220 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %221 = load i64, i64* %220, align 8 %222 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %223 = load i32, i32* %222, align 8 %224 = zext i32 %223 to i64 %225 = call i32 @mtrr_del_page(i32 -1, i64 %221, i64 %224) #83 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 mtrr_del_page 2 mtrr_del 3 mtrr_close ------------- Path:  Function:mtrr_close %3 = getelementptr inbounds %struct.file.29905, %struct.file.29905* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.29906** %5 = load %struct.seq_file.29906*, %struct.seq_file.29906** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.29906, %struct.seq_file.29906* %5, i64 0, i32 11 %7 = load i8*, i8** %6, align 8 %8 = bitcast i8* %7 to i32* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = load i32, i32* @num_var_ranges, align 4 %12 = icmp sgt i32 %11, 0 br i1 %12, label %13, label %30 %14 = zext i32 %11 to i64 br label %15 %16 = phi i64 [ 0, %13 ], [ %28, %27 ] %17 = getelementptr i32, i32* %8, i64 %16 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %27, label %20 %21 = trunc i64 %16 to i32 br label %22 %23 = tail call i32 @mtrr_del(i32 %21, i64 0, i64 0) #83 Function:mtrr_del %4 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %5 = icmp eq i8 %4, 0 br i1 %5, label %16, label %6 %7 = or i64 %2, %1 %8 = and i64 %7, 4095 %9 = icmp eq i64 %8, 0 br i1 %9, label %12, label %10 %13 = lshr i64 %1, 12 %14 = lshr i64 %2, 12 %15 = tail call i32 @mtrr_del_page(i32 %0, i64 %13, i64 %14) #84 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpus_read_lock 1 reload_store ------------- Path:  Function:reload_store %5 = alloca i64, align 8 %6 = load i16, i16* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 32), align 4 %7 = zext i16 %6 to i32 %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i64, i64* %5, align 8 %15 = icmp eq i64 %14, 1 br i1 %15, label %16, label %52 call void @cpus_read_lock() #83 Function:cpus_read_lock %1 = tail call i32 @__SCT__might_resched() #83 ------------- Good: 13946 Bad: 688 Ignored: 14292 Check Use of Function:terminate_walk Check Use of Function:ns_ioctl Check Use of Function:crng_reseed Use: =BAD PATH= Call Stack: 0 _extract_crng 1 urandom_read_nowarn 2 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = inttoptr i64 %4 to i8* %11 = trunc i64 %9 to i32 %12 = icmp ugt i32 %11, 7 %13 = and i32 %11, 6 %14 = icmp eq i32 %13, 6 %15 = or i1 %12, %14 br i1 %15, label %34, label %16 %17 = icmp ult i64 %7, 2147483647 %18 = select i1 %17, i64 %7, i64 2147483647 %19 = and i32 %11, 4 %20 = icmp ne i32 %19, 0 %21 = load i32, i32* @crng_init, align 4 %22 = icmp sgt i32 %21, 1 %23 = or i1 %20, %22 br i1 %23, label %32, label %24, !prof !4 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %34 %28 = tail call i32 @wait_for_random_bytes() #83 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !5, !misexpect !6 %33 = tail call fastcc i64 @urandom_read_nowarn(i8* %10, i64 %18) #83 Function:urandom_read_nowarn %3 = alloca [64 x i8], align 4 %4 = icmp ult i64 %1, 33554431 %5 = select i1 %4, i64 %1, i64 33554431 %6 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %7 = icmp ugt i64 %5, 256 %8 = icmp eq i64 %5, 0 br i1 %8, label %62, label %9 %10 = phi i8* [ %59, %57 ], [ %0, %2 ] %11 = phi i64 [ %58, %57 ], [ %5, %2 ] %12 = phi i64 [ %60, %57 ], [ 0, %2 ] %13 = phi i64 [ %49, %57 ], [ 64, %2 ] br i1 %7, label %14, label %33 %15 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 0, i32 0 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %33, label %21 %22 = load volatile i64, i64* %17, align 8 %23 = and i64 %22, 131072 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29, !prof !5, !misexpect !6 %26 = load volatile i64, i64* %17, align 8 %27 = and i64 %26, 4 %28 = icmp eq i64 %27, 0 br i1 %28, label %32, label %29 call void @schedule() #83 br label %33 %34 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %35 = icmp eq %struct.crng_state** %34, null br i1 %35, label %41, label %36 %37 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !7 %38 = sext i32 %37 to i64 %39 = getelementptr %struct.crng_state*, %struct.crng_state** %34, i64 %38 %40 = load %struct.crng_state*, %struct.crng_state** %39, align 8 br label %41 %42 = phi %struct.crng_state* [ %40, %36 ], [ null, %33 ] %43 = icmp eq %struct.crng_state* %42, null %44 = select i1 %43, %struct.crng_state* @primary_crng, %struct.crng_state* %42 call fastcc void @_extract_crng(%struct.crng_state* %44, i8* nonnull %6) #83 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #83 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 urandom_read_nowarn 2 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %8 to i32 %10 = icmp ugt i32 %9, 7 %11 = and i32 %9, 6 %12 = icmp eq i32 %11, 6 %13 = or i1 %10, %12 br i1 %13, label %32, label %14 %15 = icmp ult i64 %6, 2147483647 %16 = select i1 %15, i64 %6, i64 2147483647 %17 = and i32 %9, 4 %18 = icmp ne i32 %17, 0 %19 = load i32, i32* @crng_init, align 4 %20 = icmp sgt i32 %19, 1 %21 = or i1 %18, %20 br i1 %21, label %30, label %22, !prof !4 %23 = and i32 %9, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %32 %26 = tail call i32 @wait_for_random_bytes() #83 %27 = icmp eq i32 %26, 0 br i1 %27, label %30, label %28, !prof !5, !misexpect !6 %31 = tail call fastcc i64 @urandom_read_nowarn(i8* %4, i64 %16) #83 Function:urandom_read_nowarn %3 = alloca [64 x i8], align 4 %4 = icmp ult i64 %1, 33554431 %5 = select i1 %4, i64 %1, i64 33554431 %6 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %7 = icmp ugt i64 %5, 256 %8 = icmp eq i64 %5, 0 br i1 %8, label %62, label %9 %10 = phi i8* [ %59, %57 ], [ %0, %2 ] %11 = phi i64 [ %58, %57 ], [ %5, %2 ] %12 = phi i64 [ %60, %57 ], [ 0, %2 ] %13 = phi i64 [ %49, %57 ], [ 64, %2 ] br i1 %7, label %14, label %33 %15 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 0, i32 0 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %33, label %21 %22 = load volatile i64, i64* %17, align 8 %23 = and i64 %22, 131072 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29, !prof !5, !misexpect !6 %26 = load volatile i64, i64* %17, align 8 %27 = and i64 %26, 4 %28 = icmp eq i64 %27, 0 br i1 %28, label %32, label %29 call void @schedule() #83 br label %33 %34 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %35 = icmp eq %struct.crng_state** %34, null br i1 %35, label %41, label %36 %37 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !7 %38 = sext i32 %37 to i64 %39 = getelementptr %struct.crng_state*, %struct.crng_state** %34, i64 %38 %40 = load %struct.crng_state*, %struct.crng_state** %39, align 8 br label %41 %42 = phi %struct.crng_state* [ %40, %36 ], [ null, %33 ] %43 = icmp eq %struct.crng_state* %42, null %44 = select i1 %43, %struct.crng_state* @primary_crng, %struct.crng_state* %42 call fastcc void @_extract_crng(%struct.crng_state* %44, i8* nonnull %6) #83 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #83 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 urandom_read_nowarn 2 urandom_read ------------- Path:  Function:urandom_read %5 = load i32, i32* @crng_init, align 4 %6 = icmp slt i32 %5, 2 %7 = load i32, i32* @urandom_read.maxwarn, align 4 %8 = icmp sgt i32 %7, 0 %9 = and i1 %6, %8 br i1 %9, label %10, label %21 %22 = tail call fastcc i64 @urandom_read_nowarn(i8* %1, i64 %2) #85 Function:urandom_read_nowarn %3 = alloca [64 x i8], align 4 %4 = icmp ult i64 %1, 33554431 %5 = select i1 %4, i64 %1, i64 33554431 %6 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %7 = icmp ugt i64 %5, 256 %8 = icmp eq i64 %5, 0 br i1 %8, label %62, label %9 %10 = phi i8* [ %59, %57 ], [ %0, %2 ] %11 = phi i64 [ %58, %57 ], [ %5, %2 ] %12 = phi i64 [ %60, %57 ], [ 0, %2 ] %13 = phi i64 [ %49, %57 ], [ 64, %2 ] br i1 %7, label %14, label %33 %15 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 0, i32 0 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %33, label %21 %22 = load volatile i64, i64* %17, align 8 %23 = and i64 %22, 131072 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29, !prof !5, !misexpect !6 %26 = load volatile i64, i64* %17, align 8 %27 = and i64 %26, 4 %28 = icmp eq i64 %27, 0 br i1 %28, label %32, label %29 call void @schedule() #83 br label %33 %34 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %35 = icmp eq %struct.crng_state** %34, null br i1 %35, label %41, label %36 %37 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !7 %38 = sext i32 %37 to i64 %39 = getelementptr %struct.crng_state*, %struct.crng_state** %34, i64 %38 %40 = load %struct.crng_state*, %struct.crng_state** %39, align 8 br label %41 %42 = phi %struct.crng_state* [ %40, %36 ], [ null, %33 ] %43 = icmp eq %struct.crng_state* %42, null %44 = select i1 %43, %struct.crng_state* @primary_crng, %struct.crng_state* %42 call fastcc void @_extract_crng(%struct.crng_state* %44, i8* nonnull %6) #83 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #83 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 __skb_flow_dissect 5 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %273 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* nonnull %34, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %268, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #83 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %566 = load i32, i32* %22, align 4 %567 = sub i32 %566, %313 %568 = icmp slt i32 %567, 16 br i1 %568, label %569, label %573, !prof !4, !misexpect !8 br i1 %75, label %598, label %570 %571 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %273, i32 16) #83 %572 = icmp sgt i32 %571, -1 br i1 %572, label %578, label %598 %579 = phi %union.anon.161* [ %576, %573 ], [ %29, %570 ] %580 = load i32, i32* %245, align 4 %581 = and i32 %580, 256 %582 = icmp eq i32 %581, 0 br i1 %582, label %598, label %583 %584 = load i16, i16* %274, align 2 %585 = zext i16 %584 to i64 %586 = getelementptr i8, i8* %3, i64 %585 %587 = getelementptr inbounds %union.anon.161, %union.anon.161* %579, i64 0, i32 0, i64 0 %588 = load i32, i32* %587, align 4 %589 = and i32 %588, 2062 %590 = icmp eq i32 %589, 2062 br i1 %590, label %593, label %591, !prof !4, !misexpect !8 call void @get_random_bytes(i8* nonnull %275, i32 4) #83 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #85 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %27 [label %7], !srcloc !4 %28 = icmp sgt i32 %1, 63 br i1 %28, label %29, label %46 %30 = phi i32 [ %44, %39 ], [ %1, %27 ] %31 = phi i8* [ %43, %39 ], [ %0, %27 ] %32 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %33 = icmp eq %struct.crng_state** %32, null br i1 %33, label %39, label %34 %40 = phi %struct.crng_state* [ %38, %34 ], [ null, %29 ] %41 = icmp eq %struct.crng_state* %40, null %42 = select i1 %41, %struct.crng_state* @primary_crng, %struct.crng_state* %40 tail call fastcc void @_extract_crng(%struct.crng_state* %42, i8* %31) #83 %43 = getelementptr i8, i8* %31, i64 64 %44 = add nsw i32 %30, -64 %45 = icmp sgt i32 %30, 127 br i1 %45, label %29, label %46 %47 = phi i8* [ %0, %27 ], [ %43, %39 ] %48 = phi i32 [ %1, %27 ], [ %44, %39 ] %49 = icmp sgt i32 %48, 0 br i1 %49, label %50, label %63 %64 = phi i32 [ %48, %58 ], [ 64, %46 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %64) #84 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #83 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #83 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 __skb_flow_dissect 5 fib_multipath_hash 6 fib_select_path 7 ip_route_output_key_hash_rcu 8 ip_route_output_flow 9 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %566 = load i32, i32* %22, align 4 %567 = sub i32 %566, %313 %568 = icmp slt i32 %567, 16 br i1 %568, label %569, label %573, !prof !4, !misexpect !8 br i1 %75, label %598, label %570 %571 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %273, i32 16) #83 %572 = icmp sgt i32 %571, -1 br i1 %572, label %578, label %598 %579 = phi %union.anon.161* [ %576, %573 ], [ %29, %570 ] %580 = load i32, i32* %245, align 4 %581 = and i32 %580, 256 %582 = icmp eq i32 %581, 0 br i1 %582, label %598, label %583 %584 = load i16, i16* %274, align 2 %585 = zext i16 %584 to i64 %586 = getelementptr i8, i8* %3, i64 %585 %587 = getelementptr inbounds %union.anon.161, %union.anon.161* %579, i64 0, i32 0, i64 0 %588 = load i32, i32* %587, align 4 %589 = and i32 %588, 2062 %590 = icmp eq i32 %589, 2062 br i1 %590, label %593, label %591, !prof !4, !misexpect !8 call void @get_random_bytes(i8* nonnull %275, i32 4) #83 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #85 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %27 [label %7], !srcloc !4 %28 = icmp sgt i32 %1, 63 br i1 %28, label %29, label %46 %30 = phi i32 [ %44, %39 ], [ %1, %27 ] %31 = phi i8* [ %43, %39 ], [ %0, %27 ] %32 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %33 = icmp eq %struct.crng_state** %32, null br i1 %33, label %39, label %34 %40 = phi %struct.crng_state* [ %38, %34 ], [ null, %29 ] %41 = icmp eq %struct.crng_state* %40, null %42 = select i1 %41, %struct.crng_state* @primary_crng, %struct.crng_state* %40 tail call fastcc void @_extract_crng(%struct.crng_state* %42, i8* %31) #83 %43 = getelementptr i8, i8* %31, i64 64 %44 = add nsw i32 %30, -64 %45 = icmp sgt i32 %30, 127 br i1 %45, label %29, label %46 %47 = phi i8* [ %0, %27 ], [ %43, %39 ] %48 = phi i32 [ %1, %27 ], [ %44, %39 ] %49 = icmp sgt i32 %48, 0 br i1 %49, label %50, label %63 %64 = phi i32 [ %48, %58 ], [ 64, %46 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %64) #84 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #83 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #83 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 __skb_flow_dissect 5 fib_multipath_hash 6 fib_select_path 7 ip_route_output_key_hash_rcu 8 ip_route_output_flow 9 ipip6_tunnel_bind_dev 10 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %566 = load i32, i32* %22, align 4 %567 = sub i32 %566, %313 %568 = icmp slt i32 %567, 16 br i1 %568, label %569, label %573, !prof !4, !misexpect !8 br i1 %75, label %598, label %570 %571 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %273, i32 16) #83 %572 = icmp sgt i32 %571, -1 br i1 %572, label %578, label %598 %579 = phi %union.anon.161* [ %576, %573 ], [ %29, %570 ] %580 = load i32, i32* %245, align 4 %581 = and i32 %580, 256 %582 = icmp eq i32 %581, 0 br i1 %582, label %598, label %583 %584 = load i16, i16* %274, align 2 %585 = zext i16 %584 to i64 %586 = getelementptr i8, i8* %3, i64 %585 %587 = getelementptr inbounds %union.anon.161, %union.anon.161* %579, i64 0, i32 0, i64 0 %588 = load i32, i32* %587, align 4 %589 = and i32 %588, 2062 %590 = icmp eq i32 %589, 2062 br i1 %590, label %593, label %591, !prof !4, !misexpect !8 call void @get_random_bytes(i8* nonnull %275, i32 4) #83 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #85 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %27 [label %7], !srcloc !4 %28 = icmp sgt i32 %1, 63 br i1 %28, label %29, label %46 %30 = phi i32 [ %44, %39 ], [ %1, %27 ] %31 = phi i8* [ %43, %39 ], [ %0, %27 ] %32 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %33 = icmp eq %struct.crng_state** %32, null br i1 %33, label %39, label %34 %40 = phi %struct.crng_state* [ %38, %34 ], [ null, %29 ] %41 = icmp eq %struct.crng_state* %40, null %42 = select i1 %41, %struct.crng_state* @primary_crng, %struct.crng_state* %40 tail call fastcc void @_extract_crng(%struct.crng_state* %42, i8* %31) #83 %43 = getelementptr i8, i8* %31, i64 64 %44 = add nsw i32 %30, -64 %45 = icmp sgt i32 %30, 127 br i1 %45, label %29, label %46 %47 = phi i8* [ %0, %27 ], [ %43, %39 ] %48 = phi i32 [ %1, %27 ], [ %44, %39 ] %49 = icmp sgt i32 %48, 0 br i1 %49, label %50, label %63 %64 = phi i32 [ %48, %58 ], [ 64, %46 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %64) #84 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #83 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #83 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 __skb_flow_dissect 5 fib_multipath_hash 6 fib_select_path 7 __ip_rt_update_pmtu 8 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.813150*, %struct.flowi4*, %struct.sk_buff.813309*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.749003*, %struct.flowi4*, %struct.sk_buff.749126*, %struct.flow_keys*)*)(%struct.net.749003* %0, %struct.flowi4* %2, %struct.sk_buff.749126* %3, %struct.flow_keys* null) #83 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 124 %21 = load i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %141 ] %36 = icmp eq %struct.sk_buff.813309* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.743318*, %struct.sk_buff.743225*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.813150*, %struct.sk_buff.813309*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.813150* null, %struct.sk_buff.813309* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #84 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca %struct.arphdr, align 2 %14 = alloca %struct.anon.232.743329, align 1 %15 = alloca %struct.raw_hdlc_proto, align 1 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca [4 x i8], align 1 %19 = alloca %struct.tcphdr, align 4 %20 = alloca %struct.icmphdr, align 4 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca %struct.raw_hdlc_proto, align 2 %28 = alloca %struct.anon.228.743332, align 2 %29 = alloca %union.anon.161, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca [2 x i8], align 1 %32 = alloca %struct.bpf_insn, align 4 %33 = getelementptr inbounds [2 x i8], [2 x i8]* %31, i64 0, i64 0 %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.743225* %1, null %76 = icmp ne %struct.net.743318* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.743213*, %struct.net_device.743213** %79, align 8 %81 = icmp eq %struct.net_device.743213* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.743213, %struct.net_device.743213* %80, i64 0, i32 110, i32 0 br label %90 %91 = phi %struct.net.743318** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.743318*, %struct.net.743318** %91, align 8 br label %93 %94 = phi %struct.net.743318* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.743318* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %98 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** getelementptr inbounds (%struct.net.743318, %struct.net.743318* bitcast (%struct.net* @init_net to %struct.net.743318*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.743313* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.743318, %struct.net.743318* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.743313*, %struct.bpf_prog_array.743313** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.743313* %102, null br i1 %103, label %242, label %104 tail call void @__rcu_read_unlock() #83 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.232.743329, %struct.anon.232.743329* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast %struct.arphdr* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %273 = bitcast %union.anon.161* %29 to i8* %274 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %275 = bitcast i32* %10 to i8* %276 = getelementptr inbounds i8, i8* %70, i64 2 %277 = bitcast i8* %276 to i16* %278 = getelementptr inbounds %struct.anon.228.743332, %struct.anon.228.743332* %28, i64 0, i32 0, i32 0 %279 = bitcast %struct.raw_hdlc_proto* %27 to i8* %280 = icmp ne %struct.sk_buff.743225* %1, null %281 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 18 %282 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 33 %283 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 25 %284 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %285 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %286 = and i32 %8, 2 %287 = icmp eq i32 %286, 0 %288 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %290 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %291 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %292 = and i32 %8, 1 %293 = icmp eq i32 %292, 0 %294 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %295 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %20, i64 0, i32 0 %296 = bitcast %struct.tcphdr* %19 to i8* %297 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %298 = and i32 %8, 8 %299 = icmp eq i32 %298, 0 %300 = getelementptr inbounds %struct.bpf_insn, %struct.bpf_insn* %32, i64 0, i32 0 %301 = bitcast %struct.raw_hdlc_proto* %15 to i8* %302 = bitcast i32* %16 to i8* %303 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %304 = getelementptr inbounds [4 x i8], [4 x i8]* %18, i64 0, i64 0 %305 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %306 = icmp eq i8* %66, null %307 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 41 %308 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 6 %309 = getelementptr inbounds %struct.sk_buff.743225, %struct.sk_buff.743225* %1, i64 0, i32 7 %310 = bitcast i32* %21 to i8* br label %311 %312 = phi i16 [ %64, %260 ], [ %835, %834 ] %313 = phi i32 [ %65, %260 ], [ %836, %834 ] %314 = phi i8 [ 0, %260 ], [ %825, %834 ] %315 = phi i32 [ 0, %260 ], [ %837, %834 ] %316 = phi i8 [ 0, %260 ], [ %838, %834 ] %317 = phi i32 [ 0, %260 ], [ %827, %834 ] %318 = phi i32 [ 28, %260 ], [ %828, %834 ] switch i16 %312, label %1206 [ i16 8, label %319 i16 -8826, label %391 i16 -22392, label %460 i16 129, label %460 i16 25736, label %541 i16 -13688, label %565 i16 18312, label %600 i16 18568, label %600 i16 1673, label %673 i16 1544, label %679 i16 13696, label %679 i16 1347, label %768 i16 -2168, label %799 ] %566 = load i32, i32* %22, align 4 %567 = sub i32 %566, %313 %568 = icmp slt i32 %567, 16 br i1 %568, label %569, label %573, !prof !4, !misexpect !8 br i1 %75, label %598, label %570 %571 = call i32 bitcast (i32 (%struct.sk_buff*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.743225*, i32, i8*, i32)*)(%struct.sk_buff.743225* nonnull %1, i32 %313, i8* nonnull %273, i32 16) #83 %572 = icmp sgt i32 %571, -1 br i1 %572, label %578, label %598 %579 = phi %union.anon.161* [ %576, %573 ], [ %29, %570 ] %580 = load i32, i32* %245, align 4 %581 = and i32 %580, 256 %582 = icmp eq i32 %581, 0 br i1 %582, label %598, label %583 %584 = load i16, i16* %274, align 2 %585 = zext i16 %584 to i64 %586 = getelementptr i8, i8* %3, i64 %585 %587 = getelementptr inbounds %union.anon.161, %union.anon.161* %579, i64 0, i32 0, i64 0 %588 = load i32, i32* %587, align 4 %589 = and i32 %588, 2062 %590 = icmp eq i32 %589, 2062 br i1 %590, label %593, label %591, !prof !4, !misexpect !8 call void @get_random_bytes(i8* nonnull %275, i32 4) #83 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #85 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %27 [label %7], !srcloc !4 %28 = icmp sgt i32 %1, 63 br i1 %28, label %29, label %46 %30 = phi i32 [ %44, %39 ], [ %1, %27 ] %31 = phi i8* [ %43, %39 ], [ %0, %27 ] %32 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %33 = icmp eq %struct.crng_state** %32, null br i1 %33, label %39, label %34 %40 = phi %struct.crng_state* [ %38, %34 ], [ null, %29 ] %41 = icmp eq %struct.crng_state* %40, null %42 = select i1 %41, %struct.crng_state* @primary_crng, %struct.crng_state* %40 tail call fastcc void @_extract_crng(%struct.crng_state* %42, i8* %31) #83 %43 = getelementptr i8, i8* %31, i64 64 %44 = add nsw i32 %30, -64 %45 = icmp sgt i32 %30, 127 br i1 %45, label %29, label %46 %47 = phi i8* [ %0, %27 ], [ %43, %39 ] %48 = phi i32 [ %1, %27 ], [ %44, %39 ] %49 = icmp sgt i32 %48, 0 br i1 %49, label %50, label %63 %64 = phi i32 [ %48, %58 ], [ 64, %46 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %64) #84 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #83 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #83 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 generate_random_uuid 5 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca %struct.ctl_table, align 8 %7 = alloca [64 x i8], align 16 %8 = alloca [16 x i8], align 16 %9 = bitcast %struct.ctl_table* %6 to i8* %10 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %11 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = load i8*, i8** %12, align 8 %14 = icmp eq i8* %13, null br i1 %14, label %15, label %16 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #83 %17 = getelementptr i8, i8* %13, i64 8 %18 = load i8, i8* %17, align 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %21 tail call void @generate_random_uuid(i8* nonnull %13) #83 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i32 16) #83 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #85 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %27 [label %7], !srcloc !4 %28 = icmp sgt i32 %1, 63 br i1 %28, label %29, label %46 %30 = phi i32 [ %44, %39 ], [ %1, %27 ] %31 = phi i8* [ %43, %39 ], [ %0, %27 ] %32 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %33 = icmp eq %struct.crng_state** %32, null br i1 %33, label %39, label %34 %40 = phi %struct.crng_state* [ %38, %34 ], [ null, %29 ] %41 = icmp eq %struct.crng_state* %40, null %42 = select i1 %41, %struct.crng_state* @primary_crng, %struct.crng_state* %40 tail call fastcc void @_extract_crng(%struct.crng_state* %42, i8* %31) #83 %43 = getelementptr i8, i8* %31, i64 64 %44 = add nsw i32 %30, -64 %45 = icmp sgt i32 %30, 127 br i1 %45, label %29, label %46 %47 = phi i8* [ %0, %27 ], [ %43, %39 ] %48 = phi i32 [ %1, %27 ], [ %44, %39 ] %49 = icmp sgt i32 %48, 0 br i1 %49, label %50, label %63 %64 = phi i32 [ %48, %58 ], [ 64, %46 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %64) #84 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #83 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #83 ------------- Use: =BAD PATH= Call Stack: 0 _extract_crng 1 crng_backtrack_protect 2 _get_random_bytes 3 get_random_bytes 4 generate_random_uuid 5 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca %struct.ctl_table, align 8 %7 = alloca [64 x i8], align 16 %8 = alloca [16 x i8], align 16 %9 = bitcast %struct.ctl_table* %6 to i8* %10 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %11 = getelementptr inbounds [16 x i8], [16 x i8]* %8, i64 0, i64 0 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = load i8*, i8** %12, align 8 %14 = icmp eq i8* %13, null br i1 %14, label %15, label %16 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #83 %17 = getelementptr i8, i8* %13, i64 8 %18 = load i8, i8* %17, align 1 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %21 tail call void @generate_random_uuid(i8* nonnull %13) #83 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i32 16) #83 Function:get_random_bytes %4 = load i1, i1* @_warn_unseeded_randomness.print_once, align 1 %5 = load i32, i32* @crng_init, align 4 %6 = icmp sgt i32 %5, 1 %7 = or i1 %4, %6 br i1 %7, label %17, label %8, !prof !4 tail call fastcc void @_get_random_bytes(i8* %0, i32 %1) #85 Function:_get_random_bytes %3 = alloca [64 x i8], align 4 %4 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = ptrtoint i8* %5 to i64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_get_random_bytes, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@_get_random_bytes, %7)) #6 to label %27 [label %7], !srcloc !4 %28 = icmp sgt i32 %1, 63 br i1 %28, label %29, label %46 %30 = phi i32 [ %44, %39 ], [ %1, %27 ] %31 = phi i8* [ %43, %39 ], [ %0, %27 ] %32 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %33 = icmp eq %struct.crng_state** %32, null br i1 %33, label %39, label %34 %40 = phi %struct.crng_state* [ %38, %34 ], [ null, %29 ] %41 = icmp eq %struct.crng_state* %40, null %42 = select i1 %41, %struct.crng_state* @primary_crng, %struct.crng_state* %40 tail call fastcc void @_extract_crng(%struct.crng_state* %42, i8* %31) #83 %43 = getelementptr i8, i8* %31, i64 64 %44 = add nsw i32 %30, -64 %45 = icmp sgt i32 %30, 127 br i1 %45, label %29, label %46 %47 = phi i8* [ %0, %27 ], [ %43, %39 ] %48 = phi i32 [ %1, %27 ], [ %44, %39 ] %49 = icmp sgt i32 %48, 0 br i1 %49, label %50, label %63 %64 = phi i32 [ %48, %58 ], [ 64, %46 ] call fastcc void @crng_backtrack_protect(i8* nonnull %4, i32 %64) #84 Function:crng_backtrack_protect %3 = load %struct.crng_state**, %struct.crng_state*** @crng_node_pool, align 8 %4 = icmp eq %struct.crng_state** %3, null br i1 %4, label %10, label %5 %11 = phi %struct.crng_state* [ %9, %5 ], [ null, %2 ] %12 = icmp eq %struct.crng_state* %11, null %13 = select i1 %12, %struct.crng_state* @primary_crng, %struct.crng_state* %11 %14 = add i32 %1, -1 %15 = or i32 %14, 3 %16 = add i32 %15, 1 %17 = add i32 %15, 33 %18 = icmp sgt i32 %17, 64 br i1 %18, label %19, label %29 br i1 %4, label %25, label %20 %21 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.crng_state*, %struct.crng_state** %3, i64 %22 %24 = load %struct.crng_state*, %struct.crng_state** %23, align 8 br label %25 %26 = phi %struct.crng_state* [ %24, %20 ], [ null, %19 ] %27 = icmp eq %struct.crng_state* %26, null %28 = select i1 %27, %struct.crng_state* @primary_crng, %struct.crng_state* %26 tail call fastcc void @_extract_crng(%struct.crng_state* %28, i8* %0) #83 Function:_extract_crng %3 = load i32, i32* @crng_init, align 4 %4 = icmp sgt i32 %3, 1 br i1 %4, label %5, label %19, !prof !4, !misexpect !5 %6 = getelementptr inbounds %struct.crng_state, %struct.crng_state* %0, i64 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* @crng_global_init_time, align 8 %9 = sub i64 %7, %8 %10 = icmp slt i64 %9, 0 br i1 %10, label %16, label %11 %12 = add i64 %7, 300000 %13 = load volatile i64, i64* @jiffies, align 64 %14 = sub i64 %12, %13 %15 = icmp slt i64 %14, 0 br i1 %15, label %16, label %19 %17 = icmp eq %struct.crng_state* %0, @primary_crng %18 = select i1 %17, %struct.entropy_store* @input_pool, %struct.entropy_store* null tail call fastcc void @crng_reseed(%struct.crng_state* %0, %struct.entropy_store* %18) #83 ------------- Good: 226 Bad: 9 Ignored: 316 Check Use of Function:seccomp_notify_ioctl Check Use of Function:i915_perf_fini Check Use of Function:__nla_parse Check Use of Function:e100_up Check Use of Function:vfat_revalidate_ci Check Use of Function:io_rsrc_node_switch_start Check Use of Function:drm_crtc_vblank_put Check Use of Function:exit_swap_address_space Check Use of Function:pci_config_pm_runtime_get Use: =BAD PATH= Call Stack: 0 proc_bus_pci_write ------------- Path:  Function:proc_bus_pci_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = tail call i8* @PDE_DATA(%struct.inode* %6) #83 %8 = bitcast i8* %7 to %struct.pci_dev.322187* %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds i8, i8* %7, i64 928 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 8 %14 = tail call i32 @security_locked_down(i32 6) #83 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = icmp sgt i32 %13, %10 br i1 %19, label %20, label %124 %21 = sext i32 %13 to i64 %22 = icmp ugt i64 %21, %2 %23 = select i1 %22, i64 %2, i64 %21 %24 = shl i64 %9, 32 %25 = ashr exact i64 %24, 32 %26 = add i64 %23, %25 %27 = icmp ugt i64 %26, %21 %28 = sub i32 %13, %10 %29 = sext i32 %28 to i64 %30 = select i1 %27, i64 %29, i64 %23 %31 = trunc i64 %30 to i32 %32 = shl i64 %30, 32 %33 = ashr exact i64 %32, 32 %34 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %35 = ptrtoint i8* %1 to i64 %36 = add i64 %33, %35 %37 = icmp ult i64 %36, %33 %38 = icmp ugt i64 %36, %34 %39 = or i1 %37, %38 br i1 %39, label %124, label %40, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_config_pm_runtime_get to void (%struct.pci_dev.322187*)*)(%struct.pci_dev.322187* %8) #83 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.313800* %9 = trunc i64 %5 to i32 %10 = tail call i32 @security_locked_down(i32 6) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 232, i32 0, i32 0, i32 0 %16 = load i32, i32* %15, align 8 %17 = sext i32 %16 to i64 %18 = icmp slt i64 %17, %4 br i1 %18, label %122, label %19 %20 = add i64 %5, %4 %21 = icmp ugt i64 %20, %17 %22 = trunc i64 %4 to i32 %23 = sub i32 %16, %22 %24 = zext i32 %23 to i64 %25 = select i1 %21, i32 %23, i32 %9 %26 = select i1 %21, i64 %24, i64 %5 tail call void @pci_config_pm_runtime_get(%struct.pci_dev.313800* %8) #83 ------------- Good: 2 Bad: 2 Ignored: 1 Check Use of Function:selinux_netlbl_cache_invalidate Check Use of Function:__starget_for_each_device Check Use of Function:proc_fork_connector Check Use of Function:d_alloc_parallel Use: =BAD PATH= Call Stack: 0 proc_sys_fill_cache 1 proc_sys_readdir ------------- Path:  Function:proc_sys_readdir %3 = alloca %struct.ctl_table_header*, align 8 %4 = alloca %struct.ctl_table*, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 2 %9 = bitcast %struct.list_head* %8 to %struct.ctl_table_header** %10 = load %struct.ctl_table_header*, %struct.ctl_table_header** %9, align 8 %11 = icmp eq %struct.ctl_table_header* %10, null %12 = select i1 %11, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #83 %13 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 0, i32 1 %14 = load %struct.completion*, %struct.completion** %13, align 8 %15 = icmp eq %struct.completion* %14, null br i1 %15, label %17, label %16, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 0, i32 0, i32 0, i32 1 %19 = load i32, i32* %18, align 8 %20 = add i32 %19, 1 store i32 %20, i32* %18, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #83 %21 = icmp ugt %struct.ctl_table_header* %12, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %21, label %22, label %26 %27 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %28 = load i64, i64* %27, align 8 switch i64 %28, label %57 [ i64 0, label %29 i64 1, label %41 ] %30 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %31 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %30, align 8 %32 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %33 = load %struct.dentry*, %struct.dentry** %32, align 8 %34 = getelementptr inbounds %struct.dentry, %struct.dentry* %33, i64 0, i32 5 %35 = load %struct.inode*, %struct.inode** %34, align 8 %36 = getelementptr inbounds %struct.inode, %struct.inode* %35, i64 0, i32 11 %37 = load i64, i64* %36, align 8 %38 = tail call i32 %31(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.22.19350, i64 0, i64 0), i32 1, i64 0, i64 %37, i32 4) #83 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %206 store i64 1, i64* %27, align 8 br label %41 %42 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %43 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %42, align 8 %44 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %45 = load %struct.dentry*, %struct.dentry** %44, align 8 %46 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 7, i32 0 %47 = bitcast %struct.anon.1* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #83 %48 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 3 %49 = load %struct.dentry*, %struct.dentry** %48, align 8 %50 = getelementptr inbounds %struct.dentry, %struct.dentry* %49, i64 0, i32 5 %51 = load %struct.inode*, %struct.inode** %50, align 8 %52 = getelementptr inbounds %struct.inode, %struct.inode* %51, i64 0, i32 11 %53 = load i64, i64* %52, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %47) #83 %54 = tail call i32 %43(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.23.19351, i64 0, i64 0), i32 2, i64 1, i64 %53, i32 4) #83 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %206 store i64 2, i64* %27, align 8 br label %57 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #83 %58 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 1 %59 = bitcast %struct.ctl_table_header* %58 to %struct.rb_root* %60 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %59) #83 %61 = icmp eq %struct.rb_node* %60, null br i1 %61, label %73, label %62 %63 = phi %struct.rb_node* [ %71, %70 ], [ %60, %57 ] %64 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %63, i64 1 %65 = bitcast %struct.rb_node* %64 to %struct.ctl_table_header** %66 = load %struct.ctl_table_header*, %struct.ctl_table_header** %65, align 8 %67 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %66, i64 0, i32 1 %68 = load %struct.completion*, %struct.completion** %67, align 8 %69 = icmp eq %struct.completion* %68, null br i1 %69, label %74, label %70, !prof !4, !misexpect !5 %75 = bitcast %struct.rb_node* %64 to %struct.ctl_table_header** %76 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %66, i64 0, i32 0, i32 0, i32 1 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, 1 store i32 %78, i32* %76, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #83 %79 = load %struct.ctl_table_header*, %struct.ctl_table_header** %75, align 8 %80 = icmp eq %struct.ctl_table_header* %79, null br i1 %80, label %206, label %81 %82 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %79, i64 0, i32 0, i32 0, i32 0 %83 = load %struct.ctl_table*, %struct.ctl_table** %82, align 8 %84 = ptrtoint %struct.rb_node* %63 to i64 %85 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %79, i64 0, i32 6 %86 = bitcast %struct.ctl_node** %85 to i64* %87 = load i64, i64* %86, align 8 %88 = sub i64 %84, %87 %89 = ashr exact i64 %88, 5 %90 = getelementptr %struct.ctl_table, %struct.ctl_table* %83, i64 %89 %91 = bitcast %struct.ctl_table_header** %3 to i8* %92 = bitcast %struct.ctl_table** %4 to i8* br label %93 %94 = phi i64 [ %87, %81 ], [ %200, %190 ] %95 = phi i64 [ 2, %81 ], [ %99, %190 ] %96 = phi %struct.ctl_table* [ %90, %81 ], [ %204, %190 ] %97 = phi %struct.ctl_table_header* [ %79, %81 ], [ %195, %190 ] %98 = inttoptr i64 %94 to %struct.ctl_node* %99 = add i64 %95, 1 %100 = load i64, i64* %27, align 8 %101 = icmp ult i64 %95, %100 br i1 %101, label %158, label %102 %103 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %96, i64 0, i32 3 %104 = load i16, i16* %103, align 4 %105 = and i16 %104, -4096 %106 = icmp eq i16 %105, -24576 br i1 %106, label %107, label %142, !prof !6, !misexpect !5 %143 = tail call fastcc zeroext i1 @proc_sys_fill_cache(%struct.file* %0, %struct.dir_context* %1, %struct.ctl_table_header* nonnull %97, %struct.ctl_table* %96) #83 Function:proc_sys_fill_cache %5 = alloca %struct.qstr, align 8 %6 = alloca %struct.wait_queue_head, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = bitcast %struct.qstr* %5 to i8* %10 = bitcast %struct.ctl_table* %3 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.qstr, %struct.qstr* %5, i64 0, i32 1 %13 = bitcast i8** %12 to i64* store i64 %11, i64* %13, align 8 %14 = inttoptr i64 %11 to i8* %15 = tail call i64 @strlen(i8* %14) #83 %16 = trunc i64 %15 to i32 %17 = bitcast %struct.qstr* %5 to %struct.static_call_site* %18 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %17, i64 0, i32 1 store i32 %16, i32* %18, align 4 %19 = bitcast %struct.dentry* %8 to i8* %20 = tail call i32 @full_name_hash(i8* %19, i8* %14, i32 %16) #84 %21 = bitcast %struct.qstr* %5 to i32* store i32 %20, i32* %21, align 8 %22 = call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_lookup to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %8, %struct.qstr* nonnull %5) #85 %23 = icmp eq %struct.dentry* %22, null br i1 %23, label %24, label %65 %25 = bitcast %struct.wait_queue_head* %6 to i8* %26 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %28 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store %struct.list_head* %27, %struct.list_head** %28, align 8 %29 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %27, %struct.list_head** %29, align 8 %30 = call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry* (%struct.dentry*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry* %8, %struct.qstr* nonnull %5, %struct.wait_queue_head* nonnull %6) #85 ------------- Good: 15 Bad: 1 Ignored: 5 Check Use of Function:tcf_proto_destroy Check Use of Function:proc_sys_revalidate Check Use of Function:nl80211_notify_iface Check Use of Function:__mmap_lock_do_trace_start_locking Use: =BAD PATH= Call Stack: 0 probe_range 1 i915_gem_userptr_ioctl ------------- Path:  Function:i915_gem_userptr_ioctl %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* %6 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %7 = bitcast %struct.mutex* %6 to i24* %8 = load i24, i24* %7, align 8 %9 = and i24 %8, 1049600 %10 = icmp eq i24 %9, 0 br i1 %10, label %112, label %11 %12 = getelementptr inbounds i8, i8* %1, i64 16 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2147483644 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %112 %18 = getelementptr inbounds i8, i8* %1, i64 8 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp ugt i64 %20, 8796093022207 br i1 %21, label %112, label %22 %23 = icmp eq i64 %20, 0 br i1 %23, label %112, label %24 %25 = bitcast i8* %1 to i64* %26 = load i64, i64* %25, align 8 %27 = or i64 %26, %20 %28 = and i64 %27, 4095 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %112 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %32 = add i64 %26, %20 %33 = icmp ult i64 %32, %20 %34 = icmp ugt i64 %32, %31 %35 = or i1 %33, %34 br i1 %35, label %112, label %36, !prof !5, !misexpect !6 %37 = load i32, i32* %13, align 8 %38 = icmp sgt i32 %37, -1 br i1 %38, label %39, label %112 %40 = and i32 %37, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %50, label %42 %43 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 20, i32 30, i32 39 %44 = bitcast %struct.drm_property.373206** %43 to %struct.i915_address_space.490171** %45 = load %struct.i915_address_space.490171*, %struct.i915_address_space.490171** %44, align 8 %46 = getelementptr inbounds %struct.i915_address_space.490171, %struct.i915_address_space.490171* %45, i64 0, i32 15 %47 = load i8, i8* %46, align 8 %48 = and i8 %47, 4 %49 = icmp eq i8 %48, 0 br i1 %49, label %112, label %50 %51 = and i32 %37, 2 %52 = icmp eq i32 %51, 0 br i1 %52, label %62, label %53 %54 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %55 = inttoptr i64 %54 to %struct.task_struct* %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %55, i64 0, i32 47 %57 = load %struct.mm_struct*, %struct.mm_struct** %56, align 8 %58 = load i64, i64* %25, align 8 %59 = load i64, i64* %19, align 8 %60 = tail call fastcc i32 @probe_range(%struct.mm_struct* %57, i64 %58, i64 %59) #83 Function:probe_range %4 = add i64 %2, %1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@probe_range, %5)) #6 to label %6 [label %5], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #83 Function:compat_ksys_ipc %7 = alloca %struct.static_call_site, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %101 = zext i32 %4 to i64 %102 = inttoptr i64 %101 to i8* %103 = tail call i64 @ksys_shmdt(i8* %102) #83 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 47 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 8 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 __ia32_sys_shmdt ------------- Path:  Function:__ia32_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = inttoptr i64 %4 to i8* %6 = tail call i64 @ksys_shmdt(i8* %5) #83 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 47 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 8 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 __x64_sys_shmdt ------------- Path:  Function:__x64_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = tail call i64 @ksys_shmdt(i8* %4) #83 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 47 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 8 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 dump_vma_snapshot 1 elf_core_dump.18500 ------------- Path:  Function:elf_core_dump.18500 %2 = alloca %struct.perf_branch_entry, align 8 %3 = alloca i8*, align 8 %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.elf32_hdr, align 4 %7 = alloca %struct.elf_note_info.167938, align 8 %8 = alloca %struct.sched_info*, align 8 %9 = alloca %struct.efi_info, align 4 %10 = bitcast i32* %4 to i8* %11 = bitcast i64* %5 to i8* %12 = getelementptr inbounds %struct.elf32_hdr, %struct.elf32_hdr* %6, i64 0, i32 0, i64 0 %13 = bitcast %struct.elf_note_info.167938* %7 to i8* %14 = bitcast %struct.sched_info** %8 to i8* %15 = call i32 bitcast (i32 (%struct.coredump_params.169047*, i32*, %struct.sched_info**, i64*)* @dump_vma_snapshot to i32 (%struct.coredump_params*, i32*, %struct.sched_info**, i64*)*)(%struct.coredump_params* %0, i32* nonnull %4, %struct.sched_info** nonnull %8, i64* nonnull %5) #83 Function:dump_vma_snapshot %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.169153** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.169153**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.169153* %7 = getelementptr inbounds %struct.task_struct.169153, %struct.task_struct.169153* %6, i64 0, i32 47 %8 = load %struct.mm_struct.169058*, %struct.mm_struct.169058** %7, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@dump_vma_snapshot, %9)) #6 to label %10 [label %9], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.169058*, i1)*)(%struct.mm_struct.169058* %8, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 dump_vma_snapshot 1 elf_core_dump ------------- Path:  Function:elf_core_dump %2 = alloca %struct.perf_branch_entry, align 8 %3 = alloca i8*, align 8 %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.elf64_hdr, align 8 %7 = alloca %struct.elf_note_info, align 8 %8 = alloca %struct.sched_info*, align 8 %9 = alloca %struct.elf64_phdr, align 8 %10 = bitcast i32* %4 to i8* %11 = bitcast i64* %5 to i8* %12 = getelementptr inbounds %struct.elf64_hdr, %struct.elf64_hdr* %6, i64 0, i32 0, i64 0 %13 = bitcast %struct.elf_note_info* %7 to i8* %14 = bitcast %struct.sched_info** %8 to i8* %15 = call i32 bitcast (i32 (%struct.coredump_params.169047*, i32*, %struct.sched_info**, i64*)* @dump_vma_snapshot to i32 (%struct.coredump_params*, i32*, %struct.sched_info**, i64*)*)(%struct.coredump_params* %0, i32* nonnull %4, %struct.sched_info** nonnull %8, i64* nonnull %5) #83 Function:dump_vma_snapshot %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.169153** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.169153**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.169153* %7 = getelementptr inbounds %struct.task_struct.169153, %struct.task_struct.169153* %6, i64 0, i32 47 %8 = load %struct.mm_struct.169058*, %struct.mm_struct.169058** %7, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@dump_vma_snapshot, %9)) #6 to label %10 [label %9], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.169058*, i1)*)(%struct.mm_struct.169058* %8, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 remove_arg_zero 1 load_script ------------- Path:  Function:load_script %2 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 0 %3 = load i8, i8* %2, align 8 %4 = icmp eq i8 %3, 35 br i1 %4, label %5, label %122 %6 = getelementptr %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 1 %7 = load i8, i8* %6, align 1 %8 = icmp eq i8 %7, 33 br i1 %8, label %9, label %122 %10 = getelementptr %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 255 %11 = tail call i8* @strnchr(i8* %2, i64 256, i32 10) #83 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %36 %14 = getelementptr %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 2 %15 = icmp ugt i8* %14, %10 br i1 %15, label %122, label %16 %17 = phi i8* [ %20, %19 ], [ %14, %13 ] %18 = load i8, i8* %17, align 1 switch i8 %18, label %22 [ i8 32, label %19 i8 9, label %19 ] %23 = icmp eq i8* %17, null %24 = icmp ugt i8* %17, %10 %25 = or i1 %23, %24 br i1 %25, label %122, label %26 %27 = phi i8 [ %33, %32 ], [ %18, %22 ] %28 = phi i8* [ %30, %32 ], [ %17, %22 ] switch i8 %27, label %29 [ i8 32, label %34 i8 9, label %34 i8 0, label %34 ] %35 = icmp eq i8* %28, null br i1 %35, label %122, label %36 %37 = phi i8* [ %10, %34 ], [ %11, %9 ] br label %38 %39 = phi i8* [ %37, %36 ], [ %40, %42 ] %40 = getelementptr i8, i8* %39, i64 -1 %41 = load i8, i8* %40, align 1 switch i8 %41, label %43 [ i8 32, label %42 i8 9, label %42 ] %44 = getelementptr %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 2 %45 = icmp ugt i8* %44, %39 br i1 %45, label %122, label %46 %47 = phi i8* [ %50, %49 ], [ %44, %43 ] %48 = load i8, i8* %47, align 1 switch i8 %48, label %52 [ i8 32, label %49 i8 9, label %49 ] %53 = icmp eq i8* %47, null %54 = icmp eq i8* %47, %39 %55 = or i1 %53, %54 br i1 %55, label %122, label %56 %57 = icmp ugt i8* %47, %39 br i1 %57, label %80, label %58 %59 = phi i8 [ %65, %64 ], [ %48, %56 ] %60 = phi i8* [ %62, %64 ], [ %47, %56 ] switch i8 %59, label %61 [ i8 32, label %66 i8 9, label %66 i8 0, label %66 ] %62 = getelementptr i8, i8* %60, i64 1 %63 = icmp ugt i8* %62, %39 br i1 %63, label %80, label %64 %81 = phi i8* [ %60, %68 ], [ null, %66 ], [ null, %56 ], [ %60, %74 ], [ %60, %77 ], [ null, %61 ] %82 = phi i8* [ null, %68 ], [ null, %66 ], [ null, %56 ], [ null, %77 ], [ %76, %74 ], [ null, %61 ] %83 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 17 %84 = load i32, i32* %83, align 8 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %122 %88 = tail call i32 @remove_arg_zero(%struct.linux_binprm* %0) #83 Function:remove_arg_zero %2 = alloca %struct.page*, align 8 %3 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 12 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %85, label %6 %7 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 3 %8 = bitcast %struct.page** %2 to i8* %9 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 2 br label %10 %11 = load i64, i64* %7, align 8 %12 = load %struct.mm_struct*, %struct.mm_struct** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@remove_arg_zero, %13)) #6 to label %14 [label %13], !srcloc !4 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %12, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_pages_stat_array 1 __se_sys_move_pages 2 __ia32_sys_move_pages ------------- Path:  Function:__ia32_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_move_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #83 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void @__rcu_read_lock() #83 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #83 %38 = icmp eq %struct.task_struct* %37, null br i1 %38, label %39, label %40 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %37, i64 0, i32 3 %42 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %41, i64 0, i32 0, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 1, i32* %42) #6, !srcloc !6 %44 = icmp eq i32 %43, 0 br i1 %44, label %49, label %45, !prof !7, !misexpect !8 %46 = add i32 %43, 1 %47 = or i32 %46, %43 %48 = icmp sgt i32 %47, -1 br i1 %48, label %51, label %49, !prof !9, !misexpect !8 %50 = phi i32 [ 2, %40 ], [ 1, %45 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %41, i32 %50) #83 br label %51 %52 = tail call zeroext i1 @ptrace_may_access(%struct.task_struct* nonnull %37, i32 17) #83 tail call void @__rcu_read_unlock() #83 br i1 %52, label %53, label %62 %54 = tail call i32 @security_task_movememory(%struct.task_struct* nonnull %37) #83 %55 = sext i32 %54 to i64 %56 = inttoptr i64 %55 to i8* %57 = inttoptr i64 %55 to %struct.mm_struct* %58 = icmp ugt i8* %56, inttoptr (i64 -4096 to i8*) br i1 %58, label %62, label %59 %60 = tail call i64 @cpuset_mems_allowed(%struct.task_struct* nonnull %37) #83 %61 = tail call %struct.mm_struct* @get_task_mm(%struct.task_struct* nonnull %37) #83 br label %62 %63 = phi i64 [ undef, %53 ], [ %60, %59 ], [ undef, %51 ] %64 = phi %struct.mm_struct* [ %57, %53 ], [ %61, %59 ], [ inttoptr (i64 -1 to %struct.mm_struct*), %51 ] %65 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 -1, i32* %42) #6, !srcloc !10 %66 = icmp eq i32 %65, 1 br i1 %66, label %72, label %67 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 tail call void @__put_task_struct(%struct.task_struct* nonnull %37) #83 br label %73 %74 = icmp eq %struct.mm_struct* %64, null br i1 %74, label %79, label %75 %76 = phi i64 [ %63, %73 ], [ %34, %28 ] %77 = phi %struct.mm_struct* [ %64, %73 ], [ %35, %28 ] %78 = icmp ugt %struct.mm_struct* %77, inttoptr (i64 -4096 to %struct.mm_struct*) br i1 %78, label %79, label %83 %84 = icmp eq i64 %3, 0 br i1 %84, label %282, label %85 %283 = bitcast [16 x i8*]* %7 to i8* %284 = bitcast [16 x i32]* %8 to i8* %285 = icmp eq i64 %1, 0 br i1 %285, label %337, label %286 %287 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %288 = inttoptr i64 %287 to %struct.task_struct* %289 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %288, i64 0, i32 0, i32 2 %290 = getelementptr inbounds [16 x i8*], [16 x i8*]* %7, i64 0, i64 0 %291 = getelementptr inbounds [16 x i32], [16 x i32]* %8, i64 0, i64 0 br label %292 %293 = phi i32* [ %17, %286 ], [ %334, %332 ] %294 = phi i8** [ %15, %286 ], [ %333, %332 ] %295 = phi i64 [ %1, %286 ], [ %335, %332 ] %296 = icmp ult i64 %295, 16 %297 = select i1 %296, i64 %295, i64 16 %298 = load i32, i32* %289, align 8 %299 = and i32 %298, 2 %300 = icmp eq i32 %299, 0 br i1 %300, label %322, label %301 %302 = bitcast i8** %294 to i32* br label %303 %304 = phi i64 [ %320, %314 ], [ 0, %301 ] %305 = phi i32 [ %319, %314 ], [ 0, %301 ] %307 = getelementptr i32, i32* %302, i64 %304 %308 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %307, i64 4, i64 %306) #6, !srcloc !17 %309 = extractvalue { i32*, i32, i64 } %308, 0 %310 = extractvalue { i32*, i32, i64 } %308, 2 %311 = ptrtoint i32* %309 to i64 %312 = and i64 %311, 4294967295 %313 = icmp eq i64 %312, 0 br i1 %313, label %314, label %337, !prof !9, !misexpect !8 %315 = extractvalue { i32*, i32, i64 } %308, 1 %316 = zext i32 %315 to i64 %317 = inttoptr i64 %316 to i8* %318 = getelementptr [16 x i8*], [16 x i8*]* %7, i64 0, i64 %304 store i8* %317, i8** %318, align 8 %319 = add i32 %305, 1 %320 = sext i32 %319 to i64 %321 = icmp ugt i64 %297, %320 br i1 %321, label %303, label %327 call fastcc void @do_pages_stat_array(%struct.mm_struct* %77, i64 %297, i8** nonnull %290, i32* nonnull %291) #83 Function:do_pages_stat_array callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_pages_stat_array, %5)) #6 to label %6 [label %5], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_pages_stat_array 1 __se_sys_move_pages 2 __x64_sys_move_pages ------------- Path:  Function:__x64_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_move_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #83 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void @__rcu_read_lock() #83 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #83 %38 = icmp eq %struct.task_struct* %37, null br i1 %38, label %39, label %40 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %37, i64 0, i32 3 %42 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %41, i64 0, i32 0, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 1, i32* %42) #6, !srcloc !6 %44 = icmp eq i32 %43, 0 br i1 %44, label %49, label %45, !prof !7, !misexpect !8 %46 = add i32 %43, 1 %47 = or i32 %46, %43 %48 = icmp sgt i32 %47, -1 br i1 %48, label %51, label %49, !prof !9, !misexpect !8 %50 = phi i32 [ 2, %40 ], [ 1, %45 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %41, i32 %50) #83 br label %51 %52 = tail call zeroext i1 @ptrace_may_access(%struct.task_struct* nonnull %37, i32 17) #83 tail call void @__rcu_read_unlock() #83 br i1 %52, label %53, label %62 %54 = tail call i32 @security_task_movememory(%struct.task_struct* nonnull %37) #83 %55 = sext i32 %54 to i64 %56 = inttoptr i64 %55 to i8* %57 = inttoptr i64 %55 to %struct.mm_struct* %58 = icmp ugt i8* %56, inttoptr (i64 -4096 to i8*) br i1 %58, label %62, label %59 %60 = tail call i64 @cpuset_mems_allowed(%struct.task_struct* nonnull %37) #83 %61 = tail call %struct.mm_struct* @get_task_mm(%struct.task_struct* nonnull %37) #83 br label %62 %63 = phi i64 [ undef, %53 ], [ %60, %59 ], [ undef, %51 ] %64 = phi %struct.mm_struct* [ %57, %53 ], [ %61, %59 ], [ inttoptr (i64 -1 to %struct.mm_struct*), %51 ] %65 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 -1, i32* %42) #6, !srcloc !10 %66 = icmp eq i32 %65, 1 br i1 %66, label %72, label %67 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 tail call void @__put_task_struct(%struct.task_struct* nonnull %37) #83 br label %73 %74 = icmp eq %struct.mm_struct* %64, null br i1 %74, label %79, label %75 %76 = phi i64 [ %63, %73 ], [ %34, %28 ] %77 = phi %struct.mm_struct* [ %64, %73 ], [ %35, %28 ] %78 = icmp ugt %struct.mm_struct* %77, inttoptr (i64 -4096 to %struct.mm_struct*) br i1 %78, label %79, label %83 %84 = icmp eq i64 %3, 0 br i1 %84, label %282, label %85 %283 = bitcast [16 x i8*]* %7 to i8* %284 = bitcast [16 x i32]* %8 to i8* %285 = icmp eq i64 %1, 0 br i1 %285, label %337, label %286 %287 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %288 = inttoptr i64 %287 to %struct.task_struct* %289 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %288, i64 0, i32 0, i32 2 %290 = getelementptr inbounds [16 x i8*], [16 x i8*]* %7, i64 0, i64 0 %291 = getelementptr inbounds [16 x i32], [16 x i32]* %8, i64 0, i64 0 br label %292 %293 = phi i32* [ %17, %286 ], [ %334, %332 ] %294 = phi i8** [ %15, %286 ], [ %333, %332 ] %295 = phi i64 [ %1, %286 ], [ %335, %332 ] %296 = icmp ult i64 %295, 16 %297 = select i1 %296, i64 %295, i64 16 %298 = load i32, i32* %289, align 8 %299 = and i32 %298, 2 %300 = icmp eq i32 %299, 0 br i1 %300, label %322, label %301 %302 = bitcast i8** %294 to i32* br label %303 %304 = phi i64 [ %320, %314 ], [ 0, %301 ] %305 = phi i32 [ %319, %314 ], [ 0, %301 ] %307 = getelementptr i32, i32* %302, i64 %304 %308 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %307, i64 4, i64 %306) #6, !srcloc !17 %309 = extractvalue { i32*, i32, i64 } %308, 0 %310 = extractvalue { i32*, i32, i64 } %308, 2 %311 = ptrtoint i32* %309 to i64 %312 = and i64 %311, 4294967295 %313 = icmp eq i64 %312, 0 br i1 %313, label %314, label %337, !prof !9, !misexpect !8 %315 = extractvalue { i32*, i32, i64 } %308, 1 %316 = zext i32 %315 to i64 %317 = inttoptr i64 %316 to i8* %318 = getelementptr [16 x i8*], [16 x i8*]* %7, i64 0, i64 %304 store i8* %317, i8** %318, align 8 %319 = add i32 %305, 1 %320 = sext i32 %319 to i64 %321 = icmp ugt i64 %297, %320 br i1 %321, label %303, label %327 call fastcc void @do_pages_stat_array(%struct.mm_struct* %77, i64 %297, i8** nonnull %290, i32* nonnull %291) #83 Function:do_pages_stat_array callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_pages_stat_array, %5)) #6 to label %6 [label %5], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_get_mempolicy 1 __se_sys_get_mempolicy 2 __ia32_sys_get_mempolicy ------------- Path:  Function:__ia32_sys_get_mempolicy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_get_mempolicy(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_get_mempolicy %6 = alloca i32, align 4 %7 = alloca %struct.cpumask, align 8 %8 = bitcast i32* %6 to i8* %9 = bitcast %struct.cpumask* %7 to i8* %10 = icmp eq i64 %1, 0 br i1 %10, label %15, label %11 %12 = load i32, i32* @nr_node_ids, align 4 %13 = zext i32 %12 to i64 %14 = icmp ugt i64 %13, %2 br i1 %14, label %82, label %15 %16 = call fastcc i64 @do_get_mempolicy(i32* nonnull %6, %struct.cpumask* nonnull %7, i64 %3, i64 %4) #83 Function:do_get_mempolicy %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 47 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 156 %10 = load %struct.mempolicy*, %struct.mempolicy** %9, align 8 %11 = icmp ult i64 %3, 8 br i1 %11, label %12, label %159 %13 = and i64 %3, 4 %14 = icmp eq i64 %13, 0 br i1 %14, label %23, label %15 %24 = and i64 %3, 2 %25 = icmp eq i64 %24, 0 br i1 %25, label %54, label %26 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_get_mempolicy, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_get_mempolicy 1 __se_sys_get_mempolicy 2 __x64_sys_get_mempolicy ------------- Path:  Function:__x64_sys_get_mempolicy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_get_mempolicy(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_get_mempolicy %6 = alloca i32, align 4 %7 = alloca %struct.cpumask, align 8 %8 = bitcast i32* %6 to i8* %9 = bitcast %struct.cpumask* %7 to i8* %10 = icmp eq i64 %1, 0 br i1 %10, label %15, label %11 %12 = load i32, i32* @nr_node_ids, align 4 %13 = zext i32 %12 to i64 %14 = icmp ugt i64 %13, %2 br i1 %14, label %82, label %15 %16 = call fastcc i64 @do_get_mempolicy(i32* nonnull %6, %struct.cpumask* nonnull %7, i64 %3, i64 %4) #83 Function:do_get_mempolicy %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 47 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 156 %10 = load %struct.mempolicy*, %struct.mempolicy** %9, align 8 %11 = icmp ult i64 %3, 8 br i1 %11, label %12, label %159 %13 = and i64 %3, 4 %14 = icmp eq i64 %13, 0 br i1 %14, label %23, label %15 %24 = and i64 %3, 2 %25 = icmp eq i64 %24, 0 br i1 %25, label %54, label %26 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_get_mempolicy, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mbind 1 __se_sys_mbind 2 __ia32_sys_mbind ------------- Path:  Function:__ia32_sys_mbind %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_mbind(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_mbind %7 = alloca i64, align 8 %8 = alloca %struct.cpumask, align 8 %9 = inttoptr i64 %3 to i64* %10 = bitcast %struct.cpumask* %8 to i8* %11 = trunc i64 %2 to i32 %12 = trunc i64 %2 to i16 %13 = and i16 %12, -8192 %14 = and i32 %11, -57345 %15 = icmp ugt i32 %14, 5 %16 = icmp ugt i16 %13, -16385 %17 = or i1 %15, %16 br i1 %17, label %94, label %18 %19 = and i16 %12, 8192 %20 = icmp eq i16 %19, 0 br i1 %20, label %25, label %21 %22 = icmp eq i32 %14, 2 br i1 %22, label %23, label %94 %24 = or i16 %13, 24 br label %25 %26 = phi i16 [ %13, %18 ], [ %24, %23 ] %27 = add i64 %4, -1 %28 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 store i64 0, i64* %28, align 8 %29 = icmp ne i64 %27, 0 %30 = icmp ne i64 %3, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %90 %33 = icmp ugt i64 %27, 32768 br i1 %33, label %94, label %34 %35 = bitcast i64* %7 to i8* br label %36 %37 = phi i64 [ %62, %59 ], [ %27, %34 ] %38 = icmp ugt i64 %37, 64 br i1 %38, label %39, label %65 %66 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %67 = inttoptr i64 %66 to %struct.task_struct* %68 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %67, i64 0, i32 0, i32 2 %69 = load i32, i32* %68, align 8 %70 = and i32 %69, 2 %71 = icmp eq i32 %70, 0 br i1 %71, label %75, label %72 %76 = inttoptr i64 %3 to i8* %77 = call i64 @_copy_from_user(i8* nonnull %10, i8* nonnull %76, i64 8) #83 br label %78 %79 = phi i64 [ %74, %72 ], [ %77, %75 ] %80 = trunc i64 %79 to i32 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %94 %83 = and i64 %37, 63 %84 = icmp eq i64 %83, 0 br i1 %84, label %90, label %85 %86 = shl nsw i64 -1, %83 %87 = xor i64 %86, -1 %88 = load i64, i64* %28, align 8 %89 = and i64 %88, %87 store i64 %89, i64* %28, align 8 br label %90 %91 = trunc i32 %14 to i16 %92 = and i64 %5, 4294967295 %93 = call fastcc i64 @do_mbind(i64 %0, i64 %1, i16 zeroext %91, i16 zeroext %26, %struct.cpumask* nonnull %8, i64 %92) #83 Function:do_mbind %7 = alloca %struct.queue_pages, align 8 %8 = alloca %struct.list_head, align 8 %9 = alloca %struct.nodemask_scratch, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 47 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 8 %14 = bitcast %struct.list_head* %8 to i8* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %16, align 8 %17 = icmp ult i64 %5, 8 br i1 %17, label %18, label %340 %19 = and i64 %5, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %23, label %21 %24 = and i64 %0, 4095 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %340 %27 = icmp eq i16 %2, 0 %28 = and i64 %5, -2 %29 = select i1 %27, i64 %28, i64 %5 %30 = add i64 %1, 4095 %31 = and i64 %30, -4096 %32 = add i64 %31, %0 %33 = icmp ult i64 %32, %0 br i1 %33, label %340, label %34 %35 = icmp eq i64 %31, 0 br i1 %35, label %340, label %36 switch i16 %2, label %49 [ i16 0, label %37 i16 1, label %43 ] %38 = icmp eq %struct.cpumask* %4, null br i1 %38, label %74, label %39 %40 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %4, i64 0, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %74, label %71 %75 = phi i8* [ %61, %63 ], [ null, %37 ], [ null, %39 ] %76 = phi %struct.mempolicy* [ %64, %63 ], [ null, %37 ], [ null, %39 ] %77 = and i64 %29, 8 %78 = icmp eq i64 %77, 0 br i1 %78, label %83, label %79 %84 = icmp eq %struct.mempolicy* %76, null %85 = or i64 %29, 16 %86 = select i1 %84, i64 %85, i64 %29 %87 = and i64 %86, 6 %88 = icmp eq i64 %87, 0 br i1 %88, label %90, label %89 %91 = bitcast %struct.nodemask_scratch* %9 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mbind, %92)) #6 to label %93 [label %92], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %13, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mbind 1 __se_sys_mbind 2 __x64_sys_mbind ------------- Path:  Function:__x64_sys_mbind %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_mbind(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_mbind %7 = alloca i64, align 8 %8 = alloca %struct.cpumask, align 8 %9 = inttoptr i64 %3 to i64* %10 = bitcast %struct.cpumask* %8 to i8* %11 = trunc i64 %2 to i32 %12 = trunc i64 %2 to i16 %13 = and i16 %12, -8192 %14 = and i32 %11, -57345 %15 = icmp ugt i32 %14, 5 %16 = icmp ugt i16 %13, -16385 %17 = or i1 %15, %16 br i1 %17, label %94, label %18 %19 = and i16 %12, 8192 %20 = icmp eq i16 %19, 0 br i1 %20, label %25, label %21 %22 = icmp eq i32 %14, 2 br i1 %22, label %23, label %94 %24 = or i16 %13, 24 br label %25 %26 = phi i16 [ %13, %18 ], [ %24, %23 ] %27 = add i64 %4, -1 %28 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 store i64 0, i64* %28, align 8 %29 = icmp ne i64 %27, 0 %30 = icmp ne i64 %3, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %90 %33 = icmp ugt i64 %27, 32768 br i1 %33, label %94, label %34 %35 = bitcast i64* %7 to i8* br label %36 %37 = phi i64 [ %62, %59 ], [ %27, %34 ] %38 = icmp ugt i64 %37, 64 br i1 %38, label %39, label %65 %66 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %67 = inttoptr i64 %66 to %struct.task_struct* %68 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %67, i64 0, i32 0, i32 2 %69 = load i32, i32* %68, align 8 %70 = and i32 %69, 2 %71 = icmp eq i32 %70, 0 br i1 %71, label %75, label %72 %76 = inttoptr i64 %3 to i8* %77 = call i64 @_copy_from_user(i8* nonnull %10, i8* nonnull %76, i64 8) #83 br label %78 %79 = phi i64 [ %74, %72 ], [ %77, %75 ] %80 = trunc i64 %79 to i32 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %94 %83 = and i64 %37, 63 %84 = icmp eq i64 %83, 0 br i1 %84, label %90, label %85 %86 = shl nsw i64 -1, %83 %87 = xor i64 %86, -1 %88 = load i64, i64* %28, align 8 %89 = and i64 %88, %87 store i64 %89, i64* %28, align 8 br label %90 %91 = trunc i32 %14 to i16 %92 = and i64 %5, 4294967295 %93 = call fastcc i64 @do_mbind(i64 %0, i64 %1, i16 zeroext %91, i16 zeroext %26, %struct.cpumask* nonnull %8, i64 %92) #83 Function:do_mbind %7 = alloca %struct.queue_pages, align 8 %8 = alloca %struct.list_head, align 8 %9 = alloca %struct.nodemask_scratch, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 47 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 8 %14 = bitcast %struct.list_head* %8 to i8* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %16, align 8 %17 = icmp ult i64 %5, 8 br i1 %17, label %18, label %340 %19 = and i64 %5, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %23, label %21 %24 = and i64 %0, 4095 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %340 %27 = icmp eq i16 %2, 0 %28 = and i64 %5, -2 %29 = select i1 %27, i64 %28, i64 %5 %30 = add i64 %1, 4095 %31 = and i64 %30, -4096 %32 = add i64 %31, %0 %33 = icmp ult i64 %32, %0 br i1 %33, label %340, label %34 %35 = icmp eq i64 %31, 0 br i1 %35, label %340, label %36 switch i16 %2, label %49 [ i16 0, label %37 i16 1, label %43 ] %38 = icmp eq %struct.cpumask* %4, null br i1 %38, label %74, label %39 %40 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %4, i64 0, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %74, label %71 %75 = phi i8* [ %61, %63 ], [ null, %37 ], [ null, %39 ] %76 = phi %struct.mempolicy* [ %64, %63 ], [ null, %37 ], [ null, %39 ] %77 = and i64 %29, 8 %78 = icmp eq i64 %77, 0 br i1 %78, label %83, label %79 %84 = icmp eq %struct.mempolicy* %76, null %85 = or i64 %29, 16 %86 = select i1 %84, i64 %85, i64 %29 %87 = and i64 %86, 6 %88 = icmp eq i64 %87, 0 br i1 %88, label %90, label %89 %91 = bitcast %struct.nodemask_scratch* %9 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mbind, %92)) #6 to label %93 [label %92], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %13, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_msync 1 __ia32_sys_msync ------------- Path:  Function:__ia32_sys_msync %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call fastcc i64 @__do_sys_msync(i64 %4, i64 %7, i32 %10) #83 Function:__do_sys_msync %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 47 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = icmp ult i32 %2, 8 %9 = and i64 %0, 4095 %10 = icmp eq i64 %9, 0 %11 = and i1 %10, %8 br i1 %11, label %12, label %109 %13 = and i32 %2, 4 %14 = and i32 %2, 5 %15 = icmp eq i32 %14, 5 br i1 %15, label %109, label %16 %17 = add i64 %1, 4095 %18 = and i64 %17, -4096 %19 = add i64 %18, %0 %20 = icmp ult i64 %19, %0 br i1 %20, label %109, label %21 %22 = icmp eq i64 %18, 0 br i1 %22, label %107, label %23 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_msync, %24)) #6 to label %25 [label %24], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %7, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_msync 1 __x64_sys_msync ------------- Path:  Function:__x64_sys_msync %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call fastcc i64 @__do_sys_msync(i64 %3, i64 %5, i32 %8) #83 Function:__do_sys_msync %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 47 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = icmp ult i32 %2, 8 %9 = and i64 %0, 4095 %10 = icmp eq i64 %9, 0 %11 = and i1 %10, %8 br i1 %11, label %12, label %109 %13 = and i32 %2, 4 %14 = and i32 %2, 5 %15 = icmp eq i32 %14, 5 br i1 %15, label %109, label %16 %17 = add i64 %1, 4095 %18 = and i64 %17, -4096 %19 = add i64 %18, %0 %20 = icmp ult i64 %19, %0 br i1 %20, label %109, label %21 %22 = icmp eq i64 %18, 0 br i1 %22, label %107, label %23 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_msync, %24)) #6 to label %25 [label %24], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %7, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mremap 1 __ia32_sys_mremap ------------- Path:  Function:__ia32_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_mremap(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__do_sys_mremap %6 = alloca i8, align 1 %7 = alloca %struct.list_head, align 8 %8 = alloca %struct.list_head, align 8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131842** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131842**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.131842* %11 = getelementptr inbounds %struct.task_struct.131842, %struct.task_struct.131842* %10, i64 0, i32 47 %12 = load %struct.mm_struct.131735*, %struct.mm_struct.131735** %11, align 8 store i8 0, i8* %6, align 1 %13 = bitcast %struct.list_head* %7 to i8* %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store %struct.list_head* %7, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 1 store %struct.list_head* %7, %struct.list_head** %15, align 8 %16 = bitcast %struct.list_head* %8 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %18, align 8 %19 = icmp ult i64 %3, 8 br i1 %19, label %20, label %327 %21 = and i64 %3, 2 %22 = and i64 %3, 1 %23 = icmp eq i64 %22, 0 %24 = and i64 %3, 3 %25 = icmp eq i64 %24, 2 br i1 %25, label %327, label %26 %27 = and i64 %3, 4 %28 = icmp eq i64 %27, 0 br i1 %28, label %33, label %29 %30 = icmp ne i64 %22, 0 %31 = icmp eq i64 %1, %2 %32 = and i1 %31, %30 br i1 %32, label %33, label %327 %34 = and i64 %0, 4095 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %327 %37 = add i64 %1, 4095 %38 = and i64 %37, -4096 %39 = add i64 %2, 4095 %40 = and i64 %39, -4096 %41 = icmp eq i64 %40, 0 br i1 %41, label %327, label %42 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %43)) #6 to label %44 [label %43], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131735*, i1)*)(%struct.mm_struct.131735* %12, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mremap 1 __x64_sys_mremap ------------- Path:  Function:__x64_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_mremap(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__do_sys_mremap %6 = alloca i8, align 1 %7 = alloca %struct.list_head, align 8 %8 = alloca %struct.list_head, align 8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131842** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131842**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.131842* %11 = getelementptr inbounds %struct.task_struct.131842, %struct.task_struct.131842* %10, i64 0, i32 47 %12 = load %struct.mm_struct.131735*, %struct.mm_struct.131735** %11, align 8 store i8 0, i8* %6, align 1 %13 = bitcast %struct.list_head* %7 to i8* %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store %struct.list_head* %7, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 1 store %struct.list_head* %7, %struct.list_head** %15, align 8 %16 = bitcast %struct.list_head* %8 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %18, align 8 %19 = icmp ult i64 %3, 8 br i1 %19, label %20, label %327 %21 = and i64 %3, 2 %22 = and i64 %3, 1 %23 = icmp eq i64 %22, 0 %24 = and i64 %3, 3 %25 = icmp eq i64 %24, 2 br i1 %25, label %327, label %26 %27 = and i64 %3, 4 %28 = icmp eq i64 %27, 0 br i1 %28, label %33, label %29 %30 = icmp ne i64 %22, 0 %31 = icmp eq i64 %1, %2 %32 = and i1 %31, %30 br i1 %32, label %33, label %327 %34 = and i64 %0, 4095 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %327 %37 = add i64 %1, 4095 %38 = and i64 %37, -4096 %39 = add i64 %2, 4095 %40 = and i64 %39, -4096 %41 = icmp eq i64 %40, 0 br i1 %41, label %327, label %42 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %43)) #6 to label %44 [label %43], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131735*, i1)*)(%struct.mm_struct.131735* %12, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __ia32_sys_mprotect ------------- Path:  Function:__ia32_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 -1) #83 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131375*, align 8 %6 = bitcast %struct.vm_area_struct.131375** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 56 %10 = load i32, i32* %9, align 16 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %168 %23 = icmp eq i64 %1, 0 br i1 %23, label %168, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %168 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %168 %32 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %33 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %32, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %33, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __ia32_sys_pkey_mprotect ------------- Path:  Function:__ia32_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 %13) #83 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131375*, align 8 %6 = bitcast %struct.vm_area_struct.131375** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 56 %10 = load i32, i32* %9, align 16 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %168 %23 = icmp eq i64 %1, 0 br i1 %23, label %168, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %168 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %168 %32 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %33 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %32, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %33, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __x64_sys_mprotect ------------- Path:  Function:__x64_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 -1) #83 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131375*, align 8 %6 = bitcast %struct.vm_area_struct.131375** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 56 %10 = load i32, i32* %9, align 16 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %168 %23 = icmp eq i64 %1, 0 br i1 %23, label %168, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %168 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %168 %32 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %33 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %32, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %33, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __x64_sys_pkey_mprotect ------------- Path:  Function:__x64_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 %10) #83 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131375*, align 8 %6 = bitcast %struct.vm_area_struct.131375** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 56 %10 = load i32, i32* %9, align 16 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %168 %23 = icmp eq i64 %1, 0 br i1 %23, label %168, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %168 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %168 %32 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %33 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %32, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %33, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_pkey_free 1 __ia32_sys_pkey_free ------------- Path:  Function:__ia32_sys_pkey_free %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_pkey_free(i32 %4) #83 Function:__do_sys_pkey_free %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.131269* %4 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %3, i64 0, i32 47 %5 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_pkey_free, %6)) #6 to label %7 [label %6], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %5, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_pkey_free 1 __x64_sys_pkey_free ------------- Path:  Function:__x64_sys_pkey_free %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_pkey_free(i32 %4) #83 Function:__do_sys_pkey_free %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.131269* %4 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %3, i64 0, i32 47 %5 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_pkey_free, %6)) #6 to label %7 [label %6], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %5, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_pkey_alloc 1 __ia32_sys_pkey_alloc ------------- Path:  Function:__ia32_sys_pkey_alloc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__do_sys_pkey_alloc(i64 %4, i64 %7) #83 Function:__do_sys_pkey_alloc %3 = icmp eq i64 %0, 0 %4 = icmp ult i64 %1, 4 %5 = and i1 %3, %4 br i1 %5, label %6, label %67 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %10 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_pkey_alloc, %11)) #6 to label %12 [label %11], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %10, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_pkey_alloc 1 __x64_sys_pkey_alloc ------------- Path:  Function:__x64_sys_pkey_alloc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__do_sys_pkey_alloc(i64 %3, i64 %5) #83 Function:__do_sys_pkey_alloc %3 = icmp eq i64 %0, 0 %4 = icmp ult i64 %1, 4 %5 = and i1 %3, %4 br i1 %5, label %6, label %67 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %10 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_pkey_alloc, %11)) #6 to label %12 [label %11], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %10, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_brk 1 __ia32_sys_brk ------------- Path:  Function:__ia32_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__do_sys_brk(i64 %4) #83 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 47 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_brk 1 __x64_sys_brk ------------- Path:  Function:__x64_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__do_sys_brk(i64 %3) #83 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 47 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_remap_file_pages 1 __ia32_sys_remap_file_pages ------------- Path:  Function:__ia32_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 8 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #84 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_remap_file_pages 1 __x64_sys_remap_file_pages ------------- Path:  Function:__x64_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 8 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #84 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlockall ------------- Path:  Function:__do_sys_munlockall %2 = alloca %struct.vm_area_struct.129974*, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130092* %5 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %4, i64 0, i32 47 %6 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %5, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlockall, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %6, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlock 1 __ia32_sys_munlock ------------- Path:  Function:__ia32_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__do_sys_munlock(i64 %4, i64 %7) #83 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130092* %5 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %4, i64 0, i32 47 %6 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %5, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %6, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlock 1 __x64_sys_munlock ------------- Path:  Function:__x64_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__do_sys_munlock(i64 %3, i64 %5) #83 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130092* %5 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %4, i64 0, i32 47 %6 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %5, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %6, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mlockall 1 __ia32_sys_mlockall ------------- Path:  Function:__ia32_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #83 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.130092* %10 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %9, i64 0, i32 104 %11 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %10, align 8 %12 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %11, i64 0, i32 50, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #83 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %10, align 8 br label %19 %20 = phi %struct.signal_struct.130035* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %20, i64 0, i32 50, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %9, i64 0, i32 47 %25 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %24, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %25, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mlockall 1 __x64_sys_mlockall ------------- Path:  Function:__x64_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #83 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.130092* %10 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %9, i64 0, i32 104 %11 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %10, align 8 %12 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %11, i64 0, i32 50, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #83 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %10, align 8 br label %19 %20 = phi %struct.signal_struct.130035* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %20, i64 0, i32 50, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %9, i64 0, i32 47 %25 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %24, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %25, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __ia32_sys_mlock ------------- Path:  Function:__ia32_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i32 @do_mlock(i64 %4, i64 %7, i64 8192) #83 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130092* %6 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 104 %7 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 %8 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %7, i64 0, i32 50, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #83 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 br label %15 %16 = phi %struct.signal_struct.130035* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %16, i64 0, i32 50, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 47 %26 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %25, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %26, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __ia32_sys_mlock2 ------------- Path:  Function:__ia32_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %17 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = icmp eq i32 %4, 0 %14 = select i1 %13, i64 8192, i64 532480 %15 = tail call fastcc i32 @do_mlock(i64 %12, i64 %9, i64 %14) #83 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130092* %6 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 104 %7 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 %8 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %7, i64 0, i32 50, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #83 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 br label %15 %16 = phi %struct.signal_struct.130035* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %16, i64 0, i32 50, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 47 %26 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %25, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %26, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __x64_sys_mlock ------------- Path:  Function:__x64_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i32 @do_mlock(i64 %3, i64 %5, i64 8192) #83 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130092* %6 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 104 %7 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 %8 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %7, i64 0, i32 50, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #83 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 br label %15 %16 = phi %struct.signal_struct.130035* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %16, i64 0, i32 50, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 47 %26 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %25, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %26, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __x64_sys_mlock2 ------------- Path:  Function:__x64_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %15 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = icmp eq i32 %4, 0 %12 = select i1 %11, i64 8192, i64 532480 %13 = tail call fastcc i32 @do_mlock(i64 %10, i64 %8, i64 %12) #83 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130092* %6 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 104 %7 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 %8 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %7, i64 0, i32 50, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #83 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 br label %15 %16 = phi %struct.signal_struct.130035* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %16, i64 0, i32 50, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 47 %26 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %25, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %26, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mincore 1 __ia32_sys_mincore ------------- Path:  Function:__ia32_sys_mincore %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = tail call fastcc i64 @__do_sys_mincore(i64 %4, i64 %7, i8* %11) #83 Function:__do_sys_mincore %4 = and i64 %0, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %116 %7 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %8 = add i64 %1, %0 %9 = icmp ult i64 %8, %1 %10 = icmp ugt i64 %8, %7 %11 = or i1 %9, %10 br i1 %11, label %116, label %12, !prof !5, !misexpect !6 %13 = lshr i64 %1, 12 %14 = and i64 %1, 4095 %15 = icmp ne i64 %14, 0 %16 = zext i1 %15 to i64 %17 = add nuw nsw i64 %13, %16 %18 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %19 = ptrtoint i8* %2 to i64 %20 = add i64 %17, %19 %21 = icmp ult i64 %20, %17 %22 = icmp ugt i64 %20, %18 %23 = or i1 %21, %22 br i1 %23, label %116, label %24, !prof !5, !misexpect !6 %25 = tail call i64 @__get_free_pages(i32 1051840, i32 0) #83 %26 = inttoptr i64 %25 to i8* %27 = icmp eq i64 %25, 0 br i1 %27, label %116, label %28 %29 = icmp eq i64 %17, 0 br i1 %29, label %114, label %30 %31 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 br label %34 %35 = phi i64 [ %0, %30 ], [ %112, %108 ] %36 = phi i8* [ %2, %30 ], [ %110, %108 ] %37 = phi i64 [ %17, %30 ], [ %109, %108 ] %38 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mincore, %39)) #6 to label %40 [label %39], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %38, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mincore 1 __x64_sys_mincore ------------- Path:  Function:__x64_sys_mincore %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = tail call fastcc i64 @__do_sys_mincore(i64 %3, i64 %5, i8* %8) #83 Function:__do_sys_mincore %4 = and i64 %0, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %116 %7 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %8 = add i64 %1, %0 %9 = icmp ult i64 %8, %1 %10 = icmp ugt i64 %8, %7 %11 = or i1 %9, %10 br i1 %11, label %116, label %12, !prof !5, !misexpect !6 %13 = lshr i64 %1, 12 %14 = and i64 %1, 4095 %15 = icmp ne i64 %14, 0 %16 = zext i1 %15 to i64 %17 = add nuw nsw i64 %13, %16 %18 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %19 = ptrtoint i8* %2 to i64 %20 = add i64 %17, %19 %21 = icmp ult i64 %20, %17 %22 = icmp ugt i64 %20, %18 %23 = or i1 %21, %22 br i1 %23, label %116, label %24, !prof !5, !misexpect !6 %25 = tail call i64 @__get_free_pages(i32 1051840, i32 0) #83 %26 = inttoptr i64 %25 to i8* %27 = icmp eq i64 %25, 0 br i1 %27, label %116, label %28 %29 = icmp eq i64 %17, 0 br i1 %29, label %114, label %30 %31 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 br label %34 %35 = phi i64 [ %0, %30 ], [ %112, %108 ] %36 = phi i8* [ %2, %30 ], [ %110, %108 ] %37 = phi i64 [ %17, %30 ], [ %109, %108 ] %38 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mincore, %39)) #6 to label %40 [label %39], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %38, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 __access_remote_vm 1 access_remote_vm 2 environ_read ------------- Path:  Function:environ_read %5 = load i64, i64* %3, align 8 %6 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mm_struct.176084** %8 = load %struct.mm_struct.176084*, %struct.mm_struct.176084** %7, align 8 %9 = icmp eq %struct.mm_struct.176084* %8, null br i1 %9, label %73, label %10 %11 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 40 %12 = load i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %73, label %14 %15 = tail call i64 @__get_free_pages(i32 3264, i32 0) #83 %16 = inttoptr i64 %15 to i8* %17 = icmp eq i64 %15, 0 br i1 %17, label %73, label %18 %19 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 12, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %70, label %22, !prof !4, !misexpect !5 %23 = phi i32 [ %30, %29 ], [ %20, %18 ] %24 = add i32 %23, 1 %25 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 %24, i32* %19, i32 %23) #6, !srcloc !6 %26 = extractvalue { i8, i32 } %25, 0 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %29, label %32, !prof !4, !misexpect !5 %33 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 29, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #83 %34 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 39 %35 = load i64, i64* %34, align 8 %36 = load i64, i64* %11, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %33) #83 %37 = icmp ne i64 %2, 0 %38 = sub i64 %36, %35 %39 = icmp ult i64 %5, %38 %40 = and i1 %39, %37 br i1 %40, label %41, label %67 %42 = phi i8* [ %62, %59 ], [ %1, %32 ] %43 = phi i64 [ %63, %59 ], [ %2, %32 ] %44 = phi i64 [ %61, %59 ], [ %5, %32 ] %45 = phi i32 [ %60, %59 ], [ 0, %32 ] %46 = add i64 %44, %35 %47 = sub i64 %36, %46 %48 = icmp ult i64 %43, 4096 %49 = select i1 %48, i64 %43, i64 4096 %50 = icmp ult i64 %49, %47 %51 = select i1 %50, i64 %49, i64 %47 %52 = trunc i64 %51 to i32 %53 = tail call i32 bitcast (i32 (%struct.mm_struct*, i64, i8*, i32, i32)* @access_remote_vm to i32 (%struct.mm_struct.176084*, i64, i8*, i32, i32)*)(%struct.mm_struct.176084* nonnull %8, i64 %46, i8* nonnull %16, i32 %52, i32 32768) #83 Function:access_remote_vm %6 = tail call i32 @__access_remote_vm(%struct.mm_struct* %0, i64 %1, i8* %2, i32 %3, i32 %4) #83 Function:__access_remote_vm %6 = alloca %struct.vm_area_struct*, align 8 %7 = alloca %struct.page*, align 8 %8 = bitcast %struct.vm_area_struct** %6 to i8* %9 = and i32 %4, 1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__access_remote_vm, %10)) #6 to label %11 [label %10], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 __access_remote_vm 1 access_remote_vm 2 mem_rw 3 mem_read ------------- Path:  Function:mem_read %5 = tail call fastcc i64 @mem_rw(%struct.file.175888* %0, i8* %1, i64 %2, i64* %3, i32 0) #83 Function:mem_rw %6 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mm_struct.176084** %8 = load %struct.mm_struct.176084*, %struct.mm_struct.176084** %7, align 8 %9 = load i64, i64* %3, align 8 %10 = icmp eq %struct.mm_struct.176084* %8, null br i1 %10, label %71, label %11 %12 = tail call i64 @__get_free_pages(i32 3264, i32 0) #83 %13 = inttoptr i64 %12 to i8* %14 = icmp eq i64 %12, 0 br i1 %14, label %71, label %15 %16 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 12, i32 0 %17 = load volatile i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %69, label %19, !prof !4, !misexpect !5 %20 = phi i32 [ %27, %26 ], [ %17, %15 ] %21 = add i32 %20, 1 %22 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 %21, i32* %16, i32 %20) #6, !srcloc !6 %23 = extractvalue { i8, i32 } %22, 0 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %30 = icmp eq i32 %4, 0 %31 = xor i1 %30, true %32 = zext i1 %31 to i32 %33 = or i32 %32, 16 %34 = icmp eq i64 %2, 0 br i1 %34, label %66, label %35 %36 = phi i8* [ %61, %60 ], [ %1, %29 ] %37 = phi i64 [ %64, %60 ], [ %2, %29 ] %38 = phi i64 [ %62, %60 ], [ %9, %29 ] %39 = phi i64 [ %63, %60 ], [ 0, %29 ] %40 = icmp ult i64 %37, 4096 %41 = select i1 %40, i64 %37, i64 4096 br i1 %30, label %45, label %42 %43 = tail call i64 @_copy_from_user(i8* nonnull %13, i8* %36, i64 %41) #83 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %66 %46 = trunc i64 %41 to i32 %47 = tail call i32 bitcast (i32 (%struct.mm_struct*, i64, i8*, i32, i32)* @access_remote_vm to i32 (%struct.mm_struct.176084*, i64, i8*, i32, i32)*)(%struct.mm_struct.176084* nonnull %8, i64 %38, i8* nonnull %13, i32 %46, i32 %33) #83 Function:access_remote_vm %6 = tail call i32 @__access_remote_vm(%struct.mm_struct* %0, i64 %1, i8* %2, i32 %3, i32 %4) #83 Function:__access_remote_vm %6 = alloca %struct.vm_area_struct*, align 8 %7 = alloca %struct.page*, align 8 %8 = bitcast %struct.vm_area_struct** %6 to i8* %9 = and i32 %4, 1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__access_remote_vm, %10)) #6 to label %11 [label %10], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 __access_remote_vm 1 access_remote_vm 2 mem_rw 3 mem_write ------------- Path:  Function:mem_write %5 = tail call fastcc i64 @mem_rw(%struct.file.175888* %0, i8* %1, i64 %2, i64* %3, i32 1) #83 Function:mem_rw %6 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mm_struct.176084** %8 = load %struct.mm_struct.176084*, %struct.mm_struct.176084** %7, align 8 %9 = load i64, i64* %3, align 8 %10 = icmp eq %struct.mm_struct.176084* %8, null br i1 %10, label %71, label %11 %12 = tail call i64 @__get_free_pages(i32 3264, i32 0) #83 %13 = inttoptr i64 %12 to i8* %14 = icmp eq i64 %12, 0 br i1 %14, label %71, label %15 %16 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 12, i32 0 %17 = load volatile i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %69, label %19, !prof !4, !misexpect !5 %20 = phi i32 [ %27, %26 ], [ %17, %15 ] %21 = add i32 %20, 1 %22 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 %21, i32* %16, i32 %20) #6, !srcloc !6 %23 = extractvalue { i8, i32 } %22, 0 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %30 = icmp eq i32 %4, 0 %31 = xor i1 %30, true %32 = zext i1 %31 to i32 %33 = or i32 %32, 16 %34 = icmp eq i64 %2, 0 br i1 %34, label %66, label %35 %36 = phi i8* [ %61, %60 ], [ %1, %29 ] %37 = phi i64 [ %64, %60 ], [ %2, %29 ] %38 = phi i64 [ %62, %60 ], [ %9, %29 ] %39 = phi i64 [ %63, %60 ], [ 0, %29 ] %40 = icmp ult i64 %37, 4096 %41 = select i1 %40, i64 %37, i64 4096 br i1 %30, label %45, label %42 %43 = tail call i64 @_copy_from_user(i8* nonnull %13, i8* %36, i64 %41) #83 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %66 %46 = trunc i64 %41 to i32 %47 = tail call i32 bitcast (i32 (%struct.mm_struct*, i64, i8*, i32, i32)* @access_remote_vm to i32 (%struct.mm_struct.176084*, i64, i8*, i32, i32)*)(%struct.mm_struct.176084* nonnull %8, i64 %38, i8* nonnull %13, i32 %46, i32 %33) #83 Function:access_remote_vm %6 = tail call i32 @__access_remote_vm(%struct.mm_struct* %0, i64 %1, i8* %2, i32 %3, i32 %4) #83 Function:__access_remote_vm %6 = alloca %struct.vm_area_struct*, align 8 %7 = alloca %struct.page*, align 8 %8 = bitcast %struct.vm_area_struct** %6 to i8* %9 = and i32 %4, 1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__access_remote_vm, %10)) #6 to label %11 [label %10], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #83 ------------- Use: =BAD PATH= Call Stack: 0 vm_mmap_pgoff 1 vm_mmap 2 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %153 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %11 = bitcast %struct.mutex* %10 to i8* %12 = load i8, i8* %11, align 8 %13 = icmp ugt i8 %12, 12 br i1 %13, label %153, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 32 %16 = bitcast i8* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ult i64 %17, 2 br i1 %18, label %19, label %153 %20 = icmp eq i64 %17, 0 br i1 %20, label %25, label %21 %22 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %23 = and i64 %22, 65536 %24 = icmp eq i64 %23, 0 br i1 %24, label %153, label %25 %26 = bitcast i8* %1 to i32* %27 = load i32, i32* %26, align 8 tail call void @__rcu_read_lock() #83 %28 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %29 = zext i32 %27 to i64 %30 = tail call i8* @idr_find(%struct.idr* %28, i64 %29) #83 %31 = icmp eq i8* %30, null br i1 %31, label %55, label %32 %33 = bitcast i8* %30 to %struct.seqcount_spinlock* %34 = bitcast i8* %30 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %34, i32 %39, i32* nonnull %34, i32 %38) #6, !srcloc !4 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %45 = extractvalue { i8, i32 } %40, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %37 %48 = phi i32 [ 0, %32 ], [ %38, %37 ], [ 0, %44 ] %49 = add i32 %48, 1 %50 = or i32 %49, %48 %51 = icmp sgt i32 %50, -1 br i1 %51, label %53, label %52, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %33, i32 0) #83 br label %53 %54 = icmp eq i32 %48, 0 br i1 %54, label %55, label %56 tail call void @__rcu_read_unlock() #83 %57 = getelementptr inbounds i8, i8* %30, i64 16 %58 = bitcast i8* %57 to %struct.file** %59 = load %struct.file*, %struct.file** %58, align 8 %60 = icmp eq %struct.file* %59, null br i1 %60, label %140, label %61 %62 = getelementptr inbounds i8, i8* %1, i64 8 %63 = bitcast i8* %62 to i64* %64 = load i64, i64* %63, align 8 %65 = getelementptr inbounds i8, i8* %1, i64 16 %66 = bitcast i8* %65 to i64* %67 = getelementptr inbounds i8, i8* %30, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %64 br i1 %70, label %71, label %140 %72 = load i64, i64* %66, align 8 %73 = sub i64 %69, %64 %74 = icmp ugt i64 %72, %73 br i1 %74, label %140, label %75 %76 = tail call i64 @vm_mmap(%struct.file* nonnull %59, i64 0, i64 %72, i64 3, i64 1, i64 %64) #83 Function:vm_mmap %7 = add i64 %2, 4095 %8 = and i64 %7, -4096 %9 = xor i64 %5, -1 %10 = icmp ule i64 %8, %9 %11 = and i64 %5, 4095 %12 = icmp eq i64 %11, 0 %13 = and i1 %10, %12 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %15 = lshr i64 %5, 12 %16 = tail call i64 @vm_mmap_pgoff(%struct.file* %0, i64 %1, i64 %2, i64 %3, i64 %4, i64 %15) #83 Function:vm_mmap_pgoff %7 = alloca i64, align 8 %8 = alloca %struct.list_head, align 8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = bitcast i64* %7 to i8* %14 = bitcast %struct.list_head* %8 to i8* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %16, align 8 %17 = call i32 @security_mmap_file(%struct.file* %0, i64 %3, i64 %4) #83 %18 = sext i32 %17 to i64 %19 = icmp eq i32 %17, 0 br i1 %19, label %20, label %37 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@vm_mmap_pgoff, %21)) #6 to label %22 [label %21], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %12, i1 zeroext true) #83 ------------- Good: 177 Bad: 50 Ignored: 354 Check Use of Function:nla_strcmp Check Use of Function:perf_ioctl Use: =BAD PATH= Call Stack: 0 perf_compat_ioctl ------------- Path:  Function:perf_compat_ioctl %4 = trunc i32 %1 to i8 switch i8 %4, label %11 [ i8 6, label %5 i8 7, label %5 i8 10, label %5 i8 11, label %5 ] %6 = and i32 %1, 1073676288 %7 = icmp eq i32 %6, 262144 br i1 %7, label %8, label %11 %12 = phi i32 [ %1, %3 ], [ %10, %8 ], [ %1, %5 ] %13 = tail call i64 @perf_ioctl(%struct.file.114997* %0, i32 %12, i64 %2) #83 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:efivar_entry_set Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.701531* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.701481** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.701481**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.701481* %14 = getelementptr inbounds %struct.task_struct.701481, %struct.task_struct.701481* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %19 = icmp eq i64 %2, 2076 br i1 %19, label %20, label %134 %21 = getelementptr inbounds i8, i8* %1, i64 2072 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 1 %24 = getelementptr inbounds i8, i8* %1, i64 1024 %25 = bitcast i8* %24 to i64* %26 = load i64, i64* %25, align 1 %27 = getelementptr inbounds i8, i8* %1, i64 1032 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 1 %30 = bitcast i8* %1 to i16* %31 = getelementptr inbounds i8, i8* %1, i64 1040 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 1 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds i8, i8* %1, i64 1044 %36 = bitcast %struct.efivar_entry.701531* %0 to i8* %37 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %36, i64 1024) #6 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %54 %40 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 1 %41 = bitcast %struct.uuid_t* %40 to i64* %42 = load i64, i64* %41, align 1 %43 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 1 %46 = bitcast { i64, i64 }* %6 to i8* %47 = bitcast { i64, i64 }* %7 to i8* %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %26, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %29, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %42, i64* %50, align 8 %51 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %45, i64* %51, align 8 %52 = call i32 @bcmp(i8* nonnull dereferenceable(16) %46, i8* nonnull dereferenceable(16) %47, i64 16) #6 %53 = icmp eq i32 %52, 0 br i1 %53, label %56, label %54 %57 = icmp eq i32 %33, 0 %58 = icmp eq i32 %23, 0 %59 = or i1 %58, %57 br i1 %59, label %60, label %62 %63 = icmp ult i32 %23, 128 br i1 %63, label %64, label %66 %65 = tail call zeroext i1 @efivar_validate(i64 %26, i64 %29, i16* nonnull %30, i8* %35, i64 %34) #84 br i1 %65, label %68, label %66 %69 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 3, i64 0 %70 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 1, i32 0, i64 0 %71 = load i32, i32* %32, align 1 %72 = zext i32 %71 to i64 %73 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 2 store i64 %72, i64* %73, align 1 %74 = load i32, i32* %22, align 1 %75 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 5 store i32 %74, i32* %75, align 1 br label %126 %127 = phi i64 [ %34, %68 ], [ %91, %125 ] %128 = phi i32 [ %23, %68 ], [ %81, %125 ] %129 = phi i8* [ %35, %68 ], [ %92, %125 ] %130 = tail call i32 bitcast (i32 (%struct.efivar_entry.700554*, i32, i64, i8*, %struct.list_head*)* @efivar_entry_set to i32 (%struct.efivar_entry.701531*, i32, i64, i8*, %struct.list_head*)*)(%struct.efivar_entry.701531* nonnull %0, i32 %128, i64 %127, i8* %129, %struct.list_head* null) #84 ------------- Good: 2 Bad: 1 Ignored: 0 Check Use of Function:destroy_workqueue Check Use of Function:avc_set_cache_threshold Check Use of Function:bitmap_zalloc Use: =BAD PATH= Call Stack: 0 proc_do_large_bitmap ------------- Path:  Function:proc_do_large_bitmap %6 = alloca [22 x i8], align 16 %7 = alloca i64, align 8 %8 = alloca [3 x i8], align 1 %9 = alloca [3 x i8], align 1 %10 = alloca i8, align 1 %11 = alloca i8*, align 8 %12 = alloca i64, align 8 %13 = alloca i64, align 8 %14 = alloca i8, align 1 %15 = ptrtoint i8* %2 to i64 %16 = bitcast i64* %7 to i8* %17 = load i64, i64* %3, align 8 store i64 %17, i64* %7, align 8 %18 = getelementptr inbounds %struct.ctl_table.50160, %struct.ctl_table.50160* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = sext i32 %19 to i64 %21 = getelementptr inbounds %struct.ctl_table.50160, %struct.ctl_table.50160* %0, i64 0, i32 1 %22 = bitcast i8** %21 to i64*** %23 = load i64**, i64*** %22, align 8 %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds [3 x i8], [3 x i8]* %8, i64 0, i64 0 %26 = getelementptr inbounds [3 x i8], [3 x i8]* %9, i64 0, i64 0 %27 = icmp ne i64* %24, null %28 = icmp ne i32 %19, 0 %29 = and i1 %28, %27 %30 = icmp ne i64 %17, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %37 %33 = load i64, i64* %4, align 8 %34 = icmp eq i64 %33, 0 %35 = icmp ne i32 %1, 0 %36 = or i1 %35, %34 br i1 %36, label %38, label %37 br i1 %35, label %41, label %39 %42 = bitcast i8** %11 to i8* %43 = bitcast i8** %11 to i64* store i64 %15, i64* %43, align 8 %44 = icmp ugt i64 %17, 4095 br i1 %44, label %45, label %47 store i64 4095, i64* %7, align 8 %46 = add i64 %17, -4095 br label %47 %48 = phi i64 [ 4095, %45 ], [ %17, %41 ] %49 = phi i64 [ %46, %45 ], [ 0, %41 ] %50 = tail call i64* @bitmap_zalloc(i32 %19, i32 3264) #83 ------------- Good: 17 Bad: 1 Ignored: 17 Check Use of Function:xt_compat_add_offset Check Use of Function:raw_abort Check Use of Function:drm_atomic_state_alloc Check Use of Function:security_read_policy Check Use of Function:cgroup_leave_frozen Check Use of Function:io_ring_ctx_wait_and_kill Use: =BAD PATH= Call Stack: 0 io_uring_release ------------- Path:  Function:io_uring_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.io_ring_ctx** %5 = load %struct.io_ring_ctx*, %struct.io_ring_ctx** %4, align 8 store i8* null, i8** %3, align 8 tail call fastcc void @io_ring_ctx_wait_and_kill(%struct.io_ring_ctx* %5) #83 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:nv_update_linkspeed Check Use of Function:do_trace_read_msr Use: =BAD PATH= Call Stack: 0 show_energy_efficiency ------------- Path:  Function:show_energy_efficiency %4 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 508) #6, !srcloc !4 %5 = extractvalue { i64, i64 } %4, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@show_energy_efficiency, %6)) #6 to label %10 [label %6], !srcloc !5 %7 = extractvalue { i64, i64 } %4, 1 %8 = shl i64 %7, 32 %9 = or i64 %8, %5 tail call void @do_trace_read_msr(i32 508, i64 %9, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 low_power_idle_cpu_residency_us_show ------------- Path:  Function:low_power_idle_cpu_residency_us_show %4 = load i64, i64* getelementptr inbounds (%struct.lpit_residency_info, %struct.lpit_residency_info* @residency_info_ffh, i64 0, i32 0, i32 4), align 4 %5 = trunc i64 %4 to i32 %6 = tail call { i32, i64, i64 } asm sideeffect "2: rdmsr ; xor $0,$0\0A1:\0A\09.section .fixup,\22ax\22\0A\093: mov $4,$0\0A\09xorl %eax, %eax\0A\09xorl %edx, %edx\0A\09jmp 1b\0A\09.previous\0A\09 .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (2b) - .\0A .long (3b) - .\0A .long 1 \0A .popsection\0A", "=r,={ax},={dx},{cx},i,~{dirflag},~{fpsr},~{flags}"(i32 %5, i32 -5) #6, !srcloc !4 %7 = extractvalue { i32, i64, i64 } %6, 0 %8 = extractvalue { i32, i64, i64 } %6, 1 %9 = extractvalue { i32, i64, i64 } %6, 2 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@low_power_idle_cpu_residency_us_show, %10)) #6 to label %13 [label %10], !srcloc !5 %11 = shl i64 %9, 32 %12 = or i64 %11, %8 tail call void @do_trace_read_msr(i32 %5, i64 %12, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 x86_gsbase_read_task 1 do_arch_prctl_64 2 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12353** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12353**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12353* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12353* %9, i32 %7, i64 %6) #83 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %87 [ i32 4097, label %6 i32 4098, label %43 i32 4099, label %69 i32 4100, label %79 ] %80 = tail call i64 @x86_gsbase_read_task(%struct.task_struct.12353* %0) #84 Function:x86_gsbase_read_task %2 = alloca i64, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12353** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12353**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.12353* %5 = icmp eq %struct.task_struct.12353* %4, %0 %6 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %7 = and i64 %6, 4294967296 %8 = icmp eq i64 %7, 0 br i1 %5, label %9, label %24 br i1 %8, label %17, label %10 %18 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566) #6, !srcloc !8 %19 = extractvalue { i64, i64 } %18, 0 %20 = extractvalue { i64, i64 } %18, 1 %21 = shl i64 %20, 32 %22 = or i64 %21, %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@x86_gsbase_read_task, %23)) #6 to label %86 [label %23], !srcloc !9 tail call void @do_trace_read_msr(i32 -1073741566, i64 %22, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 x86_gsbase_read_task 1 do_arch_prctl_64 2 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12353** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12353**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12353* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12353* %8, i32 %6, i64 %5) #83 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %87 [ i32 4097, label %6 i32 4098, label %43 i32 4099, label %69 i32 4100, label %79 ] %80 = tail call i64 @x86_gsbase_read_task(%struct.task_struct.12353* %0) #84 Function:x86_gsbase_read_task %2 = alloca i64, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12353** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12353**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.12353* %5 = icmp eq %struct.task_struct.12353* %4, %0 %6 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %7 = and i64 %6, 4294967296 %8 = icmp eq i64 %7, 0 br i1 %5, label %9, label %24 br i1 %8, label %17, label %10 %18 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566) #6, !srcloc !8 %19 = extractvalue { i64, i64 } %18, 0 %20 = extractvalue { i64, i64 } %18, 1 %21 = shl i64 %20, 32 %22 = or i64 %21, %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@x86_gsbase_read_task, %23)) #6 to label %86 [label %23], !srcloc !9 tail call void @do_trace_read_msr(i32 -1073741566, i64 %22, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __rdgsbase_inactive 1 x86_gsbase_read_task 2 do_arch_prctl_64 3 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12353** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12353**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12353* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12353* %9, i32 %7, i64 %6) #83 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %87 [ i32 4097, label %6 i32 4098, label %43 i32 4099, label %69 i32 4100, label %79 ] %80 = tail call i64 @x86_gsbase_read_task(%struct.task_struct.12353* %0) #84 Function:x86_gsbase_read_task %2 = alloca i64, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12353** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12353**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.12353* %5 = icmp eq %struct.task_struct.12353* %4, %0 %6 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %7 = and i64 %6, 4294967296 %8 = icmp eq i64 %7, 0 br i1 %5, label %9, label %24 br i1 %8, label %17, label %10 %11 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !5 %12 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = call fastcc i64 @__rdgsbase_inactive() #83 Function:__rdgsbase_inactive callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 272, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 26), i8* blockaddress(@__rdgsbase_inactive, %4), i8* blockaddress(@__rdgsbase_inactive, %2)) #6 to label %1 [label %4, label %2], !srcloc !4 %5 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566) #6, !srcloc !7 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = shl i64 %7, 32 %9 = or i64 %8, %6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__rdgsbase_inactive, %10)) #6 to label %11 [label %10], !srcloc !8 tail call void @do_trace_read_msr(i32 -1073741566, i64 %9, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __rdgsbase_inactive 1 x86_gsbase_read_task 2 do_arch_prctl_64 3 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12353** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12353**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12353* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12353* %8, i32 %6, i64 %5) #83 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %87 [ i32 4097, label %6 i32 4098, label %43 i32 4099, label %69 i32 4100, label %79 ] %80 = tail call i64 @x86_gsbase_read_task(%struct.task_struct.12353* %0) #84 Function:x86_gsbase_read_task %2 = alloca i64, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12353** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12353**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.12353* %5 = icmp eq %struct.task_struct.12353* %4, %0 %6 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %7 = and i64 %6, 4294967296 %8 = icmp eq i64 %7, 0 br i1 %5, label %9, label %24 br i1 %8, label %17, label %10 %11 = bitcast i64* %2 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !5 %12 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = call fastcc i64 @__rdgsbase_inactive() #83 Function:__rdgsbase_inactive callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 272, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 26), i8* blockaddress(@__rdgsbase_inactive, %4), i8* blockaddress(@__rdgsbase_inactive, %2)) #6 to label %1 [label %4, label %2], !srcloc !4 %5 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566) #6, !srcloc !7 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = shl i64 %7, 32 %9 = or i64 %8, %6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__rdgsbase_inactive, %10)) #6 to label %11 [label %10], !srcloc !8 tail call void @do_trace_read_msr(i32 -1073741566, i64 %9, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 x86_fsbase_read_task 1 do_arch_prctl_64 2 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12353** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12353**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12353* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12353* %9, i32 %7, i64 %6) #83 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %87 [ i32 4097, label %6 i32 4098, label %43 i32 4099, label %69 i32 4100, label %79 ] %70 = tail call i64 @x86_fsbase_read_task(%struct.task_struct.12353* %0) #84 Function:x86_fsbase_read_task %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12353** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12353**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.12353* %4 = icmp eq %struct.task_struct.12353* %3, %0 %5 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %6 = and i64 %5, 4294967296 %7 = icmp eq i64 %6, 0 br i1 %4, label %8, label %18 br i1 %7, label %11, label %9 %12 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741568) #6, !srcloc !6 %13 = extractvalue { i64, i64 } %12, 0 %14 = extractvalue { i64, i64 } %12, 1 %15 = shl i64 %14, 32 %16 = or i64 %15, %13 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@x86_fsbase_read_task, %17)) #6 to label %80 [label %17], !srcloc !7 tail call void @do_trace_read_msr(i32 -1073741568, i64 %16, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 x86_fsbase_read_task 1 do_arch_prctl_64 2 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12353** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12353**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12353* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12353* %8, i32 %6, i64 %5) #83 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %87 [ i32 4097, label %6 i32 4098, label %43 i32 4099, label %69 i32 4100, label %79 ] %70 = tail call i64 @x86_fsbase_read_task(%struct.task_struct.12353* %0) #84 Function:x86_fsbase_read_task %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12353** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12353**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.12353* %4 = icmp eq %struct.task_struct.12353* %3, %0 %5 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %6 = and i64 %5, 4294967296 %7 = icmp eq i64 %6, 0 br i1 %4, label %8, label %18 br i1 %7, label %11, label %9 %12 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741568) #6, !srcloc !6 %13 = extractvalue { i64, i64 } %12, 0 %14 = extractvalue { i64, i64 } %12, 1 %15 = shl i64 %14, 32 %16 = or i64 %15, %13 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@x86_fsbase_read_task, %17)) #6 to label %80 [label %17], !srcloc !7 tail call void @do_trace_read_msr(i32 -1073741568, i64 %16, i32 0) #83 ------------- Good: 368 Bad: 8 Ignored: 1232 Check Use of Function:switch_task_namespaces Check Use of Function:drm_is_current_master Use: =BAD PATH= Call Stack: 0 drm_ioctl_kernel 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.static_call_site, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %16 = bitcast %struct.static_call_site* %4 to i8* %17 = bitcast %struct.drm_i915_getparam* %5 to i8* %18 = inttoptr i64 %2 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %16, i8* %18, i64 8) #83 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %32 %22 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %4, i64 0, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.drm_i915_getparam, %struct.drm_i915_getparam* %5, i64 0, i32 0 store i32 %23, i32* %24, align 8 %25 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %4, i64 0, i32 1 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = inttoptr i64 %27 to i8* %29 = getelementptr inbounds %struct.drm_i915_getparam, %struct.drm_i915_getparam* %5, i64 0, i32 1 %30 = bitcast i32** %29 to i8** store i8* %28, i8** %30, align 8 %31 = call i64 bitcast (i64 (%struct.file*, i32 (%struct.drm_device.382975*, i8*, %struct.drm_file.382942*)*, i8*, i32)* @drm_ioctl_kernel to i64 (%struct.file.425584*, i32 (%struct.drm_device.425684*, i8*, %struct.drm_file.425589*)*, i8*, i32)*)(%struct.file.425584* %0, i32 (%struct.drm_device.425684*, i8*, %struct.drm_file.425589*)* nonnull bitcast (i32 (%struct.drm_device.373290*, i8*, %struct.drm_file*)* @i915_getparam_ioctl to i32 (%struct.drm_device.425684*, i8*, %struct.drm_file.425589*)*), i8* nonnull %17, i32 32) #83 Function:drm_ioctl_kernel %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.382942** %8 = load %struct.drm_file.382942*, %struct.drm_file.382942** %7, align 8 %9 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 13 %10 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %9, align 8 %11 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %10, i64 0, i32 3 %12 = load %struct.drm_device.382975*, %struct.drm_device.382975** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = call zeroext i1 bitcast (i1 (%struct.drm_device.373290*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.382975*, i32*)*)(%struct.drm_device.382975* %12, i32* nonnull %5) #83 br i1 %14, label %16, label %15 %17 = load i32, i32* %5, align 4 call void @drm_dev_exit(i32 %17) #83 %18 = and i32 %3, 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %21 = call zeroext i1 @capable(i32 21) #83 br i1 %21, label %22, label %67, !prof !4, !misexpect !5 %23 = and i32 %3, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %34, label %25 %26 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %9, align 8 %27 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, 2 br i1 %29, label %34, label %30 %31 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 0 %32 = load i8, i8* %31, align 8, !range !6 %33 = icmp eq i8 %32, 1 br i1 %33, label %34, label %67, !prof !4, !misexpect !5 %35 = and i32 %3, 2 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %38 = call zeroext i1 bitcast (i1 (%struct.drm_file*)* @drm_is_current_master to i1 (%struct.drm_file.382942*)*)(%struct.drm_file.382942* %8) #83 ------------- Good: 6 Bad: 1 Ignored: 14 Check Use of Function:munlock_vma_page Check Use of Function:mq_find Check Use of Function:rdev_del_virtual_intf Check Use of Function:vfs_truncate Check Use of Function:vfs_get_tree Check Use of Function:__ip_tunnel_create Check Use of Function:copy_net_ns Check Use of Function:security_context_str_to_sid Check Use of Function:ieee80211_do_open Check Use of Function:__ew32 Check Use of Function:bad_inode_create Check Use of Function:simple_rename Check Use of Function:perf_event_fork Check Use of Function:blkdev_get_by_dev Use: =BAD PATH= Call Stack: 0 blkdev_open ------------- Path:  Function:blkdev_open %3 = getelementptr inbounds %struct.file.289341, %struct.file.289341* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = or i32 %4, 32768 store i32 %5, i32* %3, align 8 %6 = getelementptr inbounds %struct.file.289341, %struct.file.289341* %1, i64 0, i32 8 %7 = load i32, i32* %6, align 4 %8 = and i32 %4, 2048 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i32 1207959552, i32 1207959616 %11 = or i32 %10, %7 %12 = and i32 %4, 128 %13 = or i32 %12, %11 %14 = and i32 %4, 3 %15 = icmp eq i32 %14, 3 %16 = or i32 %13, 256 %17 = select i1 %15, i32 %16, i32 %13 %18 = select i1 %15, i32 %16, i32 %13 store i32 %17, i32* %6, align 4 %19 = getelementptr inbounds %struct.inode.289534, %struct.inode.289534* %0, i64 0, i32 13 %20 = load i32, i32* %19, align 4 %21 = bitcast %struct.file.289341* %1 to i8* %22 = tail call %struct.block_device.289220* bitcast (%struct.block_device.288859* (i32, i32, i8*)* @blkdev_get_by_dev to %struct.block_device.289220* (i32, i32, i8*)*)(i32 %20, i32 %18, i8* %21) #83 ------------- Good: 12 Bad: 1 Ignored: 3 Check Use of Function:drm_gem_object_free Use: =BAD PATH= Call Stack: 0 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %396, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %396, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %396, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %385 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %385, label %75 %76 = getelementptr inbounds i8, i8* %36, i64 584 %77 = bitcast i8* %76 to i64* %78 = load i64, i64* %77, align 8 %79 = and i64 %78, 64 %80 = icmp eq i64 %79, 0 br i1 %80, label %81, label %385 %386 = phi i32 [ %110, %109 ], [ %113, %112 ], [ %384, %383 ], [ %255, %254 ], [ %253, %252 ], [ -22, %71 ], [ -22, %75 ], [ -22, %63 ] %387 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 -1, i32* nonnull %41) #6, !srcloc !29 %388 = icmp eq i32 %387, 1 br i1 %388, label %394, label %389 %395 = bitcast i8* %36 to %struct.qspinlock* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !30 call void @drm_gem_object_free(%struct.qspinlock* nonnull %395) #83, !callees !31 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %331, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %331, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %331, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %320 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %320, label %75 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pread to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pread_ioctl, %76)) #6 to label %96 [label %76], !srcloc !10 %97 = getelementptr inbounds i8, i8* %36, i64 440 %98 = bitcast i8* %97 to %struct.drm_i915_gem_object_ops.436016** %99 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %98, align 8 %100 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %99, i64 0, i32 5 %101 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %100, align 8 %102 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %101, null br i1 %102, label %106, label %103 %107 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 1, i64 9223372036854775807) #83 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %320 %110 = bitcast i32* %5 to i8* %111 = getelementptr inbounds i8, i8* %36, i64 248 %112 = bitcast i8* %111 to %struct.dma_resv** %113 = load %struct.dma_resv*, %struct.dma_resv** %112, align 8 %114 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %113, i64 0, i32 0 %115 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %114, %struct.ww_acquire_ctx* null) #83 %116 = icmp eq i32 %115, -114 %117 = select i1 %116, i32 0, i32 %115 switch i32 %117, label %213 [ i32 -35, label %118 i32 0, label %128 ] %119 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 1, i32* nonnull %41) #6, !srcloc !18 %120 = icmp eq i32 %119, 0 br i1 %120, label %125, label %121, !prof !5, !misexpect !8 %122 = add i32 %119, 1 %123 = or i32 %122, %119 %124 = icmp sgt i32 %123, -1 br i1 %124, label %127, label %125, !prof !9, !misexpect !8 %126 = phi i32 [ 2, %118 ], [ 1, %121 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 %126) #83 br label %127 store i8* %36, i8** inttoptr (i64 40 to i8**), align 8 br label %320 %321 = phi i32 [ %104, %103 ], [ %107, %106 ], [ %319, %318 ], [ %214, %213 ], [ -22, %71 ], [ -22, %63 ], [ -35, %127 ] %322 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 -1, i32* nonnull %41) #6, !srcloc !28 %323 = icmp eq i32 %322, 1 br i1 %323, label %329, label %324 %330 = bitcast i8* %36 to %struct.qspinlock* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !29 call void @drm_gem_object_free(%struct.qspinlock* nonnull %330) #83, !callees !30 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_tiling_ioctl ------------- Path:  Function:i915_gem_set_tiling_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.426623* %5 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %4, i64 0, i32 67, i32 12 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %149, label %8 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.426638* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = getelementptr inbounds i8, i8* %13, i64 440 %42 = bitcast i8* %41 to %struct.drm_i915_gem_object_ops.426626** %43 = load %struct.drm_i915_gem_object_ops.426626*, %struct.drm_i915_gem_object_ops.426626** %42, align 8 %44 = getelementptr inbounds %struct.drm_i915_gem_object_ops.426626, %struct.drm_i915_gem_object_ops.426626* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %138 %139 = phi i32 [ %131, %128 ], [ -6, %40 ], [ -22, %87 ], [ -22, %101 ], [ -22, %59 ], [ -22, %65 ], [ -22, %69 ], [ -22, %71 ], [ -22, %73 ], [ -22, %97 ], [ -22, %92 ] %140 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 -1, i32* nonnull %18) #6, !srcloc !9 %141 = icmp eq i32 %140, 1 br i1 %141, label %147, label %142 %148 = bitcast i8* %13 to %struct.qspinlock* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void @drm_gem_object_free(%struct.qspinlock* nonnull %148) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %153 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %11 = bitcast %struct.mutex* %10 to i8* %12 = load i8, i8* %11, align 8 %13 = icmp ugt i8 %12, 12 br i1 %13, label %153, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 32 %16 = bitcast i8* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ult i64 %17, 2 br i1 %18, label %19, label %153 %20 = icmp eq i64 %17, 0 br i1 %20, label %25, label %21 %22 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %23 = and i64 %22, 65536 %24 = icmp eq i64 %23, 0 br i1 %24, label %153, label %25 %26 = bitcast i8* %1 to i32* %27 = load i32, i32* %26, align 8 tail call void @__rcu_read_lock() #83 %28 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %29 = zext i32 %27 to i64 %30 = tail call i8* @idr_find(%struct.idr* %28, i64 %29) #83 %31 = icmp eq i8* %30, null br i1 %31, label %55, label %32 %33 = bitcast i8* %30 to %struct.seqcount_spinlock* %34 = bitcast i8* %30 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %34, i32 %39, i32* nonnull %34, i32 %38) #6, !srcloc !4 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %45 = extractvalue { i8, i32 } %40, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %37 %48 = phi i32 [ 0, %32 ], [ %38, %37 ], [ 0, %44 ] %49 = add i32 %48, 1 %50 = or i32 %49, %48 %51 = icmp sgt i32 %50, -1 br i1 %51, label %53, label %52, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %33, i32 0) #83 br label %53 %54 = icmp eq i32 %48, 0 br i1 %54, label %55, label %56 tail call void @__rcu_read_unlock() #83 %57 = getelementptr inbounds i8, i8* %30, i64 16 %58 = bitcast i8* %57 to %struct.file** %59 = load %struct.file*, %struct.file** %58, align 8 %60 = icmp eq %struct.file* %59, null br i1 %60, label %140, label %61 %62 = getelementptr inbounds i8, i8* %1, i64 8 %63 = bitcast i8* %62 to i64* %64 = load i64, i64* %63, align 8 %65 = getelementptr inbounds i8, i8* %1, i64 16 %66 = bitcast i8* %65 to i64* %67 = getelementptr inbounds i8, i8* %30, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %64 br i1 %70, label %71, label %140 %72 = load i64, i64* %66, align 8 %73 = sub i64 %69, %64 %74 = icmp ugt i64 %72, %73 br i1 %74, label %140, label %75 %76 = tail call i64 @vm_mmap(%struct.file* nonnull %59, i64 0, i64 %72, i64 3, i64 1, i64 %64) #83 %77 = icmp ugt i64 %76, -4096 br i1 %77, label %140, label %78, !prof !5, !misexpect !6 %79 = load i64, i64* %16, align 8 %80 = and i64 %79, 1 %81 = icmp eq i64 %80, 0 br i1 %81, label %126, label %82 %83 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %84 = inttoptr i64 %83 to %struct.task_struct* %85 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %84, i64 0, i32 47 %86 = load %struct.mm_struct*, %struct.mm_struct** %85, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_mmap_ioctl, %87)) #6 to label %88 [label %87], !srcloc !9 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %86, i1 zeroext true) #83 br label %88 %89 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %86, i64 0, i32 0, i32 17 %90 = tail call i32 @down_write_killable(%struct.rw_semaphore* %89) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_mmap_ioctl, %91)) #6 to label %93 [label %91], !srcloc !9 %94 = icmp eq i32 %90, 0 br i1 %94, label %95, label %140 %96 = tail call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %86, i64 %76) #83 %97 = icmp eq %struct.vm_area_struct* %96, null br i1 %97, label %121, label %98 %99 = load %struct.file*, %struct.file** %58, align 8 %100 = load i64, i64* %66, align 8 %101 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %96, i64 0, i32 14 %102 = load %struct.file*, %struct.file** %101, align 8 %103 = icmp eq %struct.file* %102, %99 br i1 %103, label %104, label %121 %105 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %96, i64 0, i32 0 %106 = load i64, i64* %105, align 8 %107 = icmp eq i64 %106, %76 br i1 %107, label %108, label %121 %122 = phi i64 [ %76, %115 ], [ -12, %95 ], [ -12, %108 ], [ -12, %98 ], [ -12, %104 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_mmap_ioctl, %123)) #6 to label %124 [label %123], !srcloc !9 tail call void @up_write(%struct.rw_semaphore* %89) #83 %125 = icmp ugt i64 %122, -4096 br i1 %125, label %140, label %126 %141 = phi i64 [ %76, %75 ], [ -6, %56 ], [ -22, %71 ], [ -22, %61 ], [ -4, %93 ], [ %122, %124 ] %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %34, i32 -1, i32* nonnull %34) #6, !srcloc !10 %143 = icmp eq i32 %142, 1 br i1 %143, label %149, label %144 %150 = bitcast i8* %30 to %struct.qspinlock* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 tail call void @drm_gem_object_free(%struct.qspinlock* nonnull %150) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_caching_ioctl ------------- Path:  Function:i915_gem_set_caching_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.474981* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %6 = bitcast %struct.mutex* %5 to i24* %7 = load i24, i24* %6, align 8 %8 = and i24 %7, 8 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %131 %11 = getelementptr inbounds i8, i8* %1, i64 4 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 4 switch i32 %13, label %131 [ i32 0, label %22 i32 1, label %14 i32 2, label %17 ] %15 = and i24 %7, 1049600 %16 = icmp eq i24 %15, 0 br i1 %16, label %131, label %22 %23 = phi i32 [ %21, %17 ], [ %13, %10 ], [ 1, %14 ] %24 = bitcast i8* %1 to i32* %25 = load i32, i32* %24, align 4 tail call void @__rcu_read_lock() #83 %26 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %27 = zext i32 %25 to i64 %28 = tail call i8* @idr_find(%struct.idr* %26, i64 %27) #83 %29 = bitcast i8* %28 to %struct.drm_i915_gem_object.474999* %30 = icmp eq i8* %28, null br i1 %30, label %54, label %31 %32 = bitcast i8* %28 to %struct.seqcount_spinlock* %33 = bitcast i8* %28 to i32* %34 = load volatile i32, i32* %33, align 4 %35 = icmp eq i32 %34, 0 br i1 %35, label %46, label %36 %37 = phi i32 [ %44, %43 ], [ %34, %31 ] %38 = add i32 %37, 1 %39 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %33, i32 %38, i32* nonnull %33, i32 %37) #6, !srcloc !4 %40 = extractvalue { i8, i32 } %39, 0 %41 = and i8 %40, 1 %42 = icmp eq i8 %41, 0 br i1 %42, label %43, label %46, !prof !5, !misexpect !6 %44 = extractvalue { i8, i32 } %39, 1 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %36 %47 = phi i32 [ 0, %31 ], [ %37, %36 ], [ 0, %43 ] %48 = add i32 %47, 1 %49 = or i32 %48, %47 %50 = icmp sgt i32 %49, -1 br i1 %50, label %52, label %51, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %32, i32 0) #83 br label %52 %53 = icmp eq i32 %47, 0 br i1 %53, label %54, label %55 tail call void @__rcu_read_unlock() #83 %56 = getelementptr inbounds i8, i8* %28, i64 440 %57 = bitcast i8* %56 to %struct.drm_i915_gem_object_ops.474985** %58 = load %struct.drm_i915_gem_object_ops.474985*, %struct.drm_i915_gem_object_ops.474985** %57, align 8 %59 = getelementptr inbounds %struct.drm_i915_gem_object_ops.474985, %struct.drm_i915_gem_object_ops.474985* %58, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 4 %62 = icmp eq i32 %61, 0 br i1 %62, label %72, label %63 %73 = getelementptr inbounds i8, i8* %28, i64 248 %74 = bitcast i8* %73 to %struct.dma_resv** %75 = load %struct.dma_resv*, %struct.dma_resv** %74, align 8 %76 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %75, i64 0, i32 0 %77 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %76, %struct.ww_acquire_ctx* null) #83 %78 = icmp eq i32 %77, -114 %79 = select i1 %78, i32 0, i32 %77 switch i32 %79, label %120 [ i32 -35, label %80 i32 0, label %90 ] %121 = phi i32 [ -6, %71 ], [ 0, %68 ], [ %110, %117 ], [ -35, %89 ], [ %79, %72 ] %122 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %33, i32 -1, i32* nonnull %33) #6, !srcloc !9 %123 = icmp eq i32 %122, 1 br i1 %123, label %129, label %124 %130 = bitcast i8* %28 to %struct.qspinlock* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void @drm_gem_object_free(%struct.qspinlock* nonnull %130) #83 ------------- Good: 156 Bad: 5 Ignored: 123 Check Use of Function:efivar_entry_iter_end Check Use of Function:set_cred_ucounts Check Use of Function:tcp_abort Check Use of Function:security_get_user_sids Check Use of Function:local_bh_enable.73606 Check Use of Function:i915_gem_driver_unregister Check Use of Function:may_open Check Use of Function:reenable_swap_slots_cache_unlock Check Use of Function:sysfs_streq Use: =BAD PATH= Call Stack: 0 store_host_reset ------------- Path:  Function:store_host_reset %5 = getelementptr %struct.device.609954, %struct.device.609954* %0, i64 -2, i32 10, i32 1, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.Scsi_Host.610238* %7 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 21 %8 = bitcast %struct.list_head** %7 to %struct.scsi_host_template.610237** %9 = load %struct.scsi_host_template.610237*, %struct.scsi_host_template.610237** %8, align 8 %10 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.49.50203, i64 0, i64 0)) #83 br i1 %10, label %13, label %11 %12 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.50.50204, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 store_host_reset ------------- Path:  Function:store_host_reset %5 = getelementptr %struct.device.609954, %struct.device.609954* %0, i64 -2, i32 10, i32 1, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.Scsi_Host.610238* %7 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 21 %8 = bitcast %struct.list_head** %7 to %struct.scsi_host_template.610237** %9 = load %struct.scsi_host_template.610237*, %struct.scsi_host_template.610237** %8, align 8 %10 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.49.50203, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 pm_qos_resume_latency_us_store ------------- Path:  Function:pm_qos_resume_latency_us_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 @kstrtoint(i8* %2, i32 0, i32* nonnull %5) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %15 %16 = call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.34.48864, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 wakeup_store ------------- Path:  Function:wakeup_store %5 = getelementptr inbounds %struct.device.597927, %struct.device.597927* %0, i64 0, i32 11, i32 1 %6 = load i16, i16* %5, align 4 %7 = and i16 %6, 1 %8 = icmp eq i16 %7, 0 br i1 %8, label %17, label %9 %10 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @_enabled, i64 0, i64 0)) #83 br i1 %10, label %11, label %13 %14 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @_disabled, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 wakeup_store ------------- Path:  Function:wakeup_store %5 = getelementptr inbounds %struct.device.597927, %struct.device.597927* %0, i64 0, i32 11, i32 1 %6 = load i16, i16* %5, align 4 %7 = and i16 %6, 1 %8 = icmp eq i16 %7, 0 br i1 %8, label %17, label %9 %10 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @_enabled, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 pm_qos_latency_tolerance_us_store ------------- Path:  Function:pm_qos_latency_tolerance_us_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 @kstrtoint(i8* %2, i32 0, i32* nonnull %5) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %12 %13 = call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.30.48826, i64 0, i64 0)) #83 br i1 %13, label %14, label %15 %16 = call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.31.48827, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 pm_qos_latency_tolerance_us_store ------------- Path:  Function:pm_qos_latency_tolerance_us_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 @kstrtoint(i8* %2, i32 0, i32* nonnull %5) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %12 %13 = call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.30.48826, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 connector_write ------------- Path:  Function:connector_write %5 = alloca [12 x i8], align 1 %6 = getelementptr inbounds %struct.file.399482, %struct.file.399482* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.399483** %8 = load %struct.seq_file.399483*, %struct.seq_file.399483** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.399483, %struct.seq_file.399483* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_connector.399669** %11 = load %struct.drm_connector.399669*, %struct.drm_connector.399669** %10, align 8 %12 = getelementptr inbounds [12 x i8], [12 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 11 br i1 %13, label %34, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %34 %18 = getelementptr [12 x i8], [12 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.39696, i64 0, i64 0)) #83 br i1 %19, label %20, label %22 %23 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.26.39697, i64 0, i64 0)) #83 br i1 %23, label %24, label %26 %27 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.27.39698, i64 0, i64 0)) #83 br i1 %27, label %28, label %30 %31 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.28.39699, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 connector_write ------------- Path:  Function:connector_write %5 = alloca [12 x i8], align 1 %6 = getelementptr inbounds %struct.file.399482, %struct.file.399482* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.399483** %8 = load %struct.seq_file.399483*, %struct.seq_file.399483** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.399483, %struct.seq_file.399483* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_connector.399669** %11 = load %struct.drm_connector.399669*, %struct.drm_connector.399669** %10, align 8 %12 = getelementptr inbounds [12 x i8], [12 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 11 br i1 %13, label %34, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %34 %18 = getelementptr [12 x i8], [12 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.39696, i64 0, i64 0)) #83 br i1 %19, label %20, label %22 %23 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.26.39697, i64 0, i64 0)) #83 br i1 %23, label %24, label %26 %27 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.27.39698, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 connector_write ------------- Path:  Function:connector_write %5 = alloca [12 x i8], align 1 %6 = getelementptr inbounds %struct.file.399482, %struct.file.399482* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.399483** %8 = load %struct.seq_file.399483*, %struct.seq_file.399483** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.399483, %struct.seq_file.399483* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_connector.399669** %11 = load %struct.drm_connector.399669*, %struct.drm_connector.399669** %10, align 8 %12 = getelementptr inbounds [12 x i8], [12 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 11 br i1 %13, label %34, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %34 %18 = getelementptr [12 x i8], [12 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.39696, i64 0, i64 0)) #83 br i1 %19, label %20, label %22 %23 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.26.39697, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 connector_write ------------- Path:  Function:connector_write %5 = alloca [12 x i8], align 1 %6 = getelementptr inbounds %struct.file.399482, %struct.file.399482* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.399483** %8 = load %struct.seq_file.399483*, %struct.seq_file.399483** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.399483, %struct.seq_file.399483* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_connector.399669** %11 = load %struct.drm_connector.399669*, %struct.drm_connector.399669** %10, align 8 %12 = getelementptr inbounds [12 x i8], [12 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 11 br i1 %13, label %34, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %34 %18 = getelementptr [12 x i8], [12 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.39696, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.313800* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.13.30582, i64 0, i64 0)) #83 br i1 %11, label %12, label %17 %18 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.80.30584, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.313800* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.13.30582, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 control_store ------------- Path:  Function:control_store %5 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.69.5145, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 control_store ------------- Path:  Function:control_store %5 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.69.5145, i64 0, i64 0)) #83 br i1 %5, label %10, label %6 %7 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.70.5099, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 control_store ------------- Path:  Function:control_store %5 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.69.5145, i64 0, i64 0)) #83 br i1 %5, label %10, label %6 %7 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.70.5099, i64 0, i64 0)) #83 br i1 %7, label %10, label %8 %9 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.71.5146, i64 0, i64 0)) #83 ------------- Good: 25 Bad: 16 Ignored: 18 Check Use of Function:drv_channel_switch Check Use of Function:pps_cdev_compat_ioctl Check Use of Function:__tcf_qdisc_find Check Use of Function:exit_io_context Check Use of Function:ext4_xattr_hurd_get Check Use of Function:nl80211_notify_wiphy Check Use of Function:shmem_create Check Use of Function:cfg80211_auth_timeout Check Use of Function:init_chown Check Use of Function:hpet_ioctl Check Use of Function:filemap_write_and_wait_range Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 _nfs4_do_setattr 4 nfs4_do_setattr 5 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %22 [label %2], !srcloc !4 %23 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %24, i64 0, i64 9223372036854775807) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.233146** %6 = load %struct.nfs_renameargs.233146*, %struct.nfs_renameargs.233146** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.233147** %9 = load %struct.nfs_renameres.233147*, %struct.nfs_renameres.233147** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %22 [label %2], !srcloc !4 %23 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %24, i64 0, i64 9223372036854775807) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %22 [label %2], !srcloc !4 %23 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %24, i64 0, i64 9223372036854775807) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.233142** %6 = load %struct.nfs_removeargs.233142*, %struct.nfs_removeargs.233142** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.233144** %9 = load %struct.nfs_removeres.233144*, %struct.nfs_removeres.233144** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.233131** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #83 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %22 [label %2], !srcloc !4 %23 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %24, i64 0, i64 9223372036854775807) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_file_flush ------------- Path:  Function:nfs4_file_flush %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.212651** %9 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %9, i64 0, i32 6 %11 = load %struct.nfs_iostats*, %struct.nfs_iostats** %10, align 8 %12 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %11, i64 0, i32 1, i64 14 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %30, label %17 %18 = tail call zeroext i1 @nfs4_delegation_flush_on_close(%struct.inode* %4) #83 %19 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %20 = load %struct.address_space*, %struct.address_space** %19, align 8 br i1 %18, label %23, label %21 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %20, i64 0, i32 11 %25 = tail call i32 @errseq_sample(i32* %24) #83 %26 = tail call i32 @nfs_wb_all(%struct.inode* %4) #83 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %22 [label %2], !srcloc !4 %23 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %24, i64 0, i64 9223372036854775807) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 do_unlk 2 nfs_lock ------------- Path:  Function:nfs_lock %4 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %0, i64 0, i32 18 %5 = load %struct.address_space.212830*, %struct.address_space.212830** %4, align 8 %6 = getelementptr inbounds %struct.address_space.212830, %struct.address_space.212830* %5, i64 0, i32 0 %7 = load %struct.inode.213279*, %struct.inode.213279** %6, align 8 %8 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %7, i64 0, i32 8 %9 = load %struct.super_block.213267*, %struct.super_block.213267** %8, align 8 %10 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.213423** %12 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 16 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !4 %16 = getelementptr inbounds %struct.file_lock.213275, %struct.file_lock.213275* %2, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 4096 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %86 %21 = load %struct.super_block.213267*, %struct.super_block.213267** %8, align 8 %22 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %21, i64 0, i32 28 %23 = bitcast i8** %22 to %struct.nfs_server.213423** %24 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %23, align 16 %25 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %24, i64 0, i32 8 %26 = load i32, i32* %25, align 8 %27 = lshr i32 %26, 21 %28 = and i32 %27, 1 %29 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %24, i64 0, i32 0 %30 = load %struct.nfs_client.213417*, %struct.nfs_client.213417** %29, align 8 %31 = getelementptr inbounds %struct.nfs_client.213417, %struct.nfs_client.213417* %30, i64 0, i32 12 %32 = load %struct.nfs_rpc_ops.213400*, %struct.nfs_rpc_ops.213400** %31, align 8 %33 = getelementptr inbounds %struct.nfs_rpc_ops.213400, %struct.nfs_rpc_ops.213400* %32, i64 0, i32 43 %34 = load i32 (%struct.file_lock.213275*)*, i32 (%struct.file_lock.213275*)** %33, align 8 %35 = icmp eq i32 (%struct.file_lock.213275*)* %34, null br i1 %35, label %39, label %36 %40 = icmp eq i32 %1, 5 br i1 %40, label %41, label %78 %79 = getelementptr inbounds %struct.file_lock.213275, %struct.file_lock.213275* %2, i64 0, i32 7 %80 = load i8, i8* %79, align 4 %81 = icmp eq i8 %80, 2 br i1 %81, label %82, label %84 %83 = tail call fastcc i32 @do_unlk(%struct.file.213286* %0, i32 %1, %struct.file_lock.213275* %2, i32 %28) #84 Function:do_unlk %5 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %0, i64 0, i32 18 %6 = load %struct.address_space.212830*, %struct.address_space.212830** %5, align 8 %7 = getelementptr inbounds %struct.address_space.212830, %struct.address_space.212830* %6, i64 0, i32 0 %8 = load %struct.inode.213279*, %struct.inode.213279** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.inode*)* @nfs_wb_all to i32 (%struct.inode.213279*)*)(%struct.inode.213279* %8) #83 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %22 [label %2], !srcloc !4 %23 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %24, i64 0, i64 9223372036854775807) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 do_unlk 2 nfs_flock ------------- Path:  Function:nfs_flock %4 = getelementptr inbounds %struct.file_lock.213275, %struct.file_lock.213275* %2, i64 0, i32 6 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 2 %7 = icmp eq i32 %6, 0 br i1 %7, label %29, label %8 %9 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %0, i64 0, i32 18 %10 = load %struct.address_space.212830*, %struct.address_space.212830** %9, align 8 %11 = getelementptr inbounds %struct.address_space.212830, %struct.address_space.212830* %10, i64 0, i32 0 %12 = load %struct.inode.213279*, %struct.inode.213279** %11, align 8 %13 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %12, i64 0, i32 8 %14 = load %struct.super_block.213267*, %struct.super_block.213267** %13, align 8 %15 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %14, i64 0, i32 28 %16 = bitcast i8** %15 to %struct.nfs_server.213423** %17 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %16, align 16 %18 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %17, i64 0, i32 8 %19 = load i32, i32* %18, align 8 %20 = lshr i32 %19, 20 %21 = and i32 %20, 1 %22 = getelementptr inbounds %struct.file_lock.213275, %struct.file_lock.213275* %2, i64 0, i32 7 %23 = load i8, i8* %22, align 4 %24 = icmp eq i8 %23, 2 br i1 %24, label %25, label %27 %26 = tail call fastcc i32 @do_unlk(%struct.file.213286* %0, i32 %1, %struct.file_lock.213275* %2, i32 %21) #83 Function:do_unlk %5 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %0, i64 0, i32 18 %6 = load %struct.address_space.212830*, %struct.address_space.212830** %5, align 8 %7 = getelementptr inbounds %struct.address_space.212830, %struct.address_space.212830* %6, i64 0, i32 0 %8 = load %struct.inode.213279*, %struct.inode.213279** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.inode*)* @nfs_wb_all to i32 (%struct.inode.213279*)*)(%struct.inode.213279* %8) #83 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %22 [label %2], !srcloc !4 %23 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %24, i64 0, i64 9223372036854775807) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_getattr ------------- Path:  Function:nfs_getattr %6 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 1 %7 = load %struct.dentry.214823*, %struct.dentry.214823** %6, align 8 %8 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %7, i64 0, i32 5 %9 = load %struct.inode.214835*, %struct.inode.214835** %8, align 8 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %37 [label %17], !srcloc !4 %38 = and i32 %3, 2047 %39 = and i32 %4, 16384 %40 = icmp eq i32 %39, 0 %41 = xor i1 %16, true %42 = or i1 %40, %41 br i1 %42, label %60, label %43 %61 = and i32 %3, 192 %62 = icmp eq i32 %61, 0 br i1 %62, label %73, label %63 %64 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 0 %65 = load i16, i16* %64, align 8 %66 = and i16 %65, -4096 %67 = icmp eq i16 %66, -32768 br i1 %67, label %68, label %73 %69 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 9 %70 = load %struct.address_space.214836*, %struct.address_space.214836** %69, align 8 %71 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.214836*, i64, i64)*)(%struct.address_space.214836* %70, i64 0, i64 9223372036854775807) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_getattr 1 nfs_namespace_getattr ------------- Path:  Function:nfs_namespace_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %9, i64 -1, i32 24, i32 4, i32 1 %11 = bitcast %struct.list_head** %10 to i16* %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.path.214263*, %struct.kstat*, i32, i32)* @nfs_getattr to i32 (%struct.user_namespace*, %struct.path*, %struct.kstat*, i32, i32)*)(%struct.user_namespace* %0, %struct.path* %1, %struct.kstat* %2, i32 %3, i32 %4) #83 Function:nfs_getattr %6 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 1 %7 = load %struct.dentry.214823*, %struct.dentry.214823** %6, align 8 %8 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %7, i64 0, i32 5 %9 = load %struct.inode.214835*, %struct.inode.214835** %8, align 8 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %37 [label %17], !srcloc !4 %38 = and i32 %3, 2047 %39 = and i32 %4, 16384 %40 = icmp eq i32 %39, 0 %41 = xor i1 %16, true %42 = or i1 %40, %41 br i1 %42, label %60, label %43 %61 = and i32 %3, 192 %62 = icmp eq i32 %61, 0 br i1 %62, label %73, label %63 %64 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 0 %65 = load i16, i16* %64, align 8 %66 = and i16 %65, -4096 %67 = icmp eq i16 %66, -32768 br i1 %67, label %68, label %73 %69 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 9 %70 = load %struct.address_space.214836*, %struct.address_space.214836** %69, align 8 %71 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.214836*, i64, i64)*)(%struct.address_space.214836* %70, i64 0, i64 9223372036854775807) #83 ------------- Use: =BAD PATH= Call Stack: 0 fiemap_prep 1 iomap_fiemap 2 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %15, label %9 %16 = phi i32 [ %6, %4 ], [ %14, %12 ] %17 = getelementptr %struct.inode.190029, %struct.inode.190029* %0, i64 -1, i32 34 %18 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %17, i64 10, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = and i64 %19, 524288 %21 = icmp eq i64 %20, 0 %22 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 8 %23 = load %struct.super_block.190011*, %struct.super_block.190011** %22, align 8 br i1 %21, label %26, label %24 %27 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %23, i64 0, i32 28 %28 = bitcast i8** %27 to %struct.ext4_sb_info.190078** %29 = load %struct.ext4_sb_info.190078*, %struct.ext4_sb_info.190078** %28, align 16 %30 = getelementptr inbounds %struct.ext4_sb_info.190078, %struct.ext4_sb_info.190078* %29, i64 0, i32 13 br label %31 %32 = phi i64* [ %25, %24 ], [ %30, %26 ] %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %3, 0 br i1 %34, label %51, label %35 %36 = icmp ult i64 %33, %2 br i1 %36, label %51, label %37 %38 = icmp ult i64 %33, %3 %39 = sub i64 %33, %3 %40 = icmp ult i64 %39, %2 %41 = or i1 %38, %40 %42 = sub i64 %33, %2 %43 = select i1 %41, i64 %42, i64 %3 %44 = and i32 %16, 2 %45 = icmp eq i32 %44, 0 br i1 %45, label %49, label %46 %50 = tail call i32 bitcast (i32 (%struct.inode.170826*, %struct.fiemap_extent_info*, i64, i64, %struct.iomap_ops*)* @iomap_fiemap to i32 (%struct.inode.190029*, %struct.fiemap_extent_info*, i64, i64, %struct.iomap_ops.190033*)*)(%struct.inode.190029* %0, %struct.fiemap_extent_info* %1, i64 %2, i64 %43, %struct.iomap_ops.190033* nonnull @ext4_iomap_report_ops) #84 Function:iomap_fiemap %6 = alloca %struct.iomap_iter.170838, align 8 %7 = bitcast %struct.iomap_iter.170838* %6 to i8* %8 = getelementptr inbounds %struct.iomap_iter.170838, %struct.iomap_iter.170838* %6, i64 0, i32 3 %9 = bitcast i64* %8 to i8* %10 = getelementptr inbounds %struct.iomap_iter.170838, %struct.iomap_iter.170838* %6, i64 0, i32 0 store %struct.inode.170826* %0, %struct.inode.170826** %10, align 8 %11 = getelementptr inbounds %struct.iomap_iter.170838, %struct.iomap_iter.170838* %6, i64 0, i32 1 store i64 %2, i64* %11, align 8 %12 = getelementptr inbounds %struct.iomap_iter.170838, %struct.iomap_iter.170838* %6, i64 0, i32 2 store i64 %3, i64* %12, align 8 %13 = getelementptr inbounds %struct.iomap_iter.170838, %struct.iomap_iter.170838* %6, i64 0, i32 4 store i32 4, i32* %13, align 8 %14 = call i32 bitcast (i32 (%struct.inode.146664*, %struct.fiemap_extent_info*, i64, i64*, i32)* @fiemap_prep to i32 (%struct.inode.170826*, %struct.fiemap_extent_info*, i64, i64*, i32)*)(%struct.inode.170826* %0, %struct.fiemap_extent_info* %1, i64 %2, i64* %12, i32 0) #83 Function:fiemap_prep %6 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %0, i64 0, i32 8 %7 = load %struct.super_block.146648*, %struct.super_block.146648** %6, align 8 %8 = getelementptr inbounds %struct.super_block.146648, %struct.super_block.146648* %7, i64 0, i32 4 %9 = load i64, i64* %8, align 32 %10 = load i64, i64* %3, align 8 %11 = icmp eq i64 %10, 0 br i1 %11, label %36, label %12 %13 = icmp ult i64 %9, %2 br i1 %13, label %36, label %14 %15 = icmp ult i64 %9, %10 %16 = sub i64 %9, %10 %17 = icmp ult i64 %16, %2 %18 = or i1 %15, %17 br i1 %18, label %19, label %21 %22 = and i32 %4, 2 %23 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = xor i32 %22, -2 %26 = and i32 %24, %25 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = and i32 %24, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %0, i64 0, i32 9 %34 = load %struct.address_space.146668*, %struct.address_space.146668** %33, align 8 %35 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.146668*, i64, i64)*)(%struct.address_space.146668* %34, i64 0, i64 9223372036854775807) #83 ------------- Use: =BAD PATH= Call Stack: 0 fiemap_prep 1 iomap_fiemap 2 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %15, label %9 %16 = phi i32 [ %6, %4 ], [ %14, %12 ] %17 = getelementptr %struct.inode.190029, %struct.inode.190029* %0, i64 -1, i32 34 %18 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %17, i64 10, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = and i64 %19, 524288 %21 = icmp eq i64 %20, 0 %22 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 8 %23 = load %struct.super_block.190011*, %struct.super_block.190011** %22, align 8 br i1 %21, label %26, label %24 %27 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %23, i64 0, i32 28 %28 = bitcast i8** %27 to %struct.ext4_sb_info.190078** %29 = load %struct.ext4_sb_info.190078*, %struct.ext4_sb_info.190078** %28, align 16 %30 = getelementptr inbounds %struct.ext4_sb_info.190078, %struct.ext4_sb_info.190078* %29, i64 0, i32 13 br label %31 %32 = phi i64* [ %25, %24 ], [ %30, %26 ] %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %3, 0 br i1 %34, label %51, label %35 %36 = icmp ult i64 %33, %2 br i1 %36, label %51, label %37 %38 = icmp ult i64 %33, %3 %39 = sub i64 %33, %3 %40 = icmp ult i64 %39, %2 %41 = or i1 %38, %40 %42 = sub i64 %33, %2 %43 = select i1 %41, i64 %42, i64 %3 %44 = and i32 %16, 2 %45 = icmp eq i32 %44, 0 br i1 %45, label %49, label %46 %50 = tail call i32 bitcast (i32 (%struct.inode.170826*, %struct.fiemap_extent_info*, i64, i64, %struct.iomap_ops*)* @iomap_fiemap to i32 (%struct.inode.190029*, %struct.fiemap_extent_info*, i64, i64, %struct.iomap_ops.190033*)*)(%struct.inode.190029* %0, %struct.fiemap_extent_info* %1, i64 %2, i64 %43, %struct.iomap_ops.190033* nonnull @ext4_iomap_report_ops) #84 Function:iomap_fiemap %6 = alloca %struct.iomap_iter.170838, align 8 %7 = bitcast %struct.iomap_iter.170838* %6 to i8* %8 = getelementptr inbounds %struct.iomap_iter.170838, %struct.iomap_iter.170838* %6, i64 0, i32 3 %9 = bitcast i64* %8 to i8* %10 = getelementptr inbounds %struct.iomap_iter.170838, %struct.iomap_iter.170838* %6, i64 0, i32 0 store %struct.inode.170826* %0, %struct.inode.170826** %10, align 8 %11 = getelementptr inbounds %struct.iomap_iter.170838, %struct.iomap_iter.170838* %6, i64 0, i32 1 store i64 %2, i64* %11, align 8 %12 = getelementptr inbounds %struct.iomap_iter.170838, %struct.iomap_iter.170838* %6, i64 0, i32 2 store i64 %3, i64* %12, align 8 %13 = getelementptr inbounds %struct.iomap_iter.170838, %struct.iomap_iter.170838* %6, i64 0, i32 4 store i32 4, i32* %13, align 8 %14 = call i32 bitcast (i32 (%struct.inode.146664*, %struct.fiemap_extent_info*, i64, i64*, i32)* @fiemap_prep to i32 (%struct.inode.170826*, %struct.fiemap_extent_info*, i64, i64*, i32)*)(%struct.inode.170826* %0, %struct.fiemap_extent_info* %1, i64 %2, i64* %12, i32 0) #83 Function:fiemap_prep %6 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %0, i64 0, i32 8 %7 = load %struct.super_block.146648*, %struct.super_block.146648** %6, align 8 %8 = getelementptr inbounds %struct.super_block.146648, %struct.super_block.146648* %7, i64 0, i32 4 %9 = load i64, i64* %8, align 32 %10 = load i64, i64* %3, align 8 %11 = icmp eq i64 %10, 0 br i1 %11, label %36, label %12 %13 = icmp ult i64 %9, %2 br i1 %13, label %36, label %14 %15 = icmp ult i64 %9, %10 %16 = sub i64 %9, %10 %17 = icmp ult i64 %16, %2 %18 = or i1 %15, %17 br i1 %18, label %19, label %21 %22 = and i32 %4, 2 %23 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = xor i32 %22, -2 %26 = and i32 %24, %25 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = and i32 %24, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.inode.146664, %struct.inode.146664* %0, i64 0, i32 9 %34 = load %struct.address_space.146668*, %struct.address_space.146668** %33, align 8 %35 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.146668*, i64, i64)*)(%struct.address_space.146668* %34, i64 0, i64 9223372036854775807) #83 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_read_iter ------------- Path:  Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = and i32 %8, 8 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %21 = load i64, i64* %20, align 8 %22 = add i64 %4, -1 %23 = add i64 %22, %21 br i1 %19, label %26, label %24 %27 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %21, i64 %23) #83 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_read_iter 1 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.289133, %struct.kiocb.289133* %0, i64 0, i32 0 %4 = load %struct.file.289341*, %struct.file.289341** %3, align 8 %5 = getelementptr inbounds %struct.file.289341, %struct.file.289341* %4, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.block_device.289220** %7 = load %struct.block_device.289220*, %struct.block_device.289220** %6, align 8 %8 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %7, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = shl i64 %9, 9 %11 = getelementptr inbounds %struct.kiocb.289133, %struct.kiocb.289133* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, %12 %16 = icmp ugt i64 %15, %10 br i1 %16, label %17, label %22, !prof !4, !misexpect !5 %18 = icmp sgt i64 %10, %12 br i1 %18, label %19, label %31 %20 = sub i64 %10, %12 %21 = icmp ugt i64 %14, %20 br i1 %21, label %24, label %22 %23 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.289133*, %struct.iov_iter*)*)(%struct.kiocb.289133* %0, %struct.iov_iter* %1) #83 Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = and i32 %8, 8 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %21 = load i64, i64* %20, align 8 %22 = add i64 %4, -1 %23 = add i64 %22, %21 br i1 %19, label %26, label %24 %27 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %21, i64 %23) #83 ------------- Good: 83 Bad: 13 Ignored: 141 Check Use of Function:rfkill_fop_ioctl Check Use of Function:dev_set_group Check Use of Function:mdio_ctrl_hw Check Use of Function:wake_up_state Check Use of Function:alloc_file_pseudo Check Use of Function:do_unblank_screen Check Use of Function:qdisc_notify Check Use of Function:do_blank_screen Check Use of Function:netlbl_unlabel_genl_init Check Use of Function:tcp_set_congestion_control Check Use of Function:lookup_fast Check Use of Function:tid_fd_revalidate Check Use of Function:proc_ns_file Check Use of Function:sg_ioctl Check Use of Function:compat_sock_ioctl Check Use of Function:do_move_mount Check Use of Function:fc_drop_locked Check Use of Function:compat_table_info Check Use of Function:io_req_find_next Check Use of Function:init_mknod Check Use of Function:compat_arch_setup_additional_pages Check Use of Function:xt_compat_match_to_user Check Use of Function:commit_creds Check Use of Function:drm_atomic_helper_disable_plane Check Use of Function:put_old_itimerspec32 Check Use of Function:drm_gem_handle_create Check Use of Function:ext4_claim_free_clusters Check Use of Function:dev_change_flags Check Use of Function:invalidate_bdev Check Use of Function:llist_add_batch Use: =BAD PATH= Call Stack: 0 __put_net 1 put_fs_context 2 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.156180*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #83 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 5 %3 = load %struct.dentry.156117*, %struct.dentry.156117** %2, align 8 %4 = icmp eq %struct.dentry.156117* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.155755*, %struct.fs_context_operations.155755** %15, align 8 %17 = icmp eq %struct.fs_context_operations.155755* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.155755, %struct.fs_context_operations.155755* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.156180*)*, void (%struct.fs_context.156180*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.156180*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #83 %25 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %26) #83 Function:__put_net %2 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 9 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.64883) #83 ------------- Use: =BAD PATH= Call Stack: 0 __put_net 1 single_release_net ------------- Path:  Function:single_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.net** %8 = load %struct.net*, %struct.net** %7, align 8 %9 = getelementptr inbounds %struct.net, %struct.net* %8, i64 0, i32 14, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %8) #83 Function:__put_net %2 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 9 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.64883) #83 ------------- Use: =BAD PATH= Call Stack: 0 __put_net 1 seq_release_net ------------- Path:  Function:seq_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.possible_net_t** %8 = load %struct.possible_net_t*, %struct.possible_net_t** %7, align 8 %9 = getelementptr inbounds %struct.possible_net_t, %struct.possible_net_t* %8, i64 0, i32 0 %10 = load %struct.net*, %struct.net** %9, align 8 %11 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 14, i32 3 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %10) #83 Function:__put_net %2 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 9 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.64883) #83 ------------- Use: =BAD PATH= Call Stack: 0 netns_put ------------- Path:  Function:netns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 0, i32 3 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -3, i32 2 %13 = bitcast i32* %12 to %struct.llist_node* %14 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %13, %struct.llist_node* %13, %struct.llist_node* nonnull @cleanup_list.64883) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 pnp_disable_dev 7 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.343946* %11 = getelementptr inbounds %struct.pnp_dev.343946, %struct.pnp_dev.343946* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #84 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.35209, i64 0, i64 0), i64 7) #85 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.344092*)* @pnp_disable_dev to i32 (%struct.pnp_dev.343946*)*)(%struct.pnp_dev.343946* %10) #84 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.344082*, %struct.pnp_protocol.344082** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.344082, %struct.pnp_protocol.344082* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.344092*)*, i32 (%struct.pnp_dev.344092*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.344092*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %23 = load i32, i32* @pnp_debug, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %51, label %25 %26 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.35105, i64 0, i64 0), %struct.device* %26, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.7.35106, i64 0, i64 0)) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.373290* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.45512, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %70, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %70 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #84 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %70 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.41039, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %66, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %66 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #84 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %66 %38 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.41033, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.41034, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.41035, i64 0, i64 0), i8* %46) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.426591** %7 = load %struct.i915_gpu_coredump.426591*, %struct.i915_gpu_coredump.426591** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.426591* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %10, align 8 %12 = icmp eq %struct.drm_i915_private.426623* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.40.40785, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = icmp eq %struct.drm_i915_private.412466* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.40123, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 cur_state_store ------------- Path:  Function:cur_state_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 36 %7 = bitcast %struct.dev_iommu** %6 to %struct.thermal_cooling_device* %8 = bitcast i64* %5 to i8* %9 = load i1, i1* @cur_state_store.__print_once, align 1 br i1 %9, label %13, label %10 store i1 true, i1* @cur_state_store.__print_once, align 1 %11 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %6, i64 2 %12 = bitcast %struct.dev_iommu** %11 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %12, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.31.59516, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 stable_pages_required_show ------------- Path:  Function:stable_pages_required_show %4 = load i1, i1* @stable_pages_required_show.__print_once, align 1 br i1 %4, label %6, label %5 store i1 true, i1* @stable_pages_required_show.__print_once, align 1 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %0, i8* getelementptr inbounds ([102 x i8], [102 x i8]* @.str.7.14003, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.313800* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.13.30582, i64 0, i64 0)) #83 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 253 %14 = bitcast %struct.irq_domain** %13 to i8* store i8 0, i8* %14, align 8 %15 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 25 %16 = bitcast %struct.irq_domain** %15 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %16, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.79.30583, i64 0, i64 0)) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 pci_vpd_available 7 pci_vpd_read 8 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 pci_vpd_available 7 pci_vpd_write 8 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_write %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %22 = bitcast %struct.list_head** %21 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %23 = bitcast %struct.list_head** %22 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* %21, i8* nonnull %6) #83 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.62.58645, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.58648, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_writev 4 __ia32_compat_sys_pwritev2 ------------- Path:  Function:__ia32_compat_sys_pwritev2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = inttoptr i64 %7 to %struct.iovec* %19 = trunc i64 %17 to i32 %20 = shl i64 %15, 32 %21 = or i64 %20, %13 %22 = icmp eq i64 %21, -1 br i1 %22, label %23, label %25 %24 = tail call fastcc i64 @do_writev(i64 %4, %struct.iovec* %18, i64 %10, i32 %19) #83 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_writev 4 __ia32_sys_writev ------------- Path:  Function:__ia32_sys_writev %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = inttoptr i64 %7 to %struct.iovec* %12 = tail call fastcc i64 @do_writev(i64 %4, %struct.iovec* %11, i64 %10, i32 0) #83 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_writev 4 __x64_sys_pwritev2 ------------- Path:  Function:__x64_sys_pwritev2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = icmp eq i64 %10, -1 br i1 %14, label %15, label %17 %16 = tail call fastcc i64 @do_writev(i64 %3, %struct.iovec* %6, i64 %8, i32 %13) #83 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_writev 4 __x64_sys_writev ------------- Path:  Function:__x64_sys_writev %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = tail call fastcc i64 @do_writev(i64 %3, %struct.iovec* %6, i64 %8, i32 0) #83 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 ksys_write 4 __ia32_sys_write ------------- Path:  Function:__ia32_sys_write %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = tail call i64 @ksys_write(i32 %10, i8* %11, i64 %9) #83 Function:ksys_write %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 ksys_write 4 __x64_sys_write ------------- Path:  Function:__x64_sys_write %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = tail call i64 @ksys_write(i32 %9, i8* %6, i64 %8) #83 Function:ksys_write %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_readv 4 __ia32_compat_sys_preadv2 ------------- Path:  Function:__ia32_compat_sys_preadv2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = inttoptr i64 %7 to %struct.iovec* %19 = trunc i64 %17 to i32 %20 = shl i64 %15, 32 %21 = or i64 %20, %13 %22 = icmp eq i64 %21, -1 br i1 %22, label %23, label %25 %24 = tail call fastcc i64 @do_readv(i64 %4, %struct.iovec* %18, i64 %10, i32 %19) #83 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_readv 4 __ia32_sys_readv ------------- Path:  Function:__ia32_sys_readv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = inttoptr i64 %7 to %struct.iovec* %12 = tail call fastcc i64 @do_readv(i64 %4, %struct.iovec* %11, i64 %10, i32 0) #83 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_readv 4 __x64_sys_preadv2 ------------- Path:  Function:__x64_sys_preadv2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = icmp eq i64 %10, -1 br i1 %14, label %15, label %17 %16 = tail call fastcc i64 @do_readv(i64 %3, %struct.iovec* %6, i64 %8, i32 %13) #83 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_readv 4 __x64_sys_readv ------------- Path:  Function:__x64_sys_readv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = tail call fastcc i64 @do_readv(i64 %3, %struct.iovec* %6, i64 %8, i32 0) #83 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 ksys_read 4 __ia32_sys_read ------------- Path:  Function:__ia32_sys_read %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = tail call i64 @ksys_read(i32 %10, i8* %11, i64 %9) #83 Function:ksys_read %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 ksys_read 4 __x64_sys_read ------------- Path:  Function:__x64_sys_read %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = tail call i64 @ksys_read(i32 %9, i8* %6, i64 %8) #83 Function:ksys_read %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __x64_sys_lseek ------------- Path:  Function:__x64_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %7 to i32 %10 = tail call i64 @__fdget_pos(i32 %8) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_llseek 4 __ia32_sys_llseek ------------- Path:  Function:__ia32_sys_llseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_llseek(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_llseek %6 = alloca i64, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %4 to i32 %9 = tail call i64 @__fdget_pos(i32 %7) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_llseek 4 __x64_sys_llseek ------------- Path:  Function:__x64_sys_llseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_llseek(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_llseek %6 = alloca i64, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %4 to i32 %9 = tail call i64 @__fdget_pos(i32 %7) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_sys_lseek ------------- Path:  Function:__ia32_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @__fdget_pos(i32 %9) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_compat_sys_lseek ------------- Path:  Function:__ia32_compat_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %7 to i32 %10 = shl i64 %5, 32 %11 = ashr exact i64 %10, 32 %12 = tail call i64 @__fdget_pos(i32 %8) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __x64_sys_old_readdir ------------- Path:  Function:__x64_sys_old_readdir %2 = alloca %struct.readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = tail call i64 @__fdget_pos(i32 %7) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_getdents64 4 __ia32_sys_getdents64 ------------- Path:  Function:__ia32_sys_getdents64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_getdents64(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_getdents64 %4 = alloca %struct.getdents_callback64, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.linux_dirent64* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.getdents_callback64* %4 to i8* %9 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir64, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 1 store %struct.linux_dirent64* %6, %struct.linux_dirent64** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 3 store i32 %7, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = tail call i64 @__fdget_pos(i32 %5) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_getdents64 4 __x64_sys_getdents64 ------------- Path:  Function:__x64_sys_getdents64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_getdents64(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_getdents64 %4 = alloca %struct.getdents_callback64, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.linux_dirent64* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.getdents_callback64* %4 to i8* %9 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir64, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 1 store %struct.linux_dirent64* %6, %struct.linux_dirent64** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 3 store i32 %7, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = tail call i64 @__fdget_pos(i32 %5) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_getdents 4 __ia32_sys_getdents ------------- Path:  Function:__ia32_sys_getdents %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_getdents(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_getdents %4 = alloca %struct.getdents_callback, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.old_linux_dirent* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.getdents_callback* %4 to i8* %9 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 1 store %struct.old_linux_dirent* %6, %struct.old_linux_dirent** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 3 store i32 %7, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = tail call i64 @__fdget_pos(i32 %5) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_getdents 4 __x64_sys_getdents ------------- Path:  Function:__x64_sys_getdents %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_getdents(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_getdents %4 = alloca %struct.getdents_callback, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.old_linux_dirent* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.getdents_callback* %4 to i8* %9 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 1 store %struct.old_linux_dirent* %6, %struct.old_linux_dirent** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 3 store i32 %7, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = tail call i64 @__fdget_pos(i32 %5) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_sys_old_readdir ------------- Path:  Function:__ia32_sys_old_readdir %2 = alloca %struct.readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.old_linux_dirent* %10 = tail call i64 @__fdget_pos(i32 %8) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_compat_sys_old_readdir ------------- Path:  Function:__ia32_compat_sys_old_readdir %2 = alloca %struct.compat_readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.compat_old_linux_dirent* %10 = tail call i64 @__fdget_pos(i32 %8) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_compat_sys_getdents ------------- Path:  Function:__ia32_compat_sys_getdents %2 = alloca %struct.compat_getdents_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = inttoptr i64 %7 to %struct.compat_old_linux_dirent* %12 = trunc i64 %9 to i32 %13 = bitcast %struct.compat_getdents_callback* %2 to i8* %14 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @compat_filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %14, align 8 %15 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 0, i32 1 store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 1 store %struct.compat_old_linux_dirent* %11, %struct.compat_old_linux_dirent** %16, align 8 %17 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 2 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 3 store i32 %12, i32* %18, align 4 %19 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 4 store i32 0, i32* %19, align 8 %20 = tail call i64 @__fdget_pos(i32 %10) #83 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_quotactl_fd 4 __ia32_sys_quotactl_fd ------------- Path:  Function:__ia32_sys_quotactl_fd %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_quotactl_fd(i64 %4, i64 %7, i64 %10, i64 %13) #83 Function:__se_sys_quotactl_fd %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = inttoptr i64 %3 to i8* %9 = lshr i32 %6, 8 %10 = and i32 %6, 255 %11 = tail call i64 @__fdget_raw(i32 %5) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_quotactl_fd 4 __x64_sys_quotactl_fd ------------- Path:  Function:__x64_sys_quotactl_fd %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_quotactl_fd(i64 %3, i64 %5, i64 %7, i64 %9) #83 Function:__se_sys_quotactl_fd %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = inttoptr i64 %3 to i8* %9 = lshr i32 %6, 8 %10 = and i32 %6, 255 %11 = tail call i64 @__fdget_raw(i32 %5) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __ia32_compat_sys_fstatfs ------------- Path:  Function:__ia32_compat_sys_fstatfs %2 = alloca %struct.compat_statfs, align 4 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 kcompat_sys_fstatfs64 4 __ia32_compat_sys_fstatfs64 ------------- Path:  Function:__ia32_compat_sys_fstatfs64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to %struct.compat_statfs64* %12 = tail call i32 @kcompat_sys_fstatfs64(i32 %9, i32 %10, %struct.compat_statfs64* %11) #83 Function:kcompat_sys_fstatfs64 %4 = alloca %struct.compat_statfs64, align 4 %5 = alloca %struct.kstatfs, align 8 %6 = bitcast %struct.kstatfs* %5 to i8* %7 = icmp eq i32 %1, 84 br i1 %7, label %8, label %75 %9 = tail call i64 @__fdget_raw(i32 %0) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __ia32_sys_fstatfs ------------- Path:  Function:__ia32_sys_fstatfs %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __ia32_sys_fstatfs64 ------------- Path:  Function:__ia32_sys_fstatfs64 %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = bitcast %struct.kstatfs* %3 to i8* %13 = icmp eq i64 %8, 120 br i1 %13, label %14, label %37 %15 = trunc i64 %5 to i32 %16 = tail call i64 @__fdget_raw(i32 %15) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __x64_sys_fstatfs ------------- Path:  Function:__x64_sys_fstatfs %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __x64_sys_fstatfs64 ------------- Path:  Function:__x64_sys_fstatfs64 %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = bitcast %struct.kstatfs* %3 to i8* %12 = icmp eq i64 %7, 120 br i1 %12, label %13, label %35 %14 = trunc i64 %5 to i32 %15 = tail call i64 @__fdget_raw(i32 %14) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_fchdir 4 __ia32_sys_fchdir ------------- Path:  Function:__ia32_sys_fchdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_fchdir(i64 %4) #83 Function:__se_sys_fchdir %2 = trunc i64 %0 to i32 %3 = tail call i64 @__fdget_raw(i32 %2) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_fchdir 4 __x64_sys_fchdir ------------- Path:  Function:__x64_sys_fchdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_fchdir(i64 %3) #83 Function:__se_sys_fchdir %2 = trunc i64 %0 to i32 %3 = tail call i64 @__fdget_raw(i32 %2) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __ia32_compat_sys_ia32_fstat64 ------------- Path:  Function:__ia32_compat_sys_ia32_fstat64 %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kstat* %2 to i8* %9 = call i32 @vfs_fstat(i32 %7, %struct.kstat* nonnull %2) #83 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __ia32_compat_sys_newfstat ------------- Path:  Function:__ia32_compat_sys_newfstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kstat* %2 to i8* %9 = call i32 @vfs_fstat(i32 %7, %struct.kstat* nonnull %2) #83 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __ia32_sys_fstat ------------- Path:  Function:__ia32_sys_fstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kstat* %2 to i8* %9 = call i32 @vfs_fstat(i32 %7, %struct.kstat* nonnull %2) #83 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __x64_sys_fstat ------------- Path:  Function:__x64_sys_fstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.__old_kernel_stat** %7 = load %struct.__old_kernel_stat*, %struct.__old_kernel_stat** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.kstat* %2 to i8* %10 = call i32 @vfs_fstat(i32 %8, %struct.kstat* nonnull %2) #83 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __se_sys_newfstat 5 __ia32_sys_newfstat ------------- Path:  Function:__ia32_sys_newfstat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_newfstat(i64 %4, i64 %7) #83 Function:__se_sys_newfstat %3 = alloca %struct.stat, align 8 %4 = alloca %struct.kstat, align 8 %5 = trunc i64 %0 to i32 %6 = bitcast %struct.kstat* %4 to i8* %7 = call i32 @vfs_fstat(i32 %5, %struct.kstat* nonnull %4) #83 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __se_sys_newfstat 5 __x64_sys_newfstat ------------- Path:  Function:__x64_sys_newfstat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_newfstat(i64 %3, i64 %5) #83 Function:__se_sys_newfstat %3 = alloca %struct.stat, align 8 %4 = alloca %struct.kstat, align 8 %5 = trunc i64 %0 to i32 %6 = bitcast %struct.kstat* %4 to i8* %7 = call i32 @vfs_fstat(i32 %5, %struct.kstat* nonnull %4) #83 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_fcntl 4 __ia32_sys_fcntl ------------- Path:  Function:__ia32_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_fcntl(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_fcntl 4 __x64_sys_fcntl ------------- Path:  Function:__x64_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_fcntl(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 do_compat_fcntl64 4 __ia32_compat_sys_fcntl ------------- Path:  Function:__ia32_compat_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 switch i32 %4, label %5 [ i32 12, label %13 i32 13, label %13 i32 14, label %13 i32 36, label %13 i32 37, label %13 i32 38, label %13 ] %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %7 to i32 %11 = trunc i64 %9 to i32 %12 = tail call fastcc i64 @do_compat_fcntl64(i32 %11, i32 %4, i32 %10) #83 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.ldttss_desc, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.ldttss_desc, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.ldttss_desc, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 do_compat_fcntl64 4 __ia32_compat_sys_fcntl64 ------------- Path:  Function:__ia32_compat_sys_fcntl64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call fastcc i64 @do_compat_fcntl64(i32 %8, i32 %9, i32 %10) #83 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.ldttss_desc, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.ldttss_desc, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.ldttss_desc, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #83 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 __se_sys_setns 4 __ia32_sys_setns ------------- Path:  Function:__ia32_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setns(i64 %4, i64 %7) #83 Function:__se_sys_setns %3 = alloca %struct.nsset, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = bitcast %struct.nsset* %3 to i8* %7 = tail call %struct.file* @fget(i32 %4) #83 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 __se_sys_setns 4 __x64_sys_setns ------------- Path:  Function:__x64_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setns(i64 %3, i64 %5) #83 Function:__se_sys_setns %3 = alloca %struct.nsset, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = bitcast %struct.nsset* %3 to i8* %7 = tail call %struct.file* @fget(i32 %4) #83 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __ia32_compat_sys_ia32_mmap ------------- Path:  Function:__ia32_compat_sys_ia32_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #83 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %10 = trunc i64 %4 to i32 %11 = trunc i64 %3 to i32 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 114 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file* @fget(i32 %10) #83 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %10 = trunc i64 %4 to i32 %11 = trunc i64 %3 to i32 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 114 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file* @fget(i32 %10) #83 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %10 = trunc i64 %4 to i32 %11 = trunc i64 %3 to i32 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 114 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file* @fget(i32 %10) #83 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %10 = trunc i64 %4 to i32 %11 = trunc i64 %3 to i32 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 114 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file* @fget(i32 %10) #83 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %10 = trunc i64 %4 to i32 %11 = trunc i64 %3 to i32 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 114 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file* @fget(i32 %10) #83 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 loop_configure 4 lo_ioctl 5 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %8 = load %struct.gendisk.604060*, %struct.gendisk.604060** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.604038* %0, i32 %1, i32 %2, i64 %35) #84 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %14 = load %struct.gendisk.604060*, %struct.gendisk.604060** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %332 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %262 i32 19460, label %300 i32 19461, label %314 i32 19463, label %327 i32 19464, label %327 i32 19465, label %327 ] %24 = bitcast %struct.loop_config* %12 to i8* %25 = inttoptr i64 %3 to i8* %26 = call i64 @_copy_from_user(i8* nonnull %24, i8* %25, i64 304) #84 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %30 %29 = call i32 @loop_configure(%struct.loop_device* %17, i32 %1, %struct.block_device.604038* %0, %struct.loop_config* nonnull %12) #83 Function:loop_configure %5 = getelementptr inbounds %struct.loop_config, %struct.loop_config* %3, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = tail call %struct.file.604155* bitcast (%struct.file* (i32)* @fget to %struct.file.604155* (i32)*)(i32 %6) #83 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 loop_configure 4 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device.604038, %struct.block_device.604038* %0, i64 0, i32 17 %14 = load %struct.gendisk.604060*, %struct.gendisk.604060** %13, align 8 %15 = getelementptr inbounds %struct.gendisk.604060, %struct.gendisk.604060* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %332 [ i32 19456, label %18 i32 19466, label %23 i32 19462, label %32 i32 19457, label %206 i32 19458, label %225 i32 19459, label %262 i32 19460, label %300 i32 19461, label %314 i32 19463, label %327 i32 19464, label %327 i32 19465, label %327 ] %24 = bitcast %struct.loop_config* %12 to i8* %25 = inttoptr i64 %3 to i8* %26 = call i64 @_copy_from_user(i8* nonnull %24, i8* %25, i64 304) #84 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %30 %29 = call i32 @loop_configure(%struct.loop_device* %17, i32 %1, %struct.block_device.604038* %0, %struct.loop_config* nonnull %12) #83 Function:loop_configure %5 = getelementptr inbounds %struct.loop_config, %struct.loop_config* %3, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = tail call %struct.file.604155* bitcast (%struct.file* (i32)* @fget to %struct.file.604155* (i32)*)(i32 %6) #83 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.thread_info, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.101855, %struct.file.101855* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #83 %240 = icmp sgt i32 %239, 0 %241 = icmp eq i32 %239, 0 %242 = select i1 %241, i32 -7, i32 %239 br i1 %240, label %243, label %246 %244 = call i64 @_copy_from_user(i8* nonnull %228, i8* %12, i64 24) #83 %245 = icmp eq i64 %244, 0 br i1 %245, label %249, label %246 %250 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 4 %251 = load i32, i32* %250, align 4 %252 = and i32 %251, -524289 %253 = icmp eq i32 %252, 0 br i1 %253, label %254, label %365 %255 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 1 %256 = load i32, i32* %255, align 8 %257 = zext i32 %256 to i64 %258 = and i64 %257, 4294967292 %259 = icmp eq i64 %258, 0 br i1 %259, label %260, label %365 %261 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 3 %262 = load i32, i32* %261, align 8 %263 = icmp ne i32 %262, 0 %264 = and i64 %257, 1 %265 = icmp eq i64 %264, 0 %266 = and i1 %265, %263 br i1 %266, label %365, label %267 %268 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 2 %269 = load i32, i32* %268, align 4 %270 = call %struct.file.101855* bitcast (%struct.file* (i32)* @fget to %struct.file.101855* (i32)*)(i32 %269) #83 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.thread_info, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.101855, %struct.file.101855* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #83 %240 = icmp sgt i32 %239, 0 %241 = icmp eq i32 %239, 0 %242 = select i1 %241, i32 -7, i32 %239 br i1 %240, label %243, label %246 %244 = call i64 @_copy_from_user(i8* nonnull %228, i8* %12, i64 24) #83 %245 = icmp eq i64 %244, 0 br i1 %245, label %249, label %246 %250 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 4 %251 = load i32, i32* %250, align 4 %252 = and i32 %251, -524289 %253 = icmp eq i32 %252, 0 br i1 %253, label %254, label %365 %255 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 1 %256 = load i32, i32* %255, align 8 %257 = zext i32 %256 to i64 %258 = and i64 %257, 4294967292 %259 = icmp eq i64 %258, 0 br i1 %259, label %260, label %365 %261 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 3 %262 = load i32, i32* %261, align 8 %263 = icmp ne i32 %262, 0 %264 = and i64 %257, 1 %265 = icmp eq i64 %264, 0 %266 = and i1 %265, %263 br i1 %266, label %365, label %267 %268 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 2 %269 = load i32, i32* %268, align 4 %270 = call %struct.file.101855* bitcast (%struct.file* (i32)* @fget to %struct.file.101855* (i32)*)(i32 %269) #83 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget_raw 3 __scm_send 4 netlink_sendmsg ------------- Path:  Function:netlink_sendmsg %4 = alloca %struct.scm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.sock* %6 to %struct.netlink_sock* %8 = bitcast %struct.msghdr* %1 to %struct.sctphdr** %9 = load %struct.sctphdr*, %struct.sctphdr** %8, align 8 %10 = bitcast %struct.scm_cookie* %4 to i8* %11 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %194 %16 = icmp eq i64 %2, 0 br i1 %16, label %17, label %21 %22 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 1, i32 0 store i32 -1, i32* %22, align 4 %23 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 2, i32 0 store i32 -1, i32* %23, align 8 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 104 %27 = load %struct.signal_struct*, %struct.signal_struct** %26, align 8 %28 = getelementptr %struct.signal_struct, %struct.signal_struct* %27, i64 0, i32 22, i64 1 %29 = load %struct.pid*, %struct.pid** %28, align 8 %30 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 94 %31 = load %struct.cred*, %struct.cred** %30, align 8 %32 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 1, i32 0 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 2, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq %struct.pid* %29, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0 %39 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0, i32 0, i32 0 %40 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 1, i32* %39) #6, !srcloc !7 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43, !prof !8, !misexpect !5 %44 = add i32 %40, 1 %45 = or i32 %44, %40 %46 = icmp sgt i32 %45, -1 br i1 %46, label %48, label %47, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %38, i32 1) #84 br label %48 %49 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 0 store %struct.pid* %29, %struct.pid** %49, align 8 %50 = tail call i32 @pid_vnr(%struct.pid* %29) #84 %51 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 0 store i32 %50, i32* %51, align 8 store i32 %33, i32* %22, align 4 store i32 %35, i32* %23, align 8 %52 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 3 %53 = call i32 @security_socket_getpeersec_dgram(%struct.socket* %0, %struct.sk_buff* null, i32* %52) #84 %54 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %60, label %57 %58 = call i32 @__scm_send(%struct.socket* %0, %struct.msghdr* %1, %struct.scm_cookie* nonnull %4) #84 Function:__scm_send %4 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 15 br i1 %6, label %7, label %209 %8 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %9 = bitcast i8** %8 to %struct.arch_uprobe_task** %10 = load %struct.arch_uprobe_task*, %struct.arch_uprobe_task** %9, align 8 %11 = icmp eq %struct.arch_uprobe_task* %10, null br i1 %11, label %209, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %14 = bitcast i8** %13 to i64* %15 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 0 %16 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 0 %17 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 1, i32 0 %18 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 2, i32 0 %19 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 5 %20 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 1 %21 = bitcast %struct.scm_fp_list** %20 to i8** br label %22 %23 = phi i64 [ %5, %12 ], [ %196, %194 ] %24 = phi %struct.arch_uprobe_task* [ %10, %12 ], [ %207, %194 ] %25 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %26, 15 br i1 %27, label %28, label %221 %29 = load i64, i64* %14, align 8 %30 = ptrtoint %struct.arch_uprobe_task* %24 to i64 %31 = sub i64 %23, %30 %32 = add i64 %31, %29 %33 = icmp ugt i64 %26, %32 br i1 %33, label %221, label %34 %35 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = icmp eq i32 %36, 1 br i1 %37, label %38, label %194 %39 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 2 %40 = load i32, i32* %39, align 4 switch i32 %40, label %221 [ i32 1, label %41 i32 2, label %124 ] %42 = load %struct.proto_ops*, %struct.proto_ops** %19, align 32 %43 = icmp eq %struct.proto_ops* %42, null br i1 %43, label %221, label %44 %45 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %42, i64 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, 1 br i1 %47, label %48, label %221 %49 = getelementptr %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 1 %50 = bitcast %struct.arch_uprobe_task* %49 to i32* %51 = load %struct.scm_fp_list*, %struct.scm_fp_list** %20, align 8 %52 = add i64 %26, 17179869168 %53 = lshr i64 %52, 2 %54 = trunc i64 %53 to i32 %55 = icmp slt i32 %54, 1 br i1 %55, label %194, label %56 %57 = icmp sgt i32 %54, 253 br i1 %57, label %221, label %58 %59 = icmp eq %struct.scm_fp_list* %51, null br i1 %59, label %60, label %71 %61 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %62 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %61, i32 4197568, i64 2040) #83 %63 = icmp eq i8* %62, null br i1 %63, label %221, label %64 %65 = bitcast i8* %62 to %struct.scm_fp_list* store i8* %62, i8** %21, align 8 %66 = bitcast i8* %62 to i16* store i16 0, i16* %66, align 8 %67 = getelementptr inbounds i8, i8* %62, i64 2 %68 = bitcast i8* %67 to i16* store i16 253, i16* %68, align 2 %69 = getelementptr inbounds i8, i8* %62, i64 8 %70 = bitcast i8* %69 to %struct.user_struct** store %struct.user_struct* null, %struct.user_struct** %70, align 8 br label %71 %72 = phi %struct.scm_fp_list* [ %51, %58 ], [ %65, %64 ] %73 = getelementptr inbounds %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 0 %74 = load i16, i16* %73, align 8 %75 = sext i16 %74 to i32 %76 = add nsw i32 %75, %54 %77 = getelementptr inbounds %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 1 %78 = load i16, i16* %77, align 2 %79 = sext i16 %78 to i32 %80 = icmp sgt i32 %76, %79 br i1 %80, label %221, label %81 %82 = sext i16 %74 to i64 %83 = getelementptr %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 3, i64 %82 %84 = and i64 %53, 4294967295 br label %85 %86 = phi i64 [ 0, %81 ], [ %98, %94 ] %87 = phi %struct.file** [ %83, %81 ], [ %95, %94 ] %88 = getelementptr i32, i32* %50, i64 %86 %89 = load i32, i32* %88, align 4 %90 = icmp slt i32 %89, 0 br i1 %90, label %221, label %91 %92 = tail call %struct.file* @fget_raw(i32 %89) #84 Function:fget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 101 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 16 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __ia32_sys_dup ------------- Path:  Function:__ia32_sys_dup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 101 %8 = load %struct.files_struct*, %struct.files_struct** %7, align 16 %9 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %8, i32 %4, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __x64_sys_dup ------------- Path:  Function:__x64_sys_dup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 101 %8 = load %struct.files_struct*, %struct.files_struct** %7, align 16 %9 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %8, i32 %4, i32 0, i32 1) #83 Function:__fget_files tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !4, !misexpect !5 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !6 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !7, !misexpect !5 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !7, !misexpect !5 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !8 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !7, !misexpect !5 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !4, !misexpect !5 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.file.143296*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #83 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.143296, %struct.file.143296* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.143268** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.143268**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.143268* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.143268, %struct.task_struct.143268* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.143296* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #83 ------------- Good: 5617 Bad: 81 Ignored: 2970 Check Use of Function:drm_modeset_backoff Check Use of Function:_raw_write_unlock Check Use of Function:percpu_ref_resurrect Check Use of Function:slow_avc_audit Check Use of Function:rdev_add_virtual_intf Check Use of Function:_dev_err Use: =BAD PATH= Call Stack: 0 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %11 = bitcast %struct.list_head** %10 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.62457, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %22 = bitcast %struct.list_head** %21 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %13 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %14 = bitcast %struct.list_head** %13 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %14, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.62457, i64 0, i64 0)) #84 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %11 = bitcast %struct.list_head** %10 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.62457, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %23 = bitcast %struct.list_head** %22 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %14 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %15 = bitcast %struct.list_head** %14 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %15, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.62457, i64 0, i64 0)) #84 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %11 = bitcast %struct.list_head** %10 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.62457, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %11 = bitcast %struct.list_head** %10 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.62457, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_store ------------- Path:  Function:lg4ff_alternate_modes_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %8 = bitcast %struct.list_head** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = icmp eq i8* %9, null br i1 %10, label %11, label %14 %15 = getelementptr inbounds i8, i8* %9, i64 8 %16 = bitcast i8* %15 to %struct.lg4ff_device_entry** %17 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %16, align 8 %18 = icmp eq %struct.lg4ff_device_entry* %17, null br i1 %18, label %19, label %22 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %21 = bitcast %struct.list_head** %20 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %21, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_store ------------- Path:  Function:lg4ff_alternate_modes_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %8 = bitcast %struct.list_head** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = icmp eq i8* %9, null br i1 %10, label %11, label %14 %12 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %13 = bitcast %struct.list_head** %12 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %13, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.62457, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* %21, i8* nonnull %6) #83 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.62.58645, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.58648, i64 0, i64 0)) #84 ------------- Use: =BAD PATH= Call Stack: 0 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* %21, i8* nonnull %6) #83 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([29 x i8], [29 x i8]* @.str.61.58644, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.58648, i64 0, i64 0)) #84 ------------- Use: =BAD PATH= Call Stack: 0 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.59.58650, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.58648, i64 0, i64 0)) #84 ------------- Use: =BAD PATH= Call Stack: 0 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.58.58649, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.58648, i64 0, i64 0)) #84 ------------- Use: =BAD PATH= Call Stack: 0 delete_device_store ------------- Path:  Function:delete_device_store %5 = alloca i16, align 2 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast i16* %5 to i8* %9 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* nonnull %5, i8* nonnull %6) #83 %10 = icmp slt i32 %9, 1 br i1 %10, label %11, label %12 %13 = icmp eq i32 %9, 1 %14 = load i8, i8* %6, align 1 %15 = icmp eq i8 %14, 10 %16 = or i1 %13, %15 br i1 %16, label %18, label %17 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.62.58645, i64 0, i64 0), i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.64.58642, i64 0, i64 0)) #84 ------------- Use: =BAD PATH= Call Stack: 0 delete_device_store ------------- Path:  Function:delete_device_store %5 = alloca i16, align 2 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast i16* %5 to i8* %9 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* nonnull %5, i8* nonnull %6) #83 %10 = icmp slt i32 %9, 1 br i1 %10, label %11, label %12 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([29 x i8], [29 x i8]* @.str.61.58644, i64 0, i64 0), i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.64.58642, i64 0, i64 0)) #84 ------------- Use: =BAD PATH= Call Stack: 0 pnp_disable_dev 1 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.343946* %11 = getelementptr inbounds %struct.pnp_dev.343946, %struct.pnp_dev.343946* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #84 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.35209, i64 0, i64 0), i64 7) #85 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.344092*)* @pnp_disable_dev to i32 (%struct.pnp_dev.343946*)*)(%struct.pnp_dev.343946* %10) #84 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.344082*, %struct.pnp_protocol.344082** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.344082, %struct.pnp_protocol.344082* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.344092*)*, i32 (%struct.pnp_dev.344092*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.344092*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %28 = tail call i32 %9(%struct.pnp_dev.344092* %0) #84 %29 = icmp slt i32 %28, 0 %30 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 0 br i1 %29, label %31, label %32 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.8.35107, i64 0, i64 0)) #83 ------------- Good: 2640 Bad: 23 Ignored: 1734 Check Use of Function:unregister_netdevice_queue Check Use of Function:free_netdev Check Use of Function:ieee80211_set_sdata_offload_flags Check Use of Function:dm_compat_ctl_ioctl Check Use of Function:compat_ptr_ioctl Check Use of Function:acpi_evaluate_integer Use: =BAD PATH= Call Stack: 0 camera_show ------------- Path:  Function:camera_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 16 %11 = icmp eq i32 %10, 0 br i1 %11, label %27, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.26.62836, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 cardr_show ------------- Path:  Function:cardr_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 1048576 %11 = icmp eq i32 %10, 0 br i1 %11, label %27, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.31.62833, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 cpufv_show ------------- Path:  Function:cpufv_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %35, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.28.62824, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 cpufv_store ------------- Path:  Function:cpufv_store %5 = alloca i64, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %8 = load i8*, i8** %7, align 8 %9 = bitcast i32* %6 to i8* %10 = getelementptr inbounds i8, i8* %8, i64 12 %11 = load i8, i8* %10, align 4, !range !4 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %53 %14 = getelementptr inbounds i8, i8* %8, i64 8 %15 = bitcast i8* %14 to i32* %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 4096 %18 = icmp eq i32 %17, 0 br i1 %18, label %53, label %19 %20 = bitcast i8* %8 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i64* %5 to i8* %23 = call i32 @acpi_evaluate_integer(i8* %21, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.28.62824, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 available_cpufv_show ------------- Path:  Function:available_cpufv_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %42, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.28.62824, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 uid_show.32298 ------------- Path:  Function:uid_show.32298 %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 7 %7 = bitcast i8** %6 to %struct.dock_station** %8 = load %struct.dock_station*, %struct.dock_station** %7, align 8 %9 = getelementptr inbounds %struct.dock_station, %struct.dock_station* %8, i64 0, i32 0 %10 = load i8*, i8** %9, align 8 %11 = call i32 @acpi_evaluate_integer(i8* %10, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.32299, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_device_get_power 1 real_power_state_show ------------- Path:  Function:real_power_state_show %4 = alloca i32, align 4 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 2 %6 = bitcast %struct.device_private** %5 to %struct.acpi_device* %7 = bitcast i32* %4 to i8* %8 = call i32 @acpi_device_get_power(%struct.acpi_device* %6, i32* nonnull %4) #83 Function:acpi_device_get_power %3 = alloca i64, align 8 %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* store i32 255, i32* %4, align 4 %6 = icmp ne %struct.acpi_device* %0, null %7 = icmp ne i32* %1, null %8 = and i1 %6, %7 br i1 %8, label %9, label %75 %10 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 9, i32 0 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %22 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 11, i32 1, i32 0 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 2 %25 = icmp eq i32 %24, 0 br i1 %25, label %31, label %26 %27 = call i32 @acpi_power_get_inferred_state(%struct.acpi_device* nonnull %0, i32* nonnull %4) #83 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %75 %30 = load i32, i32* %22, align 4 br label %31 %32 = phi i32 [ %30, %29 ], [ %23, %21 ] %33 = and i32 %32, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast i64* %3 to i8* %37 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 1 %38 = load i8*, i8** %37, align 8 %39 = call i32 @acpi_evaluate_integer(i8* %38, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.11.31884, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %3) #83 ------------- Use: =BAD PATH= Call Stack: 0 sun_show ------------- Path:  Function:sun_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 2 %6 = bitcast i64* %4 to i8* %7 = getelementptr inbounds %struct.device_private*, %struct.device_private** %5, i64 1 %8 = bitcast %struct.device_private** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = call i32 @acpi_evaluate_integer(i8* %9, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.2.31849, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 hrv_show ------------- Path:  Function:hrv_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 2 %6 = bitcast i64* %4 to i8* %7 = getelementptr inbounds %struct.device_private*, %struct.device_private** %5, i64 1 %8 = bitcast %struct.device_private** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = call i32 @acpi_evaluate_integer(i8* %9, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.3.31850, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 status_show ------------- Path:  Function:status_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 2 %6 = bitcast i64* %4 to i8* %7 = getelementptr inbounds %struct.device_private*, %struct.device_private** %5, i64 1 %8 = bitcast %struct.device_private** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = call i32 @acpi_evaluate_integer(i8* %9, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.31851, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 ------------- Good: 166 Bad: 10 Ignored: 224 Check Use of Function:filename_lookup Check Use of Function:fsnotify Check Use of Function:tg3_restart_hw Check Use of Function:ieee80211_mgd_probe_ap_send Check Use of Function:vfs_tmpfile Check Use of Function:efivar_create_sysfs_entry Check Use of Function:proc_lookup Check Use of Function:__ieee80211_recalc_txpower Check Use of Function:ieee80211_send_null_response Check Use of Function:__setup_rt_frame Check Use of Function:blk_queue_flag_set Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = getelementptr %struct.device.613560, %struct.device.613560* %0, i64 -1, i32 36 %9 = bitcast %struct.dev_iommu** %8 to %struct.scsi_disk* %10 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 1 %11 = bitcast %struct.dev_iommu** %10 to %struct.scsi_device.613577** %12 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %14 = bitcast %struct.scsi_mode_data* %6 to i8* %15 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.scsi_device.613577, %struct.scsi_device.613577* %12, i64 0, i32 23 %17 = load i8, i8* %16, align 8 switch i8 %17, label %118 [ i8 0, label %18 i8 20, label %18 ] %19 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #83 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %27 %28 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 25 %29 = bitcast i24* %28 to i32* %30 = load i32, i32* %29, align 2 %31 = and i32 %30, -3 store i32 %31, i32* %29, align 2 br label %32 %33 = phi i8* [ %22, %21 ], [ %2, %27 ] %34 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %33) #84 %35 = icmp slt i32 %34, 0 br i1 %35, label %118, label %36 %37 = and i32 %34, 1 %38 = and i32 %34, 2 %39 = icmp eq i32 %38, 0 br i1 %39, label %45, label %40 %46 = phi i32 [ 0, %36 ], [ %44, %40 ] %47 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 25 %48 = bitcast i24* %47 to i32* %49 = load i32, i32* %48, align 2 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %65, label %52 %53 = and i32 %49, -13 %54 = or i32 %53, %46 %55 = shl nuw nsw i32 %37, 3 %56 = or i32 %54, %55 store i32 %56, i32* %48, align 2 %57 = icmp ne i32 %46, 0 %58 = and i32 %54, 20 %59 = icmp eq i32 %58, 20 %60 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 93 %61 = bitcast %struct.dev_iommu** %60 to %struct.gendisk.613289** %62 = load %struct.gendisk.613289*, %struct.gendisk.613289** %61, align 8 %63 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %62, i64 0, i32 9 %64 = load %struct.request_queue.613296*, %struct.request_queue.613296** %63, align 8 tail call void bitcast (void (%struct.request_queue.292200*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.613296*, i1, i1)*)(%struct.request_queue.613296* %64, i1 zeroext %57, i1 zeroext %59) #84 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void bitcast (void (i32, %struct.request_queue.290802*)* @blk_queue_flag_set to void (i32, %struct.request_queue.292200*)*)(i32 17, %struct.request_queue.292200* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca %struct.scsi_sense_hdr, align 1 %8 = getelementptr %struct.device.613560, %struct.device.613560* %0, i64 -1, i32 36 %9 = bitcast %struct.dev_iommu** %8 to %struct.scsi_disk* %10 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 1 %11 = bitcast %struct.dev_iommu** %10 to %struct.scsi_device.613577** %12 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %14 = bitcast %struct.scsi_mode_data* %6 to i8* %15 = getelementptr inbounds %struct.scsi_sense_hdr, %struct.scsi_sense_hdr* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.scsi_device.613577, %struct.scsi_device.613577* %12, i64 0, i32 23 %17 = load i8, i8* %16, align 8 switch i8 %17, label %118 [ i8 0, label %18 i8 20, label %18 ] %19 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #83 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %27 %28 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 25 %29 = bitcast i24* %28 to i32* %30 = load i32, i32* %29, align 2 %31 = and i32 %30, -3 store i32 %31, i32* %29, align 2 br label %32 %33 = phi i8* [ %22, %21 ], [ %2, %27 ] %34 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %33) #84 %35 = icmp slt i32 %34, 0 br i1 %35, label %118, label %36 %37 = and i32 %34, 1 %38 = and i32 %34, 2 %39 = icmp eq i32 %38, 0 br i1 %39, label %45, label %40 %46 = phi i32 [ 0, %36 ], [ %44, %40 ] %47 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 25 %48 = bitcast i24* %47 to i32* %49 = load i32, i32* %48, align 2 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %65, label %52 %53 = and i32 %49, -13 %54 = or i32 %53, %46 %55 = shl nuw nsw i32 %37, 3 %56 = or i32 %54, %55 store i32 %56, i32* %48, align 2 %57 = icmp ne i32 %46, 0 %58 = and i32 %54, 20 %59 = icmp eq i32 %58, 20 %60 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %8, i64 93 %61 = bitcast %struct.dev_iommu** %60 to %struct.gendisk.613289** %62 = load %struct.gendisk.613289*, %struct.gendisk.613289** %61, align 8 %63 = getelementptr inbounds %struct.gendisk.613289, %struct.gendisk.613289* %62, i64 0, i32 9 %64 = load %struct.request_queue.613296*, %struct.request_queue.613296** %63, align 8 tail call void bitcast (void (%struct.request_queue.292200*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.613296*, i1, i1)*)(%struct.request_queue.613296* %64, i1 zeroext %57, i1 zeroext %59) #84 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void bitcast (void (i32, %struct.request_queue.290802*)* @blk_queue_flag_clear to void (i32, %struct.request_queue.292200*)*)(i32 17, %struct.request_queue.292200* %0) #83 br label %6 br i1 %2, label %7, label %8 tail call void bitcast (void (i32, %struct.request_queue.290802*)* @blk_queue_flag_set to void (i32, %struct.request_queue.292200*)*)(i32 18, %struct.request_queue.292200* %0) #83 ------------- Good: 47 Bad: 2 Ignored: 32 Check Use of Function:unregister_netdevice_many Check Use of Function:security_inode_setxattr Check Use of Function:ieee80211_vif_change_bandwidth Check Use of Function:__SCT__tp_func_io_uring_create Check Use of Function:proc_tid_base_lookup Check Use of Function:sock_create_kern Check Use of Function:dm_pr_clear Check Use of Function:__sta_info_flush Check Use of Function:cfg80211_init_wdev Check Use of Function:do_kexec_load Check Use of Function:blk_rq_init Check Use of Function:_ieee80211_start_next_roc Check Use of Function:ieee80211_free_txskb Check Use of Function:cfg80211_put_bss Check Use of Function:fl_release Check Use of Function:drv_suspend Check Use of Function:kernel_sigaction Check Use of Function:bcmp Use: =BAD PATH= Call Stack: 0 dev_get_port_parent_id 1 phys_switch_id_show ------------- Path:  Function:phys_switch_id_show %4 = alloca %struct.netdev_phys_item_id, align 1 %5 = getelementptr %struct.device.754070, %struct.device.754070* %0, i64 -2, i32 11 %6 = bitcast %struct.dev_pm_info.754055* %5 to %struct.net_device.754351* %7 = getelementptr %struct.device.754070, %struct.device.754070* %0, i64 -2, i32 11, i32 11, i32 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.net_device_ops.754267** %9 = load %struct.net_device_ops.754267*, %struct.net_device_ops.754267** %8, align 8 %10 = getelementptr inbounds %struct.net_device_ops.754267, %struct.net_device_ops.754267* %9, i64 0, i32 61 %11 = load i32 (%struct.net_device.754351*, %struct.netdev_phys_item_id*)*, i32 (%struct.net_device.754351*, %struct.netdev_phys_item_id*)** %10, align 8 %12 = icmp eq i32 (%struct.net_device.754351*, %struct.netdev_phys_item_id*)* %11, null br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.net_device_ops.754267, %struct.net_device_ops.754267* %9, i64 0, i32 74 %15 = load %struct.devlink_port* (%struct.net_device.754351*)*, %struct.devlink_port* (%struct.net_device.754351*)** %14, align 8 %16 = icmp eq %struct.devlink_port* (%struct.net_device.754351*)* %15, null br i1 %16, label %42, label %17 %18 = tail call i32 @rtnl_trylock() #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %23 %24 = getelementptr inbounds %struct.dev_pm_info.754055, %struct.dev_pm_info.754055* %5, i64 3, i32 24 %25 = bitcast i64* %24 to i8* %26 = load i8, i8* %25, align 32 %27 = icmp ugt i8 %26, 1 br i1 %27, label %40, label %28 %29 = getelementptr inbounds %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %4, i64 0, i32 0, i64 0 %30 = call i32 bitcast (i32 (%struct.net_device.744736*, %struct.netdev_phys_item_id*, i1)* @dev_get_port_parent_id to i32 (%struct.net_device.754351*, %struct.netdev_phys_item_id*, i1)*)(%struct.net_device.754351* %6, %struct.netdev_phys_item_id* nonnull %4, i1 zeroext false) #83 Function:dev_get_port_parent_id %4 = alloca %struct.netdev_phys_item_id, align 1 %5 = getelementptr inbounds %struct.net_device.744736, %struct.net_device.744736* %0, i64 0, i32 16 %6 = load %struct.net_device_ops.744647*, %struct.net_device_ops.744647** %5, align 8 %7 = getelementptr inbounds %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %4, i64 0, i32 0, i64 0 %8 = getelementptr inbounds %struct.net_device_ops.744647, %struct.net_device_ops.744647* %6, i64 0, i32 61 %9 = load i32 (%struct.net_device.744736*, %struct.netdev_phys_item_id*)*, i32 (%struct.net_device.744736*, %struct.netdev_phys_item_id*)** %8, align 8 %10 = icmp eq i32 (%struct.net_device.744736*, %struct.netdev_phys_item_id*)* %9, null br i1 %10, label %16, label %11 %12 = tail call i32 %9(%struct.net_device.744736* %0, %struct.netdev_phys_item_id* %1) #83 %13 = icmp ne i32 %12, -95 %14 = xor i1 %2, true %15 = or i1 %13, %14 br i1 %15, label %57, label %17 %18 = getelementptr inbounds %struct.net_device.744736, %struct.net_device.744736* %0, i64 0, i32 13, i32 1, i32 0 %19 = bitcast %struct.list_head** %18 to i64* %20 = load i64, i64* %19, align 16 %21 = inttoptr i64 %20 to %struct.list_head* %22 = getelementptr inbounds %struct.net_device.744736, %struct.net_device.744736* %0, i64 0, i32 13, i32 1 %23 = icmp eq %struct.list_head* %22, %21 br i1 %23, label %57, label %24 %25 = inttoptr i64 %20 to i8* %26 = getelementptr i8, i8* %25, i64 -24 %27 = bitcast i8* %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = icmp eq i8* %28, null br i1 %29, label %57, label %30 %31 = getelementptr inbounds %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %4, i64 0, i32 1 %32 = getelementptr %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %1, i64 0, i32 0, i64 0 br label %33 %34 = phi i8* [ %28, %30 ], [ %55, %51 ] %35 = phi i64 [ %20, %30 ], [ %37, %51 ] %36 = inttoptr i64 %35 to i64* %37 = load i64, i64* %36, align 8 %38 = bitcast i8* %34 to %struct.net_device.744736* %39 = tail call i32 @dev_get_port_parent_id(%struct.net_device.744736* nonnull %38, %struct.netdev_phys_item_id* %1, i1 zeroext true) #84 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %57 %42 = load i8, i8* %31, align 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %45 %46 = call i32 @bcmp(i8* nonnull dereferenceable(33) %7, i8* dereferenceable(33) %32, i64 33) ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_refine 1 snd_pcm_hw_params 2 snd_pcm_kernel_ioctl 3 snd_pcm_channel_info 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %24 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %25 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.721187* %0, %struct.snd_pcm_hw_params* %24) #83 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.721187* %0, null br i1 %3, label %345, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.721183* %6, null br i1 %7, label %345, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #83 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #83 br label %32 br i1 %23, label %33, label %345 %34 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 20, i32 0 %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %345 %38 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %39 = icmp eq %struct.snd_pcm_runtime.721183* %38, null br i1 %39, label %62, label %40 %63 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 store i32 -1, i32* %63, align 8 %64 = tail call i32 @snd_pcm_hw_refine(%struct.snd_pcm_substream.721187* nonnull %0, %struct.snd_pcm_hw_params* %1) #84 Function:snd_pcm_hw_refine %3 = alloca [20 x i32], align 16 %4 = alloca %struct.extended_perms_data, align 4 %5 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 7 store i32 0, i32* %5, align 8 %6 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 11 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 256 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = and i32 %8, 2048 %15 = icmp eq i32 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %21 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %20, align 8 %22 = bitcast %struct.extended_perms_data* %4 to i8* %23 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 6 %24 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0 %25 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %24, i64 0, i32 0, i64 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %29 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %290, label %32 %33 = and i32 %8, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast %struct.extended_perms_data* %24 to i8* %37 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 0 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, %26 store i32 %39, i32* %25, align 4 %40 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 1 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, %41 store i32 %44, i32* %42, align 4 %45 = or i32 %44, %39 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %48 %49 = call i32 @bcmp(i8* dereferenceable(8) %36, i8* nonnull dereferenceable(8) %22, i64 8) #6 %50 = icmp eq i32 %49, 0 br i1 %50, label %54, label %51 %52 = load i32, i32* %23, align 4 %53 = or i32 %52, 1 store i32 %53, i32* %23, align 4 br label %54 %55 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1 %56 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %55, i64 0, i32 0, i64 0 %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 0 br i1 %62, label %290, label %63 %64 = and i32 %8, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %84, label %66 %67 = bitcast %struct.extended_perms_data* %55 to i8* %68 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 0 %69 = load i32, i32* %68, align 4 %70 = and i32 %69, %57 store i32 %70, i32* %56, align 4 %71 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 1 %72 = load i32, i32* %71, align 4 %73 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %74 = load i32, i32* %73, align 4 %75 = and i32 %74, %72 store i32 %75, i32* %73, align 4 %76 = or i32 %75, %70 %77 = icmp eq i32 %76, 0 br i1 %77, label %47, label %78 %79 = call i32 @bcmp(i8* dereferenceable(8) %67, i8* nonnull dereferenceable(8) %22, i64 8) #6 %80 = icmp eq i32 %79, 0 br i1 %80, label %84, label %81 %82 = load i32, i32* %23, align 4 %83 = or i32 %82, 2 store i32 %83, i32* %23, align 4 br label %84 %85 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 2 %86 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %85, i64 0, i32 0, i64 0 %87 = load i32, i32* %86, align 4 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %93 %90 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 2, i32 0, i64 1 %91 = load i32, i32* %90, align 4 %92 = icmp eq i32 %91, 0 br i1 %92, label %290, label %93 %94 = and i32 %8, 4 %95 = icmp eq i32 %94, 0 br i1 %95, label %114, label %96 %97 = bitcast %struct.extended_perms_data* %85 to i8* %98 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 2, i32 0, i64 0 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, %87 store i32 %100, i32* %86, align 4 %101 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 2, i32 0, i64 1 %102 = load i32, i32* %101, align 4 %103 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 2, i32 0, i64 1 %104 = load i32, i32* %103, align 4 %105 = and i32 %104, %102 store i32 %105, i32* %103, align 4 %106 = or i32 %105, %100 %107 = icmp eq i32 %106, 0 br i1 %107, label %47, label %108 %109 = call i32 @bcmp(i8* dereferenceable(8) %97, i8* nonnull dereferenceable(8) %22, i64 8) #6 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_refine 1 snd_pcm_hw_params 2 snd_pcm_kernel_ioctl 3 snd_pcm_channel_info 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %24 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %25 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.721187* %0, %struct.snd_pcm_hw_params* %24) #83 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.721187* %0, null br i1 %3, label %345, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.721183* %6, null br i1 %7, label %345, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #83 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #83 br label %32 br i1 %23, label %33, label %345 %34 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 20, i32 0 %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %345 %38 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %39 = icmp eq %struct.snd_pcm_runtime.721183* %38, null br i1 %39, label %62, label %40 %63 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 store i32 -1, i32* %63, align 8 %64 = tail call i32 @snd_pcm_hw_refine(%struct.snd_pcm_substream.721187* nonnull %0, %struct.snd_pcm_hw_params* %1) #84 Function:snd_pcm_hw_refine %3 = alloca [20 x i32], align 16 %4 = alloca %struct.extended_perms_data, align 4 %5 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 7 store i32 0, i32* %5, align 8 %6 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 11 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 256 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = and i32 %8, 2048 %15 = icmp eq i32 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %21 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %20, align 8 %22 = bitcast %struct.extended_perms_data* %4 to i8* %23 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 6 %24 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0 %25 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %24, i64 0, i32 0, i64 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %29 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %290, label %32 %33 = and i32 %8, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast %struct.extended_perms_data* %24 to i8* %37 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 0 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, %26 store i32 %39, i32* %25, align 4 %40 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 1 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, %41 store i32 %44, i32* %42, align 4 %45 = or i32 %44, %39 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %48 %49 = call i32 @bcmp(i8* dereferenceable(8) %36, i8* nonnull dereferenceable(8) %22, i64 8) #6 %50 = icmp eq i32 %49, 0 br i1 %50, label %54, label %51 %52 = load i32, i32* %23, align 4 %53 = or i32 %52, 1 store i32 %53, i32* %23, align 4 br label %54 %55 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1 %56 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %55, i64 0, i32 0, i64 0 %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 0 br i1 %62, label %290, label %63 %64 = and i32 %8, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %84, label %66 %67 = bitcast %struct.extended_perms_data* %55 to i8* %68 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 0 %69 = load i32, i32* %68, align 4 %70 = and i32 %69, %57 store i32 %70, i32* %56, align 4 %71 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 1 %72 = load i32, i32* %71, align 4 %73 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %74 = load i32, i32* %73, align 4 %75 = and i32 %74, %72 store i32 %75, i32* %73, align 4 %76 = or i32 %75, %70 %77 = icmp eq i32 %76, 0 br i1 %77, label %47, label %78 %79 = call i32 @bcmp(i8* dereferenceable(8) %67, i8* nonnull dereferenceable(8) %22, i64 8) #6 %80 = icmp eq i32 %79, 0 br i1 %80, label %84, label %81 %82 = load i32, i32* %23, align 4 %83 = or i32 %82, 2 store i32 %83, i32* %23, align 4 br label %84 %85 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 2 %86 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %85, i64 0, i32 0, i64 0 %87 = load i32, i32* %86, align 4 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %93 %90 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 2, i32 0, i64 1 %91 = load i32, i32* %90, align 4 %92 = icmp eq i32 %91, 0 br i1 %92, label %290, label %93 %94 = and i32 %8, 4 %95 = icmp eq i32 %94, 0 br i1 %95, label %114, label %96 %97 = bitcast %struct.extended_perms_data* %85 to i8* %98 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 2, i32 0, i64 0 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, %87 store i32 %100, i32* %86, align 4 %101 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 2, i32 0, i64 1 %102 = load i32, i32* %101, align 4 %103 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 2, i32 0, i64 1 %104 = load i32, i32* %103, align 4 %105 = and i32 %104, %102 store i32 %105, i32* %103, align 4 %106 = or i32 %105, %100 %107 = icmp eq i32 %106, 0 br i1 %107, label %47, label %108 %109 = call i32 @bcmp(i8* dereferenceable(8) %97, i8* nonnull dereferenceable(8) %22, i64 8) #6 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_refine 1 snd_pcm_hw_params 2 snd_pcm_kernel_ioctl 3 snd_pcm_channel_info 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %24 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %25 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.721187* %0, %struct.snd_pcm_hw_params* %24) #83 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.721187* %0, null br i1 %3, label %345, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.721183* %6, null br i1 %7, label %345, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #83 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #83 br label %32 br i1 %23, label %33, label %345 %34 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 20, i32 0 %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %345 %38 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %39 = icmp eq %struct.snd_pcm_runtime.721183* %38, null br i1 %39, label %62, label %40 %63 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 store i32 -1, i32* %63, align 8 %64 = tail call i32 @snd_pcm_hw_refine(%struct.snd_pcm_substream.721187* nonnull %0, %struct.snd_pcm_hw_params* %1) #84 Function:snd_pcm_hw_refine %3 = alloca [20 x i32], align 16 %4 = alloca %struct.extended_perms_data, align 4 %5 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 7 store i32 0, i32* %5, align 8 %6 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 11 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 256 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = and i32 %8, 2048 %15 = icmp eq i32 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %21 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %20, align 8 %22 = bitcast %struct.extended_perms_data* %4 to i8* %23 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 6 %24 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0 %25 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %24, i64 0, i32 0, i64 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %29 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %290, label %32 %33 = and i32 %8, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast %struct.extended_perms_data* %24 to i8* %37 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 0 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, %26 store i32 %39, i32* %25, align 4 %40 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 1 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, %41 store i32 %44, i32* %42, align 4 %45 = or i32 %44, %39 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %48 %49 = call i32 @bcmp(i8* dereferenceable(8) %36, i8* nonnull dereferenceable(8) %22, i64 8) #6 %50 = icmp eq i32 %49, 0 br i1 %50, label %54, label %51 %52 = load i32, i32* %23, align 4 %53 = or i32 %52, 1 store i32 %53, i32* %23, align 4 br label %54 %55 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1 %56 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %55, i64 0, i32 0, i64 0 %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 0 br i1 %62, label %290, label %63 %64 = and i32 %8, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %84, label %66 %67 = bitcast %struct.extended_perms_data* %55 to i8* %68 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 0 %69 = load i32, i32* %68, align 4 %70 = and i32 %69, %57 store i32 %70, i32* %56, align 4 %71 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 1 %72 = load i32, i32* %71, align 4 %73 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %74 = load i32, i32* %73, align 4 %75 = and i32 %74, %72 store i32 %75, i32* %73, align 4 %76 = or i32 %75, %70 %77 = icmp eq i32 %76, 0 br i1 %77, label %47, label %78 %79 = call i32 @bcmp(i8* dereferenceable(8) %67, i8* nonnull dereferenceable(8) %22, i64 8) #6 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_refine 1 snd_pcm_hw_params 2 snd_pcm_kernel_ioctl 3 snd_pcm_channel_info 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %24 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %25 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.721187* %0, %struct.snd_pcm_hw_params* %24) #83 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.721187* %0, null br i1 %3, label %345, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.721183* %6, null br i1 %7, label %345, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #83 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #83 br label %32 br i1 %23, label %33, label %345 %34 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 20, i32 0 %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %345 %38 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %39 = icmp eq %struct.snd_pcm_runtime.721183* %38, null br i1 %39, label %62, label %40 %63 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 store i32 -1, i32* %63, align 8 %64 = tail call i32 @snd_pcm_hw_refine(%struct.snd_pcm_substream.721187* nonnull %0, %struct.snd_pcm_hw_params* %1) #84 Function:snd_pcm_hw_refine %3 = alloca [20 x i32], align 16 %4 = alloca %struct.extended_perms_data, align 4 %5 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 7 store i32 0, i32* %5, align 8 %6 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 11 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 256 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = and i32 %8, 2048 %15 = icmp eq i32 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %21 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %20, align 8 %22 = bitcast %struct.extended_perms_data* %4 to i8* %23 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 6 %24 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0 %25 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %24, i64 0, i32 0, i64 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %29 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %290, label %32 %33 = and i32 %8, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast %struct.extended_perms_data* %24 to i8* %37 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 0 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, %26 store i32 %39, i32* %25, align 4 %40 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 1 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, %41 store i32 %44, i32* %42, align 4 %45 = or i32 %44, %39 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %48 %49 = call i32 @bcmp(i8* dereferenceable(8) %36, i8* nonnull dereferenceable(8) %22, i64 8) #6 %50 = icmp eq i32 %49, 0 br i1 %50, label %54, label %51 %52 = load i32, i32* %23, align 4 %53 = or i32 %52, 1 store i32 %53, i32* %23, align 4 br label %54 %55 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1 %56 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %55, i64 0, i32 0, i64 0 %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 0 br i1 %62, label %290, label %63 %64 = and i32 %8, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %84, label %66 %67 = bitcast %struct.extended_perms_data* %55 to i8* %68 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 0 %69 = load i32, i32* %68, align 4 %70 = and i32 %69, %57 store i32 %70, i32* %56, align 4 %71 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 1, i32 0, i64 1 %72 = load i32, i32* %71, align 4 %73 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 1, i32 0, i64 1 %74 = load i32, i32* %73, align 4 %75 = and i32 %74, %72 store i32 %75, i32* %73, align 4 %76 = or i32 %75, %70 %77 = icmp eq i32 %76, 0 br i1 %77, label %47, label %78 %79 = call i32 @bcmp(i8* dereferenceable(8) %67, i8* nonnull dereferenceable(8) %22, i64 8) #6 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_refine 1 snd_pcm_hw_params 2 snd_pcm_kernel_ioctl 3 snd_pcm_channel_info 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %24 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %25 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.721187* %0, %struct.snd_pcm_hw_params* %24) #83 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.721187* %0, null br i1 %3, label %345, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.721183* %6, null br i1 %7, label %345, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #83 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #83 br label %32 br i1 %23, label %33, label %345 %34 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 20, i32 0 %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %345 %38 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %39 = icmp eq %struct.snd_pcm_runtime.721183* %38, null br i1 %39, label %62, label %40 %63 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 store i32 -1, i32* %63, align 8 %64 = tail call i32 @snd_pcm_hw_refine(%struct.snd_pcm_substream.721187* nonnull %0, %struct.snd_pcm_hw_params* %1) #84 Function:snd_pcm_hw_refine %3 = alloca [20 x i32], align 16 %4 = alloca %struct.extended_perms_data, align 4 %5 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 7 store i32 0, i32* %5, align 8 %6 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 11 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 256 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = and i32 %8, 2048 %15 = icmp eq i32 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %21 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %20, align 8 %22 = bitcast %struct.extended_perms_data* %4 to i8* %23 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 6 %24 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0 %25 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %24, i64 0, i32 0, i64 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %29 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %290, label %32 %33 = and i32 %8, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast %struct.extended_perms_data* %24 to i8* %37 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 0 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, %26 store i32 %39, i32* %25, align 4 %40 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 1 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, %41 store i32 %44, i32* %42, align 4 %45 = or i32 %44, %39 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %48 %49 = call i32 @bcmp(i8* dereferenceable(8) %36, i8* nonnull dereferenceable(8) %22, i64 8) #6 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_hw_refine 1 snd_pcm_hw_params 2 snd_pcm_kernel_ioctl 3 snd_pcm_channel_info 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %24 = bitcast i8* %2 to %struct.snd_pcm_hw_params* %25 = tail call fastcc i32 @snd_pcm_hw_params(%struct.snd_pcm_substream.721187* %0, %struct.snd_pcm_hw_params* %24) #83 Function:snd_pcm_hw_params %3 = icmp eq %struct.snd_pcm_substream.721187* %0, null br i1 %3, label %345, label %4, !prof !4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = icmp eq %struct.snd_pcm_runtime.721183* %6, null br i1 %7, label %345, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %10 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %11 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %10, i64 0, i32 14 %12 = load i8, i8* %11, align 1, !range !6 %13 = icmp eq i8 %12, 0 br i1 %13, label %16, label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %15) #83 br label %18 %19 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %20 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %19, align 8 %21 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %20, i64 0, i32 0 %22 = load i32, i32* %21, align 8 %23 = icmp ult i32 %22, 3 %24 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %9, align 8 %25 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %24, i64 0, i32 14 %26 = load i8, i8* %25, align 1, !range !6 %27 = icmp eq i8 %26, 0 br i1 %27, label %30, label %28 %29 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %29) #83 br label %32 br i1 %23, label %33, label %345 %34 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 20, i32 0 %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %345 %38 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %39 = icmp eq %struct.snd_pcm_runtime.721183* %38, null br i1 %39, label %62, label %40 %63 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 store i32 -1, i32* %63, align 8 %64 = tail call i32 @snd_pcm_hw_refine(%struct.snd_pcm_substream.721187* nonnull %0, %struct.snd_pcm_hw_params* %1) #84 Function:snd_pcm_hw_refine %3 = alloca [20 x i32], align 16 %4 = alloca %struct.extended_perms_data, align 4 %5 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 7 store i32 0, i32* %5, align 8 %6 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 11 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 5 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 256 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = and i32 %8, 2048 %15 = icmp eq i32 %14, 0 br i1 %15, label %19, label %16 %20 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %21 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %20, align 8 %22 = bitcast %struct.extended_perms_data* %4 to i8* %23 = getelementptr inbounds %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 6 %24 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0 %25 = getelementptr %struct.extended_perms_data, %struct.extended_perms_data* %24, i64 0, i32 0, i64 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %29 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %290, label %32 %33 = and i32 %8, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast %struct.extended_perms_data* %24 to i8* %37 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 0 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, %26 store i32 %39, i32* %25, align 4 %40 = getelementptr %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %21, i64 0, i32 47, i32 0, i64 0, i32 0, i64 1 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.snd_pcm_hw_params, %struct.snd_pcm_hw_params* %1, i64 0, i32 1, i64 0, i32 0, i64 1 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, %41 store i32 %44, i32* %42, align 4 %45 = or i32 %44, %39 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %48 %49 = call i32 @bcmp(i8* dereferenceable(8) %36, i8* nonnull dereferenceable(8) %22, i64 8) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.701531* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.701481** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.701481**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.701481* %14 = getelementptr inbounds %struct.task_struct.701481, %struct.task_struct.701481* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %77 = icmp eq i64 %2, 2084 br i1 %77, label %78, label %134 %79 = getelementptr inbounds i8, i8* %1, i64 2080 %80 = bitcast i8* %79 to i32* %81 = load i32, i32* %80, align 1 %82 = getelementptr inbounds i8, i8* %1, i64 1024 %83 = bitcast i8* %82 to i64* %84 = load i64, i64* %83, align 1 %85 = getelementptr inbounds i8, i8* %1, i64 1032 %86 = bitcast i8* %85 to i64* %87 = load i64, i64* %86, align 1 %88 = bitcast i8* %1 to i16* %89 = getelementptr inbounds i8, i8* %1, i64 1040 %90 = bitcast i8* %89 to i64* %91 = load i64, i64* %90, align 1 %92 = getelementptr inbounds i8, i8* %1, i64 1048 %93 = bitcast %struct.efivar_entry.701531* %0 to i8* %94 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %93, i64 1024) #6 %95 = icmp eq i32 %94, 0 br i1 %95, label %96, label %111 %97 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 1 %98 = bitcast %struct.uuid_t* %97 to i64* %99 = load i64, i64* %98, align 1 %100 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %101 = bitcast i8* %100 to i64* %102 = load i64, i64* %101, align 1 %103 = bitcast { i64, i64 }* %4 to i8* %104 = bitcast { i64, i64 }* %5 to i8* %105 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 0 store i64 %84, i64* %105, align 8 %106 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 1 store i64 %87, i64* %106, align 8 %107 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 0 store i64 %99, i64* %107, align 8 %108 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 1 store i64 %102, i64* %108, align 8 %109 = call i32 @bcmp(i8* nonnull dereferenceable(16) %103, i8* nonnull dereferenceable(16) %104, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.701531* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.701481** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.701481**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.701481* %14 = getelementptr inbounds %struct.task_struct.701481, %struct.task_struct.701481* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %77 = icmp eq i64 %2, 2084 br i1 %77, label %78, label %134 %79 = getelementptr inbounds i8, i8* %1, i64 2080 %80 = bitcast i8* %79 to i32* %81 = load i32, i32* %80, align 1 %82 = getelementptr inbounds i8, i8* %1, i64 1024 %83 = bitcast i8* %82 to i64* %84 = load i64, i64* %83, align 1 %85 = getelementptr inbounds i8, i8* %1, i64 1032 %86 = bitcast i8* %85 to i64* %87 = load i64, i64* %86, align 1 %88 = bitcast i8* %1 to i16* %89 = getelementptr inbounds i8, i8* %1, i64 1040 %90 = bitcast i8* %89 to i64* %91 = load i64, i64* %90, align 1 %92 = getelementptr inbounds i8, i8* %1, i64 1048 %93 = bitcast %struct.efivar_entry.701531* %0 to i8* %94 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %93, i64 1024) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.701531* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.701481** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.701481**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.701481* %14 = getelementptr inbounds %struct.task_struct.701481, %struct.task_struct.701481* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %19 = icmp eq i64 %2, 2076 br i1 %19, label %20, label %134 %21 = getelementptr inbounds i8, i8* %1, i64 2072 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 1 %24 = getelementptr inbounds i8, i8* %1, i64 1024 %25 = bitcast i8* %24 to i64* %26 = load i64, i64* %25, align 1 %27 = getelementptr inbounds i8, i8* %1, i64 1032 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 1 %30 = bitcast i8* %1 to i16* %31 = getelementptr inbounds i8, i8* %1, i64 1040 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 1 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds i8, i8* %1, i64 1044 %36 = bitcast %struct.efivar_entry.701531* %0 to i8* %37 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %36, i64 1024) #6 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %54 %40 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 1 %41 = bitcast %struct.uuid_t* %40 to i64* %42 = load i64, i64* %41, align 1 %43 = getelementptr inbounds %struct.efivar_entry.701531, %struct.efivar_entry.701531* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 1 %46 = bitcast { i64, i64 }* %6 to i8* %47 = bitcast { i64, i64 }* %7 to i8* %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %26, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %29, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %42, i64* %50, align 8 %51 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %45, i64* %51, align 8 %52 = call i32 @bcmp(i8* nonnull dereferenceable(16) %46, i8* nonnull dereferenceable(16) %47, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.701531* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.701481** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.701481**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.701481* %14 = getelementptr inbounds %struct.task_struct.701481, %struct.task_struct.701481* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %19 = icmp eq i64 %2, 2076 br i1 %19, label %20, label %134 %21 = getelementptr inbounds i8, i8* %1, i64 2072 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 1 %24 = getelementptr inbounds i8, i8* %1, i64 1024 %25 = bitcast i8* %24 to i64* %26 = load i64, i64* %25, align 1 %27 = getelementptr inbounds i8, i8* %1, i64 1032 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 1 %30 = bitcast i8* %1 to i16* %31 = getelementptr inbounds i8, i8* %1, i64 1040 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 1 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds i8, i8* %1, i64 1044 %36 = bitcast %struct.efivar_entry.701531* %0 to i8* %37 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %36, i64 1024) #6 ------------- Use: =BAD PATH= Call Stack: 0 xhci_port_write ------------- Path:  Function:xhci_port_write %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.xhci_port** %11 = load %struct.xhci_port*, %struct.xhci_port** %10, align 8 %12 = getelementptr inbounds %struct.xhci_port, %struct.xhci_port* %11, i64 0, i32 3 %13 = load %struct.xhci_hub*, %struct.xhci_hub** %12, align 8 %14 = getelementptr inbounds %struct.xhci_hub, %struct.xhci_hub* %13, i64 0, i32 2 %15 = load %struct.usb_hcd*, %struct.usb_hcd** %14, align 8 %16 = tail call i32 bitcast (i32 (%struct.usb_hcd.649134*)* @usb_hcd_is_primary_hcd to i32 (%struct.usb_hcd*)*)(%struct.usb_hcd* %15) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21 %22 = phi %struct.usb_hcd* [ %20, %18 ], [ %15, %4 ] %23 = getelementptr inbounds %struct.usb_hcd, %struct.usb_hcd* %22, i64 0, i32 29, i64 0 %24 = bitcast i64* %23 to %struct.xhci_hcd* %25 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %26 = icmp ult i64 %2, 31 %27 = select i1 %26, i64 %2, i64 31 %28 = call i64 @_copy_from_user(i8* nonnull %25, i8* %1, i64 %27) #83 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %53 %31 = call i32 @bcmp(i8* nonnull dereferenceable(10) %25, i8* dereferenceable(10) getelementptr inbounds ([11 x i8], [11 x i8]* @.str.209.57192, i64 0, i64 0), i64 10) ------------- Use: =BAD PATH= Call Stack: 0 store_scan ------------- Path:  Function:store_scan %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca [15 x i8], align 1 %9 = alloca [15 x i8], align 1 %10 = alloca [17 x i8], align 16 %11 = alloca i8, align 1 %12 = getelementptr %struct.device.609954, %struct.device.609954* %0, i64 -2, i32 10, i32 1, i32 1 %13 = bitcast %struct.list_head** %12 to %struct.Scsi_Host.610238* %14 = getelementptr inbounds [15 x i8], [15 x i8]* %8, i64 0, i64 0 %15 = getelementptr inbounds [15 x i8], [15 x i8]* %9, i64 0, i64 0 %16 = getelementptr inbounds [17 x i8], [17 x i8]* %10, i64 0, i64 0 %17 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.33.50226, i64 0, i64 0), i8* nonnull %14, i8* nonnull %15, i8* nonnull %16, i8* nonnull %11) #83 %18 = icmp eq i32 %17, 3 br i1 %18, label %19, label %66 %20 = bitcast i8** %7 to i8* %21 = call i32 @bcmp(i8* nonnull dereferenceable(2) %14, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.34.50227, i64 0, i64 0), i64 2) #6 %22 = icmp eq i32 %21, 0 br i1 %22, label %29, label %23 %24 = call i64 @simple_strtoull(i8* nonnull %14, i8** nonnull %7, i32 0) #83 %25 = load i8*, i8** %7, align 8 %26 = load i8, i8* %25, align 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 %30 = phi i64 [ %24, %23 ], [ -1, %19 ] %31 = bitcast i8** %6 to i8* %32 = call i32 @bcmp(i8* nonnull dereferenceable(2) %15, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.34.50227, i64 0, i64 0), i64 2) #6 ------------- Use: =BAD PATH= Call Stack: 0 store_scan ------------- Path:  Function:store_scan %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca [15 x i8], align 1 %9 = alloca [15 x i8], align 1 %10 = alloca [17 x i8], align 16 %11 = alloca i8, align 1 %12 = getelementptr %struct.device.609954, %struct.device.609954* %0, i64 -2, i32 10, i32 1, i32 1 %13 = bitcast %struct.list_head** %12 to %struct.Scsi_Host.610238* %14 = getelementptr inbounds [15 x i8], [15 x i8]* %8, i64 0, i64 0 %15 = getelementptr inbounds [15 x i8], [15 x i8]* %9, i64 0, i64 0 %16 = getelementptr inbounds [17 x i8], [17 x i8]* %10, i64 0, i64 0 %17 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.33.50226, i64 0, i64 0), i8* nonnull %14, i8* nonnull %15, i8* nonnull %16, i8* nonnull %11) #83 %18 = icmp eq i32 %17, 3 br i1 %18, label %19, label %66 %20 = bitcast i8** %7 to i8* %21 = call i32 @bcmp(i8* nonnull dereferenceable(2) %14, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.34.50227, i64 0, i64 0), i64 2) #6 ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.48040, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %365 = icmp eq i64 %206, 2338324113575339364 br i1 %365, label %366, label %412 %367 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %368 = bitcast i8* %367 to i32* %369 = load i32, i32* %368, align 8 %370 = icmp eq i32 %369, 1701736302 br i1 %370, label %380, label %371 %372 = trunc i32 %369 to i16 %373 = call i32 @bcmp(i8* dereferenceable(6) %367, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.48012, i64 0, i64 0), i64 6) %374 = icmp eq i32 %373, 0 %375 = icmp eq i16 %372, 28521 %376 = or i1 %374, %375 br i1 %376, label %380, label %377 %378 = call i32 @bcmp(i8* dereferenceable(3) %367, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.48011, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.48040, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %365 = icmp eq i64 %206, 2338324113575339364 br i1 %365, label %366, label %412 %367 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %368 = bitcast i8* %367 to i32* %369 = load i32, i32* %368, align 8 %370 = icmp eq i32 %369, 1701736302 br i1 %370, label %380, label %371 %372 = trunc i32 %369 to i16 %373 = call i32 @bcmp(i8* dereferenceable(6) %367, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.48012, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.48040, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* %300 = bitcast i32* %9 to i8* %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.48041, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.48040, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.48012, i64 0, i64 0), i64 6) %216 = icmp eq i32 %215, 0 %217 = icmp eq i16 %214, 28521 %218 = or i1 %216, %217 br i1 %218, label %222, label %219 %220 = call i32 @bcmp(i8* dereferenceable(3) %209, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.48011, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.48012, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.48039, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.48008, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.48012, i64 0, i64 0), i64 6) %68 = icmp eq i32 %67, 0 br i1 %68, label %75, label %69 %70 = call i32 @bcmp(i8* dereferenceable(2) %60, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.48010, i64 0, i64 0), i64 2) %71 = icmp eq i32 %70, 0 br i1 %71, label %75, label %72 %73 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.48011, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.48039, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.48008, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.48012, i64 0, i64 0), i64 6) %68 = icmp eq i32 %67, 0 br i1 %68, label %75, label %69 %70 = call i32 @bcmp(i8* dereferenceable(2) %60, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.48010, i64 0, i64 0), i64 2) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.48039, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.48008, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.48012, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.48039, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.48008, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.48039, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.48038, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.48008, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %408, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.48012, i64 0, i64 0), i64 6) %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %30 = call i32 @bcmp(i8* dereferenceable(2) %23, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.48010, i64 0, i64 0), i64 2) %31 = icmp eq i32 %30, 0 br i1 %31, label %35, label %32 %33 = call i32 @bcmp(i8* dereferenceable(3) %23, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.48011, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.48008, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %408, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.48012, i64 0, i64 0), i64 6) %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %30 = call i32 @bcmp(i8* dereferenceable(2) %23, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.48010, i64 0, i64 0), i64 2) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.48008, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %408, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.48012, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.48008, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.48037, i64 0, i64 0), i64 5) ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %70, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %70 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #84 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %66, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %66 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #84 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 mtrr_write ------------- Path:  Function:mtrr_write %5 = alloca i8*, align 8 %6 = alloca [80 x i8], align 16 %7 = bitcast i8** %5 to i8* %8 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %9 = icmp ult i64 %2, 79 %10 = select i1 %9, i64 %2, i64 79 %11 = call i64 @strncpy_from_user(i8* nonnull %8, i8* %1, i64 %10) #83 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %14, label %17 %18 = call i64 @strlen(i8* nonnull %8) #84 %19 = getelementptr [80 x i8], [80 x i8]* %6, i64 0, i64 %18 %20 = getelementptr i8, i8* %19, i64 -1 store i8* %20, i8** %5, align 8 %21 = icmp eq i64 %18, 0 br i1 %21, label %26, label %22 %27 = bitcast [80 x i8]* %6 to i64* %28 = load i64, i64* %27, align 16 %29 = icmp eq i64 %28, 4424061378758928740 br i1 %29, label %30, label %38 %39 = call i32 @bcmp(i8* nonnull dereferenceable(5) %8, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.9.3197, i64 0, i64 0), i64 5) ------------- Use: =BAD PATH= Call Stack: 0 load_elf_binary ------------- Path:  Function:load_elf_binary %2 = alloca i64, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 0 %5 = bitcast i8* %4 to %struct.elf64_hdr* %6 = tail call i32 @bcmp(i8* dereferenceable(4) %4, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.18493, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 load_elf_binary.18498 ------------- Path:  Function:load_elf_binary.18498 %2 = alloca i64, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 0 %5 = bitcast i8* %4 to %struct.elf32_hdr* %6 = tail call i32 @bcmp(i8* dereferenceable(4) %4, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.18506, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 __ext4_find_entry 1 ext4_lookup ------------- Path:  Function:ext4_lookup %4 = alloca %struct.ext4_filename, align 8 %5 = alloca %struct.ext4_dir_entry_2*, align 8 %6 = bitcast %struct.ext4_dir_entry_2** %5 to i8* %7 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4, i32 0 %8 = bitcast %struct.anon.1* %7 to %struct.static_call_site* %9 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %8, i64 0, i32 1 %10 = load i32, i32* %9, align 4 %11 = icmp ugt i32 %10, 255 br i1 %11, label %80, label %12 %13 = bitcast %struct.ext4_filename* %4 to i8* %14 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4 %15 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 0 store %struct.qstr* %14, %struct.qstr** %15, align 8 %16 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4, i32 1 %17 = bitcast i8** %16 to i64* %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1 %20 = bitcast %struct.uuidcmp* %19 to i64* store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1, i32 1 store i32 %10, i32* %21, align 8 tail call void bitcast (void (%struct.dentry.151783*)* @generic_set_encrypted_ci_d_ops to void (%struct.dentry.190016*)*)(%struct.dentry.190016* %1) #83 %22 = call fastcc %struct.buffer_head.190040* @__ext4_find_entry(%struct.inode.190029* %0, %struct.ext4_filename* nonnull %4, %struct.ext4_dir_entry_2** nonnull %5, i32* null) #83 Function:__ext4_find_entry %5 = alloca [3 x %struct.dx_frame], align 16 %6 = alloca [8 x %struct.buffer_head.190040*], align 16 %7 = alloca i32, align 4 %8 = bitcast [8 x %struct.buffer_head.190040*]* %6 to i8* %9 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 0 %10 = load %struct.qstr*, %struct.qstr** %9, align 8 %11 = getelementptr inbounds %struct.qstr, %struct.qstr* %10, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 store %struct.ext4_dir_entry_2* null, %struct.ext4_dir_entry_2** %2, align 8 %13 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 8 %14 = load %struct.super_block.190011*, %struct.super_block.190011** %13, align 8 %15 = bitcast %struct.ext4_filename* %1 to %struct.static_call_site** %16 = load %struct.static_call_site*, %struct.static_call_site** %15, align 8 %17 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %16, i64 0, i32 1 %18 = load i32, i32* %17, align 4 %19 = icmp sgt i32 %18, 255 br i1 %19, label %449, label %20 %21 = getelementptr %struct.inode.190029, %struct.inode.190029* %0, i64 -1, i32 34 %22 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %21, i64 10, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 268435456 %25 = icmp eq i64 %24, 0 br i1 %25, label %41, label %26 %42 = phi %struct.buffer_head.190040* [ %33, %40 ], [ null, %26 ], [ null, %20 ] %43 = icmp slt i32 %18, 3 br i1 %43, label %44, label %50 %45 = load i8, i8* %12, align 1 %46 = icmp eq i8 %45, 46 br i1 %46, label %47, label %50 %48 = getelementptr i8, i8* %12, i64 1 %49 = load i8, i8* %48, align 1 switch i8 %49, label %50 [ i8 46, label %267 i8 0, label %267 ] %268 = phi i32 [ %259, %261 ], [ 1, %47 ], [ 1, %47 ] %269 = phi i32 [ %266, %261 ], [ 0, %47 ], [ 0, %47 ] %270 = phi %struct.buffer_head.190040* [ %252, %261 ], [ %42, %47 ], [ %42, %47 ] %271 = getelementptr inbounds [8 x %struct.buffer_head.190040*], [8 x %struct.buffer_head.190040*]* %6, i64 0, i64 0 %272 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %14, i64 0, i32 2 %273 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 1, i32 1 %274 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 1, i32 0 %275 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 14 br label %276 %277 = phi i32 [ %435, %430 ], [ %268, %267 ] %278 = phi i64 [ %304, %430 ], [ 0, %267 ] %279 = phi i64 [ %303, %430 ], [ 0, %267 ] %280 = phi i32 [ %277, %430 ], [ %269, %267 ] %281 = phi i32 [ 0, %430 ], [ %269, %267 ] br label %282 %283 = phi i64 [ %278, %276 ], [ %304, %425 ] %284 = phi i64 [ %279, %276 ], [ %303, %425 ] %285 = phi i32 [ %280, %276 ], [ %428, %425 ] %286 = call i32 @__SCT__cond_resched() #83 %287 = icmp ult i64 %283, %284 br i1 %287, label %301, label %288 %289 = icmp ugt i32 %281, %285 %290 = select i1 %289, i32 %281, i32 %277 %291 = sub i32 %290, %285 %292 = zext i32 %291 to i64 %293 = icmp ult i64 %292, 8 %294 = select i1 %293, i64 %292, i64 8 %295 = trunc i64 %294 to i32 %296 = call i32 @ext4_bread_batch(%struct.inode.190029* %0, i32 %285, i32 %295, i1 zeroext false, %struct.buffer_head.190040** nonnull %271) #83 %297 = icmp eq i32 %296, 0 br i1 %297, label %301, label %298 %302 = phi i64 [ 0, %288 ], [ %283, %282 ] %303 = phi i64 [ %294, %288 ], [ %284, %282 ] %304 = add nuw i64 %302, 1 %305 = getelementptr [8 x %struct.buffer_head.190040*], [8 x %struct.buffer_head.190040*]* %6, i64 0, i64 %302 %306 = load %struct.buffer_head.190040*, %struct.buffer_head.190040** %305, align 8 %307 = icmp eq %struct.buffer_head.190040* %306, null br i1 %307, label %425, label %308 %309 = call i32 @__SCT__might_resched() #83 %310 = getelementptr inbounds %struct.buffer_head.190040, %struct.buffer_head.190040* %306, i64 0, i32 0 %311 = load volatile i64, i64* %310, align 8 %312 = and i64 %311, 4 %313 = icmp eq i64 %312, 0 br i1 %313, label %315, label %314 %316 = load volatile i64, i64* %310, align 8 %317 = and i64 %316, 1 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %321 %322 = load volatile i64, i64* %310, align 8 %323 = and i64 %322, 16777216 %324 = icmp eq i64 %323, 0 br i1 %324, label %325, label %361 %326 = getelementptr inbounds %struct.buffer_head.190040, %struct.buffer_head.190040* %306, i64 0, i32 5 %327 = bitcast i8** %326 to %struct.ext4_dir_entry** %328 = load %struct.ext4_dir_entry*, %struct.ext4_dir_entry** %327, align 8 %329 = load %struct.super_block.190011*, %struct.super_block.190011** %13, align 8 %330 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %329, i64 0, i32 28 %331 = bitcast i8** %330 to %struct.ext4_sb_info.190078** %332 = load %struct.ext4_sb_info.190078*, %struct.ext4_sb_info.190078** %331, align 16 %333 = getelementptr inbounds %struct.ext4_sb_info.190078, %struct.ext4_sb_info.190078* %332, i64 0, i32 15 %334 = load %struct.ext4_super_block*, %struct.ext4_super_block** %333, align 8 %335 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %334, i64 0, i32 28 %336 = load i32, i32* %335, align 4 %337 = and i32 %336, 32 %338 = icmp eq i32 %337, 0 br i1 %338, label %356, label %339 %340 = load volatile i64, i64* %22, align 8 %341 = and i64 %340, 4096 %342 = icmp eq i64 %341, 0 br i1 %342, label %356, label %343 %344 = icmp eq i32 %285, 0 br i1 %344, label %361, label %345 %346 = getelementptr inbounds %struct.ext4_dir_entry, %struct.ext4_dir_entry* %328, i64 0, i32 0 %347 = load i32, i32* %346, align 4 %348 = icmp eq i32 %347, 0 br i1 %348, label %349, label %356 %350 = getelementptr inbounds %struct.ext4_dir_entry, %struct.ext4_dir_entry* %328, i64 0, i32 1 %351 = load i16, i16* %350, align 4 %352 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %329, i64 0, i32 3 %353 = zext i16 %351 to i64 %354 = load i64, i64* %352, align 8 %355 = icmp eq i64 %354, %353 br i1 %355, label %361, label %356 %362 = load volatile i64, i64* %310, align 8 %363 = and i64 %362, 16777216 %364 = icmp eq i64 %363, 0 br i1 %364, label %365, label %368 %369 = getelementptr inbounds %struct.buffer_head.190040, %struct.buffer_head.190040* %306, i64 0, i32 5 %370 = load i8*, i8** %369, align 8 %371 = load %struct.super_block.190011*, %struct.super_block.190011** %13, align 8 %372 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %371, i64 0, i32 3 %373 = load i64, i64* %372, align 8 %374 = shl i64 %373, 32 %375 = ashr exact i64 %374, 32 %376 = getelementptr i8, i8* %370, i64 %375 %377 = icmp ugt i8* %376, %370 br i1 %377, label %378, label %424 %379 = load i8, i8* %272, align 4 %380 = zext i8 %379 to i32 %381 = shl i32 %285, %380 br label %382 %383 = phi i8* [ %370, %378 ], [ %417, %413 ] %384 = phi i32 [ %381, %378 ], [ %415, %413 ] %385 = getelementptr inbounds i8, i8* %383, i64 6 %386 = load i8, i8* %385, align 2 %387 = zext i8 %386 to i64 %388 = getelementptr i8, i8* %383, i64 %387 %389 = icmp ugt i8* %388, %376 br i1 %389, label %408, label %390 %391 = bitcast i8* %383 to i32* %392 = load i32, i32* %391, align 4 %393 = icmp eq i32 %392, 0 br i1 %393, label %408, label %394 %395 = load i32, i32* %273, align 8 %396 = zext i8 %386 to i32 %397 = icmp eq i32 %395, %396 br i1 %397, label %398, label %408 %399 = getelementptr inbounds i8, i8* %383, i64 8 %400 = load i8*, i8** %274, align 8 %401 = call i32 @bcmp(i8* %399, i8* %400, i64 %387) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.233145** %6 = load %struct.nfs_unlinkdata.233145*, %struct.nfs_unlinkdata.233145** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %17, label %10 %18 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 1 %19 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %18, align 8 %20 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 6 %21 = bitcast %struct.nfs4_exception* %3 to i8* %22 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = load i32, i32* %22, align 4 %25 = icmp sgt i32 %24, -1 br i1 %25, label %47, label %26 %27 = icmp ne i64* %20, null br i1 %27, label %28, label %31 %29 = load i64, i64* %20, align 8 %30 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %29, i64* %30, align 8 br label %31 %32 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %19, i32 %24, %struct.nfs4_exception* nonnull %3) #83 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.237862*, %struct.nfs4_minor_version_ops.237862** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.237862, %struct.nfs4_minor_version_ops.237862* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #83 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.233148** %7 = load %struct.nfs_renamedata.233148*, %struct.nfs_renamedata.233148** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %8, align 8 %10 = icmp eq %struct.nfs4_slot.233140* %9, null br i1 %10, label %18, label %11 %19 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 1 %20 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %19, align 8 %21 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 10 %22 = bitcast %struct.nfs4_exception* %4 to i8* %23 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = load i32, i32* %23, align 4 %26 = icmp sgt i32 %25, -1 br i1 %26, label %48, label %27 %28 = icmp ne i64* %21, null br i1 %28, label %29, label %32 %30 = load i64, i64* %21, align 8 %31 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %30, i64* %31, align 8 br label %32 %33 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %20, i32 %25, %struct.nfs4_exception* nonnull %4) #83 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.237862*, %struct.nfs4_minor_version_ops.237862** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.237862, %struct.nfs4_minor_version_ops.237862* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #83 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_read_done_cb 5 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 1, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %44 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %43, align 8 %45 = icmp eq %struct.rpc_procinfo* %44, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %45, label %46, label %64 %65 = load i32, i32* %15, align 4 br label %66 %67 = phi i32 [ %65, %64 ], [ %59, %58 ] %68 = icmp sgt i32 %67, 0 br i1 %68, label %69, label %72 %70 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %71 = load %struct.inode*, %struct.inode** %70, align 8 call void bitcast (void (%struct.inode.214835*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %71) #83 br label %72 %73 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %74 = bitcast {}** %73 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %75 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %74, align 8 %76 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %75, null br i1 %76, label %79, label %77 %80 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.233131** %10 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = load i32, i32* %11, align 4 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %60 %37 = bitcast %struct.nfs4_exception* %3 to i8* %38 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %39 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %38, align 8 %40 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %39, i64 0, i32 5 %41 = bitcast %struct.nfs4_state.233157** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %45 = bitcast %struct.nfs_pgio_header.233175* %1 to i64* %46 = load i64, i64* %45, align 8 %47 = bitcast %struct.inode** %44 to i64* store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %49 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %49, %struct.nfs4_stateid_struct** %48, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %50, align 8 %51 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %51, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %52, align 1 %53 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %10, i32 %34, %struct.nfs4_exception* nonnull %3) #84 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.237862*, %struct.nfs4_minor_version_ops.237862** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.237862, %struct.nfs4_minor_version_ops.237862* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #83 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 2, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %44 = bitcast {}** %43 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %45 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %44, align 8 %46 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %45, null br i1 %46, label %49, label %47 %50 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = load i32, i32* %6, align 4 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %61 %32 = bitcast %struct.nfs4_exception* %3 to i8* %33 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %34 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %33, align 8 %35 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %34, i64 0, i32 5 %36 = bitcast %struct.nfs4_state.233157** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %37, i64* %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %40 = bitcast %struct.nfs_pgio_header.233175* %1 to i64* %41 = load i64, i64* %40, align 8 %42 = bitcast %struct.inode** %39 to i64* store i64 %41, i64* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %44 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %44, %struct.nfs4_stateid_struct** %43, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %49 = load %struct.super_block*, %struct.super_block** %48, align 8 %50 = getelementptr inbounds %struct.super_block, %struct.super_block* %49, i64 0, i32 28 %51 = bitcast i8** %50 to %struct.nfs_server.233131** %52 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %51, align 16 %53 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %52, i32 %29, %struct.nfs4_exception* nonnull %3) #84 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.237862*, %struct.nfs4_minor_version_ops.237862** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.237862, %struct.nfs4_minor_version_ops.237862* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #83 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_set_acl 5 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #83 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %18 = bitcast %struct.nfs_fh** %16 to %struct.list_head*** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %12, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %17, %struct.list_head*** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %165, label %63 %64 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %62, i64 0, i32 10 %65 = load i32, i32* %64, align 8 %66 = and i32 %65, 8 %67 = icmp eq i32 %66, 0 %68 = or i1 %67, %33 %69 = select i1 %67, i32 -95, i32 -34 br i1 %68, label %165, label %70 %71 = phi i32 [ %94, %83 ], [ 0, %63 ] %72 = phi %struct.page** [ %93, %83 ], [ %21, %63 ] %73 = phi i64 [ %92, %83 ], [ %2, %63 ] %74 = phi i8* [ %91, %83 ], [ %1, %63 ] %75 = icmp ult i64 %73, 4096 %76 = select i1 %75, i64 %73, i64 4096 %77 = call %struct.page* @alloc_pages(i32 3264, i32 0) #83 %78 = icmp eq %struct.page* %77, null br i1 %78, label %79, label %83 %80 = icmp sgt i32 %71, 0 br i1 %80, label %81, label %165 %82 = zext i32 %71 to i64 br label %96 %97 = phi i64 [ %82, %81 ], [ %104, %96 ] %98 = phi i32 [ %71, %81 ], [ %99, %96 ] %99 = add nsw i32 %98, -1 %100 = zext i32 %99 to i64 %101 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %100 %102 = load %struct.page*, %struct.page** %101, align 8 call void bitcast (void (%struct.page.135016*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %102, i32 0) #83 %103 = icmp sgt i64 %97, 1 %104 = add nsw i64 %97, -1 br i1 %103, label %96, label %165 %166 = phi i32 [ %135, %164 ], [ -22, %58 ], [ %69, %63 ], [ %94, %105 ], [ -12, %79 ], [ -12, %96 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %167)) #6 to label %187 [label %167], !srcloc !6 switch i32 %166, label %188 [ i32 -10039, label %197 i32 -10041, label %197 ] %189 = load %struct.super_block*, %struct.super_block** %12, align 8 %190 = getelementptr inbounds %struct.super_block, %struct.super_block* %189, i64 0, i32 28 %191 = bitcast i8** %190 to %struct.nfs_server.233131** %192 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %191, align 16 %193 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %192, i32 %166, %struct.nfs4_exception* nonnull %10) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.237862*, %struct.nfs4_minor_version_ops.237862** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.237862, %struct.nfs4_minor_version_ops.237862* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #83 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %16 = bitcast %struct.nfs_fh** %14 to %struct.list_head*** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %15, %struct.list_head*** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.233131* %62, %struct.nfs_server.233131** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #83 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #83 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %130 [label %110], !srcloc !4 %131 = load %struct.super_block*, %struct.super_block** %11, align 8 %132 = getelementptr inbounds %struct.super_block, %struct.super_block* %131, i64 0, i32 28 %133 = bitcast i8** %132 to %struct.nfs_server.233131** %134 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %133, align 16 %135 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %134, i32 %109, %struct.nfs4_exception* nonnull %8) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.237862*, %struct.nfs4_minor_version_ops.237862** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.237862, %struct.nfs4_minor_version_ops.237862* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #83 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %69, label %17 %70 = phi i32 [ -36, %16 ], [ %68, %21 ], [ -12, %17 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %71)) #6 to label %91 [label %71], !srcloc !4 %92 = load %struct.super_block*, %struct.super_block** %13, align 8 %93 = getelementptr inbounds %struct.super_block, %struct.super_block* %92, i64 0, i32 28 %94 = bitcast i8** %93 to %struct.nfs_server.233131** %95 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %94, align 16 %96 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %95, i32 %70, %struct.nfs4_exception* nonnull %7) #85 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.237862*, %struct.nfs4_minor_version_ops.237862** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.237862, %struct.nfs4_minor_version_ops.237862* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #83 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.237862*, %struct.nfs4_minor_version_ops.237862** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.237862, %struct.nfs4_minor_version_ops.237862* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #83 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.233145** %6 = load %struct.nfs_unlinkdata.233145*, %struct.nfs_unlinkdata.233145** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %17, label %10 %18 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 1 %19 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %18, align 8 %20 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 6 %21 = bitcast %struct.nfs4_exception* %3 to i8* %22 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = load i32, i32* %22, align 4 %25 = icmp sgt i32 %24, -1 br i1 %25, label %47, label %26 %27 = icmp ne i64* %20, null br i1 %27, label %28, label %31 %29 = load i64, i64* %20, align 8 %30 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %29, i64* %30, align 8 br label %31 %32 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %19, i32 %24, %struct.nfs4_exception* nonnull %3) #83 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.233148** %7 = load %struct.nfs_renamedata.233148*, %struct.nfs_renamedata.233148** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %8, align 8 %10 = icmp eq %struct.nfs4_slot.233140* %9, null br i1 %10, label %18, label %11 %19 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 1 %20 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %19, align 8 %21 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 10 %22 = bitcast %struct.nfs4_exception* %4 to i8* %23 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = load i32, i32* %23, align 4 %26 = icmp sgt i32 %25, -1 br i1 %26, label %48, label %27 %28 = icmp ne i64* %21, null br i1 %28, label %29, label %32 %30 = load i64, i64* %21, align 8 %31 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %30, i64* %31, align 8 br label %32 %33 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %20, i32 %25, %struct.nfs4_exception* nonnull %4) #83 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 1, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %44 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %43, align 8 %45 = icmp eq %struct.rpc_procinfo* %44, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %45, label %46, label %64 %65 = load i32, i32* %15, align 4 br label %66 %67 = phi i32 [ %65, %64 ], [ %59, %58 ] %68 = icmp sgt i32 %67, 0 br i1 %68, label %69, label %72 %70 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %71 = load %struct.inode*, %struct.inode** %70, align 8 call void bitcast (void (%struct.inode.214835*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %71) #83 br label %72 %73 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %74 = bitcast {}** %73 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %75 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %74, align 8 %76 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %75, null br i1 %76, label %79, label %77 %80 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.233131** %10 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = load i32, i32* %11, align 4 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %60 %37 = bitcast %struct.nfs4_exception* %3 to i8* %38 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %39 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %38, align 8 %40 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %39, i64 0, i32 5 %41 = bitcast %struct.nfs4_state.233157** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %45 = bitcast %struct.nfs_pgio_header.233175* %1 to i64* %46 = load i64, i64* %45, align 8 %47 = bitcast %struct.inode** %44 to i64* store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %49 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %49, %struct.nfs4_stateid_struct** %48, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %50, align 8 %51 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %51, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %52, align 1 %53 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %10, i32 %34, %struct.nfs4_exception* nonnull %3) #84 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 2, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %44 = bitcast {}** %43 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %45 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %44, align 8 %46 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %45, null br i1 %46, label %49, label %47 %50 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = load i32, i32* %6, align 4 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %61 %32 = bitcast %struct.nfs4_exception* %3 to i8* %33 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %34 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %33, align 8 %35 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %34, i64 0, i32 5 %36 = bitcast %struct.nfs4_state.233157** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %37, i64* %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %40 = bitcast %struct.nfs_pgio_header.233175* %1 to i64* %41 = load i64, i64* %40, align 8 %42 = bitcast %struct.inode** %39 to i64* store i64 %41, i64* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %44 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %44, %struct.nfs4_stateid_struct** %43, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %49 = load %struct.super_block*, %struct.super_block** %48, align 8 %50 = getelementptr inbounds %struct.super_block, %struct.super_block* %49, i64 0, i32 28 %51 = bitcast i8** %50 to %struct.nfs_server.233131** %52 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %51, align 16 %53 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %52, i32 %29, %struct.nfs4_exception* nonnull %3) #84 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #83 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %18 = bitcast %struct.nfs_fh** %16 to %struct.list_head*** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %12, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %17, %struct.list_head*** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %165, label %63 %64 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %62, i64 0, i32 10 %65 = load i32, i32* %64, align 8 %66 = and i32 %65, 8 %67 = icmp eq i32 %66, 0 %68 = or i1 %67, %33 %69 = select i1 %67, i32 -95, i32 -34 br i1 %68, label %165, label %70 %71 = phi i32 [ %94, %83 ], [ 0, %63 ] %72 = phi %struct.page** [ %93, %83 ], [ %21, %63 ] %73 = phi i64 [ %92, %83 ], [ %2, %63 ] %74 = phi i8* [ %91, %83 ], [ %1, %63 ] %75 = icmp ult i64 %73, 4096 %76 = select i1 %75, i64 %73, i64 4096 %77 = call %struct.page* @alloc_pages(i32 3264, i32 0) #83 %78 = icmp eq %struct.page* %77, null br i1 %78, label %79, label %83 %80 = icmp sgt i32 %71, 0 br i1 %80, label %81, label %165 %82 = zext i32 %71 to i64 br label %96 %97 = phi i64 [ %82, %81 ], [ %104, %96 ] %98 = phi i32 [ %71, %81 ], [ %99, %96 ] %99 = add nsw i32 %98, -1 %100 = zext i32 %99 to i64 %101 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %100 %102 = load %struct.page*, %struct.page** %101, align 8 call void bitcast (void (%struct.page.135016*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %102, i32 0) #83 %103 = icmp sgt i64 %97, 1 %104 = add nsw i64 %97, -1 br i1 %103, label %96, label %165 %166 = phi i32 [ %135, %164 ], [ -22, %58 ], [ %69, %63 ], [ %94, %105 ], [ -12, %79 ], [ -12, %96 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %167)) #6 to label %187 [label %167], !srcloc !6 switch i32 %166, label %188 [ i32 -10039, label %197 i32 -10041, label %197 ] %189 = load %struct.super_block*, %struct.super_block** %12, align 8 %190 = getelementptr inbounds %struct.super_block, %struct.super_block* %189, i64 0, i32 28 %191 = bitcast i8** %190 to %struct.nfs_server.233131** %192 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %191, align 16 %193 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %192, i32 %166, %struct.nfs4_exception* nonnull %10) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %16 = bitcast %struct.nfs_fh** %14 to %struct.list_head*** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %15, %struct.list_head*** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.233131* %62, %struct.nfs_server.233131** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #83 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #83 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %130 [label %110], !srcloc !4 %131 = load %struct.super_block*, %struct.super_block** %11, align 8 %132 = getelementptr inbounds %struct.super_block, %struct.super_block* %131, i64 0, i32 28 %133 = bitcast i8** %132 to %struct.nfs_server.233131** %134 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %133, align 16 %135 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %134, i32 %109, %struct.nfs4_exception* nonnull %8) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %69, label %17 %70 = phi i32 [ -36, %16 ], [ %68, %21 ], [ -12, %17 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %71)) #6 to label %91 [label %71], !srcloc !4 %92 = load %struct.super_block*, %struct.super_block** %13, align 8 %93 = getelementptr inbounds %struct.super_block, %struct.super_block* %92, i64 0, i32 28 %94 = bitcast i8** %93 to %struct.nfs_server.233131** %95 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %94, align 16 %96 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %95, i32 %70, %struct.nfs4_exception* nonnull %7) #85 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.233145** %6 = load %struct.nfs_unlinkdata.233145*, %struct.nfs_unlinkdata.233145** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %17, label %10 %18 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 1 %19 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %18, align 8 %20 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 6 %21 = bitcast %struct.nfs4_exception* %3 to i8* %22 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = load i32, i32* %22, align 4 %25 = icmp sgt i32 %24, -1 br i1 %25, label %47, label %26 %27 = icmp ne i64* %20, null br i1 %27, label %28, label %31 %29 = load i64, i64* %20, align 8 %30 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %29, i64* %30, align 8 br label %31 %32 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %19, i32 %24, %struct.nfs4_exception* nonnull %3) #83 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %58 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %59 = tail call i32 @bcmp(i8* dereferenceable(12) %58, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.233148** %7 = load %struct.nfs_renamedata.233148*, %struct.nfs_renamedata.233148** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %8, align 8 %10 = icmp eq %struct.nfs4_slot.233140* %9, null br i1 %10, label %18, label %11 %19 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 1 %20 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %19, align 8 %21 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 10 %22 = bitcast %struct.nfs4_exception* %4 to i8* %23 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = load i32, i32* %23, align 4 %26 = icmp sgt i32 %25, -1 br i1 %26, label %48, label %27 %28 = icmp ne i64* %21, null br i1 %28, label %29, label %32 %30 = load i64, i64* %21, align 8 %31 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %30, i64* %31, align 8 br label %32 %33 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %20, i32 %25, %struct.nfs4_exception* nonnull %4) #83 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %58 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %59 = tail call i32 @bcmp(i8* dereferenceable(12) %58, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 1, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %44 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %43, align 8 %45 = icmp eq %struct.rpc_procinfo* %44, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %45, label %46, label %64 %65 = load i32, i32* %15, align 4 br label %66 %67 = phi i32 [ %65, %64 ], [ %59, %58 ] %68 = icmp sgt i32 %67, 0 br i1 %68, label %69, label %72 %70 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %71 = load %struct.inode*, %struct.inode** %70, align 8 call void bitcast (void (%struct.inode.214835*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %71) #83 br label %72 %73 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %74 = bitcast {}** %73 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %75 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %74, align 8 %76 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %75, null br i1 %76, label %79, label %77 %80 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.233131** %10 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = load i32, i32* %11, align 4 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %60 %37 = bitcast %struct.nfs4_exception* %3 to i8* %38 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %39 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %38, align 8 %40 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %39, i64 0, i32 5 %41 = bitcast %struct.nfs4_state.233157** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %45 = bitcast %struct.nfs_pgio_header.233175* %1 to i64* %46 = load i64, i64* %45, align 8 %47 = bitcast %struct.inode** %44 to i64* store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %49 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %49, %struct.nfs4_stateid_struct** %48, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %50, align 8 %51 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %51, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %52, align 1 %53 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %10, i32 %34, %struct.nfs4_exception* nonnull %3) #84 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %58 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %59 = tail call i32 @bcmp(i8* dereferenceable(12) %58, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 2, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %44 = bitcast {}** %43 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %45 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %44, align 8 %46 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %45, null br i1 %46, label %49, label %47 %50 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = load i32, i32* %6, align 4 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %61 %32 = bitcast %struct.nfs4_exception* %3 to i8* %33 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %34 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %33, align 8 %35 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %34, i64 0, i32 5 %36 = bitcast %struct.nfs4_state.233157** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %37, i64* %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %40 = bitcast %struct.nfs_pgio_header.233175* %1 to i64* %41 = load i64, i64* %40, align 8 %42 = bitcast %struct.inode** %39 to i64* store i64 %41, i64* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %44 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %44, %struct.nfs4_stateid_struct** %43, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %49 = load %struct.super_block*, %struct.super_block** %48, align 8 %50 = getelementptr inbounds %struct.super_block, %struct.super_block* %49, i64 0, i32 28 %51 = bitcast i8** %50 to %struct.nfs_server.233131** %52 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %51, align 16 %53 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %52, i32 %29, %struct.nfs4_exception* nonnull %3) #84 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %58 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %59 = tail call i32 @bcmp(i8* dereferenceable(12) %58, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #83 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %18 = bitcast %struct.nfs_fh** %16 to %struct.list_head*** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %12, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %17, %struct.list_head*** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %165, label %63 %64 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %62, i64 0, i32 10 %65 = load i32, i32* %64, align 8 %66 = and i32 %65, 8 %67 = icmp eq i32 %66, 0 %68 = or i1 %67, %33 %69 = select i1 %67, i32 -95, i32 -34 br i1 %68, label %165, label %70 %71 = phi i32 [ %94, %83 ], [ 0, %63 ] %72 = phi %struct.page** [ %93, %83 ], [ %21, %63 ] %73 = phi i64 [ %92, %83 ], [ %2, %63 ] %74 = phi i8* [ %91, %83 ], [ %1, %63 ] %75 = icmp ult i64 %73, 4096 %76 = select i1 %75, i64 %73, i64 4096 %77 = call %struct.page* @alloc_pages(i32 3264, i32 0) #83 %78 = icmp eq %struct.page* %77, null br i1 %78, label %79, label %83 %80 = icmp sgt i32 %71, 0 br i1 %80, label %81, label %165 %82 = zext i32 %71 to i64 br label %96 %97 = phi i64 [ %82, %81 ], [ %104, %96 ] %98 = phi i32 [ %71, %81 ], [ %99, %96 ] %99 = add nsw i32 %98, -1 %100 = zext i32 %99 to i64 %101 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %100 %102 = load %struct.page*, %struct.page** %101, align 8 call void bitcast (void (%struct.page.135016*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %102, i32 0) #83 %103 = icmp sgt i64 %97, 1 %104 = add nsw i64 %97, -1 br i1 %103, label %96, label %165 %166 = phi i32 [ %135, %164 ], [ -22, %58 ], [ %69, %63 ], [ %94, %105 ], [ -12, %79 ], [ -12, %96 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %167)) #6 to label %187 [label %167], !srcloc !6 switch i32 %166, label %188 [ i32 -10039, label %197 i32 -10041, label %197 ] %189 = load %struct.super_block*, %struct.super_block** %12, align 8 %190 = getelementptr inbounds %struct.super_block, %struct.super_block* %189, i64 0, i32 28 %191 = bitcast i8** %190 to %struct.nfs_server.233131** %192 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %191, align 16 %193 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %192, i32 %166, %struct.nfs4_exception* nonnull %10) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %58 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %59 = tail call i32 @bcmp(i8* dereferenceable(12) %58, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %16 = bitcast %struct.nfs_fh** %14 to %struct.list_head*** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %15, %struct.list_head*** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.233131* %62, %struct.nfs_server.233131** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #83 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #83 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %130 [label %110], !srcloc !4 %131 = load %struct.super_block*, %struct.super_block** %11, align 8 %132 = getelementptr inbounds %struct.super_block, %struct.super_block* %131, i64 0, i32 28 %133 = bitcast i8** %132 to %struct.nfs_server.233131** %134 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %133, align 16 %135 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %134, i32 %109, %struct.nfs4_exception* nonnull %8) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %58 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %59 = tail call i32 @bcmp(i8* dereferenceable(12) %58, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %69, label %17 %70 = phi i32 [ -36, %16 ], [ %68, %21 ], [ -12, %17 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %71)) #6 to label %91 [label %71], !srcloc !4 %92 = load %struct.super_block*, %struct.super_block** %13, align 8 %93 = getelementptr inbounds %struct.super_block, %struct.super_block* %92, i64 0, i32 28 %94 = bitcast i8** %93 to %struct.nfs_server.233131** %95 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %94, align 16 %96 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %95, i32 %70, %struct.nfs4_exception* nonnull %7) #85 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %58 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %59 = tail call i32 @bcmp(i8* dereferenceable(12) %58, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %58 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %59 = tail call i32 @bcmp(i8* dereferenceable(12) %58, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.233145** %6 = load %struct.nfs_unlinkdata.233145*, %struct.nfs_unlinkdata.233145** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %17, label %10 %18 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 1 %19 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %18, align 8 %20 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 6 %21 = bitcast %struct.nfs4_exception* %3 to i8* %22 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = load i32, i32* %22, align 4 %25 = icmp sgt i32 %24, -1 br i1 %25, label %47, label %26 %27 = icmp ne i64* %20, null br i1 %27, label %28, label %31 %29 = load i64, i64* %20, align 8 %30 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %29, i64* %30, align 8 br label %31 %32 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %19, i32 %24, %struct.nfs4_exception* nonnull %3) #83 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %82 = load volatile i64, i64* %53, align 8 %83 = and i64 %82, 1 %84 = icmp eq i64 %83, 0 br i1 %84, label %130, label %85 %86 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %86) #83 %87 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 2 %88 = bitcast %struct.list_head* %87 to %struct.nfs4_lock_state.234758** %89 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %88, align 8 %90 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %117, label %92 %93 = phi %struct.nfs4_lock_state.234758* [ %114, %112 ], [ %89, %85 ] %94 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 2 %95 = load volatile i64, i64* %94, align 8 %96 = and i64 %95, 1 %97 = icmp eq i64 %96, 0 br i1 %97, label %112, label %98 %99 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %100 = tail call i32 @bcmp(i8* dereferenceable(12) %99, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.233148** %7 = load %struct.nfs_renamedata.233148*, %struct.nfs_renamedata.233148** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %8, align 8 %10 = icmp eq %struct.nfs4_slot.233140* %9, null br i1 %10, label %18, label %11 %19 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 1 %20 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %19, align 8 %21 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 10 %22 = bitcast %struct.nfs4_exception* %4 to i8* %23 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = load i32, i32* %23, align 4 %26 = icmp sgt i32 %25, -1 br i1 %26, label %48, label %27 %28 = icmp ne i64* %21, null br i1 %28, label %29, label %32 %30 = load i64, i64* %21, align 8 %31 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %30, i64* %31, align 8 br label %32 %33 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %20, i32 %25, %struct.nfs4_exception* nonnull %4) #83 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %82 = load volatile i64, i64* %53, align 8 %83 = and i64 %82, 1 %84 = icmp eq i64 %83, 0 br i1 %84, label %130, label %85 %86 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %86) #83 %87 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 2 %88 = bitcast %struct.list_head* %87 to %struct.nfs4_lock_state.234758** %89 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %88, align 8 %90 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %117, label %92 %93 = phi %struct.nfs4_lock_state.234758* [ %114, %112 ], [ %89, %85 ] %94 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 2 %95 = load volatile i64, i64* %94, align 8 %96 = and i64 %95, 1 %97 = icmp eq i64 %96, 0 br i1 %97, label %112, label %98 %99 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %100 = tail call i32 @bcmp(i8* dereferenceable(12) %99, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 1, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %44 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %43, align 8 %45 = icmp eq %struct.rpc_procinfo* %44, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %45, label %46, label %64 %65 = load i32, i32* %15, align 4 br label %66 %67 = phi i32 [ %65, %64 ], [ %59, %58 ] %68 = icmp sgt i32 %67, 0 br i1 %68, label %69, label %72 %70 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %71 = load %struct.inode*, %struct.inode** %70, align 8 call void bitcast (void (%struct.inode.214835*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %71) #83 br label %72 %73 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %74 = bitcast {}** %73 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %75 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %74, align 8 %76 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %75, null br i1 %76, label %79, label %77 %80 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.233131** %10 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = load i32, i32* %11, align 4 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %60 %37 = bitcast %struct.nfs4_exception* %3 to i8* %38 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %39 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %38, align 8 %40 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %39, i64 0, i32 5 %41 = bitcast %struct.nfs4_state.233157** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %45 = bitcast %struct.nfs_pgio_header.233175* %1 to i64* %46 = load i64, i64* %45, align 8 %47 = bitcast %struct.inode** %44 to i64* store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %49 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %49, %struct.nfs4_stateid_struct** %48, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %50, align 8 %51 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %51, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %52, align 1 %53 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %10, i32 %34, %struct.nfs4_exception* nonnull %3) #84 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %82 = load volatile i64, i64* %53, align 8 %83 = and i64 %82, 1 %84 = icmp eq i64 %83, 0 br i1 %84, label %130, label %85 %86 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %86) #83 %87 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 2 %88 = bitcast %struct.list_head* %87 to %struct.nfs4_lock_state.234758** %89 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %88, align 8 %90 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %117, label %92 %93 = phi %struct.nfs4_lock_state.234758* [ %114, %112 ], [ %89, %85 ] %94 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 2 %95 = load volatile i64, i64* %94, align 8 %96 = and i64 %95, 1 %97 = icmp eq i64 %96, 0 br i1 %97, label %112, label %98 %99 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %100 = tail call i32 @bcmp(i8* dereferenceable(12) %99, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 2, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %44 = bitcast {}** %43 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %45 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %44, align 8 %46 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %45, null br i1 %46, label %49, label %47 %50 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = load i32, i32* %6, align 4 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %61 %32 = bitcast %struct.nfs4_exception* %3 to i8* %33 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %34 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %33, align 8 %35 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %34, i64 0, i32 5 %36 = bitcast %struct.nfs4_state.233157** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %37, i64* %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %40 = bitcast %struct.nfs_pgio_header.233175* %1 to i64* %41 = load i64, i64* %40, align 8 %42 = bitcast %struct.inode** %39 to i64* store i64 %41, i64* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %44 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %44, %struct.nfs4_stateid_struct** %43, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %49 = load %struct.super_block*, %struct.super_block** %48, align 8 %50 = getelementptr inbounds %struct.super_block, %struct.super_block* %49, i64 0, i32 28 %51 = bitcast i8** %50 to %struct.nfs_server.233131** %52 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %51, align 16 %53 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %52, i32 %29, %struct.nfs4_exception* nonnull %3) #84 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %82 = load volatile i64, i64* %53, align 8 %83 = and i64 %82, 1 %84 = icmp eq i64 %83, 0 br i1 %84, label %130, label %85 %86 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %86) #83 %87 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 2 %88 = bitcast %struct.list_head* %87 to %struct.nfs4_lock_state.234758** %89 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %88, align 8 %90 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %117, label %92 %93 = phi %struct.nfs4_lock_state.234758* [ %114, %112 ], [ %89, %85 ] %94 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 2 %95 = load volatile i64, i64* %94, align 8 %96 = and i64 %95, 1 %97 = icmp eq i64 %96, 0 br i1 %97, label %112, label %98 %99 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %100 = tail call i32 @bcmp(i8* dereferenceable(12) %99, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #83 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %18 = bitcast %struct.nfs_fh** %16 to %struct.list_head*** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %12, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %17, %struct.list_head*** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %165, label %63 %64 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %62, i64 0, i32 10 %65 = load i32, i32* %64, align 8 %66 = and i32 %65, 8 %67 = icmp eq i32 %66, 0 %68 = or i1 %67, %33 %69 = select i1 %67, i32 -95, i32 -34 br i1 %68, label %165, label %70 %71 = phi i32 [ %94, %83 ], [ 0, %63 ] %72 = phi %struct.page** [ %93, %83 ], [ %21, %63 ] %73 = phi i64 [ %92, %83 ], [ %2, %63 ] %74 = phi i8* [ %91, %83 ], [ %1, %63 ] %75 = icmp ult i64 %73, 4096 %76 = select i1 %75, i64 %73, i64 4096 %77 = call %struct.page* @alloc_pages(i32 3264, i32 0) #83 %78 = icmp eq %struct.page* %77, null br i1 %78, label %79, label %83 %80 = icmp sgt i32 %71, 0 br i1 %80, label %81, label %165 %82 = zext i32 %71 to i64 br label %96 %97 = phi i64 [ %82, %81 ], [ %104, %96 ] %98 = phi i32 [ %71, %81 ], [ %99, %96 ] %99 = add nsw i32 %98, -1 %100 = zext i32 %99 to i64 %101 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %100 %102 = load %struct.page*, %struct.page** %101, align 8 call void bitcast (void (%struct.page.135016*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %102, i32 0) #83 %103 = icmp sgt i64 %97, 1 %104 = add nsw i64 %97, -1 br i1 %103, label %96, label %165 %166 = phi i32 [ %135, %164 ], [ -22, %58 ], [ %69, %63 ], [ %94, %105 ], [ -12, %79 ], [ -12, %96 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %167)) #6 to label %187 [label %167], !srcloc !6 switch i32 %166, label %188 [ i32 -10039, label %197 i32 -10041, label %197 ] %189 = load %struct.super_block*, %struct.super_block** %12, align 8 %190 = getelementptr inbounds %struct.super_block, %struct.super_block* %189, i64 0, i32 28 %191 = bitcast i8** %190 to %struct.nfs_server.233131** %192 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %191, align 16 %193 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %192, i32 %166, %struct.nfs4_exception* nonnull %10) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %82 = load volatile i64, i64* %53, align 8 %83 = and i64 %82, 1 %84 = icmp eq i64 %83, 0 br i1 %84, label %130, label %85 %86 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %86) #83 %87 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 2 %88 = bitcast %struct.list_head* %87 to %struct.nfs4_lock_state.234758** %89 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %88, align 8 %90 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %117, label %92 %93 = phi %struct.nfs4_lock_state.234758* [ %114, %112 ], [ %89, %85 ] %94 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 2 %95 = load volatile i64, i64* %94, align 8 %96 = and i64 %95, 1 %97 = icmp eq i64 %96, 0 br i1 %97, label %112, label %98 %99 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %100 = tail call i32 @bcmp(i8* dereferenceable(12) %99, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %16 = bitcast %struct.nfs_fh** %14 to %struct.list_head*** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %15, %struct.list_head*** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.233131* %62, %struct.nfs_server.233131** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #83 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #83 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %130 [label %110], !srcloc !4 %131 = load %struct.super_block*, %struct.super_block** %11, align 8 %132 = getelementptr inbounds %struct.super_block, %struct.super_block* %131, i64 0, i32 28 %133 = bitcast i8** %132 to %struct.nfs_server.233131** %134 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %133, align 16 %135 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %134, i32 %109, %struct.nfs4_exception* nonnull %8) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %82 = load volatile i64, i64* %53, align 8 %83 = and i64 %82, 1 %84 = icmp eq i64 %83, 0 br i1 %84, label %130, label %85 %86 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %86) #83 %87 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 2 %88 = bitcast %struct.list_head* %87 to %struct.nfs4_lock_state.234758** %89 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %88, align 8 %90 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %117, label %92 %93 = phi %struct.nfs4_lock_state.234758* [ %114, %112 ], [ %89, %85 ] %94 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 2 %95 = load volatile i64, i64* %94, align 8 %96 = and i64 %95, 1 %97 = icmp eq i64 %96, 0 br i1 %97, label %112, label %98 %99 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %100 = tail call i32 @bcmp(i8* dereferenceable(12) %99, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %69, label %17 %70 = phi i32 [ -36, %16 ], [ %68, %21 ], [ -12, %17 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %71)) #6 to label %91 [label %71], !srcloc !4 %92 = load %struct.super_block*, %struct.super_block** %13, align 8 %93 = getelementptr inbounds %struct.super_block, %struct.super_block* %92, i64 0, i32 28 %94 = bitcast i8** %93 to %struct.nfs_server.233131** %95 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %94, align 16 %96 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %95, i32 %70, %struct.nfs4_exception* nonnull %7) #85 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %82 = load volatile i64, i64* %53, align 8 %83 = and i64 %82, 1 %84 = icmp eq i64 %83, 0 br i1 %84, label %130, label %85 %86 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %86) #83 %87 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 2 %88 = bitcast %struct.list_head* %87 to %struct.nfs4_lock_state.234758** %89 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %88, align 8 %90 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %117, label %92 %93 = phi %struct.nfs4_lock_state.234758* [ %114, %112 ], [ %89, %85 ] %94 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 2 %95 = load volatile i64, i64* %94, align 8 %96 = and i64 %95, 1 %97 = icmp eq i64 %96, 0 br i1 %97, label %112, label %98 %99 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %100 = tail call i32 @bcmp(i8* dereferenceable(12) %99, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #83 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.234701** %7 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %7, i64 0, i32 0 %9 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 19 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %13 = load volatile %struct.list_head*, %struct.list_head** %12, align 8 %14 = icmp eq %struct.list_head* %13, %11 br i1 %14, label %135, label %15 %16 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %18 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %9, i64 0, i32 22 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi %struct.list_head* [ %13, %15 ], [ %133, %130 ] %22 = phi i8 [ 0, %15 ], [ %131, %130 ] %23 = getelementptr %struct.list_head, %struct.list_head* %21, i64 -2 %24 = bitcast %struct.list_head* %23 to %struct.nfs4_state.234728** %25 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %24, align 8 %26 = icmp eq %struct.nfs4_state.234728* %25, null br i1 %26, label %130, label %27 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %29 = tail call i32 @bcmp(i8* dereferenceable(12) %28, i8* dereferenceable(12) %16, i64 12) #6 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %52 %32 = load i32, i32* %17, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %41, label %34 %42 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %43 = load volatile i64, i64* %42, align 8 %44 = and i64 %43, 512 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %52 %53 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 5 %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 4 %56 = icmp eq i64 %55, 0 br i1 %56, label %81, label %57 %82 = load volatile i64, i64* %53, align 8 %83 = and i64 %82, 1 %84 = icmp eq i64 %83, 0 br i1 %84, label %130, label %85 %86 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %86) #83 %87 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %25, i64 0, i32 2 %88 = bitcast %struct.list_head* %87 to %struct.nfs4_lock_state.234758** %89 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %88, align 8 %90 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %117, label %92 %93 = phi %struct.nfs4_lock_state.234758* [ %114, %112 ], [ %89, %85 ] %94 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 2 %95 = load volatile i64, i64* %94, align 8 %96 = and i64 %95, 1 %97 = icmp eq i64 %96, 0 br i1 %97, label %112, label %98 %99 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %93, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %100 = tail call i32 @bcmp(i8* dereferenceable(12) %99, i8* dereferenceable(12) %16, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 _nfs4_do_setattr 4 nfs4_do_setattr 5 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 tail call void @__rcu_read_lock() #83 %43 = load volatile %struct.list_head*, %struct.list_head** %35, align 8 %44 = icmp eq %struct.list_head* %43, %34 br i1 %44, label %142, label %45 %46 = phi %struct.list_head* [ %140, %138 ], [ %43, %42 ] %47 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -8 %48 = bitcast %struct.list_head* %47 to %struct.nfs_open_context.237826* %49 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -2 %50 = bitcast %struct.list_head* %49 to %struct.nfs4_state.237825** %51 = load %struct.nfs4_state.237825*, %struct.nfs4_state.237825** %50, align 8 %52 = icmp eq %struct.nfs4_state.237825* %51, null br i1 %52, label %138, label %53 %54 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 2 %57 = icmp eq i64 %56, 0 br i1 %57, label %138, label %58 %59 = load volatile i64, i64* %54, align 8 %60 = and i64 %59, 512 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %138 %63 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8, i32 1 %64 = load i32, i32* %63, align 4 %65 = load i32, i32* %36, align 4 %66 = icmp eq i32 %64, %65 br i1 %66, label %67, label %138 %68 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8 %69 = bitcast %struct.nfs4_stateid_struct* %68 to i8* %70 = tail call i32 @bcmp(i8* dereferenceable(16) %69, i8* dereferenceable(16) %37, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.233146** %6 = load %struct.nfs_renameargs.233146*, %struct.nfs_renameargs.233146** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.233147** %9 = load %struct.nfs_renameres.233147*, %struct.nfs_renameres.233147** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 tail call void @__rcu_read_lock() #83 %43 = load volatile %struct.list_head*, %struct.list_head** %35, align 8 %44 = icmp eq %struct.list_head* %43, %34 br i1 %44, label %142, label %45 %46 = phi %struct.list_head* [ %140, %138 ], [ %43, %42 ] %47 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -8 %48 = bitcast %struct.list_head* %47 to %struct.nfs_open_context.237826* %49 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -2 %50 = bitcast %struct.list_head* %49 to %struct.nfs4_state.237825** %51 = load %struct.nfs4_state.237825*, %struct.nfs4_state.237825** %50, align 8 %52 = icmp eq %struct.nfs4_state.237825* %51, null br i1 %52, label %138, label %53 %54 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 2 %57 = icmp eq i64 %56, 0 br i1 %57, label %138, label %58 %59 = load volatile i64, i64* %54, align 8 %60 = and i64 %59, 512 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %138 %63 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8, i32 1 %64 = load i32, i32* %63, align 4 %65 = load i32, i32* %36, align 4 %66 = icmp eq i32 %64, %65 br i1 %66, label %67, label %138 %68 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8 %69 = bitcast %struct.nfs4_stateid_struct* %68 to i8* %70 = tail call i32 @bcmp(i8* dereferenceable(16) %69, i8* dereferenceable(16) %37, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 tail call void @__rcu_read_lock() #83 %43 = load volatile %struct.list_head*, %struct.list_head** %35, align 8 %44 = icmp eq %struct.list_head* %43, %34 br i1 %44, label %142, label %45 %46 = phi %struct.list_head* [ %140, %138 ], [ %43, %42 ] %47 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -8 %48 = bitcast %struct.list_head* %47 to %struct.nfs_open_context.237826* %49 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -2 %50 = bitcast %struct.list_head* %49 to %struct.nfs4_state.237825** %51 = load %struct.nfs4_state.237825*, %struct.nfs4_state.237825** %50, align 8 %52 = icmp eq %struct.nfs4_state.237825* %51, null br i1 %52, label %138, label %53 %54 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 2 %57 = icmp eq i64 %56, 0 br i1 %57, label %138, label %58 %59 = load volatile i64, i64* %54, align 8 %60 = and i64 %59, 512 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %138 %63 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8, i32 1 %64 = load i32, i32* %63, align 4 %65 = load i32, i32* %36, align 4 %66 = icmp eq i32 %64, %65 br i1 %66, label %67, label %138 %68 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8 %69 = bitcast %struct.nfs4_stateid_struct* %68 to i8* %70 = tail call i32 @bcmp(i8* dereferenceable(16) %69, i8* dereferenceable(16) %37, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.233142** %6 = load %struct.nfs_removeargs.233142*, %struct.nfs_removeargs.233142** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.233144** %9 = load %struct.nfs_removeres.233144*, %struct.nfs_removeres.233144** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.233131** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #83 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 tail call void @__rcu_read_lock() #83 %43 = load volatile %struct.list_head*, %struct.list_head** %35, align 8 %44 = icmp eq %struct.list_head* %43, %34 br i1 %44, label %142, label %45 %46 = phi %struct.list_head* [ %140, %138 ], [ %43, %42 ] %47 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -8 %48 = bitcast %struct.list_head* %47 to %struct.nfs_open_context.237826* %49 = getelementptr %struct.list_head, %struct.list_head* %46, i64 -2 %50 = bitcast %struct.list_head* %49 to %struct.nfs4_state.237825** %51 = load %struct.nfs4_state.237825*, %struct.nfs4_state.237825** %50, align 8 %52 = icmp eq %struct.nfs4_state.237825* %51, null br i1 %52, label %138, label %53 %54 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 2 %57 = icmp eq i64 %56, 0 br i1 %57, label %138, label %58 %59 = load volatile i64, i64* %54, align 8 %60 = and i64 %59, 512 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %138 %63 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8, i32 1 %64 = load i32, i32* %63, align 4 %65 = load i32, i32* %36, align 4 %66 = icmp eq i32 %64, %65 br i1 %66, label %67, label %138 %68 = getelementptr inbounds %struct.nfs4_state.237825, %struct.nfs4_state.237825* %51, i64 0, i32 8 %69 = bitcast %struct.nfs4_stateid_struct* %68 to i8* %70 = tail call i32 @bcmp(i8* dereferenceable(16) %69, i8* dereferenceable(16) %37, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.233145** %6 = load %struct.nfs_unlinkdata.233145*, %struct.nfs_unlinkdata.233145** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %17, label %10 %18 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 1 %19 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %18, align 8 %20 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 6 %21 = bitcast %struct.nfs4_exception* %3 to i8* %22 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = load i32, i32* %22, align 4 %25 = icmp sgt i32 %24, -1 br i1 %25, label %47, label %26 %27 = icmp ne i64* %20, null br i1 %27, label %28, label %31 %29 = load i64, i64* %20, align 8 %30 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %29, i64* %30, align 8 br label %31 %32 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %19, i32 %24, %struct.nfs4_exception* nonnull %3) #83 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.233157* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.234701*, %struct.nfs4_state.234728*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.233131*, %struct.nfs4_state.233157*)*)(%struct.nfs_server.233131* %0, %struct.nfs4_state.233157* nonnull %7) #83 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %0, i64 0, i32 0 %4 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #83 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.233148** %7 = load %struct.nfs_renamedata.233148*, %struct.nfs_renamedata.233148** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %8, align 8 %10 = icmp eq %struct.nfs4_slot.233140* %9, null br i1 %10, label %18, label %11 %19 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 1 %20 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %19, align 8 %21 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 10 %22 = bitcast %struct.nfs4_exception* %4 to i8* %23 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = load i32, i32* %23, align 4 %26 = icmp sgt i32 %25, -1 br i1 %26, label %48, label %27 %28 = icmp ne i64* %21, null br i1 %28, label %29, label %32 %30 = load i64, i64* %21, align 8 %31 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %30, i64* %31, align 8 br label %32 %33 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %20, i32 %25, %struct.nfs4_exception* nonnull %4) #83 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.233157* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.234701*, %struct.nfs4_state.234728*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.233131*, %struct.nfs4_state.233157*)*)(%struct.nfs_server.233131* %0, %struct.nfs4_state.233157* nonnull %7) #83 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %0, i64 0, i32 0 %4 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #83 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_read_done_cb 5 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 1, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %44 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %43, align 8 %45 = icmp eq %struct.rpc_procinfo* %44, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %45, label %46, label %64 %65 = load i32, i32* %15, align 4 br label %66 %67 = phi i32 [ %65, %64 ], [ %59, %58 ] %68 = icmp sgt i32 %67, 0 br i1 %68, label %69, label %72 %70 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %71 = load %struct.inode*, %struct.inode** %70, align 8 call void bitcast (void (%struct.inode.214835*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %71) #83 br label %72 %73 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %74 = bitcast {}** %73 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %75 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %74, align 8 %76 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %75, null br i1 %76, label %79, label %77 %80 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.233131** %10 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = load i32, i32* %11, align 4 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %60 %37 = bitcast %struct.nfs4_exception* %3 to i8* %38 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %39 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %38, align 8 %40 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %39, i64 0, i32 5 %41 = bitcast %struct.nfs4_state.233157** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %45 = bitcast %struct.nfs_pgio_header.233175* %1 to i64* %46 = load i64, i64* %45, align 8 %47 = bitcast %struct.inode** %44 to i64* store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %49 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %49, %struct.nfs4_stateid_struct** %48, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %50, align 8 %51 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %51, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %52, align 1 %53 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %10, i32 %34, %struct.nfs4_exception* nonnull %3) #84 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.233157* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.234701*, %struct.nfs4_state.234728*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.233131*, %struct.nfs4_state.233157*)*)(%struct.nfs_server.233131* %0, %struct.nfs4_state.233157* nonnull %7) #83 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %0, i64 0, i32 0 %4 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #83 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 2, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %44 = bitcast {}** %43 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %45 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %44, align 8 %46 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %45, null br i1 %46, label %49, label %47 %50 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = load i32, i32* %6, align 4 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %61 %32 = bitcast %struct.nfs4_exception* %3 to i8* %33 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %34 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %33, align 8 %35 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %34, i64 0, i32 5 %36 = bitcast %struct.nfs4_state.233157** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %37, i64* %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %40 = bitcast %struct.nfs_pgio_header.233175* %1 to i64* %41 = load i64, i64* %40, align 8 %42 = bitcast %struct.inode** %39 to i64* store i64 %41, i64* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %44 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %44, %struct.nfs4_stateid_struct** %43, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %49 = load %struct.super_block*, %struct.super_block** %48, align 8 %50 = getelementptr inbounds %struct.super_block, %struct.super_block* %49, i64 0, i32 28 %51 = bitcast i8** %50 to %struct.nfs_server.233131** %52 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %51, align 16 %53 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %52, i32 %29, %struct.nfs4_exception* nonnull %3) #84 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.233157* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.234701*, %struct.nfs4_state.234728*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.233131*, %struct.nfs4_state.233157*)*)(%struct.nfs_server.233131* %0, %struct.nfs4_state.233157* nonnull %7) #83 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %0, i64 0, i32 0 %4 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #83 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_set_acl 5 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #83 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %18 = bitcast %struct.nfs_fh** %16 to %struct.list_head*** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %12, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %17, %struct.list_head*** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %165, label %63 %64 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %62, i64 0, i32 10 %65 = load i32, i32* %64, align 8 %66 = and i32 %65, 8 %67 = icmp eq i32 %66, 0 %68 = or i1 %67, %33 %69 = select i1 %67, i32 -95, i32 -34 br i1 %68, label %165, label %70 %71 = phi i32 [ %94, %83 ], [ 0, %63 ] %72 = phi %struct.page** [ %93, %83 ], [ %21, %63 ] %73 = phi i64 [ %92, %83 ], [ %2, %63 ] %74 = phi i8* [ %91, %83 ], [ %1, %63 ] %75 = icmp ult i64 %73, 4096 %76 = select i1 %75, i64 %73, i64 4096 %77 = call %struct.page* @alloc_pages(i32 3264, i32 0) #83 %78 = icmp eq %struct.page* %77, null br i1 %78, label %79, label %83 %80 = icmp sgt i32 %71, 0 br i1 %80, label %81, label %165 %82 = zext i32 %71 to i64 br label %96 %97 = phi i64 [ %82, %81 ], [ %104, %96 ] %98 = phi i32 [ %71, %81 ], [ %99, %96 ] %99 = add nsw i32 %98, -1 %100 = zext i32 %99 to i64 %101 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %100 %102 = load %struct.page*, %struct.page** %101, align 8 call void bitcast (void (%struct.page.135016*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %102, i32 0) #83 %103 = icmp sgt i64 %97, 1 %104 = add nsw i64 %97, -1 br i1 %103, label %96, label %165 %166 = phi i32 [ %135, %164 ], [ -22, %58 ], [ %69, %63 ], [ %94, %105 ], [ -12, %79 ], [ -12, %96 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %167)) #6 to label %187 [label %167], !srcloc !6 switch i32 %166, label %188 [ i32 -10039, label %197 i32 -10041, label %197 ] %189 = load %struct.super_block*, %struct.super_block** %12, align 8 %190 = getelementptr inbounds %struct.super_block, %struct.super_block* %189, i64 0, i32 28 %191 = bitcast i8** %190 to %struct.nfs_server.233131** %192 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %191, align 16 %193 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %192, i32 %166, %struct.nfs4_exception* nonnull %10) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.233157* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.234701*, %struct.nfs4_state.234728*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.233131*, %struct.nfs4_state.233157*)*)(%struct.nfs_server.233131* %0, %struct.nfs4_state.233157* nonnull %7) #83 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %0, i64 0, i32 0 %4 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #83 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %16 = bitcast %struct.nfs_fh** %14 to %struct.list_head*** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %15, %struct.list_head*** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.233131* %62, %struct.nfs_server.233131** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #83 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #83 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %130 [label %110], !srcloc !4 %131 = load %struct.super_block*, %struct.super_block** %11, align 8 %132 = getelementptr inbounds %struct.super_block, %struct.super_block* %131, i64 0, i32 28 %133 = bitcast i8** %132 to %struct.nfs_server.233131** %134 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %133, align 16 %135 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %134, i32 %109, %struct.nfs4_exception* nonnull %8) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.233157* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.234701*, %struct.nfs4_state.234728*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.233131*, %struct.nfs4_state.233157*)*)(%struct.nfs_server.233131* %0, %struct.nfs4_state.233157* nonnull %7) #83 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %0, i64 0, i32 0 %4 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #83 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %69, label %17 %70 = phi i32 [ -36, %16 ], [ %68, %21 ], [ -12, %17 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %71)) #6 to label %91 [label %71], !srcloc !4 %92 = load %struct.super_block*, %struct.super_block** %13, align 8 %93 = getelementptr inbounds %struct.super_block, %struct.super_block* %92, i64 0, i32 28 %94 = bitcast i8** %93 to %struct.nfs_server.233131** %95 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %94, align 16 %96 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %95, i32 %70, %struct.nfs4_exception* nonnull %7) #85 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.233157* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.234701*, %struct.nfs4_state.234728*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.233131*, %struct.nfs4_state.233157*)*)(%struct.nfs_server.233131* %0, %struct.nfs4_state.233157* nonnull %7) #83 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %0, i64 0, i32 0 %4 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #83 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.233157* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.234701*, %struct.nfs4_state.234728*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.233131*, %struct.nfs4_state.233157*)*)(%struct.nfs_server.233131* %0, %struct.nfs4_state.233157* nonnull %7) #83 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %0, i64 0, i32 0 %4 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #83 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 autofs_lookup ------------- Path:  Function:autofs_lookup %4 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.static_call_site* %6 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.inode.257672, %struct.inode.257672* %0, i64 0, i32 8 %11 = load %struct.super_block.257652*, %struct.super_block.257652** %10, align 8 %12 = getelementptr inbounds %struct.super_block.257652, %struct.super_block.257652* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.autofs_sb_info.257683** %14 = load %struct.autofs_sb_info.257683*, %struct.autofs_sb_info.257683** %13, align 16 %15 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 9 %16 = load %struct.super_block.257652*, %struct.super_block.257652** %15, align 8 %17 = getelementptr inbounds %struct.super_block.257652, %struct.super_block.257652* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.autofs_sb_info.257683** %19 = load %struct.autofs_sb_info.257683*, %struct.autofs_sb_info.257683** %18, align 16 %20 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 3 %21 = load %struct.dentry.257676*, %struct.dentry.257676** %20, align 8 %22 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 4 %23 = bitcast %struct.qstr* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 4, i32 1 %26 = load i8*, i8** %25, align 8 %27 = getelementptr inbounds %struct.autofs_sb_info.257683, %struct.autofs_sb_info.257683* %19, i64 0, i32 17 %28 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %29 = load volatile %struct.list_head*, %struct.list_head** %28, align 8 %30 = icmp eq %struct.list_head* %29, %27 br i1 %30, label %84, label %31 %32 = getelementptr inbounds %struct.autofs_sb_info.257683, %struct.autofs_sb_info.257683* %19, i64 0, i32 16, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %32) #83 %33 = load %struct.list_head*, %struct.list_head** %28, align 8 %34 = icmp eq %struct.list_head* %33, %27 br i1 %34, label %83, label %35 %36 = zext i32 %7 to i64 br label %37 %38 = phi %struct.list_head* [ %33, %35 ], [ %80, %78 ] %39 = getelementptr %struct.list_head, %struct.list_head* %38, i64 -4, i32 1 %40 = bitcast %struct.list_head** %39 to %struct.dentry.257676** %41 = load %struct.dentry.257676*, %struct.dentry.257676** %40, align 8 %42 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 7, i32 0 %43 = bitcast %struct.anon.1* %42 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #83 %44 = bitcast %struct.anon.1* %42 to %struct.swap_cluster_info* %45 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %44, i64 0, i32 1 %46 = load i32, i32* %45, align 4 %47 = icmp slt i32 %46, 1 br i1 %47, label %78, label %48 %49 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 4 %50 = bitcast %struct.qstr* %49 to %struct.static_call_site* %51 = bitcast %struct.qstr* %49 to i32* %52 = load i32, i32* %51, align 8 %53 = icmp eq i32 %52, %24 br i1 %53, label %54, label %78 %55 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 3 %56 = load %struct.dentry.257676*, %struct.dentry.257676** %55, align 8 %57 = icmp eq %struct.dentry.257676* %56, %21 br i1 %57, label %58, label %78 %59 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %50, i64 0, i32 1 %60 = load i32, i32* %59, align 4 %61 = icmp eq i32 %60, %7 br i1 %61, label %62, label %78 %63 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 4, i32 1 %64 = load i8*, i8** %63, align 8 %65 = tail call i32 @bcmp(i8* %64, i8* %26, i64 %36) #6 ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 94 %18 = load %struct.cred*, %struct.cred** %17, align 8 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %69 = inttoptr i64 %62 to i64* %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %241, label %61 %242 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %43, i64 0, i32 4 %243 = load %struct.constraint_node*, %struct.constraint_node** %242, align 8 %244 = icmp eq %struct.constraint_node* %243, null br i1 %244, label %266, label %245 %246 = phi %struct.constraint_node* [ %264, %262 ], [ %243, %241 ] %247 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = load i32, i32* %16, align 4 %250 = and i32 %249, %248 %251 = icmp eq i32 %250, 0 br i1 %251, label %262, label %252 %253 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 1 %254 = load %struct.constraint_expr*, %struct.constraint_expr** %253, align 8 %255 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %254) #85 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #83 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %69 = inttoptr i64 %62 to i64* %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %241, label %61 %242 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %43, i64 0, i32 4 %243 = load %struct.constraint_node*, %struct.constraint_node** %242, align 8 %244 = icmp eq %struct.constraint_node* %243, null br i1 %244, label %266, label %245 %246 = phi %struct.constraint_node* [ %264, %262 ], [ %243, %241 ] %247 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = load i32, i32* %16, align 4 %250 = and i32 %249, %248 %251 = icmp eq i32 %250, 0 br i1 %251, label %262, label %252 %253 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 1 %254 = load %struct.constraint_expr*, %struct.constraint_expr** %253, align 8 %255 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %254) #85 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #83 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %69 = inttoptr i64 %62 to i64* %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %241, label %61 %242 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %43, i64 0, i32 4 %243 = load %struct.constraint_node*, %struct.constraint_node** %242, align 8 %244 = icmp eq %struct.constraint_node* %243, null br i1 %244, label %266, label %245 %246 = phi %struct.constraint_node* [ %264, %262 ], [ %243, %241 ] %247 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = load i32, i32* %16, align 4 %250 = and i32 %249, %248 %251 = icmp eq i32 %250, 0 br i1 %251, label %262, label %252 %253 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 1 %254 = load %struct.constraint_expr*, %struct.constraint_expr** %253, align 8 %255 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %254) #85 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #83 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 94 %19 = load %struct.cred*, %struct.cred** %18, align 8 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %69 = inttoptr i64 %62 to i64* %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %241, label %61 %242 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %43, i64 0, i32 4 %243 = load %struct.constraint_node*, %struct.constraint_node** %242, align 8 %244 = icmp eq %struct.constraint_node* %243, null br i1 %244, label %266, label %245 %246 = phi %struct.constraint_node* [ %264, %262 ], [ %243, %241 ] %247 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = load i32, i32* %16, align 4 %250 = and i32 %249, %248 %251 = icmp eq i32 %250, 0 br i1 %251, label %262, label %252 %253 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 1 %254 = load %struct.constraint_expr*, %struct.constraint_expr** %253, align 8 %255 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %254) #85 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #83 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Good: 1053 Bad: 86 Ignored: 794 Check Use of Function:io_uring_alloc_task_context Check Use of Function:ring_buffer_nest_end Check Use of Function:i915_ioc32_compat_ioctl Check Use of Function:device_is_bound Check Use of Function:cfg80211_tx_mlme_mgmt Check Use of Function:mod_node_page_state Use: =BAD PATH= Call Stack: 0 try_grab_compound_head 1 try_grab_page 2 follow_huge_pmd 3 follow_p4d_mask 4 follow_page_mask 5 __get_user_pages 6 faultin_vma_page_range 7 madvise_populate 8 do_madvise 9 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #83 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %224, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #83 store %struct.vm_area_struct* %37, %struct.vm_area_struct** %10, align 8 %38 = icmp eq %struct.vm_area_struct* %37, null br i1 %38, label %39, label %53 %54 = call fastcc i32 @check_vma_flags(%struct.vm_area_struct* nonnull %37, i64 %20) #84 %55 = icmp eq i32 %54, 0 br i1 %55, label %58, label %56 %59 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %37, i64 0, i32 8 %60 = load i64, i64* %59, align 8 %61 = and i64 %60, 4194304 %62 = icmp eq i64 %61, 0 br i1 %62, label %72, label %63 %73 = phi %struct.vm_area_struct* [ %37, %58 ], [ %27, %32 ] %74 = phi i64 [ 0, %58 ], [ %28, %32 ] %75 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct* %77 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 0, i32 0 %78 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 109, i32 1, i32 0, i64 0 %79 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 8 br label %80 %81 = phi i32 [ %151, %146 ], [ %19, %72 ] %82 = phi i64 [ 0, %146 ], [ %74, %72 ] %83 = and i32 %81, 4160 %84 = icmp eq i32 %83, 4096 %85 = trunc i32 %81 to i8 %86 = icmp sgt i8 %85, -1 %87 = and i32 %81, 1 %88 = lshr i32 %81, 6 %89 = and i32 %88, 128 %90 = or i32 %89, %87 %91 = or i32 %90, 20 %92 = select i1 %21, i32 %90, i32 %91 %93 = and i32 %81, 32 %94 = icmp eq i32 %93, 0 %95 = or i32 %92, 12 %96 = select i1 %94, i32 %92, i32 %95 %97 = and i32 %88, 32 %98 = or i32 %96, %97 br label %99 %100 = phi i64 [ 0, %143 ], [ %82, %80 ] %101 = load volatile i64, i64* %77, align 8 %102 = and i64 %101, 4 %103 = icmp eq i64 %102, 0 br i1 %103, label %108, label %104 %109 = call i32 @__SCT__cond_resched() #83 %110 = load i64, i64* %8, align 8 %111 = call fastcc %struct.page* @follow_page_mask(%struct.vm_area_struct* %73, i64 %110, i32 %81, %struct.follow_page_context* nonnull %11) #84 Function:follow_page_mask %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 %7 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %3, i64 0, i32 1 store i32 0, i32* %7, align 8 %8 = and i32 %2, 1 %9 = tail call %struct.page* bitcast (%struct.page.138197* (%struct.mm_struct.138513*, i64, i32)* @follow_huge_addr to %struct.page* (%struct.mm_struct*, i64, i32)*)(%struct.mm_struct* %6, i64 %1, i32 %8) #83 %10 = icmp ugt %struct.page* %9, inttoptr (i64 -4096 to %struct.page*) br i1 %10, label %15, label %11 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %6, i64 0, i32 0, i32 10 %17 = load %struct.anon.1*, %struct.anon.1** %16, align 8 %18 = load i32, i32* @pgdir_shift, align 4 %19 = zext i32 %18 to i64 %20 = lshr i64 %1, %19 %21 = and i64 %20, 511 %22 = getelementptr %struct.anon.1, %struct.anon.1* %17, i64 %21 %23 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %22, i64 0, i32 0 %24 = load i64, i64* %23, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@follow_page_mask, %26), i8* blockaddress(@follow_page_mask, %28)) #6 to label %25 [label %26, label %28], !srcloc !8 %27 = icmp eq i64 %24, 0 br i1 %27, label %33, label %28 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@follow_page_mask, %30), i8* blockaddress(@follow_page_mask, %45)) #6 to label %29 [label %30, label %45], !srcloc !8 %46 = tail call fastcc %struct.page* @follow_p4d_mask(%struct.vm_area_struct* %0, i64 %1, %struct.anon.1* %22, i32 %2, %struct.follow_page_context* %3) #84 Function:follow_p4d_mask %6 = alloca i64, align 8 %7 = alloca i64, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@follow_p4d_mask, %11), i8* blockaddress(@follow_p4d_mask, %9)) #6 to label %8 [label %11, label %9], !srcloc !4 %10 = bitcast %struct.anon.1* %2 to %struct.anon.1* br label %24 %25 = phi %struct.anon.1* [ %23, %11 ], [ %10, %9 ] %26 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %25, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = and i64 %27, -97 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %42 %43 = and i64 %27, 9218868437227409304 %44 = icmp eq i64 %43, 0 br i1 %44, label %57, label %45, !prof !5, !misexpect !6 %58 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %59 = load %struct.mm_struct*, %struct.mm_struct** %58, align 8 %60 = and i64 %27, 4503599627366400 %61 = load i64, i64* @page_offset_base, align 8 %62 = add i64 %61, %60 %63 = inttoptr i64 %62 to %struct.anon.1* %64 = lshr i64 %1, 30 %65 = and i64 %64, 511 %66 = getelementptr %struct.anon.1, %struct.anon.1* %63, i64 %65 %67 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %66, i64 0, i32 0 %68 = load i64, i64* %67, align 8 %69 = and i64 %68, -97 %70 = icmp eq i64 %69, 0 br i1 %70, label %71, label %83 %84 = tail call i32 @pud_huge(i64 %68) #83 %85 = icmp eq i32 %84, 0 br i1 %85, label %106, label %86 %87 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, 4194304 %90 = icmp eq i64 %89, 0 br i1 %90, label %106, label %91 %107 = load i64, i64* %67, align 8 %108 = trunc i64 %107 to i8 %109 = icmp sgt i8 %108, -1 %110 = select i1 %109, i64 -4503599627366504, i64 -4503598553628776 %111 = and i64 %110, %107 %112 = icmp eq i64 %111, 0 br i1 %112, label %125, label %113, !prof !5, !misexpect !6 %126 = bitcast i64* %7 to i8* %127 = load %struct.mm_struct*, %struct.mm_struct** %58, align 8 %128 = select i1 %109, i64 4503599627366400, i64 4503598553628672 %129 = and i64 %128, %107 %130 = load i64, i64* @page_offset_base, align 8 %131 = add i64 %130, %129 %132 = inttoptr i64 %131 to %struct.anon.1* %133 = lshr i64 %1, 21 %134 = and i64 %133, 511 %135 = getelementptr %struct.anon.1, %struct.anon.1* %132, i64 %134 %136 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %135, i64 0, i32 0 %137 = load volatile i64, i64* %136, align 8 store volatile i64 %137, i64* %7, align 8 %138 = and i64 %137, -97 %139 = icmp eq i64 %138, 0 br i1 %139, label %140, label %152 %153 = tail call i32 @pmd_huge(i64 %137) #83 %154 = icmp eq i32 %153, 0 br i1 %154, label %175, label %155 %156 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %157 = load i64, i64* %156, align 8 %158 = and i64 %157, 4194304 %159 = icmp eq i64 %158, 0 br i1 %159, label %175, label %160 %161 = tail call %struct.page* bitcast (%struct.page.138197* (%struct.mm_struct.138513*, i64, %struct.anon.1*, i32)* @follow_huge_pmd to %struct.page* (%struct.mm_struct*, i64, %struct.anon.1*, i32)*)(%struct.mm_struct* %127, i64 %1, %struct.anon.1* %135, i32 %3) #83 Function:follow_huge_pmd %5 = alloca i64, align 8 %6 = and i32 %3, 262148 %7 = icmp eq i32 %6, 262148 br i1 %7, label %28, label %8, !prof !4, !misexpect !5 %9 = ptrtoint %struct.anon.1* %2 to i64 %10 = and i64 %9, -4096 %11 = add i64 %10, 2147483648 %12 = icmp ugt i64 %10, -2147483649 %13 = getelementptr %struct.anon.1, %struct.anon.1* %2, i64 0, i32 0 %14 = bitcast %struct.anon.1* %2 to %struct.anon.1* %15 = bitcast i64* %5 to i8* %16 = load %struct.page.138197*, %struct.page.138197** bitcast (i64* @vmemmap_base to %struct.page.138197**), align 8 %17 = load i64, i64* @phys_base, align 8 %18 = load i64, i64* @page_offset_base, align 8 %19 = sub i64 -2147483648, %18 %20 = select i1 %12, i64 %17, i64 %19 %21 = add i64 %11, %20 %22 = lshr i64 %21, 12 %23 = getelementptr %struct.page.138197, %struct.page.138197* %16, i64 %22, i32 1, i32 0, i32 3 %24 = bitcast i64* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #83 %25 = load i64, i64* %13, align 8 %26 = tail call i32 @pmd_huge(i64 %25) #83 %27 = icmp eq i32 %26, 0 br i1 %27, label %74, label %29 %30 = phi %struct.raw_spinlock* [ %70, %61 ], [ %24, %8 ] %31 = phi i64* [ %69, %61 ], [ %23, %8 ] %32 = bitcast i64* %31 to %struct.spinlock* %33 = load volatile i64, i64* %13, align 8 store volatile i64 %33, i64* %5, align 8 %34 = and i64 %33, 257 %35 = icmp eq i64 %34, 0 br i1 %35, label %56, label %36 %37 = bitcast i64* %31 to %struct.raw_spinlock* %38 = load %struct.page.138197*, %struct.page.138197** bitcast (i64* @vmemmap_base to %struct.page.138197**), align 8 %39 = icmp ne i64 %33, 0 %40 = and i64 %33, 1 %41 = icmp eq i64 %40, 0 %42 = and i1 %39, %41 %43 = sext i1 %42 to i64 %44 = xor i64 %33, %43 %45 = trunc i64 %33 to i8 %46 = icmp sgt i8 %45, -1 %47 = select i1 %46, i64 4503599627366400, i64 4503599625273344 %48 = and i64 %44, %47 %49 = lshr exact i64 %48, 12 %50 = getelementptr %struct.page.138197, %struct.page.138197* %38, i64 %49 %51 = lshr i64 %1, 12 %52 = and i64 %51, 511 %53 = getelementptr %struct.page.138197, %struct.page.138197* %50, i64 %52 %54 = tail call zeroext i1 bitcast (i1 (%struct.page*, i32)* @try_grab_page to i1 (%struct.page.138197*, i32)*)(%struct.page.138197* %53, i32 %3) #83 Function:try_grab_page %3 = and i32 %1, 262148 %4 = icmp eq i32 %3, 0 br i1 %4, label %8, label %5 %6 = tail call %struct.page* @try_grab_compound_head(%struct.page* %0, i32 1, i32 %1) #83 Function:try_grab_compound_head %4 = and i32 %2, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %60, label %6 %61 = and i32 %2, 262144 %62 = icmp eq i32 %61, 0 br i1 %62, label %175, label %63 %64 = and i32 %2, 65536 %65 = icmp eq i32 %64, 0 br i1 %65, label %78, label %66 %67 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %68 = load i64, i64* %67, align 16 %69 = and i64 %68, 216172782113783808 %70 = icmp eq i64 %69, 216172782113783808 br i1 %70, label %71, label %78 %79 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %80 = bitcast %union.anon.20* %79 to i64* %81 = load volatile i64, i64* %80, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = ptrtoint %struct.page* %0 to i64 %86 = select i1 %83, i64 %85, i64 %84, !prof !4 %87 = inttoptr i64 %86 to %struct.page* %88 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 3, i32 0 %89 = load volatile i32, i32* %88, align 4 %90 = icmp sgt i32 %89, -1 br i1 %90, label %92, label %91, !prof !4, !misexpect !5 %93 = load volatile i32, i32* %88, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %176, label %95, !prof !8, !misexpect !5 %96 = phi i32 [ %103, %102 ], [ %93, %92 ] %97 = add i32 %96, %1 %98 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 %97, i32* %88, i32 %96) #6, !srcloc !9 %99 = extractvalue { i8, i32 } %98, 0 %100 = and i8 %99, 1 %101 = icmp eq i8 %100, 0 br i1 %101, label %102, label %105, !prof !8, !misexpect !5 %106 = load volatile i64, i64* %80, align 8 %107 = and i64 %106, 1 %108 = icmp eq i64 %107, 0 %109 = add i64 %106, -1 %110 = select i1 %108, i64 %85, i64 %109, !prof !4 %111 = inttoptr i64 %110 to %struct.page* %112 = icmp eq %struct.page* %111, %87 br i1 %112, label %132, label %113, !prof !4, !misexpect !5 %133 = icmp eq i64 %86, 0 br i1 %133, label %176, label %134 %135 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 1 %136 = bitcast %union.anon.20* %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = and i64 %137, 1 %139 = icmp eq i64 %138, 0 %140 = add i64 %137, -1 %141 = select i1 %139, i64 %86, i64 %140, !prof !4 %142 = inttoptr i64 %141 to %struct.page* %143 = getelementptr inbounds %struct.page, %struct.page* %142, i64 0, i32 0 %144 = load volatile i64, i64* %143, align 8 %145 = and i64 %144, 65536 %146 = icmp eq i64 %145, 0 br i1 %146, label %147, label %153 %148 = getelementptr inbounds %struct.page, %struct.page* %142, i64 0, i32 1 %149 = bitcast %union.anon.20* %148 to i64* %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 1 %152 = icmp eq i64 %151, 0 br i1 %152, label %166, label %153 %154 = load volatile i64, i64* %143, align 8 %155 = and i64 %154, 65536 %156 = icmp eq i64 %155, 0 br i1 %156, label %166, label %157 %167 = mul i32 %1, 1023 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; addl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 %167, i32* %88) #6, !srcloc !12 br label %168 %169 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 0 %170 = load i64, i64* %169, align 16 %171 = lshr i64 %170, 58 %172 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %171 %173 = load %struct.pglist_data*, %struct.pglist_data** %172, align 8 %174 = sext i32 %1 to i64 tail call void bitcast (void (%struct.pglist_data.124020*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %173, i32 35, i64 %174) #83 ------------- Use: =BAD PATH= Call Stack: 0 try_grab_compound_head 1 try_grab_page 2 follow_huge_pmd 3 follow_p4d_mask 4 follow_page_mask 5 __get_user_pages 6 faultin_vma_page_range 7 madvise_populate 8 do_madvise 9 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #83 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %224, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #83 store %struct.vm_area_struct* %37, %struct.vm_area_struct** %10, align 8 %38 = icmp eq %struct.vm_area_struct* %37, null br i1 %38, label %39, label %53 %54 = call fastcc i32 @check_vma_flags(%struct.vm_area_struct* nonnull %37, i64 %20) #84 %55 = icmp eq i32 %54, 0 br i1 %55, label %58, label %56 %59 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %37, i64 0, i32 8 %60 = load i64, i64* %59, align 8 %61 = and i64 %60, 4194304 %62 = icmp eq i64 %61, 0 br i1 %62, label %72, label %63 %73 = phi %struct.vm_area_struct* [ %37, %58 ], [ %27, %32 ] %74 = phi i64 [ 0, %58 ], [ %28, %32 ] %75 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct* %77 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 0, i32 0 %78 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 109, i32 1, i32 0, i64 0 %79 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 8 br label %80 %81 = phi i32 [ %151, %146 ], [ %19, %72 ] %82 = phi i64 [ 0, %146 ], [ %74, %72 ] %83 = and i32 %81, 4160 %84 = icmp eq i32 %83, 4096 %85 = trunc i32 %81 to i8 %86 = icmp sgt i8 %85, -1 %87 = and i32 %81, 1 %88 = lshr i32 %81, 6 %89 = and i32 %88, 128 %90 = or i32 %89, %87 %91 = or i32 %90, 20 %92 = select i1 %21, i32 %90, i32 %91 %93 = and i32 %81, 32 %94 = icmp eq i32 %93, 0 %95 = or i32 %92, 12 %96 = select i1 %94, i32 %92, i32 %95 %97 = and i32 %88, 32 %98 = or i32 %96, %97 br label %99 %100 = phi i64 [ 0, %143 ], [ %82, %80 ] %101 = load volatile i64, i64* %77, align 8 %102 = and i64 %101, 4 %103 = icmp eq i64 %102, 0 br i1 %103, label %108, label %104 %109 = call i32 @__SCT__cond_resched() #83 %110 = load i64, i64* %8, align 8 %111 = call fastcc %struct.page* @follow_page_mask(%struct.vm_area_struct* %73, i64 %110, i32 %81, %struct.follow_page_context* nonnull %11) #84 Function:follow_page_mask %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 %7 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %3, i64 0, i32 1 store i32 0, i32* %7, align 8 %8 = and i32 %2, 1 %9 = tail call %struct.page* bitcast (%struct.page.138197* (%struct.mm_struct.138513*, i64, i32)* @follow_huge_addr to %struct.page* (%struct.mm_struct*, i64, i32)*)(%struct.mm_struct* %6, i64 %1, i32 %8) #83 %10 = icmp ugt %struct.page* %9, inttoptr (i64 -4096 to %struct.page*) br i1 %10, label %15, label %11 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %6, i64 0, i32 0, i32 10 %17 = load %struct.anon.1*, %struct.anon.1** %16, align 8 %18 = load i32, i32* @pgdir_shift, align 4 %19 = zext i32 %18 to i64 %20 = lshr i64 %1, %19 %21 = and i64 %20, 511 %22 = getelementptr %struct.anon.1, %struct.anon.1* %17, i64 %21 %23 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %22, i64 0, i32 0 %24 = load i64, i64* %23, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@follow_page_mask, %26), i8* blockaddress(@follow_page_mask, %28)) #6 to label %25 [label %26, label %28], !srcloc !8 %27 = icmp eq i64 %24, 0 br i1 %27, label %33, label %28 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@follow_page_mask, %30), i8* blockaddress(@follow_page_mask, %45)) #6 to label %29 [label %30, label %45], !srcloc !8 %46 = tail call fastcc %struct.page* @follow_p4d_mask(%struct.vm_area_struct* %0, i64 %1, %struct.anon.1* %22, i32 %2, %struct.follow_page_context* %3) #84 Function:follow_p4d_mask %6 = alloca i64, align 8 %7 = alloca i64, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@follow_p4d_mask, %11), i8* blockaddress(@follow_p4d_mask, %9)) #6 to label %8 [label %11, label %9], !srcloc !4 %10 = bitcast %struct.anon.1* %2 to %struct.anon.1* br label %24 %25 = phi %struct.anon.1* [ %23, %11 ], [ %10, %9 ] %26 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %25, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = and i64 %27, -97 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %42 %43 = and i64 %27, 9218868437227409304 %44 = icmp eq i64 %43, 0 br i1 %44, label %57, label %45, !prof !5, !misexpect !6 %58 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %59 = load %struct.mm_struct*, %struct.mm_struct** %58, align 8 %60 = and i64 %27, 4503599627366400 %61 = load i64, i64* @page_offset_base, align 8 %62 = add i64 %61, %60 %63 = inttoptr i64 %62 to %struct.anon.1* %64 = lshr i64 %1, 30 %65 = and i64 %64, 511 %66 = getelementptr %struct.anon.1, %struct.anon.1* %63, i64 %65 %67 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %66, i64 0, i32 0 %68 = load i64, i64* %67, align 8 %69 = and i64 %68, -97 %70 = icmp eq i64 %69, 0 br i1 %70, label %71, label %83 %84 = tail call i32 @pud_huge(i64 %68) #83 %85 = icmp eq i32 %84, 0 br i1 %85, label %106, label %86 %87 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, 4194304 %90 = icmp eq i64 %89, 0 br i1 %90, label %106, label %91 %107 = load i64, i64* %67, align 8 %108 = trunc i64 %107 to i8 %109 = icmp sgt i8 %108, -1 %110 = select i1 %109, i64 -4503599627366504, i64 -4503598553628776 %111 = and i64 %110, %107 %112 = icmp eq i64 %111, 0 br i1 %112, label %125, label %113, !prof !5, !misexpect !6 %126 = bitcast i64* %7 to i8* %127 = load %struct.mm_struct*, %struct.mm_struct** %58, align 8 %128 = select i1 %109, i64 4503599627366400, i64 4503598553628672 %129 = and i64 %128, %107 %130 = load i64, i64* @page_offset_base, align 8 %131 = add i64 %130, %129 %132 = inttoptr i64 %131 to %struct.anon.1* %133 = lshr i64 %1, 21 %134 = and i64 %133, 511 %135 = getelementptr %struct.anon.1, %struct.anon.1* %132, i64 %134 %136 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %135, i64 0, i32 0 %137 = load volatile i64, i64* %136, align 8 store volatile i64 %137, i64* %7, align 8 %138 = and i64 %137, -97 %139 = icmp eq i64 %138, 0 br i1 %139, label %140, label %152 %153 = tail call i32 @pmd_huge(i64 %137) #83 %154 = icmp eq i32 %153, 0 br i1 %154, label %175, label %155 %156 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %157 = load i64, i64* %156, align 8 %158 = and i64 %157, 4194304 %159 = icmp eq i64 %158, 0 br i1 %159, label %175, label %160 %161 = tail call %struct.page* bitcast (%struct.page.138197* (%struct.mm_struct.138513*, i64, %struct.anon.1*, i32)* @follow_huge_pmd to %struct.page* (%struct.mm_struct*, i64, %struct.anon.1*, i32)*)(%struct.mm_struct* %127, i64 %1, %struct.anon.1* %135, i32 %3) #83 Function:follow_huge_pmd %5 = alloca i64, align 8 %6 = and i32 %3, 262148 %7 = icmp eq i32 %6, 262148 br i1 %7, label %28, label %8, !prof !4, !misexpect !5 %9 = ptrtoint %struct.anon.1* %2 to i64 %10 = and i64 %9, -4096 %11 = add i64 %10, 2147483648 %12 = icmp ugt i64 %10, -2147483649 %13 = getelementptr %struct.anon.1, %struct.anon.1* %2, i64 0, i32 0 %14 = bitcast %struct.anon.1* %2 to %struct.anon.1* %15 = bitcast i64* %5 to i8* %16 = load %struct.page.138197*, %struct.page.138197** bitcast (i64* @vmemmap_base to %struct.page.138197**), align 8 %17 = load i64, i64* @phys_base, align 8 %18 = load i64, i64* @page_offset_base, align 8 %19 = sub i64 -2147483648, %18 %20 = select i1 %12, i64 %17, i64 %19 %21 = add i64 %11, %20 %22 = lshr i64 %21, 12 %23 = getelementptr %struct.page.138197, %struct.page.138197* %16, i64 %22, i32 1, i32 0, i32 3 %24 = bitcast i64* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #83 %25 = load i64, i64* %13, align 8 %26 = tail call i32 @pmd_huge(i64 %25) #83 %27 = icmp eq i32 %26, 0 br i1 %27, label %74, label %29 %30 = phi %struct.raw_spinlock* [ %70, %61 ], [ %24, %8 ] %31 = phi i64* [ %69, %61 ], [ %23, %8 ] %32 = bitcast i64* %31 to %struct.spinlock* %33 = load volatile i64, i64* %13, align 8 store volatile i64 %33, i64* %5, align 8 %34 = and i64 %33, 257 %35 = icmp eq i64 %34, 0 br i1 %35, label %56, label %36 %37 = bitcast i64* %31 to %struct.raw_spinlock* %38 = load %struct.page.138197*, %struct.page.138197** bitcast (i64* @vmemmap_base to %struct.page.138197**), align 8 %39 = icmp ne i64 %33, 0 %40 = and i64 %33, 1 %41 = icmp eq i64 %40, 0 %42 = and i1 %39, %41 %43 = sext i1 %42 to i64 %44 = xor i64 %33, %43 %45 = trunc i64 %33 to i8 %46 = icmp sgt i8 %45, -1 %47 = select i1 %46, i64 4503599627366400, i64 4503599625273344 %48 = and i64 %44, %47 %49 = lshr exact i64 %48, 12 %50 = getelementptr %struct.page.138197, %struct.page.138197* %38, i64 %49 %51 = lshr i64 %1, 12 %52 = and i64 %51, 511 %53 = getelementptr %struct.page.138197, %struct.page.138197* %50, i64 %52 %54 = tail call zeroext i1 bitcast (i1 (%struct.page*, i32)* @try_grab_page to i1 (%struct.page.138197*, i32)*)(%struct.page.138197* %53, i32 %3) #83 Function:try_grab_page %3 = and i32 %1, 262148 %4 = icmp eq i32 %3, 0 br i1 %4, label %8, label %5 %6 = tail call %struct.page* @try_grab_compound_head(%struct.page* %0, i32 1, i32 %1) #83 Function:try_grab_compound_head %4 = and i32 %2, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %60, label %6 %61 = and i32 %2, 262144 %62 = icmp eq i32 %61, 0 br i1 %62, label %175, label %63 %64 = and i32 %2, 65536 %65 = icmp eq i32 %64, 0 br i1 %65, label %78, label %66 %67 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %68 = load i64, i64* %67, align 16 %69 = and i64 %68, 216172782113783808 %70 = icmp eq i64 %69, 216172782113783808 br i1 %70, label %71, label %78 %79 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %80 = bitcast %union.anon.20* %79 to i64* %81 = load volatile i64, i64* %80, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = ptrtoint %struct.page* %0 to i64 %86 = select i1 %83, i64 %85, i64 %84, !prof !4 %87 = inttoptr i64 %86 to %struct.page* %88 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 3, i32 0 %89 = load volatile i32, i32* %88, align 4 %90 = icmp sgt i32 %89, -1 br i1 %90, label %92, label %91, !prof !4, !misexpect !5 %93 = load volatile i32, i32* %88, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %176, label %95, !prof !8, !misexpect !5 %96 = phi i32 [ %103, %102 ], [ %93, %92 ] %97 = add i32 %96, %1 %98 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 %97, i32* %88, i32 %96) #6, !srcloc !9 %99 = extractvalue { i8, i32 } %98, 0 %100 = and i8 %99, 1 %101 = icmp eq i8 %100, 0 br i1 %101, label %102, label %105, !prof !8, !misexpect !5 %106 = load volatile i64, i64* %80, align 8 %107 = and i64 %106, 1 %108 = icmp eq i64 %107, 0 %109 = add i64 %106, -1 %110 = select i1 %108, i64 %85, i64 %109, !prof !4 %111 = inttoptr i64 %110 to %struct.page* %112 = icmp eq %struct.page* %111, %87 br i1 %112, label %132, label %113, !prof !4, !misexpect !5 %133 = icmp eq i64 %86, 0 br i1 %133, label %176, label %134 %135 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 1 %136 = bitcast %union.anon.20* %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = and i64 %137, 1 %139 = icmp eq i64 %138, 0 %140 = add i64 %137, -1 %141 = select i1 %139, i64 %86, i64 %140, !prof !4 %142 = inttoptr i64 %141 to %struct.page* %143 = getelementptr inbounds %struct.page, %struct.page* %142, i64 0, i32 0 %144 = load volatile i64, i64* %143, align 8 %145 = and i64 %144, 65536 %146 = icmp eq i64 %145, 0 br i1 %146, label %147, label %153 %148 = getelementptr inbounds %struct.page, %struct.page* %142, i64 0, i32 1 %149 = bitcast %union.anon.20* %148 to i64* %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 1 %152 = icmp eq i64 %151, 0 br i1 %152, label %166, label %153 %154 = load volatile i64, i64* %143, align 8 %155 = and i64 %154, 65536 %156 = icmp eq i64 %155, 0 br i1 %156, label %166, label %157 %167 = mul i32 %1, 1023 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; addl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 %167, i32* %88) #6, !srcloc !12 br label %168 %169 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 0 %170 = load i64, i64* %169, align 16 %171 = lshr i64 %170, 58 %172 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %171 %173 = load %struct.pglist_data*, %struct.pglist_data** %172, align 8 %174 = sext i32 %1 to i64 tail call void bitcast (void (%struct.pglist_data.124020*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %173, i32 35, i64 %174) #83 ------------- Use: =BAD PATH= Call Stack: 0 try_grab_compound_head 1 gup_huge_pud 2 gup_p4d_range 3 lockless_pages_from_mm 4 internal_get_user_pages_fast 5 get_user_pages_fast 6 get_futex_key 7 futex_wake 8 do_futex 9 __se_sys_futex 10 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 Function:get_user_pages_fast %5 = and i32 %2, 262144 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 65536 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11, !prof !4, !misexpect !5 %13 = or i32 %2, 4 %14 = sext i32 %1 to i64 %15 = tail call fastcc i32 @internal_get_user_pages_fast(i64 %0, i64 %14, i32 %13, %struct.page** %3) #83 Function:internal_get_user_pages_fast %5 = and i32 %2, -852118 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 262144 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 47 %15 = load %struct.mm_struct*, %struct.mm_struct** %14, align 8 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %15, i64 0, i32 0, i32 45 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 268435456 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %23 %21 = bitcast i64* %16 to i8* %22 = getelementptr i8, i8* %21, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %22, i32 16, i8* %22) #6, !srcloc !9 br label %23 %24 = and i32 %2, 524288 %25 = and i64 %0, -4096 %26 = shl i64 %1, 12 %28 = extractvalue { i64, i1 } %27, 1 %29 = extractvalue { i64, i1 } %27, 0 br i1 %28, label %57, label %30 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !10 %32 = extractvalue { i64, i1 } %27, 1 %33 = icmp ugt i64 %29, %31 %34 = or i1 %32, %33 br i1 %34, label %57, label %35, !prof !11, !misexpect !5 %36 = tail call fastcc i64 @lockless_pages_from_mm(i64 %25, i64 %29, i32 %2, %struct.page** %3) #83 Function:lockless_pages_from_mm %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %11), i8* blockaddress(@lockless_pages_from_mm, %10)) #6 to label %9 [label %11, label %10], !srcloc !4 %12 = phi i64 [ 47, %10 ], [ 56, %4 ], [ 56, %9 ] %13 = lshr i64 %1, %12 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %90 %16 = and i32 %2, 262144 %17 = icmp eq i32 %16, 0 br i1 %17, label %27, label %18 %28 = phi i32 [ %24, %18 ], [ undef, %15 ] %29 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %30 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %31 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 %34 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 %35 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 10 %36 = load %struct.anon.1*, %struct.anon.1** %35, align 8 %37 = load i32, i32* @pgdir_shift, align 4 %38 = zext i32 %37 to i64 %39 = lshr i64 %0, %38 %40 = and i64 %39, 511 %41 = getelementptr %struct.anon.1, %struct.anon.1* %36, i64 %40 %42 = add i64 %1, -1 %43 = bitcast i64* %5 to i8* br label %44 %45 = phi i32 [ %37, %27 ], [ %72, %70 ] %46 = phi %struct.anon.1* [ %41, %27 ], [ %71, %70 ] %47 = phi i64 [ %0, %27 ], [ %57, %70 ] %48 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %46, i64 0, i32 0 %49 = load volatile i64, i64* %48, align 8 store volatile i64 %49, i64* %5, align 8 %50 = zext i32 %45 to i64 %51 = shl nuw i64 1, %50 %52 = add i64 %51, %47 %53 = sub i64 0, %51 %54 = and i64 %52, %53 %55 = add i64 %54, -1 %56 = icmp ult i64 %55, %42 %57 = select i1 %56, i64 %54, i64 %1 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %59), i8* blockaddress(@lockless_pages_from_mm, %62)) #6 to label %58 [label %59, label %62], !srcloc !4 br label %59 %60 = icmp eq i64 %49, 0 %61 = zext i1 %60 to i32 br label %62 %63 = phi i32 [ %61, %59 ], [ 0, %44 ] %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %73 %66 = call fastcc i32 @gup_p4d_range(i64 %49, i64 %47, i64 %57, i32 %2, %struct.page** %3, i32* nonnull %7) #83 Function:gup_p4d_range %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.1, align 8 %10 = alloca i64, align 8 %11 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %9, i64 0, i32 0 store i64 %0, i64* %11, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@gup_p4d_range, %15), i8* blockaddress(@gup_p4d_range, %13)) #6 to label %12 [label %15, label %13], !srcloc !4 %14 = bitcast %struct.anon.1* %9 to %struct.anon.1* br label %26 %27 = phi %struct.anon.1* [ %25, %15 ], [ %14, %13 ] %28 = bitcast i64* %10 to i8* %29 = add i64 %2, -1 %30 = bitcast i64* %8 to i8* %31 = bitcast i64* %7 to i8* br label %32 %33 = phi %struct.anon.1* [ %27, %26 ], [ %113, %112 ] %34 = phi i64 [ %1, %26 ], [ %41, %112 ] %35 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %33, i64 0, i32 0 %36 = load volatile i64, i64* %35, align 8 store volatile i64 %36, i64* %10, align 8 %37 = add i64 %34, 549755813888 %38 = and i64 %37, -549755813888 %39 = add i64 %38, -1 %40 = icmp ult i64 %39, %29 %41 = select i1 %40, i64 %38, i64 %2 %42 = and i64 %36, -97 %43 = icmp eq i64 %42, 0 br i1 %43, label %115, label %44 %45 = and i64 %36, 4503599627366400 %46 = load i64, i64* @page_offset_base, align 8 %47 = add i64 %46, %45 %48 = inttoptr i64 %47 to %struct.anon.1* %49 = lshr i64 %34, 30 %50 = and i64 %49, 511 %51 = getelementptr %struct.anon.1, %struct.anon.1* %48, i64 %50 %52 = add i64 %41, -1 br label %53 %54 = phi %struct.anon.1* [ %51, %44 ], [ %109, %108 ] %55 = phi i64 [ %34, %44 ], [ %62, %108 ] %56 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %54, i64 0, i32 0 %57 = load volatile i64, i64* %56, align 8 store volatile i64 %57, i64* %8, align 8 %58 = add i64 %55, 1073741824 %59 = and i64 %58, -1073741824 %60 = add i64 %59, -1 %61 = icmp ult i64 %60, %52 %62 = select i1 %61, i64 %59, i64 %41 %63 = and i64 %57, 1 %64 = icmp eq i64 %63, 0 br i1 %64, label %111, label %65, !prof !5, !misexpect !6 %66 = tail call i32 @pud_huge(i64 %57) #83 %67 = icmp eq i32 %66, 0 br i1 %67, label %71, label %68, !prof !7, !misexpect !6 %69 = tail call fastcc i32 @gup_huge_pud(i64 %57, %struct.anon.1* %54, i64 %55, i64 %62, i32 %3, %struct.page** %4, i32* %5) #83 Function:gup_huge_pud %8 = and i32 %4, 1 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i64 5, i64 7 %11 = and i64 %10, %0 %12 = icmp eq i64 %11, %10 br i1 %12, label %13, label %88 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 516, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 56), i8* blockaddress(@gup_huge_pud, %15), i8* blockaddress(@gup_huge_pud, %18)) #6 to label %14 [label %15, label %18], !srcloc !4 br label %15 %16 = tail call { i32, i32 } asm sideeffect ".byte 0x0f,0x01,0xee\0A\09", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 0) #6, !srcloc !5 %17 = extractvalue { i32, i32 } %16, 0 br label %18 %19 = phi i32 [ %17, %15 ], [ 0, %13 ] %20 = lshr i64 %0, 58 %21 = trunc i64 %20 to i32 %22 = and i32 %21, 30 %23 = shl nuw nsw i32 1, %22 %24 = and i32 %19, %23 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %88 br i1 %9, label %31, label %27 %32 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %33 = icmp ne i64 %0, 0 %34 = and i64 %0, 1 %35 = icmp eq i64 %34, 0 %36 = and i1 %33, %35 %37 = sext i1 %36 to i64 %38 = xor i64 %37, %0 %39 = trunc i64 %0 to i8 %40 = icmp sgt i8 %39, -1 %41 = select i1 %40, i64 4503599627366400, i64 4503598553628672 %42 = and i64 %38, %41 %43 = lshr exact i64 %42, 12 %44 = load i32, i32* %6, align 4 %45 = sext i32 %44 to i64 %46 = getelementptr %struct.page*, %struct.page** %5, i64 %45 %47 = icmp eq i64 %2, %3 br i1 %47, label %65, label %48 %49 = getelementptr %struct.page, %struct.page* %32, i64 %43 %50 = lshr i64 %2, 12 %51 = and i64 %50, 262143 %52 = getelementptr %struct.page, %struct.page* %49, i64 %51 br label %53 %54 = phi i32 [ %58, %53 ], [ 0, %48 ] %55 = phi %struct.page* [ %57, %53 ], [ %52, %48 ] %56 = phi i64 [ %61, %53 ], [ %2, %48 ] %57 = getelementptr %struct.page, %struct.page* %55, i64 1 %58 = add i32 %54, 1 %59 = sext i32 %54 to i64 %60 = getelementptr %struct.page*, %struct.page** %46, i64 %59 store %struct.page* %55, %struct.page** %60, align 8 %61 = add i64 %56, 4096 %62 = icmp eq i64 %61, %3 br i1 %62, label %63, label %53 %64 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 br label %65 %66 = phi %struct.page* [ %32, %31 ], [ %64, %63 ] %67 = phi i32 [ 0, %31 ], [ %58, %63 ] %68 = getelementptr %struct.page, %struct.page* %66, i64 %43 %69 = tail call %struct.page* @try_grab_compound_head(%struct.page* %68, i32 %67, i32 %4) #83 Function:try_grab_compound_head %4 = and i32 %2, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %60, label %6 %61 = and i32 %2, 262144 %62 = icmp eq i32 %61, 0 br i1 %62, label %175, label %63 %64 = and i32 %2, 65536 %65 = icmp eq i32 %64, 0 br i1 %65, label %78, label %66 %67 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %68 = load i64, i64* %67, align 16 %69 = and i64 %68, 216172782113783808 %70 = icmp eq i64 %69, 216172782113783808 br i1 %70, label %71, label %78 %79 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %80 = bitcast %union.anon.20* %79 to i64* %81 = load volatile i64, i64* %80, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = ptrtoint %struct.page* %0 to i64 %86 = select i1 %83, i64 %85, i64 %84, !prof !4 %87 = inttoptr i64 %86 to %struct.page* %88 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 3, i32 0 %89 = load volatile i32, i32* %88, align 4 %90 = icmp sgt i32 %89, -1 br i1 %90, label %92, label %91, !prof !4, !misexpect !5 %93 = load volatile i32, i32* %88, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %176, label %95, !prof !8, !misexpect !5 %96 = phi i32 [ %103, %102 ], [ %93, %92 ] %97 = add i32 %96, %1 %98 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 %97, i32* %88, i32 %96) #6, !srcloc !9 %99 = extractvalue { i8, i32 } %98, 0 %100 = and i8 %99, 1 %101 = icmp eq i8 %100, 0 br i1 %101, label %102, label %105, !prof !8, !misexpect !5 %106 = load volatile i64, i64* %80, align 8 %107 = and i64 %106, 1 %108 = icmp eq i64 %107, 0 %109 = add i64 %106, -1 %110 = select i1 %108, i64 %85, i64 %109, !prof !4 %111 = inttoptr i64 %110 to %struct.page* %112 = icmp eq %struct.page* %111, %87 br i1 %112, label %132, label %113, !prof !4, !misexpect !5 %133 = icmp eq i64 %86, 0 br i1 %133, label %176, label %134 %135 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 1 %136 = bitcast %union.anon.20* %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = and i64 %137, 1 %139 = icmp eq i64 %138, 0 %140 = add i64 %137, -1 %141 = select i1 %139, i64 %86, i64 %140, !prof !4 %142 = inttoptr i64 %141 to %struct.page* %143 = getelementptr inbounds %struct.page, %struct.page* %142, i64 0, i32 0 %144 = load volatile i64, i64* %143, align 8 %145 = and i64 %144, 65536 %146 = icmp eq i64 %145, 0 br i1 %146, label %147, label %153 %148 = getelementptr inbounds %struct.page, %struct.page* %142, i64 0, i32 1 %149 = bitcast %union.anon.20* %148 to i64* %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 1 %152 = icmp eq i64 %151, 0 br i1 %152, label %166, label %153 %154 = load volatile i64, i64* %143, align 8 %155 = and i64 %154, 65536 %156 = icmp eq i64 %155, 0 br i1 %156, label %166, label %157 %167 = mul i32 %1, 1023 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; addl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 %167, i32* %88) #6, !srcloc !12 br label %168 %169 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 0 %170 = load i64, i64* %169, align 16 %171 = lshr i64 %170, 58 %172 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %171 %173 = load %struct.pglist_data*, %struct.pglist_data** %172, align 8 %174 = sext i32 %1 to i64 tail call void bitcast (void (%struct.pglist_data.124020*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %173, i32 35, i64 %174) #83 ------------- Use: =BAD PATH= Call Stack: 0 try_grab_compound_head 1 gup_huge_pud 2 gup_p4d_range 3 lockless_pages_from_mm 4 internal_get_user_pages_fast 5 get_user_pages_fast 6 get_futex_key 7 futex_wake 8 do_futex 9 __se_sys_futex 10 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 Function:get_user_pages_fast %5 = and i32 %2, 262144 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 65536 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11, !prof !4, !misexpect !5 %13 = or i32 %2, 4 %14 = sext i32 %1 to i64 %15 = tail call fastcc i32 @internal_get_user_pages_fast(i64 %0, i64 %14, i32 %13, %struct.page** %3) #83 Function:internal_get_user_pages_fast %5 = and i32 %2, -852118 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 262144 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 47 %15 = load %struct.mm_struct*, %struct.mm_struct** %14, align 8 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %15, i64 0, i32 0, i32 45 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 268435456 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %23 %21 = bitcast i64* %16 to i8* %22 = getelementptr i8, i8* %21, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %22, i32 16, i8* %22) #6, !srcloc !9 br label %23 %24 = and i32 %2, 524288 %25 = and i64 %0, -4096 %26 = shl i64 %1, 12 %28 = extractvalue { i64, i1 } %27, 1 %29 = extractvalue { i64, i1 } %27, 0 br i1 %28, label %57, label %30 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !10 %32 = extractvalue { i64, i1 } %27, 1 %33 = icmp ugt i64 %29, %31 %34 = or i1 %32, %33 br i1 %34, label %57, label %35, !prof !11, !misexpect !5 %36 = tail call fastcc i64 @lockless_pages_from_mm(i64 %25, i64 %29, i32 %2, %struct.page** %3) #83 Function:lockless_pages_from_mm %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %11), i8* blockaddress(@lockless_pages_from_mm, %10)) #6 to label %9 [label %11, label %10], !srcloc !4 %12 = phi i64 [ 47, %10 ], [ 56, %4 ], [ 56, %9 ] %13 = lshr i64 %1, %12 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %90 %16 = and i32 %2, 262144 %17 = icmp eq i32 %16, 0 br i1 %17, label %27, label %18 %28 = phi i32 [ %24, %18 ], [ undef, %15 ] %29 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %30 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %31 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 %34 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 %35 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 10 %36 = load %struct.anon.1*, %struct.anon.1** %35, align 8 %37 = load i32, i32* @pgdir_shift, align 4 %38 = zext i32 %37 to i64 %39 = lshr i64 %0, %38 %40 = and i64 %39, 511 %41 = getelementptr %struct.anon.1, %struct.anon.1* %36, i64 %40 %42 = add i64 %1, -1 %43 = bitcast i64* %5 to i8* br label %44 %45 = phi i32 [ %37, %27 ], [ %72, %70 ] %46 = phi %struct.anon.1* [ %41, %27 ], [ %71, %70 ] %47 = phi i64 [ %0, %27 ], [ %57, %70 ] %48 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %46, i64 0, i32 0 %49 = load volatile i64, i64* %48, align 8 store volatile i64 %49, i64* %5, align 8 %50 = zext i32 %45 to i64 %51 = shl nuw i64 1, %50 %52 = add i64 %51, %47 %53 = sub i64 0, %51 %54 = and i64 %52, %53 %55 = add i64 %54, -1 %56 = icmp ult i64 %55, %42 %57 = select i1 %56, i64 %54, i64 %1 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %59), i8* blockaddress(@lockless_pages_from_mm, %62)) #6 to label %58 [label %59, label %62], !srcloc !4 br label %59 %60 = icmp eq i64 %49, 0 %61 = zext i1 %60 to i32 br label %62 %63 = phi i32 [ %61, %59 ], [ 0, %44 ] %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %73 %66 = call fastcc i32 @gup_p4d_range(i64 %49, i64 %47, i64 %57, i32 %2, %struct.page** %3, i32* nonnull %7) #83 Function:gup_p4d_range %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.1, align 8 %10 = alloca i64, align 8 %11 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %9, i64 0, i32 0 store i64 %0, i64* %11, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@gup_p4d_range, %15), i8* blockaddress(@gup_p4d_range, %13)) #6 to label %12 [label %15, label %13], !srcloc !4 %14 = bitcast %struct.anon.1* %9 to %struct.anon.1* br label %26 %27 = phi %struct.anon.1* [ %25, %15 ], [ %14, %13 ] %28 = bitcast i64* %10 to i8* %29 = add i64 %2, -1 %30 = bitcast i64* %8 to i8* %31 = bitcast i64* %7 to i8* br label %32 %33 = phi %struct.anon.1* [ %27, %26 ], [ %113, %112 ] %34 = phi i64 [ %1, %26 ], [ %41, %112 ] %35 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %33, i64 0, i32 0 %36 = load volatile i64, i64* %35, align 8 store volatile i64 %36, i64* %10, align 8 %37 = add i64 %34, 549755813888 %38 = and i64 %37, -549755813888 %39 = add i64 %38, -1 %40 = icmp ult i64 %39, %29 %41 = select i1 %40, i64 %38, i64 %2 %42 = and i64 %36, -97 %43 = icmp eq i64 %42, 0 br i1 %43, label %115, label %44 %45 = and i64 %36, 4503599627366400 %46 = load i64, i64* @page_offset_base, align 8 %47 = add i64 %46, %45 %48 = inttoptr i64 %47 to %struct.anon.1* %49 = lshr i64 %34, 30 %50 = and i64 %49, 511 %51 = getelementptr %struct.anon.1, %struct.anon.1* %48, i64 %50 %52 = add i64 %41, -1 br label %53 %54 = phi %struct.anon.1* [ %51, %44 ], [ %109, %108 ] %55 = phi i64 [ %34, %44 ], [ %62, %108 ] %56 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %54, i64 0, i32 0 %57 = load volatile i64, i64* %56, align 8 store volatile i64 %57, i64* %8, align 8 %58 = add i64 %55, 1073741824 %59 = and i64 %58, -1073741824 %60 = add i64 %59, -1 %61 = icmp ult i64 %60, %52 %62 = select i1 %61, i64 %59, i64 %41 %63 = and i64 %57, 1 %64 = icmp eq i64 %63, 0 br i1 %64, label %111, label %65, !prof !5, !misexpect !6 %66 = tail call i32 @pud_huge(i64 %57) #83 %67 = icmp eq i32 %66, 0 br i1 %67, label %71, label %68, !prof !7, !misexpect !6 %69 = tail call fastcc i32 @gup_huge_pud(i64 %57, %struct.anon.1* %54, i64 %55, i64 %62, i32 %3, %struct.page** %4, i32* %5) #83 Function:gup_huge_pud %8 = and i32 %4, 1 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i64 5, i64 7 %11 = and i64 %10, %0 %12 = icmp eq i64 %11, %10 br i1 %12, label %13, label %88 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 516, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 56), i8* blockaddress(@gup_huge_pud, %15), i8* blockaddress(@gup_huge_pud, %18)) #6 to label %14 [label %15, label %18], !srcloc !4 br label %15 %16 = tail call { i32, i32 } asm sideeffect ".byte 0x0f,0x01,0xee\0A\09", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 0) #6, !srcloc !5 %17 = extractvalue { i32, i32 } %16, 0 br label %18 %19 = phi i32 [ %17, %15 ], [ 0, %13 ] %20 = lshr i64 %0, 58 %21 = trunc i64 %20 to i32 %22 = and i32 %21, 30 %23 = shl nuw nsw i32 1, %22 %24 = and i32 %19, %23 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %88 br i1 %9, label %31, label %27 %32 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %33 = icmp ne i64 %0, 0 %34 = and i64 %0, 1 %35 = icmp eq i64 %34, 0 %36 = and i1 %33, %35 %37 = sext i1 %36 to i64 %38 = xor i64 %37, %0 %39 = trunc i64 %0 to i8 %40 = icmp sgt i8 %39, -1 %41 = select i1 %40, i64 4503599627366400, i64 4503598553628672 %42 = and i64 %38, %41 %43 = lshr exact i64 %42, 12 %44 = load i32, i32* %6, align 4 %45 = sext i32 %44 to i64 %46 = getelementptr %struct.page*, %struct.page** %5, i64 %45 %47 = icmp eq i64 %2, %3 br i1 %47, label %65, label %48 %49 = getelementptr %struct.page, %struct.page* %32, i64 %43 %50 = lshr i64 %2, 12 %51 = and i64 %50, 262143 %52 = getelementptr %struct.page, %struct.page* %49, i64 %51 br label %53 %54 = phi i32 [ %58, %53 ], [ 0, %48 ] %55 = phi %struct.page* [ %57, %53 ], [ %52, %48 ] %56 = phi i64 [ %61, %53 ], [ %2, %48 ] %57 = getelementptr %struct.page, %struct.page* %55, i64 1 %58 = add i32 %54, 1 %59 = sext i32 %54 to i64 %60 = getelementptr %struct.page*, %struct.page** %46, i64 %59 store %struct.page* %55, %struct.page** %60, align 8 %61 = add i64 %56, 4096 %62 = icmp eq i64 %61, %3 br i1 %62, label %63, label %53 %64 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 br label %65 %66 = phi %struct.page* [ %32, %31 ], [ %64, %63 ] %67 = phi i32 [ 0, %31 ], [ %58, %63 ] %68 = getelementptr %struct.page, %struct.page* %66, i64 %43 %69 = tail call %struct.page* @try_grab_compound_head(%struct.page* %68, i32 %67, i32 %4) #83 Function:try_grab_compound_head %4 = and i32 %2, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %60, label %6 %61 = and i32 %2, 262144 %62 = icmp eq i32 %61, 0 br i1 %62, label %175, label %63 %64 = and i32 %2, 65536 %65 = icmp eq i32 %64, 0 br i1 %65, label %78, label %66 %67 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %68 = load i64, i64* %67, align 16 %69 = and i64 %68, 216172782113783808 %70 = icmp eq i64 %69, 216172782113783808 br i1 %70, label %71, label %78 %79 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %80 = bitcast %union.anon.20* %79 to i64* %81 = load volatile i64, i64* %80, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = ptrtoint %struct.page* %0 to i64 %86 = select i1 %83, i64 %85, i64 %84, !prof !4 %87 = inttoptr i64 %86 to %struct.page* %88 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 3, i32 0 %89 = load volatile i32, i32* %88, align 4 %90 = icmp sgt i32 %89, -1 br i1 %90, label %92, label %91, !prof !4, !misexpect !5 %93 = load volatile i32, i32* %88, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %176, label %95, !prof !8, !misexpect !5 %96 = phi i32 [ %103, %102 ], [ %93, %92 ] %97 = add i32 %96, %1 %98 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 %97, i32* %88, i32 %96) #6, !srcloc !9 %99 = extractvalue { i8, i32 } %98, 0 %100 = and i8 %99, 1 %101 = icmp eq i8 %100, 0 br i1 %101, label %102, label %105, !prof !8, !misexpect !5 %106 = load volatile i64, i64* %80, align 8 %107 = and i64 %106, 1 %108 = icmp eq i64 %107, 0 %109 = add i64 %106, -1 %110 = select i1 %108, i64 %85, i64 %109, !prof !4 %111 = inttoptr i64 %110 to %struct.page* %112 = icmp eq %struct.page* %111, %87 br i1 %112, label %132, label %113, !prof !4, !misexpect !5 %133 = icmp eq i64 %86, 0 br i1 %133, label %176, label %134 %135 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 1 %136 = bitcast %union.anon.20* %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = and i64 %137, 1 %139 = icmp eq i64 %138, 0 %140 = add i64 %137, -1 %141 = select i1 %139, i64 %86, i64 %140, !prof !4 %142 = inttoptr i64 %141 to %struct.page* %143 = getelementptr inbounds %struct.page, %struct.page* %142, i64 0, i32 0 %144 = load volatile i64, i64* %143, align 8 %145 = and i64 %144, 65536 %146 = icmp eq i64 %145, 0 br i1 %146, label %147, label %153 %148 = getelementptr inbounds %struct.page, %struct.page* %142, i64 0, i32 1 %149 = bitcast %union.anon.20* %148 to i64* %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 1 %152 = icmp eq i64 %151, 0 br i1 %152, label %166, label %153 %154 = load volatile i64, i64* %143, align 8 %155 = and i64 %154, 65536 %156 = icmp eq i64 %155, 0 br i1 %156, label %166, label %157 %167 = mul i32 %1, 1023 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; addl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 %167, i32* %88) #6, !srcloc !12 br label %168 %169 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 0 %170 = load i64, i64* %169, align 16 %171 = lshr i64 %170, 58 %172 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %171 %173 = load %struct.pglist_data*, %struct.pglist_data** %172, align 8 %174 = sext i32 %1 to i64 tail call void bitcast (void (%struct.pglist_data.124020*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %173, i32 35, i64 %174) #83 ------------- Use: =BAD PATH= Call Stack: 0 try_grab_compound_head 1 gup_huge_pud 2 gup_p4d_range 3 lockless_pages_from_mm 4 internal_get_user_pages_fast 5 get_user_pages_fast 6 get_futex_key 7 futex_wake 8 do_futex 9 __se_sys_futex_time32 10 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 Function:get_user_pages_fast %5 = and i32 %2, 262144 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 65536 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11, !prof !4, !misexpect !5 %13 = or i32 %2, 4 %14 = sext i32 %1 to i64 %15 = tail call fastcc i32 @internal_get_user_pages_fast(i64 %0, i64 %14, i32 %13, %struct.page** %3) #83 Function:internal_get_user_pages_fast %5 = and i32 %2, -852118 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 262144 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 47 %15 = load %struct.mm_struct*, %struct.mm_struct** %14, align 8 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %15, i64 0, i32 0, i32 45 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 268435456 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %23 %21 = bitcast i64* %16 to i8* %22 = getelementptr i8, i8* %21, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %22, i32 16, i8* %22) #6, !srcloc !9 br label %23 %24 = and i32 %2, 524288 %25 = and i64 %0, -4096 %26 = shl i64 %1, 12 %28 = extractvalue { i64, i1 } %27, 1 %29 = extractvalue { i64, i1 } %27, 0 br i1 %28, label %57, label %30 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !10 %32 = extractvalue { i64, i1 } %27, 1 %33 = icmp ugt i64 %29, %31 %34 = or i1 %32, %33 br i1 %34, label %57, label %35, !prof !11, !misexpect !5 %36 = tail call fastcc i64 @lockless_pages_from_mm(i64 %25, i64 %29, i32 %2, %struct.page** %3) #83 Function:lockless_pages_from_mm %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %11), i8* blockaddress(@lockless_pages_from_mm, %10)) #6 to label %9 [label %11, label %10], !srcloc !4 %12 = phi i64 [ 47, %10 ], [ 56, %4 ], [ 56, %9 ] %13 = lshr i64 %1, %12 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %90 %16 = and i32 %2, 262144 %17 = icmp eq i32 %16, 0 br i1 %17, label %27, label %18 %28 = phi i32 [ %24, %18 ], [ undef, %15 ] %29 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %30 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %31 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 %34 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 %35 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 10 %36 = load %struct.anon.1*, %struct.anon.1** %35, align 8 %37 = load i32, i32* @pgdir_shift, align 4 %38 = zext i32 %37 to i64 %39 = lshr i64 %0, %38 %40 = and i64 %39, 511 %41 = getelementptr %struct.anon.1, %struct.anon.1* %36, i64 %40 %42 = add i64 %1, -1 %43 = bitcast i64* %5 to i8* br label %44 %45 = phi i32 [ %37, %27 ], [ %72, %70 ] %46 = phi %struct.anon.1* [ %41, %27 ], [ %71, %70 ] %47 = phi i64 [ %0, %27 ], [ %57, %70 ] %48 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %46, i64 0, i32 0 %49 = load volatile i64, i64* %48, align 8 store volatile i64 %49, i64* %5, align 8 %50 = zext i32 %45 to i64 %51 = shl nuw i64 1, %50 %52 = add i64 %51, %47 %53 = sub i64 0, %51 %54 = and i64 %52, %53 %55 = add i64 %54, -1 %56 = icmp ult i64 %55, %42 %57 = select i1 %56, i64 %54, i64 %1 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %59), i8* blockaddress(@lockless_pages_from_mm, %62)) #6 to label %58 [label %59, label %62], !srcloc !4 br label %59 %60 = icmp eq i64 %49, 0 %61 = zext i1 %60 to i32 br label %62 %63 = phi i32 [ %61, %59 ], [ 0, %44 ] %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %73 %66 = call fastcc i32 @gup_p4d_range(i64 %49, i64 %47, i64 %57, i32 %2, %struct.page** %3, i32* nonnull %7) #83 Function:gup_p4d_range %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.1, align 8 %10 = alloca i64, align 8 %11 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %9, i64 0, i32 0 store i64 %0, i64* %11, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@gup_p4d_range, %15), i8* blockaddress(@gup_p4d_range, %13)) #6 to label %12 [label %15, label %13], !srcloc !4 %14 = bitcast %struct.anon.1* %9 to %struct.anon.1* br label %26 %27 = phi %struct.anon.1* [ %25, %15 ], [ %14, %13 ] %28 = bitcast i64* %10 to i8* %29 = add i64 %2, -1 %30 = bitcast i64* %8 to i8* %31 = bitcast i64* %7 to i8* br label %32 %33 = phi %struct.anon.1* [ %27, %26 ], [ %113, %112 ] %34 = phi i64 [ %1, %26 ], [ %41, %112 ] %35 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %33, i64 0, i32 0 %36 = load volatile i64, i64* %35, align 8 store volatile i64 %36, i64* %10, align 8 %37 = add i64 %34, 549755813888 %38 = and i64 %37, -549755813888 %39 = add i64 %38, -1 %40 = icmp ult i64 %39, %29 %41 = select i1 %40, i64 %38, i64 %2 %42 = and i64 %36, -97 %43 = icmp eq i64 %42, 0 br i1 %43, label %115, label %44 %45 = and i64 %36, 4503599627366400 %46 = load i64, i64* @page_offset_base, align 8 %47 = add i64 %46, %45 %48 = inttoptr i64 %47 to %struct.anon.1* %49 = lshr i64 %34, 30 %50 = and i64 %49, 511 %51 = getelementptr %struct.anon.1, %struct.anon.1* %48, i64 %50 %52 = add i64 %41, -1 br label %53 %54 = phi %struct.anon.1* [ %51, %44 ], [ %109, %108 ] %55 = phi i64 [ %34, %44 ], [ %62, %108 ] %56 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %54, i64 0, i32 0 %57 = load volatile i64, i64* %56, align 8 store volatile i64 %57, i64* %8, align 8 %58 = add i64 %55, 1073741824 %59 = and i64 %58, -1073741824 %60 = add i64 %59, -1 %61 = icmp ult i64 %60, %52 %62 = select i1 %61, i64 %59, i64 %41 %63 = and i64 %57, 1 %64 = icmp eq i64 %63, 0 br i1 %64, label %111, label %65, !prof !5, !misexpect !6 %66 = tail call i32 @pud_huge(i64 %57) #83 %67 = icmp eq i32 %66, 0 br i1 %67, label %71, label %68, !prof !7, !misexpect !6 %69 = tail call fastcc i32 @gup_huge_pud(i64 %57, %struct.anon.1* %54, i64 %55, i64 %62, i32 %3, %struct.page** %4, i32* %5) #83 Function:gup_huge_pud %8 = and i32 %4, 1 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i64 5, i64 7 %11 = and i64 %10, %0 %12 = icmp eq i64 %11, %10 br i1 %12, label %13, label %88 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 516, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 56), i8* blockaddress(@gup_huge_pud, %15), i8* blockaddress(@gup_huge_pud, %18)) #6 to label %14 [label %15, label %18], !srcloc !4 br label %15 %16 = tail call { i32, i32 } asm sideeffect ".byte 0x0f,0x01,0xee\0A\09", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 0) #6, !srcloc !5 %17 = extractvalue { i32, i32 } %16, 0 br label %18 %19 = phi i32 [ %17, %15 ], [ 0, %13 ] %20 = lshr i64 %0, 58 %21 = trunc i64 %20 to i32 %22 = and i32 %21, 30 %23 = shl nuw nsw i32 1, %22 %24 = and i32 %19, %23 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %88 br i1 %9, label %31, label %27 %32 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %33 = icmp ne i64 %0, 0 %34 = and i64 %0, 1 %35 = icmp eq i64 %34, 0 %36 = and i1 %33, %35 %37 = sext i1 %36 to i64 %38 = xor i64 %37, %0 %39 = trunc i64 %0 to i8 %40 = icmp sgt i8 %39, -1 %41 = select i1 %40, i64 4503599627366400, i64 4503598553628672 %42 = and i64 %38, %41 %43 = lshr exact i64 %42, 12 %44 = load i32, i32* %6, align 4 %45 = sext i32 %44 to i64 %46 = getelementptr %struct.page*, %struct.page** %5, i64 %45 %47 = icmp eq i64 %2, %3 br i1 %47, label %65, label %48 %49 = getelementptr %struct.page, %struct.page* %32, i64 %43 %50 = lshr i64 %2, 12 %51 = and i64 %50, 262143 %52 = getelementptr %struct.page, %struct.page* %49, i64 %51 br label %53 %54 = phi i32 [ %58, %53 ], [ 0, %48 ] %55 = phi %struct.page* [ %57, %53 ], [ %52, %48 ] %56 = phi i64 [ %61, %53 ], [ %2, %48 ] %57 = getelementptr %struct.page, %struct.page* %55, i64 1 %58 = add i32 %54, 1 %59 = sext i32 %54 to i64 %60 = getelementptr %struct.page*, %struct.page** %46, i64 %59 store %struct.page* %55, %struct.page** %60, align 8 %61 = add i64 %56, 4096 %62 = icmp eq i64 %61, %3 br i1 %62, label %63, label %53 %64 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 br label %65 %66 = phi %struct.page* [ %32, %31 ], [ %64, %63 ] %67 = phi i32 [ 0, %31 ], [ %58, %63 ] %68 = getelementptr %struct.page, %struct.page* %66, i64 %43 %69 = tail call %struct.page* @try_grab_compound_head(%struct.page* %68, i32 %67, i32 %4) #83 Function:try_grab_compound_head %4 = and i32 %2, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %60, label %6 %61 = and i32 %2, 262144 %62 = icmp eq i32 %61, 0 br i1 %62, label %175, label %63 %64 = and i32 %2, 65536 %65 = icmp eq i32 %64, 0 br i1 %65, label %78, label %66 %67 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %68 = load i64, i64* %67, align 16 %69 = and i64 %68, 216172782113783808 %70 = icmp eq i64 %69, 216172782113783808 br i1 %70, label %71, label %78 %79 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %80 = bitcast %union.anon.20* %79 to i64* %81 = load volatile i64, i64* %80, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = ptrtoint %struct.page* %0 to i64 %86 = select i1 %83, i64 %85, i64 %84, !prof !4 %87 = inttoptr i64 %86 to %struct.page* %88 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 3, i32 0 %89 = load volatile i32, i32* %88, align 4 %90 = icmp sgt i32 %89, -1 br i1 %90, label %92, label %91, !prof !4, !misexpect !5 %93 = load volatile i32, i32* %88, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %176, label %95, !prof !8, !misexpect !5 %96 = phi i32 [ %103, %102 ], [ %93, %92 ] %97 = add i32 %96, %1 %98 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 %97, i32* %88, i32 %96) #6, !srcloc !9 %99 = extractvalue { i8, i32 } %98, 0 %100 = and i8 %99, 1 %101 = icmp eq i8 %100, 0 br i1 %101, label %102, label %105, !prof !8, !misexpect !5 %106 = load volatile i64, i64* %80, align 8 %107 = and i64 %106, 1 %108 = icmp eq i64 %107, 0 %109 = add i64 %106, -1 %110 = select i1 %108, i64 %85, i64 %109, !prof !4 %111 = inttoptr i64 %110 to %struct.page* %112 = icmp eq %struct.page* %111, %87 br i1 %112, label %132, label %113, !prof !4, !misexpect !5 %133 = icmp eq i64 %86, 0 br i1 %133, label %176, label %134 %135 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 1 %136 = bitcast %union.anon.20* %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = and i64 %137, 1 %139 = icmp eq i64 %138, 0 %140 = add i64 %137, -1 %141 = select i1 %139, i64 %86, i64 %140, !prof !4 %142 = inttoptr i64 %141 to %struct.page* %143 = getelementptr inbounds %struct.page, %struct.page* %142, i64 0, i32 0 %144 = load volatile i64, i64* %143, align 8 %145 = and i64 %144, 65536 %146 = icmp eq i64 %145, 0 br i1 %146, label %147, label %153 %148 = getelementptr inbounds %struct.page, %struct.page* %142, i64 0, i32 1 %149 = bitcast %union.anon.20* %148 to i64* %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 1 %152 = icmp eq i64 %151, 0 br i1 %152, label %166, label %153 %154 = load volatile i64, i64* %143, align 8 %155 = and i64 %154, 65536 %156 = icmp eq i64 %155, 0 br i1 %156, label %166, label %157 %167 = mul i32 %1, 1023 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; addl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 %167, i32* %88) #6, !srcloc !12 br label %168 %169 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 0 %170 = load i64, i64* %169, align 16 %171 = lshr i64 %170, 58 %172 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %171 %173 = load %struct.pglist_data*, %struct.pglist_data** %172, align 8 %174 = sext i32 %1 to i64 tail call void bitcast (void (%struct.pglist_data.124020*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %173, i32 35, i64 %174) #83 ------------- Use: =BAD PATH= Call Stack: 0 try_grab_compound_head 1 gup_huge_pud 2 gup_p4d_range 3 lockless_pages_from_mm 4 internal_get_user_pages_fast 5 get_user_pages_fast 6 get_futex_key 7 futex_wake 8 do_futex 9 __se_sys_futex_time32 10 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 Function:get_user_pages_fast %5 = and i32 %2, 262144 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 65536 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11, !prof !4, !misexpect !5 %13 = or i32 %2, 4 %14 = sext i32 %1 to i64 %15 = tail call fastcc i32 @internal_get_user_pages_fast(i64 %0, i64 %14, i32 %13, %struct.page** %3) #83 Function:internal_get_user_pages_fast %5 = and i32 %2, -852118 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 262144 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 47 %15 = load %struct.mm_struct*, %struct.mm_struct** %14, align 8 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %15, i64 0, i32 0, i32 45 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 268435456 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %23 %21 = bitcast i64* %16 to i8* %22 = getelementptr i8, i8* %21, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %22, i32 16, i8* %22) #6, !srcloc !9 br label %23 %24 = and i32 %2, 524288 %25 = and i64 %0, -4096 %26 = shl i64 %1, 12 %28 = extractvalue { i64, i1 } %27, 1 %29 = extractvalue { i64, i1 } %27, 0 br i1 %28, label %57, label %30 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !10 %32 = extractvalue { i64, i1 } %27, 1 %33 = icmp ugt i64 %29, %31 %34 = or i1 %32, %33 br i1 %34, label %57, label %35, !prof !11, !misexpect !5 %36 = tail call fastcc i64 @lockless_pages_from_mm(i64 %25, i64 %29, i32 %2, %struct.page** %3) #83 Function:lockless_pages_from_mm %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %11), i8* blockaddress(@lockless_pages_from_mm, %10)) #6 to label %9 [label %11, label %10], !srcloc !4 %12 = phi i64 [ 47, %10 ], [ 56, %4 ], [ 56, %9 ] %13 = lshr i64 %1, %12 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %90 %16 = and i32 %2, 262144 %17 = icmp eq i32 %16, 0 br i1 %17, label %27, label %18 %28 = phi i32 [ %24, %18 ], [ undef, %15 ] %29 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %30 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %31 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 %34 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 %35 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 10 %36 = load %struct.anon.1*, %struct.anon.1** %35, align 8 %37 = load i32, i32* @pgdir_shift, align 4 %38 = zext i32 %37 to i64 %39 = lshr i64 %0, %38 %40 = and i64 %39, 511 %41 = getelementptr %struct.anon.1, %struct.anon.1* %36, i64 %40 %42 = add i64 %1, -1 %43 = bitcast i64* %5 to i8* br label %44 %45 = phi i32 [ %37, %27 ], [ %72, %70 ] %46 = phi %struct.anon.1* [ %41, %27 ], [ %71, %70 ] %47 = phi i64 [ %0, %27 ], [ %57, %70 ] %48 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %46, i64 0, i32 0 %49 = load volatile i64, i64* %48, align 8 store volatile i64 %49, i64* %5, align 8 %50 = zext i32 %45 to i64 %51 = shl nuw i64 1, %50 %52 = add i64 %51, %47 %53 = sub i64 0, %51 %54 = and i64 %52, %53 %55 = add i64 %54, -1 %56 = icmp ult i64 %55, %42 %57 = select i1 %56, i64 %54, i64 %1 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %59), i8* blockaddress(@lockless_pages_from_mm, %62)) #6 to label %58 [label %59, label %62], !srcloc !4 br label %59 %60 = icmp eq i64 %49, 0 %61 = zext i1 %60 to i32 br label %62 %63 = phi i32 [ %61, %59 ], [ 0, %44 ] %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %73 %66 = call fastcc i32 @gup_p4d_range(i64 %49, i64 %47, i64 %57, i32 %2, %struct.page** %3, i32* nonnull %7) #83 Function:gup_p4d_range %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.1, align 8 %10 = alloca i64, align 8 %11 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %9, i64 0, i32 0 store i64 %0, i64* %11, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@gup_p4d_range, %15), i8* blockaddress(@gup_p4d_range, %13)) #6 to label %12 [label %15, label %13], !srcloc !4 %14 = bitcast %struct.anon.1* %9 to %struct.anon.1* br label %26 %27 = phi %struct.anon.1* [ %25, %15 ], [ %14, %13 ] %28 = bitcast i64* %10 to i8* %29 = add i64 %2, -1 %30 = bitcast i64* %8 to i8* %31 = bitcast i64* %7 to i8* br label %32 %33 = phi %struct.anon.1* [ %27, %26 ], [ %113, %112 ] %34 = phi i64 [ %1, %26 ], [ %41, %112 ] %35 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %33, i64 0, i32 0 %36 = load volatile i64, i64* %35, align 8 store volatile i64 %36, i64* %10, align 8 %37 = add i64 %34, 549755813888 %38 = and i64 %37, -549755813888 %39 = add i64 %38, -1 %40 = icmp ult i64 %39, %29 %41 = select i1 %40, i64 %38, i64 %2 %42 = and i64 %36, -97 %43 = icmp eq i64 %42, 0 br i1 %43, label %115, label %44 %45 = and i64 %36, 4503599627366400 %46 = load i64, i64* @page_offset_base, align 8 %47 = add i64 %46, %45 %48 = inttoptr i64 %47 to %struct.anon.1* %49 = lshr i64 %34, 30 %50 = and i64 %49, 511 %51 = getelementptr %struct.anon.1, %struct.anon.1* %48, i64 %50 %52 = add i64 %41, -1 br label %53 %54 = phi %struct.anon.1* [ %51, %44 ], [ %109, %108 ] %55 = phi i64 [ %34, %44 ], [ %62, %108 ] %56 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %54, i64 0, i32 0 %57 = load volatile i64, i64* %56, align 8 store volatile i64 %57, i64* %8, align 8 %58 = add i64 %55, 1073741824 %59 = and i64 %58, -1073741824 %60 = add i64 %59, -1 %61 = icmp ult i64 %60, %52 %62 = select i1 %61, i64 %59, i64 %41 %63 = and i64 %57, 1 %64 = icmp eq i64 %63, 0 br i1 %64, label %111, label %65, !prof !5, !misexpect !6 %66 = tail call i32 @pud_huge(i64 %57) #83 %67 = icmp eq i32 %66, 0 br i1 %67, label %71, label %68, !prof !7, !misexpect !6 %69 = tail call fastcc i32 @gup_huge_pud(i64 %57, %struct.anon.1* %54, i64 %55, i64 %62, i32 %3, %struct.page** %4, i32* %5) #83 Function:gup_huge_pud %8 = and i32 %4, 1 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i64 5, i64 7 %11 = and i64 %10, %0 %12 = icmp eq i64 %11, %10 br i1 %12, label %13, label %88 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 516, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 56), i8* blockaddress(@gup_huge_pud, %15), i8* blockaddress(@gup_huge_pud, %18)) #6 to label %14 [label %15, label %18], !srcloc !4 br label %15 %16 = tail call { i32, i32 } asm sideeffect ".byte 0x0f,0x01,0xee\0A\09", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 0) #6, !srcloc !5 %17 = extractvalue { i32, i32 } %16, 0 br label %18 %19 = phi i32 [ %17, %15 ], [ 0, %13 ] %20 = lshr i64 %0, 58 %21 = trunc i64 %20 to i32 %22 = and i32 %21, 30 %23 = shl nuw nsw i32 1, %22 %24 = and i32 %19, %23 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %88 br i1 %9, label %31, label %27 %32 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %33 = icmp ne i64 %0, 0 %34 = and i64 %0, 1 %35 = icmp eq i64 %34, 0 %36 = and i1 %33, %35 %37 = sext i1 %36 to i64 %38 = xor i64 %37, %0 %39 = trunc i64 %0 to i8 %40 = icmp sgt i8 %39, -1 %41 = select i1 %40, i64 4503599627366400, i64 4503598553628672 %42 = and i64 %38, %41 %43 = lshr exact i64 %42, 12 %44 = load i32, i32* %6, align 4 %45 = sext i32 %44 to i64 %46 = getelementptr %struct.page*, %struct.page** %5, i64 %45 %47 = icmp eq i64 %2, %3 br i1 %47, label %65, label %48 %49 = getelementptr %struct.page, %struct.page* %32, i64 %43 %50 = lshr i64 %2, 12 %51 = and i64 %50, 262143 %52 = getelementptr %struct.page, %struct.page* %49, i64 %51 br label %53 %54 = phi i32 [ %58, %53 ], [ 0, %48 ] %55 = phi %struct.page* [ %57, %53 ], [ %52, %48 ] %56 = phi i64 [ %61, %53 ], [ %2, %48 ] %57 = getelementptr %struct.page, %struct.page* %55, i64 1 %58 = add i32 %54, 1 %59 = sext i32 %54 to i64 %60 = getelementptr %struct.page*, %struct.page** %46, i64 %59 store %struct.page* %55, %struct.page** %60, align 8 %61 = add i64 %56, 4096 %62 = icmp eq i64 %61, %3 br i1 %62, label %63, label %53 %64 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 br label %65 %66 = phi %struct.page* [ %32, %31 ], [ %64, %63 ] %67 = phi i32 [ 0, %31 ], [ %58, %63 ] %68 = getelementptr %struct.page, %struct.page* %66, i64 %43 %69 = tail call %struct.page* @try_grab_compound_head(%struct.page* %68, i32 %67, i32 %4) #83 Function:try_grab_compound_head %4 = and i32 %2, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %60, label %6 %61 = and i32 %2, 262144 %62 = icmp eq i32 %61, 0 br i1 %62, label %175, label %63 %64 = and i32 %2, 65536 %65 = icmp eq i32 %64, 0 br i1 %65, label %78, label %66 %67 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %68 = load i64, i64* %67, align 16 %69 = and i64 %68, 216172782113783808 %70 = icmp eq i64 %69, 216172782113783808 br i1 %70, label %71, label %78 %79 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %80 = bitcast %union.anon.20* %79 to i64* %81 = load volatile i64, i64* %80, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = ptrtoint %struct.page* %0 to i64 %86 = select i1 %83, i64 %85, i64 %84, !prof !4 %87 = inttoptr i64 %86 to %struct.page* %88 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 3, i32 0 %89 = load volatile i32, i32* %88, align 4 %90 = icmp sgt i32 %89, -1 br i1 %90, label %92, label %91, !prof !4, !misexpect !5 %93 = load volatile i32, i32* %88, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %176, label %95, !prof !8, !misexpect !5 %96 = phi i32 [ %103, %102 ], [ %93, %92 ] %97 = add i32 %96, %1 %98 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 %97, i32* %88, i32 %96) #6, !srcloc !9 %99 = extractvalue { i8, i32 } %98, 0 %100 = and i8 %99, 1 %101 = icmp eq i8 %100, 0 br i1 %101, label %102, label %105, !prof !8, !misexpect !5 %106 = load volatile i64, i64* %80, align 8 %107 = and i64 %106, 1 %108 = icmp eq i64 %107, 0 %109 = add i64 %106, -1 %110 = select i1 %108, i64 %85, i64 %109, !prof !4 %111 = inttoptr i64 %110 to %struct.page* %112 = icmp eq %struct.page* %111, %87 br i1 %112, label %132, label %113, !prof !4, !misexpect !5 %133 = icmp eq i64 %86, 0 br i1 %133, label %176, label %134 %135 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 1 %136 = bitcast %union.anon.20* %135 to i64* %137 = load volatile i64, i64* %136, align 8 %138 = and i64 %137, 1 %139 = icmp eq i64 %138, 0 %140 = add i64 %137, -1 %141 = select i1 %139, i64 %86, i64 %140, !prof !4 %142 = inttoptr i64 %141 to %struct.page* %143 = getelementptr inbounds %struct.page, %struct.page* %142, i64 0, i32 0 %144 = load volatile i64, i64* %143, align 8 %145 = and i64 %144, 65536 %146 = icmp eq i64 %145, 0 br i1 %146, label %147, label %153 %148 = getelementptr inbounds %struct.page, %struct.page* %142, i64 0, i32 1 %149 = bitcast %union.anon.20* %148 to i64* %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 1 %152 = icmp eq i64 %151, 0 br i1 %152, label %166, label %153 %154 = load volatile i64, i64* %143, align 8 %155 = and i64 %154, 65536 %156 = icmp eq i64 %155, 0 br i1 %156, label %166, label %157 %167 = mul i32 %1, 1023 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; addl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 %167, i32* %88) #6, !srcloc !12 br label %168 %169 = getelementptr inbounds %struct.page, %struct.page* %87, i64 0, i32 0 %170 = load i64, i64* %169, align 16 %171 = lshr i64 %170, 58 %172 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %171 %173 = load %struct.pglist_data*, %struct.pglist_data** %172, align 8 %174 = sext i32 %1 to i64 tail call void bitcast (void (%struct.pglist_data.124020*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %173, i32 35, i64 %174) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_compound_head 1 unpin_user_pages 2 lockless_pages_from_mm 3 internal_get_user_pages_fast 4 get_user_pages_fast 5 get_futex_key 6 futex_wake 7 do_futex 8 __se_sys_futex 9 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 Function:get_user_pages_fast %5 = and i32 %2, 262144 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 65536 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11, !prof !4, !misexpect !5 %13 = or i32 %2, 4 %14 = sext i32 %1 to i64 %15 = tail call fastcc i32 @internal_get_user_pages_fast(i64 %0, i64 %14, i32 %13, %struct.page** %3) #83 Function:internal_get_user_pages_fast %5 = and i32 %2, -852118 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 262144 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 47 %15 = load %struct.mm_struct*, %struct.mm_struct** %14, align 8 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %15, i64 0, i32 0, i32 45 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 268435456 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %23 %21 = bitcast i64* %16 to i8* %22 = getelementptr i8, i8* %21, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %22, i32 16, i8* %22) #6, !srcloc !9 br label %23 %24 = and i32 %2, 524288 %25 = and i64 %0, -4096 %26 = shl i64 %1, 12 %28 = extractvalue { i64, i1 } %27, 1 %29 = extractvalue { i64, i1 } %27, 0 br i1 %28, label %57, label %30 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !10 %32 = extractvalue { i64, i1 } %27, 1 %33 = icmp ugt i64 %29, %31 %34 = or i1 %32, %33 br i1 %34, label %57, label %35, !prof !11, !misexpect !5 %36 = tail call fastcc i64 @lockless_pages_from_mm(i64 %25, i64 %29, i32 %2, %struct.page** %3) #83 Function:lockless_pages_from_mm %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %11), i8* blockaddress(@lockless_pages_from_mm, %10)) #6 to label %9 [label %11, label %10], !srcloc !4 %12 = phi i64 [ 47, %10 ], [ 56, %4 ], [ 56, %9 ] %13 = lshr i64 %1, %12 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %90 %16 = and i32 %2, 262144 %17 = icmp eq i32 %16, 0 br i1 %17, label %27, label %18 %28 = phi i32 [ %24, %18 ], [ undef, %15 ] %29 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %30 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %31 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 %34 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 %35 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 10 %36 = load %struct.anon.1*, %struct.anon.1** %35, align 8 %37 = load i32, i32* @pgdir_shift, align 4 %38 = zext i32 %37 to i64 %39 = lshr i64 %0, %38 %40 = and i64 %39, 511 %41 = getelementptr %struct.anon.1, %struct.anon.1* %36, i64 %40 %42 = add i64 %1, -1 %43 = bitcast i64* %5 to i8* br label %44 %45 = phi i32 [ %37, %27 ], [ %72, %70 ] %46 = phi %struct.anon.1* [ %41, %27 ], [ %71, %70 ] %47 = phi i64 [ %0, %27 ], [ %57, %70 ] %48 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %46, i64 0, i32 0 %49 = load volatile i64, i64* %48, align 8 store volatile i64 %49, i64* %5, align 8 %50 = zext i32 %45 to i64 %51 = shl nuw i64 1, %50 %52 = add i64 %51, %47 %53 = sub i64 0, %51 %54 = and i64 %52, %53 %55 = add i64 %54, -1 %56 = icmp ult i64 %55, %42 %57 = select i1 %56, i64 %54, i64 %1 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %59), i8* blockaddress(@lockless_pages_from_mm, %62)) #6 to label %58 [label %59, label %62], !srcloc !4 br label %59 %60 = icmp eq i64 %49, 0 %61 = zext i1 %60 to i32 br label %62 %63 = phi i32 [ %61, %59 ], [ 0, %44 ] %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %73 %66 = call fastcc i32 @gup_p4d_range(i64 %49, i64 %47, i64 %57, i32 %2, %struct.page** %3, i32* nonnull %7) #83 %67 = icmp eq i32 %66, 0 %68 = icmp eq i64 %57, %1 %69 = or i1 %68, %67 br i1 %69, label %74, label %70 %75 = and i64 %30, 512 %76 = icmp eq i64 %75, 0 br i1 %76, label %78, label %77 br i1 %17, label %87, label %79 %80 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %81 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %80, i64 0, i32 0, i32 28, i32 0 %82 = load volatile i32, i32* %81, align 4 %83 = icmp eq i32 %82, %28 br i1 %83, label %87, label %84 %85 = load i32, i32* %7, align 4 %86 = sext i32 %85 to i64 call void @unpin_user_pages(%struct.page** %3, i64 %86) #84 Function:unpin_user_pages %3 = icmp ugt i64 %1, -4096 br i1 %3, label %4, label %5, !prof !4, !misexpect !5 %6 = icmp eq i64 %1, 0 br i1 %6, label %77, label %7 %8 = load %struct.page*, %struct.page** %0, align 8 %9 = getelementptr inbounds %struct.page, %struct.page* %8, i64 0, i32 1 %10 = bitcast %union.anon.20* %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 1 %13 = icmp eq i64 %12, 0 %14 = add i64 %11, -1 %15 = ptrtoint %struct.page* %8 to i64 %16 = select i1 %13, i64 %15, i64 %14, !prof !8 %17 = inttoptr i64 %16 to %struct.page* br label %18 %19 = phi i32 [ 0, %7 ], [ %20, %23 ] %20 = add i32 %19, 1 %21 = zext i32 %20 to i64 %22 = icmp ult i64 %21, %1 br i1 %22, label %23, label %36 %24 = getelementptr %struct.page*, %struct.page** %0, i64 %21 %25 = load %struct.page*, %struct.page** %24, align 8 %26 = getelementptr inbounds %struct.page, %struct.page* %25, i64 0, i32 1 %27 = bitcast %union.anon.20* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 1 %30 = icmp eq i64 %29, 0 %31 = add i64 %28, -1 %32 = ptrtoint %struct.page* %25 to i64 %33 = select i1 %30, i64 %32, i64 %31, !prof !8 %34 = inttoptr i64 %33 to %struct.page* %35 = icmp eq %struct.page* %34, %17 br i1 %35, label %18, label %36 br label %37 %38 = phi i64 [ %42, %75 ], [ 0, %36 ] %39 = phi i32 [ %76, %75 ], [ %20, %36 ] %40 = phi %struct.page* [ %55, %75 ], [ %17, %36 ] tail call fastcc void @put_compound_head(%struct.page* %40, i32 %39, i32 262144) #83 Function:put_compound_head %4 = and i32 %2, 262144 %5 = icmp eq i32 %4, 0 br i1 %5, label %47, label %6 %7 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %8 = load i64, i64* %7, align 16 %9 = lshr i64 %8, 58 %10 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %9 %11 = load %struct.pglist_data*, %struct.pglist_data** %10, align 8 %12 = sext i32 %1 to i64 tail call void bitcast (void (%struct.pglist_data.124020*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %11, i32 36, i64 %12) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_compound_head 1 unpin_user_pages 2 lockless_pages_from_mm 3 internal_get_user_pages_fast 4 get_user_pages_fast 5 get_futex_key 6 futex_wake 7 do_futex 8 __se_sys_futex 9 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 Function:get_user_pages_fast %5 = and i32 %2, 262144 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 65536 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11, !prof !4, !misexpect !5 %13 = or i32 %2, 4 %14 = sext i32 %1 to i64 %15 = tail call fastcc i32 @internal_get_user_pages_fast(i64 %0, i64 %14, i32 %13, %struct.page** %3) #83 Function:internal_get_user_pages_fast %5 = and i32 %2, -852118 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 262144 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 47 %15 = load %struct.mm_struct*, %struct.mm_struct** %14, align 8 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %15, i64 0, i32 0, i32 45 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 268435456 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %23 %21 = bitcast i64* %16 to i8* %22 = getelementptr i8, i8* %21, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %22, i32 16, i8* %22) #6, !srcloc !9 br label %23 %24 = and i32 %2, 524288 %25 = and i64 %0, -4096 %26 = shl i64 %1, 12 %28 = extractvalue { i64, i1 } %27, 1 %29 = extractvalue { i64, i1 } %27, 0 br i1 %28, label %57, label %30 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !10 %32 = extractvalue { i64, i1 } %27, 1 %33 = icmp ugt i64 %29, %31 %34 = or i1 %32, %33 br i1 %34, label %57, label %35, !prof !11, !misexpect !5 %36 = tail call fastcc i64 @lockless_pages_from_mm(i64 %25, i64 %29, i32 %2, %struct.page** %3) #83 Function:lockless_pages_from_mm %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %11), i8* blockaddress(@lockless_pages_from_mm, %10)) #6 to label %9 [label %11, label %10], !srcloc !4 %12 = phi i64 [ 47, %10 ], [ 56, %4 ], [ 56, %9 ] %13 = lshr i64 %1, %12 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %90 %16 = and i32 %2, 262144 %17 = icmp eq i32 %16, 0 br i1 %17, label %27, label %18 %28 = phi i32 [ %24, %18 ], [ undef, %15 ] %29 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %30 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %31 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 %34 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 %35 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 10 %36 = load %struct.anon.1*, %struct.anon.1** %35, align 8 %37 = load i32, i32* @pgdir_shift, align 4 %38 = zext i32 %37 to i64 %39 = lshr i64 %0, %38 %40 = and i64 %39, 511 %41 = getelementptr %struct.anon.1, %struct.anon.1* %36, i64 %40 %42 = add i64 %1, -1 %43 = bitcast i64* %5 to i8* br label %44 %45 = phi i32 [ %37, %27 ], [ %72, %70 ] %46 = phi %struct.anon.1* [ %41, %27 ], [ %71, %70 ] %47 = phi i64 [ %0, %27 ], [ %57, %70 ] %48 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %46, i64 0, i32 0 %49 = load volatile i64, i64* %48, align 8 store volatile i64 %49, i64* %5, align 8 %50 = zext i32 %45 to i64 %51 = shl nuw i64 1, %50 %52 = add i64 %51, %47 %53 = sub i64 0, %51 %54 = and i64 %52, %53 %55 = add i64 %54, -1 %56 = icmp ult i64 %55, %42 %57 = select i1 %56, i64 %54, i64 %1 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %59), i8* blockaddress(@lockless_pages_from_mm, %62)) #6 to label %58 [label %59, label %62], !srcloc !4 br label %59 %60 = icmp eq i64 %49, 0 %61 = zext i1 %60 to i32 br label %62 %63 = phi i32 [ %61, %59 ], [ 0, %44 ] %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %73 %66 = call fastcc i32 @gup_p4d_range(i64 %49, i64 %47, i64 %57, i32 %2, %struct.page** %3, i32* nonnull %7) #83 %67 = icmp eq i32 %66, 0 %68 = icmp eq i64 %57, %1 %69 = or i1 %68, %67 br i1 %69, label %74, label %70 %75 = and i64 %30, 512 %76 = icmp eq i64 %75, 0 br i1 %76, label %78, label %77 br i1 %17, label %87, label %79 %80 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %81 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %80, i64 0, i32 0, i32 28, i32 0 %82 = load volatile i32, i32* %81, align 4 %83 = icmp eq i32 %82, %28 br i1 %83, label %87, label %84 %85 = load i32, i32* %7, align 4 %86 = sext i32 %85 to i64 call void @unpin_user_pages(%struct.page** %3, i64 %86) #84 Function:unpin_user_pages %3 = icmp ugt i64 %1, -4096 br i1 %3, label %4, label %5, !prof !4, !misexpect !5 %6 = icmp eq i64 %1, 0 br i1 %6, label %77, label %7 %8 = load %struct.page*, %struct.page** %0, align 8 %9 = getelementptr inbounds %struct.page, %struct.page* %8, i64 0, i32 1 %10 = bitcast %union.anon.20* %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 1 %13 = icmp eq i64 %12, 0 %14 = add i64 %11, -1 %15 = ptrtoint %struct.page* %8 to i64 %16 = select i1 %13, i64 %15, i64 %14, !prof !8 %17 = inttoptr i64 %16 to %struct.page* br label %18 %19 = phi i32 [ 0, %7 ], [ %20, %23 ] %20 = add i32 %19, 1 %21 = zext i32 %20 to i64 %22 = icmp ult i64 %21, %1 br i1 %22, label %23, label %36 %24 = getelementptr %struct.page*, %struct.page** %0, i64 %21 %25 = load %struct.page*, %struct.page** %24, align 8 %26 = getelementptr inbounds %struct.page, %struct.page* %25, i64 0, i32 1 %27 = bitcast %union.anon.20* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 1 %30 = icmp eq i64 %29, 0 %31 = add i64 %28, -1 %32 = ptrtoint %struct.page* %25 to i64 %33 = select i1 %30, i64 %32, i64 %31, !prof !8 %34 = inttoptr i64 %33 to %struct.page* %35 = icmp eq %struct.page* %34, %17 br i1 %35, label %18, label %36 br label %37 %38 = phi i64 [ %42, %75 ], [ 0, %36 ] %39 = phi i32 [ %76, %75 ], [ %20, %36 ] %40 = phi %struct.page* [ %55, %75 ], [ %17, %36 ] tail call fastcc void @put_compound_head(%struct.page* %40, i32 %39, i32 262144) #83 Function:put_compound_head %4 = and i32 %2, 262144 %5 = icmp eq i32 %4, 0 br i1 %5, label %47, label %6 %7 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %8 = load i64, i64* %7, align 16 %9 = lshr i64 %8, 58 %10 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %9 %11 = load %struct.pglist_data*, %struct.pglist_data** %10, align 8 %12 = sext i32 %1 to i64 tail call void bitcast (void (%struct.pglist_data.124020*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %11, i32 36, i64 %12) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_compound_head 1 unpin_user_pages 2 lockless_pages_from_mm 3 internal_get_user_pages_fast 4 get_user_pages_fast 5 get_futex_key 6 futex_wake 7 do_futex 8 __se_sys_futex_time32 9 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 Function:get_user_pages_fast %5 = and i32 %2, 262144 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 65536 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11, !prof !4, !misexpect !5 %13 = or i32 %2, 4 %14 = sext i32 %1 to i64 %15 = tail call fastcc i32 @internal_get_user_pages_fast(i64 %0, i64 %14, i32 %13, %struct.page** %3) #83 Function:internal_get_user_pages_fast %5 = and i32 %2, -852118 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 262144 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 47 %15 = load %struct.mm_struct*, %struct.mm_struct** %14, align 8 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %15, i64 0, i32 0, i32 45 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 268435456 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %23 %21 = bitcast i64* %16 to i8* %22 = getelementptr i8, i8* %21, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %22, i32 16, i8* %22) #6, !srcloc !9 br label %23 %24 = and i32 %2, 524288 %25 = and i64 %0, -4096 %26 = shl i64 %1, 12 %28 = extractvalue { i64, i1 } %27, 1 %29 = extractvalue { i64, i1 } %27, 0 br i1 %28, label %57, label %30 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !10 %32 = extractvalue { i64, i1 } %27, 1 %33 = icmp ugt i64 %29, %31 %34 = or i1 %32, %33 br i1 %34, label %57, label %35, !prof !11, !misexpect !5 %36 = tail call fastcc i64 @lockless_pages_from_mm(i64 %25, i64 %29, i32 %2, %struct.page** %3) #83 Function:lockless_pages_from_mm %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %11), i8* blockaddress(@lockless_pages_from_mm, %10)) #6 to label %9 [label %11, label %10], !srcloc !4 %12 = phi i64 [ 47, %10 ], [ 56, %4 ], [ 56, %9 ] %13 = lshr i64 %1, %12 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %90 %16 = and i32 %2, 262144 %17 = icmp eq i32 %16, 0 br i1 %17, label %27, label %18 %28 = phi i32 [ %24, %18 ], [ undef, %15 ] %29 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %30 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %31 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 %34 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 %35 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 10 %36 = load %struct.anon.1*, %struct.anon.1** %35, align 8 %37 = load i32, i32* @pgdir_shift, align 4 %38 = zext i32 %37 to i64 %39 = lshr i64 %0, %38 %40 = and i64 %39, 511 %41 = getelementptr %struct.anon.1, %struct.anon.1* %36, i64 %40 %42 = add i64 %1, -1 %43 = bitcast i64* %5 to i8* br label %44 %45 = phi i32 [ %37, %27 ], [ %72, %70 ] %46 = phi %struct.anon.1* [ %41, %27 ], [ %71, %70 ] %47 = phi i64 [ %0, %27 ], [ %57, %70 ] %48 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %46, i64 0, i32 0 %49 = load volatile i64, i64* %48, align 8 store volatile i64 %49, i64* %5, align 8 %50 = zext i32 %45 to i64 %51 = shl nuw i64 1, %50 %52 = add i64 %51, %47 %53 = sub i64 0, %51 %54 = and i64 %52, %53 %55 = add i64 %54, -1 %56 = icmp ult i64 %55, %42 %57 = select i1 %56, i64 %54, i64 %1 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %59), i8* blockaddress(@lockless_pages_from_mm, %62)) #6 to label %58 [label %59, label %62], !srcloc !4 br label %59 %60 = icmp eq i64 %49, 0 %61 = zext i1 %60 to i32 br label %62 %63 = phi i32 [ %61, %59 ], [ 0, %44 ] %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %73 %66 = call fastcc i32 @gup_p4d_range(i64 %49, i64 %47, i64 %57, i32 %2, %struct.page** %3, i32* nonnull %7) #83 %67 = icmp eq i32 %66, 0 %68 = icmp eq i64 %57, %1 %69 = or i1 %68, %67 br i1 %69, label %74, label %70 %75 = and i64 %30, 512 %76 = icmp eq i64 %75, 0 br i1 %76, label %78, label %77 br i1 %17, label %87, label %79 %80 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %81 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %80, i64 0, i32 0, i32 28, i32 0 %82 = load volatile i32, i32* %81, align 4 %83 = icmp eq i32 %82, %28 br i1 %83, label %87, label %84 %85 = load i32, i32* %7, align 4 %86 = sext i32 %85 to i64 call void @unpin_user_pages(%struct.page** %3, i64 %86) #84 Function:unpin_user_pages %3 = icmp ugt i64 %1, -4096 br i1 %3, label %4, label %5, !prof !4, !misexpect !5 %6 = icmp eq i64 %1, 0 br i1 %6, label %77, label %7 %8 = load %struct.page*, %struct.page** %0, align 8 %9 = getelementptr inbounds %struct.page, %struct.page* %8, i64 0, i32 1 %10 = bitcast %union.anon.20* %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 1 %13 = icmp eq i64 %12, 0 %14 = add i64 %11, -1 %15 = ptrtoint %struct.page* %8 to i64 %16 = select i1 %13, i64 %15, i64 %14, !prof !8 %17 = inttoptr i64 %16 to %struct.page* br label %18 %19 = phi i32 [ 0, %7 ], [ %20, %23 ] %20 = add i32 %19, 1 %21 = zext i32 %20 to i64 %22 = icmp ult i64 %21, %1 br i1 %22, label %23, label %36 %24 = getelementptr %struct.page*, %struct.page** %0, i64 %21 %25 = load %struct.page*, %struct.page** %24, align 8 %26 = getelementptr inbounds %struct.page, %struct.page* %25, i64 0, i32 1 %27 = bitcast %union.anon.20* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 1 %30 = icmp eq i64 %29, 0 %31 = add i64 %28, -1 %32 = ptrtoint %struct.page* %25 to i64 %33 = select i1 %30, i64 %32, i64 %31, !prof !8 %34 = inttoptr i64 %33 to %struct.page* %35 = icmp eq %struct.page* %34, %17 br i1 %35, label %18, label %36 br label %37 %38 = phi i64 [ %42, %75 ], [ 0, %36 ] %39 = phi i32 [ %76, %75 ], [ %20, %36 ] %40 = phi %struct.page* [ %55, %75 ], [ %17, %36 ] tail call fastcc void @put_compound_head(%struct.page* %40, i32 %39, i32 262144) #83 Function:put_compound_head %4 = and i32 %2, 262144 %5 = icmp eq i32 %4, 0 br i1 %5, label %47, label %6 %7 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %8 = load i64, i64* %7, align 16 %9 = lshr i64 %8, 58 %10 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %9 %11 = load %struct.pglist_data*, %struct.pglist_data** %10, align 8 %12 = sext i32 %1 to i64 tail call void bitcast (void (%struct.pglist_data.124020*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %11, i32 36, i64 %12) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_compound_head 1 unpin_user_pages 2 lockless_pages_from_mm 3 internal_get_user_pages_fast 4 get_user_pages_fast 5 get_futex_key 6 futex_wake 7 do_futex 8 __se_sys_futex_time32 9 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 Function:get_futex_key %5 = alloca %struct.page*, align 8 %6 = ptrtoint i32* %0 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = bitcast %struct.mm_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.page** %5 to i8* %13 = trunc i64 %6 to i32 %14 = and i32 %13, 4095 %15 = getelementptr inbounds %union.futex_key, %union.futex_key* %2, i64 0, i32 0, i32 2 store i32 %14, i32* %15, align 8 %16 = and i64 %6, 3 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %229, !prof !5, !misexpect !6 %19 = zext i32 %14 to i64 %20 = sub i64 %6, %19 %21 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %22 = add i64 %21, -4 %23 = icmp ult i64 %22, %6 br i1 %23, label %229, label %24, !prof !8, !misexpect !6 br i1 %1, label %25, label %27 %26 = icmp eq i32 %3, 0 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 %36 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 0, %struct.page** nonnull %5) #83 br label %37 %38 = phi i32 [ 1, %35 ], [ %31, %30 ] %39 = phi i32 [ %36, %35 ], [ %32, %30 ] %40 = icmp slt i32 %39, 0 br i1 %40, label %229, label %41 %42 = load %struct.page*, %struct.page** %5, align 8 %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 1 %44 = bitcast %union.anon.20* %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = ptrtoint %struct.page* %42 to i64 %50 = select i1 %47, i64 %49, i64 %48, !prof !5 %51 = inttoptr i64 %50 to %struct.page* store %struct.page* %51, %struct.page** %5, align 8 %52 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 1 %53 = load volatile %struct.address_space*, %struct.address_space** %52, align 8 %54 = icmp eq %struct.address_space* %53, null br i1 %54, label %55, label %112, !prof !8, !misexpect !6 %113 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1 %114 = bitcast %union.anon.20* %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 %118 = add i64 %115, -1 %119 = select i1 %117, i64 %50, i64 %118, !prof !5 %120 = inttoptr i64 %119 to %struct.folio* %121 = getelementptr inbounds %struct.folio, %struct.folio* %120, i64 0, i32 0, i32 0, i32 1, i32 0, i32 1 %122 = bitcast %struct.address_space** %121 to i64* %123 = load i64, i64* %122, align 8 %124 = and i64 %123, 1 %125 = icmp eq i64 %124, 0 br i1 %125, label %134, label %126 call void @__rcu_read_lock() #83 %135 = load %struct.page*, %struct.page** %5, align 8 %136 = getelementptr inbounds %struct.page, %struct.page* %135, i64 0, i32 1, i32 0, i32 1 %137 = load volatile %struct.address_space*, %struct.address_space** %136, align 8 %138 = icmp eq %struct.address_space* %137, %53 br i1 %138, label %157, label %139 call void @__rcu_read_unlock() #83 %140 = load %struct.page*, %struct.page** %5, align 8 %141 = getelementptr inbounds %struct.page, %struct.page* %140, i64 0, i32 1 %142 = bitcast %union.anon.20* %141 to i64* %143 = load volatile i64, i64* %142, align 8 %144 = and i64 %143, 1 %145 = icmp eq i64 %144, 0 %146 = add i64 %143, -1 %147 = ptrtoint %struct.page* %140 to i64 %148 = select i1 %145, i64 %147, i64 %146, !prof !5 %149 = inttoptr i64 %148 to %struct.folio* %150 = getelementptr inbounds %struct.folio, %struct.folio* %149, i64 0, i32 0, i32 0, i32 3, i32 0 %151 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %150, i32* %150) #6, !srcloc !10 %152 = and i8 %151, 1 %153 = icmp eq i8 %152, 0 br i1 %153, label %154, label %155 br label %30 %31 = phi i32 [ 0, %25 ], [ %38, %154 ] %32 = call i32 @get_user_pages_fast(i64 %20, i32 1, i32 1, %struct.page** nonnull %5) #83 Function:get_user_pages_fast %5 = and i32 %2, 262144 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 65536 %10 = icmp eq i32 %9, 0 br i1 %10, label %12, label %11, !prof !4, !misexpect !5 %13 = or i32 %2, 4 %14 = sext i32 %1 to i64 %15 = tail call fastcc i32 @internal_get_user_pages_fast(i64 %0, i64 %14, i32 %13, %struct.page** %3) #83 Function:internal_get_user_pages_fast %5 = and i32 %2, -852118 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = and i32 %2, 262144 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 47 %15 = load %struct.mm_struct*, %struct.mm_struct** %14, align 8 %16 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %15, i64 0, i32 0, i32 45 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 268435456 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %23 %21 = bitcast i64* %16 to i8* %22 = getelementptr i8, i8* %21, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %22, i32 16, i8* %22) #6, !srcloc !9 br label %23 %24 = and i32 %2, 524288 %25 = and i64 %0, -4096 %26 = shl i64 %1, 12 %28 = extractvalue { i64, i1 } %27, 1 %29 = extractvalue { i64, i1 } %27, 0 br i1 %28, label %57, label %30 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !10 %32 = extractvalue { i64, i1 } %27, 1 %33 = icmp ugt i64 %29, %31 %34 = or i1 %32, %33 br i1 %34, label %57, label %35, !prof !11, !misexpect !5 %36 = tail call fastcc i64 @lockless_pages_from_mm(i64 %25, i64 %29, i32 %2, %struct.page** %3) #83 Function:lockless_pages_from_mm %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %11), i8* blockaddress(@lockless_pages_from_mm, %10)) #6 to label %9 [label %11, label %10], !srcloc !4 %12 = phi i64 [ 47, %10 ], [ 56, %4 ], [ 56, %9 ] %13 = lshr i64 %1, %12 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %90 %16 = and i32 %2, 262144 %17 = icmp eq i32 %16, 0 br i1 %17, label %27, label %18 %28 = phi i32 [ %24, %18 ], [ undef, %15 ] %29 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %30 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %31 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %32 = inttoptr i64 %31 to %struct.task_struct* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %32, i64 0, i32 47 %34 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 %35 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 10 %36 = load %struct.anon.1*, %struct.anon.1** %35, align 8 %37 = load i32, i32* @pgdir_shift, align 4 %38 = zext i32 %37 to i64 %39 = lshr i64 %0, %38 %40 = and i64 %39, 511 %41 = getelementptr %struct.anon.1, %struct.anon.1* %36, i64 %40 %42 = add i64 %1, -1 %43 = bitcast i64* %5 to i8* br label %44 %45 = phi i32 [ %37, %27 ], [ %72, %70 ] %46 = phi %struct.anon.1* [ %41, %27 ], [ %71, %70 ] %47 = phi i64 [ %0, %27 ], [ %57, %70 ] %48 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %46, i64 0, i32 0 %49 = load volatile i64, i64* %48, align 8 store volatile i64 %49, i64* %5, align 8 %50 = zext i32 %45 to i64 %51 = shl nuw i64 1, %50 %52 = add i64 %51, %47 %53 = sub i64 0, %51 %54 = and i64 %52, %53 %55 = add i64 %54, -1 %56 = icmp ult i64 %55, %42 %57 = select i1 %56, i64 %54, i64 %1 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@lockless_pages_from_mm, %59), i8* blockaddress(@lockless_pages_from_mm, %62)) #6 to label %58 [label %59, label %62], !srcloc !4 br label %59 %60 = icmp eq i64 %49, 0 %61 = zext i1 %60 to i32 br label %62 %63 = phi i32 [ %61, %59 ], [ 0, %44 ] %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %73 %66 = call fastcc i32 @gup_p4d_range(i64 %49, i64 %47, i64 %57, i32 %2, %struct.page** %3, i32* nonnull %7) #83 %67 = icmp eq i32 %66, 0 %68 = icmp eq i64 %57, %1 %69 = or i1 %68, %67 br i1 %69, label %74, label %70 %75 = and i64 %30, 512 %76 = icmp eq i64 %75, 0 br i1 %76, label %78, label %77 br i1 %17, label %87, label %79 %80 = load %struct.mm_struct*, %struct.mm_struct** %33, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %81 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %80, i64 0, i32 0, i32 28, i32 0 %82 = load volatile i32, i32* %81, align 4 %83 = icmp eq i32 %82, %28 br i1 %83, label %87, label %84 %85 = load i32, i32* %7, align 4 %86 = sext i32 %85 to i64 call void @unpin_user_pages(%struct.page** %3, i64 %86) #84 Function:unpin_user_pages %3 = icmp ugt i64 %1, -4096 br i1 %3, label %4, label %5, !prof !4, !misexpect !5 %6 = icmp eq i64 %1, 0 br i1 %6, label %77, label %7 %8 = load %struct.page*, %struct.page** %0, align 8 %9 = getelementptr inbounds %struct.page, %struct.page* %8, i64 0, i32 1 %10 = bitcast %union.anon.20* %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 1 %13 = icmp eq i64 %12, 0 %14 = add i64 %11, -1 %15 = ptrtoint %struct.page* %8 to i64 %16 = select i1 %13, i64 %15, i64 %14, !prof !8 %17 = inttoptr i64 %16 to %struct.page* br label %18 %19 = phi i32 [ 0, %7 ], [ %20, %23 ] %20 = add i32 %19, 1 %21 = zext i32 %20 to i64 %22 = icmp ult i64 %21, %1 br i1 %22, label %23, label %36 %24 = getelementptr %struct.page*, %struct.page** %0, i64 %21 %25 = load %struct.page*, %struct.page** %24, align 8 %26 = getelementptr inbounds %struct.page, %struct.page* %25, i64 0, i32 1 %27 = bitcast %union.anon.20* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 1 %30 = icmp eq i64 %29, 0 %31 = add i64 %28, -1 %32 = ptrtoint %struct.page* %25 to i64 %33 = select i1 %30, i64 %32, i64 %31, !prof !8 %34 = inttoptr i64 %33 to %struct.page* %35 = icmp eq %struct.page* %34, %17 br i1 %35, label %18, label %36 br label %37 %38 = phi i64 [ %42, %75 ], [ 0, %36 ] %39 = phi i32 [ %76, %75 ], [ %20, %36 ] %40 = phi %struct.page* [ %55, %75 ], [ %17, %36 ] tail call fastcc void @put_compound_head(%struct.page* %40, i32 %39, i32 262144) #83 Function:put_compound_head %4 = and i32 %2, 262144 %5 = icmp eq i32 %4, 0 br i1 %5, label %47, label %6 %7 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %8 = load i64, i64* %7, align 16 %9 = lshr i64 %8, 58 %10 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %9 %11 = load %struct.pglist_data*, %struct.pglist_data** %10, align 8 %12 = sext i32 %1 to i64 tail call void bitcast (void (%struct.pglist_data.124020*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %11, i32 36, i64 %12) #83 ------------- Good: 276 Bad: 10 Ignored: 354 Check Use of Function:iowrite32 Check Use of Function:ext4_xattr_security_get Check Use of Function:blk_execute_rq Check Use of Function:__d_lookup_done Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #83 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.148048* %0, %struct.dentry.148048* %1, i1 zeroext false) #84 Function:__d_move %4 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 5 %5 = load %struct.inode.148060*, %struct.inode.148060** %4, align 8 %6 = icmp eq %struct.inode.148060* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16761, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "345:\0A\09.pushsection .discard.reachable\0A\09.long 345b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.148048* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.148048* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %12, i64 0, i32 3 %14 = load %struct.dentry.148048*, %struct.dentry.148048** %13, align 8 %15 = icmp eq %struct.dentry.148048* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %23 = load %struct.dentry.148048*, %struct.dentry.148048** %22, align 8 br label %24 %25 = phi %struct.dentry.148048* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %25, i64 0, i32 3 %27 = load %struct.dentry.148048*, %struct.dentry.148048** %26, align 8 %28 = icmp eq %struct.dentry.148048* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.148048* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.148048* %23, %0 %34 = icmp eq %struct.dentry.148048* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %43 = load %struct.dentry.148048*, %struct.dentry.148048** %42, align 8 %44 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #83 br label %56 %57 = phi %struct.dentry.148048* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #83 br label %60 %61 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #83 %63 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #83 %65 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %70 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %71 = load %struct.dentry.148048*, %struct.dentry.148048** %70, align 8 %72 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %71, i64 0, i32 5 %73 = load %struct.inode.148060*, %struct.inode.148060** %72, align 8 %74 = getelementptr inbounds %struct.inode.148060, %struct.inode.148060* %73, i64 0, i32 43 %75 = bitcast %union.anon.97* %74 to i32* br label %76 %77 = load i32, i32* %75, align 8 %78 = and i32 %77, 1 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %84 %81 = add i32 %77, 1 %82 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %75, i32 %81, i32 %77, i32* %75) #6, !srcloc !17 %83 = icmp eq i32 %82, %77 br i1 %83, label %85, label %84 tail call void @__d_lookup_done(%struct.dentry.148048* %1) #84 ------------- Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #83 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.148048* %0, %struct.dentry.148048* %1, i1 zeroext false) #84 Function:__d_move %4 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 5 %5 = load %struct.inode.148060*, %struct.inode.148060** %4, align 8 %6 = icmp eq %struct.inode.148060* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16761, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "345:\0A\09.pushsection .discard.reachable\0A\09.long 345b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.148048* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.148048* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %12, i64 0, i32 3 %14 = load %struct.dentry.148048*, %struct.dentry.148048** %13, align 8 %15 = icmp eq %struct.dentry.148048* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %23 = load %struct.dentry.148048*, %struct.dentry.148048** %22, align 8 br label %24 %25 = phi %struct.dentry.148048* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %25, i64 0, i32 3 %27 = load %struct.dentry.148048*, %struct.dentry.148048** %26, align 8 %28 = icmp eq %struct.dentry.148048* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.148048* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.148048* %23, %0 %34 = icmp eq %struct.dentry.148048* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %43 = load %struct.dentry.148048*, %struct.dentry.148048** %42, align 8 %44 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #83 br label %56 %57 = phi %struct.dentry.148048* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #83 br label %60 %61 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #83 %63 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #83 %65 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %70 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %71 = load %struct.dentry.148048*, %struct.dentry.148048** %70, align 8 %72 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %71, i64 0, i32 5 %73 = load %struct.inode.148060*, %struct.inode.148060** %72, align 8 %74 = getelementptr inbounds %struct.inode.148060, %struct.inode.148060* %73, i64 0, i32 43 %75 = bitcast %union.anon.97* %74 to i32* br label %76 %77 = load i32, i32* %75, align 8 %78 = and i32 %77, 1 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %84 %81 = add i32 %77, 1 %82 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %75, i32 %81, i32 %77, i32* %75) #6, !srcloc !17 %83 = icmp eq i32 %82, %77 br i1 %83, label %85, label %84 tail call void @__d_lookup_done(%struct.dentry.148048* %1) #84 ------------- Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #83 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.148048* %0, %struct.dentry.148048* %1, i1 zeroext false) #84 Function:__d_move %4 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 5 %5 = load %struct.inode.148060*, %struct.inode.148060** %4, align 8 %6 = icmp eq %struct.inode.148060* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16761, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "345:\0A\09.pushsection .discard.reachable\0A\09.long 345b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.148048* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.148048* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %12, i64 0, i32 3 %14 = load %struct.dentry.148048*, %struct.dentry.148048** %13, align 8 %15 = icmp eq %struct.dentry.148048* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %23 = load %struct.dentry.148048*, %struct.dentry.148048** %22, align 8 br label %24 %25 = phi %struct.dentry.148048* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %25, i64 0, i32 3 %27 = load %struct.dentry.148048*, %struct.dentry.148048** %26, align 8 %28 = icmp eq %struct.dentry.148048* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.148048* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.148048* %23, %0 %34 = icmp eq %struct.dentry.148048* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %43 = load %struct.dentry.148048*, %struct.dentry.148048** %42, align 8 %44 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #83 br label %56 %57 = phi %struct.dentry.148048* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #83 br label %60 %61 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #83 %63 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #83 %65 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %70 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %71 = load %struct.dentry.148048*, %struct.dentry.148048** %70, align 8 %72 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %71, i64 0, i32 5 %73 = load %struct.inode.148060*, %struct.inode.148060** %72, align 8 %74 = getelementptr inbounds %struct.inode.148060, %struct.inode.148060* %73, i64 0, i32 43 %75 = bitcast %union.anon.97* %74 to i32* br label %76 %77 = load i32, i32* %75, align 8 %78 = and i32 %77, 1 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %84 %81 = add i32 %77, 1 %82 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %75, i32 %81, i32 %77, i32* %75) #6, !srcloc !17 %83 = icmp eq i32 %82, %77 br i1 %83, label %85, label %84 tail call void @__d_lookup_done(%struct.dentry.148048* %1) #84 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.static_call_site* %6 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 9 %11 = load %struct.super_block.151751*, %struct.super_block.151751** %10, align 8 %12 = getelementptr inbounds %struct.super_block.151751, %struct.super_block.151751* %11, i64 0, i32 40 %13 = load %struct.dentry_operations.151784*, %struct.dentry_operations.151784** %12, align 64 %14 = icmp eq %struct.dentry_operations.151784* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.148048*, %struct.inode.148060*)* @d_add to void (%struct.dentry.151783*, %struct.inode.151779*)*)(%struct.dentry.151783* %1, %struct.inode.151779* null) #83 Function:d_add %3 = icmp eq %struct.inode.148060* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.148048* %0, %struct.inode.148060* %1) #84 Function:__d_add %3 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #83 %5 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %11 = load %struct.dentry.148048*, %struct.dentry.148048** %10, align 8 %12 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %11, i64 0, i32 5 %13 = load %struct.inode.148060*, %struct.inode.148060** %12, align 8 %14 = getelementptr inbounds %struct.inode.148060, %struct.inode.148060* %13, i64 0, i32 43 %15 = bitcast %union.anon.97* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.148048* %0) #84 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.static_call_site* %6 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.151783, %struct.dentry.151783* %1, i64 0, i32 9 %11 = load %struct.super_block.151751*, %struct.super_block.151751** %10, align 8 %12 = getelementptr inbounds %struct.super_block.151751, %struct.super_block.151751* %11, i64 0, i32 40 %13 = load %struct.dentry_operations.151784*, %struct.dentry_operations.151784** %12, align 64 %14 = icmp eq %struct.dentry_operations.151784* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.148048*, %struct.inode.148060*)* @d_add to void (%struct.dentry.151783*, %struct.inode.151779*)*)(%struct.dentry.151783* %1, %struct.inode.151779* null) #83 Function:d_add %3 = icmp eq %struct.inode.148060* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.148048* %0, %struct.inode.148060* %1) #84 Function:__d_add %3 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #83 %5 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %11 = load %struct.dentry.148048*, %struct.dentry.148048** %10, align 8 %12 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %11, i64 0, i32 5 %13 = load %struct.inode.148060*, %struct.inode.148060** %12, align 8 %14 = getelementptr inbounds %struct.inode.148060, %struct.inode.148060* %13, i64 0, i32 43 %15 = bitcast %union.anon.97* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.148048* %0) #84 ------------- Good: 88 Bad: 5 Ignored: 109 Check Use of Function:pgprot_writecombine Check Use of Function:drm_dev_exit Use: =BAD PATH= Call Stack: 0 i915_gem_mmap ------------- Path:  Function:i915_gem_mmap %3 = alloca i32, align 4 %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.drm_file** %6 = load %struct.drm_file*, %struct.drm_file** %5, align 8 %7 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %6, i64 0, i32 13 %8 = load %struct.drm_minor*, %struct.drm_minor** %7, align 8 %9 = getelementptr inbounds %struct.drm_minor, %struct.drm_minor* %8, i64 0, i32 3 %10 = load %struct.drm_device.373290*, %struct.drm_device.373290** %9, align 8 %11 = bitcast i32* %3 to i8* %12 = call zeroext i1 @drm_dev_enter(%struct.drm_device.373290* %10, i32* nonnull %3) #83 br i1 %12, label %14, label %13 %15 = load i32, i32* %3, align 4 call void @drm_dev_exit(i32 %15) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl_kernel 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.static_call_site, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %16 = bitcast %struct.static_call_site* %4 to i8* %17 = bitcast %struct.drm_i915_getparam* %5 to i8* %18 = inttoptr i64 %2 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %16, i8* %18, i64 8) #83 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %32 %22 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %4, i64 0, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.drm_i915_getparam, %struct.drm_i915_getparam* %5, i64 0, i32 0 store i32 %23, i32* %24, align 8 %25 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %4, i64 0, i32 1 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = inttoptr i64 %27 to i8* %29 = getelementptr inbounds %struct.drm_i915_getparam, %struct.drm_i915_getparam* %5, i64 0, i32 1 %30 = bitcast i32** %29 to i8** store i8* %28, i8** %30, align 8 %31 = call i64 bitcast (i64 (%struct.file*, i32 (%struct.drm_device.382975*, i8*, %struct.drm_file.382942*)*, i8*, i32)* @drm_ioctl_kernel to i64 (%struct.file.425584*, i32 (%struct.drm_device.425684*, i8*, %struct.drm_file.425589*)*, i8*, i32)*)(%struct.file.425584* %0, i32 (%struct.drm_device.425684*, i8*, %struct.drm_file.425589*)* nonnull bitcast (i32 (%struct.drm_device.373290*, i8*, %struct.drm_file*)* @i915_getparam_ioctl to i32 (%struct.drm_device.425684*, i8*, %struct.drm_file.425589*)*), i8* nonnull %17, i32 32) #83 Function:drm_ioctl_kernel %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.382942** %8 = load %struct.drm_file.382942*, %struct.drm_file.382942** %7, align 8 %9 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 13 %10 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %9, align 8 %11 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %10, i64 0, i32 3 %12 = load %struct.drm_device.382975*, %struct.drm_device.382975** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = call zeroext i1 bitcast (i1 (%struct.drm_device.373290*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.382975*, i32*)*)(%struct.drm_device.382975* %12, i32* nonnull %5) #83 br i1 %14, label %16, label %15 %17 = load i32, i32* %5, align 4 call void @drm_dev_exit(i32 %17) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.382942** %8 = load %struct.drm_file.382942*, %struct.drm_file.382942** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 13 %12 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %12, i64 0, i32 3 %14 = load %struct.drm_device.382975*, %struct.drm_device.382975** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.373290*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.382975*, i32*)*)(%struct.drm_device.382975* %14, i32* nonnull %4) #83 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.static_call_site, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %35 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.425584*, i32, i64)*)(%struct.file.425584* %0, i32 %1, i64 %2) #83 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.382942** %8 = load %struct.drm_file.382942*, %struct.drm_file.382942** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 13 %12 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %12, i64 0, i32 3 %14 = load %struct.drm_device.382975*, %struct.drm_device.382975** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.373290*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.382975*, i32*)*)(%struct.drm_device.382975* %14, i32* nonnull %4) #83 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #83 ------------- Good: 2 Bad: 4 Ignored: 24 Check Use of Function:acpi_sleep_init Check Use of Function:security_member_sid Check Use of Function:xt_find_revision Check Use of Function:ieee80211_hw_config Check Use of Function:security_shm_associate Use: =BAD PATH= Call Stack: 0 __x64_sys_shmget ------------- Path:  Function:__x64_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %8 to i32 %11 = bitcast %struct.ipc_params* %2 to i8* %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 103 %15 = load %struct.nsproxy*, %struct.nsproxy** %14, align 64 %16 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %18, align 8 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %10, i32* %19, align 4 %20 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %6, i64* %20, align 8 %21 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 0, i64 2 %22 = call i32 bitcast (i32 (%struct.ipc_namespace.259985*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.260893*, %struct.ipc_params*)*)(%struct.ipc_namespace* %17, %struct.ipc_ids* %21, %struct.ipc_ops.260893* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_shmget ------------- Path:  Function:__ia32_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %9 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 103 %16 = load %struct.nsproxy*, %struct.nsproxy** %15, align 64 %17 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %16, i64 0, i32 2 %18 = load %struct.ipc_namespace*, %struct.ipc_namespace** %17, align 8 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %10, i32* %19, align 8 %20 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %20, align 4 %21 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %7, i64* %21, align 8 %22 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 0, i64 2 %23 = call i32 bitcast (i32 (%struct.ipc_namespace.259985*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.260893*, %struct.ipc_params*)*)(%struct.ipc_namespace* %18, %struct.ipc_ids* %22, %struct.ipc_ops.260893* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmget 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #83 Function:compat_ksys_ipc %7 = alloca %struct.static_call_site, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %106 = zext i32 %2 to i64 %107 = tail call i64 @ksys_shmget(i32 %1, i64 %106, i32 %3) #83 Function:ksys_shmget %4 = alloca %struct.ipc_params, align 8 %5 = bitcast %struct.ipc_params* %4 to i8* %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct* %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %7, i64 0, i32 103 %9 = load %struct.nsproxy*, %struct.nsproxy** %8, align 64 %10 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %9, i64 0, i32 2 %11 = load %struct.ipc_namespace*, %struct.ipc_namespace** %10, align 8 %12 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 0 store i32 %0, i32* %12, align 8 %13 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 1 store i32 %2, i32* %13, align 4 %14 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 2, i32 0 store i64 %1, i64* %14, align 8 %15 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %11, i64 0, i32 0, i64 2 %16 = call i32 bitcast (i32 (%struct.ipc_namespace.259985*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.260893*, %struct.ipc_params*)*)(%struct.ipc_namespace* %11, %struct.ipc_ids* %15, %struct.ipc_ops.260893* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %4) #83 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:autofs_root_compat_ioctl Check Use of Function:regulatory_propagate_dfs_state Check Use of Function:kernfs_fop_read_iter Check Use of Function:ieee80211_destroy_frag_cache Check Use of Function:acpi_bus_trim Check Use of Function:drop_super_exclusive Check Use of Function:cfg80211_shutdown_all_interfaces Check Use of Function:mq_leaf Check Use of Function:drm_modeset_lock Check Use of Function:io_worker_ref_put Check Use of Function:path_lookupat Check Use of Function:call_blocking_lsm_notifier Check Use of Function:kvfree_call_rcu Use: =BAD PATH= Call Stack: 0 dma_fence_release 1 sync_file_release ------------- Path:  Function:sync_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 80 %6 = bitcast i8* %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 1 %9 = icmp eq i64 %8, 0 br i1 %9, label %17, label %10 %18 = getelementptr inbounds i8, i8* %4, i64 88 %19 = bitcast i8* %18 to %struct.dma_fence** %20 = load %struct.dma_fence*, %struct.dma_fence** %19, align 8 %21 = icmp eq %struct.dma_fence* %20, null br i1 %21, label %34, label %22 %23 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %20, i64 0, i32 6 %24 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %23, i64 0, i32 0 %25 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %23, i64 0, i32 0, i32 0, i32 0 %26 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 -1, i32* %25) #6, !srcloc !4 %27 = icmp eq i32 %26, 1 br i1 %27, label %33, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @dma_fence_release(%struct.qspinlock* %23) #83 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_fence_release 1 dma_resv_iter_walk_unlocked 2 dma_resv_iter_first_unlocked 3 dma_resv_wait_timeout 4 dma_buf_ioctl ------------- Path:  Function:dma_buf_ioctl %4 = alloca %struct.anon.1, align 8 %5 = bitcast %struct.anon.1* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.dma_buf** %8 = load %struct.dma_buf*, %struct.dma_buf** %7, align 8 switch i32 %1, label %82 [ i32 1074291200, label %9 i32 1074029057, label %58 i32 1074291201, label %58 ] %10 = inttoptr i64 %2 to i8* %11 = call i64 @_copy_from_user(i8* nonnull %5, i8* %10, i64 8) #83 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %82 %14 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %4, i64 0, i32 0 %15 = load i64, i64* %14, align 8 %16 = icmp ult i64 %15, 8 br i1 %16, label %17, label %82 %18 = and i64 %15, 3 switch i64 %18, label %82 [ i64 1, label %21 i64 2, label %19 i64 3, label %20 ] %22 = phi i1 [ false, %17 ], [ true, %20 ], [ true, %19 ] %23 = phi i32 [ 2, %17 ], [ 0, %20 ], [ 1, %19 ] %24 = and i64 %15, 4 %25 = icmp eq i64 %24, 0 %26 = icmp eq %struct.dma_buf* %8, null br i1 %25, label %37, label %27 br i1 %26, label %38, label %39, !prof !4, !misexpect !5 %40 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %8, i64 0, i32 3 %41 = load %struct.dma_buf_ops*, %struct.dma_buf_ops** %40, align 8 %42 = getelementptr inbounds %struct.dma_buf_ops, %struct.dma_buf_ops* %41, i64 0, i32 8 %43 = load i32 (%struct.dma_buf*, i32)*, i32 (%struct.dma_buf*, i32)** %42, align 8 %44 = icmp eq i32 (%struct.dma_buf*, i32)* %43, null br i1 %44, label %48, label %45 %46 = call i32 %43(%struct.dma_buf* nonnull %8, i32 %23) #83 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %55 %49 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %8, i64 0, i32 13 %50 = load %struct.dma_resv*, %struct.dma_resv** %49, align 8 %51 = call i64 @dma_resv_wait_timeout(%struct.dma_resv* %50, i1 zeroext %22, i1 zeroext true, i64 9223372036854775807) #83 Function:dma_resv_wait_timeout %5 = alloca %struct.dma_resv_iter, align 8 %6 = icmp eq i64 %3, 0 %7 = select i1 %6, i64 1, i64 %3 %8 = bitcast %struct.dma_resv_iter* %5 to i8* %9 = zext i1 %1 to i8 %10 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 0 store %struct.dma_resv* %0, %struct.dma_resv** %10, align 8 %11 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 1 store i8 %9, i8* %11, align 8 %12 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 2 store %struct.dma_fence* null, %struct.dma_fence** %12, align 8 %13 = call %struct.dma_fence* @dma_resv_iter_first_unlocked(%struct.dma_resv_iter* nonnull %5) #83 Function:dma_resv_iter_first_unlocked tail call void @__rcu_read_lock() #83 %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 3 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 1 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %8 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 7 br label %9 %10 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %11 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %10, i64 0, i32 1, i32 0, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %17 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %16, i64 0, i32 1, i32 0, i32 0 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 1 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %15 %22 = phi i32 [ %12, %9 ], [ %18, %15 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i32 %22, i32* %3, align 8 store i32 -1, i32* %4, align 4 store i32 0, i32* %5, align 8 %23 = load i8, i8* %6, align 8, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %27 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %26, i64 0, i32 3 %28 = load volatile %struct.dma_resv_list*, %struct.dma_resv_list** %27, align 8 store %struct.dma_resv_list* %28, %struct.dma_resv_list** %7, align 8 %29 = icmp eq %struct.dma_resv_list* %28, null br i1 %29, label %34, label %30 store i8 1, i8* %8, align 4 tail call fastcc void @dma_resv_iter_walk_unlocked(%struct.dma_resv_iter* %0) #84 Function:dma_resv_iter_walk_unlocked %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %3, i64 0, i32 2 br label %9 %10 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 %11 = icmp eq %struct.dma_fence* %10, null br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %10, i64 0, i32 6 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0 %15 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 -1, i32* %15) #6, !srcloc !4 %17 = icmp eq i32 %16, 1 br i1 %17, label %23, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @dma_fence_release(%struct.qspinlock* %13) #83 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_fence_release 1 dma_fence_chain_find_seqno 2 syncobj_wait_syncobj_func 3 drm_syncobj_replace_fence 4 drm_syncobj_file_release ------------- Path:  Function:drm_syncobj_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_syncobj** %5 = load %struct.drm_syncobj*, %struct.drm_syncobj** %4, align 8 %6 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0 %7 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 -1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %16 = bitcast %struct.drm_syncobj* %5 to i8* tail call void @drm_syncobj_replace_fence(%struct.drm_syncobj* %5, %struct.dma_fence* null) #83 Function:drm_syncobj_replace_fence %3 = icmp eq %struct.dma_fence* %1, null br i1 %3, label %16, label %4 %5 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %1, i64 0, i32 6 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11, !prof !5, !misexpect !6 %12 = add i32 %8, 1 %13 = or i32 %12, %8 %14 = icmp sgt i32 %13, -1 br i1 %14, label %16, label %15, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %6, i32 1) #83 br label %16 %17 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %17) #83 %18 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %19 = load %struct.dma_fence*, %struct.dma_fence** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile %struct.dma_fence* %1, %struct.dma_fence** %18, align 8 %20 = icmp eq %struct.dma_fence* %19, %1 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 2 %23 = bitcast %struct.list_head* %22 to %struct.syncobj_wait_entry** %24 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %23, align 8 %25 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %24, i64 0, i32 0 %26 = icmp eq %struct.list_head* %25, %22 br i1 %26, label %33, label %27 %28 = phi %struct.syncobj_wait_entry* [ %30, %27 ], [ %24, %21 ] %29 = bitcast %struct.syncobj_wait_entry* %28 to %struct.syncobj_wait_entry** %30 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %29, align 8 tail call fastcc void @syncobj_wait_syncobj_func(%struct.drm_syncobj* %0, %struct.syncobj_wait_entry* %28) #84 Function:syncobj_wait_syncobj_func %3 = alloca %struct.dma_fence*, align 8 %4 = bitcast %struct.dma_fence** %3 to i8* %5 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %6 = load %struct.dma_fence*, %struct.dma_fence** %5, align 8 store %struct.dma_fence* %6, %struct.dma_fence** %3, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %56, label %8 %9 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %6, i64 0, i32 6 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !5, !misexpect !6 %15 = add i32 %12, 1 %16 = or i32 %15, %12 %17 = icmp sgt i32 %16, -1 br i1 %17, label %20, label %18, !prof !7, !misexpect !6 %19 = phi i32 [ 2, %8 ], [ 1, %14 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 %19) #83 br label %20 %21 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %1, i64 0, i32 4 %22 = load i64, i64* %21, align 8 %23 = call i32 @dma_fence_chain_find_seqno(%struct.dma_fence** nonnull %3, i64 %22) #83 Function:dma_fence_chain_find_seqno %3 = icmp eq i64 %1, 0 br i1 %3, label %56, label %4 %5 = load %struct.dma_fence*, %struct.dma_fence** %0, align 8 %6 = icmp eq %struct.dma_fence* %5, null br i1 %6, label %56, label %7 %8 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 1 %9 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %8, align 8 %10 = icmp eq %struct.dma_fence_ops* %9, @dma_fence_chain_ops br i1 %10, label %11, label %56 %12 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = icmp ult i64 %13, %1 br i1 %14, label %56, label %15 %16 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 6 %17 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %16, i64 0, i32 0 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %16, i64 0, i32 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !5, !misexpect !6 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !7, !misexpect !6 %26 = phi i32 [ 2, %15 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %26) #83 br label %27 store %struct.dma_fence* %5, %struct.dma_fence** %0, align 8 %28 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 3 br label %29 %30 = phi %struct.dma_fence* [ %5, %27 ], [ %45, %44 ] %31 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %30, i64 0, i32 3 %32 = load i64, i64* %31, align 8 %33 = load i64, i64* %28, align 8 %34 = icmp eq i64 %32, %33 br i1 %34, label %35, label %47 %48 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 -1, i32* %18) #6, !srcloc !8 %49 = icmp eq i32 %48, 1 br i1 %49, label %55, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @dma_fence_release(%struct.qspinlock* %16) #83 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_fence_release 1 dma_resv_get_excl_unlocked 2 i915_gem_object_wait 3 i915_gem_wait_ioctl ------------- Path:  Function:i915_gem_wait_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %85 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 8 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file.490674, %struct.drm_file.490674* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.490854* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = tail call i64 @ktime_get() #83 %42 = getelementptr inbounds i8, i8* %1, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %53, label %46 %54 = phi i64 [ %52, %48 ], [ 9223372036854775807, %40 ], [ 0, %46 ] %55 = tail call i32 @i915_gem_object_wait(%struct.drm_i915_gem_object.490854* nonnull %14, i32 7, i64 %54) #84 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %45, label %33 %34 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %35 = icmp eq %struct.dma_fence* %9, %34 br i1 %35, label %48, label %36 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !8 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @dma_fence_release(%struct.qspinlock* %10) #83, !callees !10 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_fence_release 1 dma_resv_get_excl_unlocked 2 i915_gem_object_wait 3 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %396, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %396, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %396, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %385 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %385, label %75 %76 = getelementptr inbounds i8, i8* %36, i64 584 %77 = bitcast i8* %76 to i64* %78 = load i64, i64* %77, align 8 %79 = and i64 %78, 64 %80 = icmp eq i64 %79, 0 br i1 %80, label %81, label %385 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pwrite to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pwrite_ioctl, %82)) #6 to label %102 [label %82], !srcloc !10 %103 = getelementptr inbounds i8, i8* %36, i64 440 %104 = bitcast i8* %103 to %struct.drm_i915_gem_object_ops.436016** %105 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %104, align 8 %106 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %105, i64 0, i32 6 %107 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %106, align 8 %108 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %107, null br i1 %108, label %112, label %109 %113 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 5, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %45, label %33 %34 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %35 = icmp eq %struct.dma_fence* %9, %34 br i1 %35, label %48, label %36 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !8 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @dma_fence_release(%struct.qspinlock* %10) #83, !callees !10 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 dma_fence_release 1 dma_resv_get_excl_unlocked 2 i915_gem_object_wait 3 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %331, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %331, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %331, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %320 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %320, label %75 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pread to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pread_ioctl, %76)) #6 to label %96 [label %76], !srcloc !10 %97 = getelementptr inbounds i8, i8* %36, i64 440 %98 = bitcast i8* %97 to %struct.drm_i915_gem_object_ops.436016** %99 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %98, align 8 %100 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %99, i64 0, i32 5 %101 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %100, align 8 %102 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %101, null br i1 %102, label %106, label %103 %107 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 1, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %45, label %33 %34 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %35 = icmp eq %struct.dma_fence* %9, %34 br i1 %35, label %48, label %36 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !8 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @dma_fence_release(%struct.qspinlock* %10) #83, !callees !10 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 _nfs4_do_setattr 4 nfs4_do_setattr 5 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 store %struct.cred* null, %struct.cred** %194, align 8 %204 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 10 tail call void @kvfree_call_rcu(%struct.callback_head* %204, void (%struct.callback_head*)* nonnull inttoptr (i64 88 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.233146** %6 = load %struct.nfs_renameargs.233146*, %struct.nfs_renameargs.233146** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.233147** %9 = load %struct.nfs_renameres.233147*, %struct.nfs_renameres.233147** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 store %struct.cred* null, %struct.cred** %194, align 8 %204 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 10 tail call void @kvfree_call_rcu(%struct.callback_head* %204, void (%struct.callback_head*)* nonnull inttoptr (i64 88 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 store %struct.cred* null, %struct.cred** %194, align 8 %204 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 10 tail call void @kvfree_call_rcu(%struct.callback_head* %204, void (%struct.callback_head*)* nonnull inttoptr (i64 88 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.233142** %6 = load %struct.nfs_removeargs.233142*, %struct.nfs_removeargs.233142** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.233144** %9 = load %struct.nfs_removeres.233144*, %struct.nfs_removeres.233144** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.233131** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #83 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 store %struct.cred* null, %struct.cred** %194, align 8 %204 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 10 tail call void @kvfree_call_rcu(%struct.callback_head* %204, void (%struct.callback_head*)* nonnull inttoptr (i64 88 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs3_set_acl ------------- Path:  Function:nfs3_set_acl %5 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %1, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, -4096 %8 = icmp eq i16 %7, 16384 br i1 %8, label %9, label %16 switch i32 %3, label %16 [ i32 32768, label %10 i32 16384, label %13 ] %14 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.232196*, i32)*)(%struct.inode.232196* %1, i32 32768) #83 %15 = icmp ugt %struct.posix_acl* %14, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %15, label %63, label %16 %17 = phi %struct.posix_acl* [ %2, %9 ], [ %2, %4 ], [ %2, %10 ], [ %14, %13 ] %18 = phi %struct.posix_acl* [ null, %9 ], [ null, %4 ], [ %11, %10 ], [ %2, %13 ] %19 = icmp eq %struct.posix_acl* %17, null br i1 %19, label %20, label %24 %21 = load i16, i16* %5, align 8 %22 = tail call %struct.posix_acl* @posix_acl_from_mode(i16 zeroext %21, i32 3264) #83 %23 = icmp ugt %struct.posix_acl* %22, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %23, label %63, label %24 %64 = phi %struct.posix_acl* [ null, %20 ], [ %2, %13 ], [ %2, %10 ] %65 = phi %struct.posix_acl* [ %18, %20 ], [ null, %13 ], [ null, %10 ] %66 = phi %struct.posix_acl* [ %22, %20 ], [ %14, %13 ], [ %11, %10 ] %67 = ptrtoint %struct.posix_acl* %66 to i64 %68 = trunc i64 %67 to i32 br label %27 %28 = phi %struct.posix_acl* [ %64, %63 ], [ %25, %24 ] %29 = phi %struct.posix_acl* [ %65, %63 ], [ %18, %24 ] %30 = phi i32 [ %68, %63 ], [ %26, %24 ] %31 = icmp eq %struct.posix_acl* %28, %2 %32 = icmp eq %struct.posix_acl* %28, null %33 = or i1 %31, %32 br i1 %33, label %46, label %34 %35 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 0 %36 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 0, i32 0, i32 0 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 -1, i32* %36) #6, !srcloc !4 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %45 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 1 tail call void @kvfree_call_rcu(%struct.callback_head* %45, void (%struct.callback_head*)* nonnull inttoptr (i64 8 to void (%struct.callback_head*)*)) #83 br label %46 %47 = icmp eq %struct.posix_acl* %29, %2 %48 = icmp eq %struct.posix_acl* %29, null %49 = or i1 %47, %48 br i1 %49, label %62, label %50 %51 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %29, i64 0, i32 0 %52 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %29, i64 0, i32 0, i32 0, i32 0 %53 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %52, i32 -1, i32* %52) #6, !srcloc !4 %54 = icmp eq i32 %53, 1 br i1 %54, label %60, label %55 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %61 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %29, i64 0, i32 1 tail call void @kvfree_call_rcu(%struct.callback_head* %61, void (%struct.callback_head*)* nonnull inttoptr (i64 8 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs3_set_acl ------------- Path:  Function:nfs3_set_acl %5 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %1, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, -4096 %8 = icmp eq i16 %7, 16384 br i1 %8, label %9, label %16 switch i32 %3, label %16 [ i32 32768, label %10 i32 16384, label %13 ] %14 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.232196*, i32)*)(%struct.inode.232196* %1, i32 32768) #83 %15 = icmp ugt %struct.posix_acl* %14, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %15, label %63, label %16 %17 = phi %struct.posix_acl* [ %2, %9 ], [ %2, %4 ], [ %2, %10 ], [ %14, %13 ] %18 = phi %struct.posix_acl* [ null, %9 ], [ null, %4 ], [ %11, %10 ], [ %2, %13 ] %19 = icmp eq %struct.posix_acl* %17, null br i1 %19, label %20, label %24 %21 = load i16, i16* %5, align 8 %22 = tail call %struct.posix_acl* @posix_acl_from_mode(i16 zeroext %21, i32 3264) #83 %23 = icmp ugt %struct.posix_acl* %22, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %23, label %63, label %24 %64 = phi %struct.posix_acl* [ null, %20 ], [ %2, %13 ], [ %2, %10 ] %65 = phi %struct.posix_acl* [ %18, %20 ], [ null, %13 ], [ null, %10 ] %66 = phi %struct.posix_acl* [ %22, %20 ], [ %14, %13 ], [ %11, %10 ] %67 = ptrtoint %struct.posix_acl* %66 to i64 %68 = trunc i64 %67 to i32 br label %27 %28 = phi %struct.posix_acl* [ %64, %63 ], [ %25, %24 ] %29 = phi %struct.posix_acl* [ %65, %63 ], [ %18, %24 ] %30 = phi i32 [ %68, %63 ], [ %26, %24 ] %31 = icmp eq %struct.posix_acl* %28, %2 %32 = icmp eq %struct.posix_acl* %28, null %33 = or i1 %31, %32 br i1 %33, label %46, label %34 %35 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 0 %36 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 0, i32 0, i32 0 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 -1, i32* %36) #6, !srcloc !4 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %45 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 1 tail call void @kvfree_call_rcu(%struct.callback_head* %45, void (%struct.callback_head*)* nonnull inttoptr (i64 8 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 timerfd_release ------------- Path:  Function:timerfd_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.timerfd_ctx** %5 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 10, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #83 %7 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 11 %8 = load i8, i8* %7, align 4, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %17, label %10 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %6) #83 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 5 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, -2 %21 = icmp eq i32 %20, 8 br i1 %21, label %22, label %25 %23 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 0, i32 0 %24 = tail call i32 @alarm_cancel(%struct.alarm* %23) #83 br label %28 %29 = icmp eq %struct.timerfd_ctx* %5, null br i1 %29, label %32, label %30 %31 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 8 tail call void @kvfree_call_rcu(%struct.callback_head* %31, void (%struct.callback_head*)* nonnull inttoptr (i64 176 to void (%struct.callback_head*)*)) #83 ------------- Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #83 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.148048* %0, %struct.dentry.148048* %1, i1 zeroext false) #84 Function:__d_move %4 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 5 %5 = load %struct.inode.148060*, %struct.inode.148060** %4, align 8 %6 = icmp eq %struct.inode.148060* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16761, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "345:\0A\09.pushsection .discard.reachable\0A\09.long 345b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.148048* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.148048* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %12, i64 0, i32 3 %14 = load %struct.dentry.148048*, %struct.dentry.148048** %13, align 8 %15 = icmp eq %struct.dentry.148048* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %23 = load %struct.dentry.148048*, %struct.dentry.148048** %22, align 8 br label %24 %25 = phi %struct.dentry.148048* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %25, i64 0, i32 3 %27 = load %struct.dentry.148048*, %struct.dentry.148048** %26, align 8 %28 = icmp eq %struct.dentry.148048* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.148048* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.148048* %23, %0 %34 = icmp eq %struct.dentry.148048* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %43 = load %struct.dentry.148048*, %struct.dentry.148048** %42, align 8 %44 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #83 br label %56 %57 = phi %struct.dentry.148048* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #83 br label %60 %61 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #83 %63 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #83 %65 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %88 = phi i32 [ %86, %85 ], [ undef, %60 ] %89 = phi %struct.inode.148060* [ %73, %85 ], [ null, %60 ] %90 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 1, i32 0, i32 0 %91 = load i32, i32* %90, align 4 %92 = add i32 %91, 1 store i32 %92, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %93 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 1, i32 0, i32 0 %94 = load i32, i32* %93, align 4 %95 = add i32 %94, 1 store i32 %95, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %96 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 2, i32 1 %97 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %96, align 8 %98 = icmp eq %struct.hlist_bl_node** %97, null br i1 %98, label %155, label %99 %156 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 2, i32 1 %157 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %156, align 8 %158 = icmp eq %struct.hlist_bl_node** %157, null br i1 %158, label %216, label %159 %217 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %218 = bitcast %struct.dentry.148048** %217 to i64* %219 = load i64, i64* %218, align 8 %220 = bitcast %struct.dentry.148048** %22 to i64* store i64 %219, i64* %220, align 8 br i1 %2, label %274, label %221 %222 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 1 %223 = load i8*, i8** %222, align 8 %224 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 6, i64 0 %225 = icmp eq i8* %223, %224 %226 = getelementptr i8, i8* %223, i64 -16 %227 = bitcast i8* %226 to %struct.external_name* %228 = select i1 %225, %struct.external_name* null, %struct.external_name* %227, !prof !10 %229 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 1 %230 = load i8*, i8** %229, align 8 %231 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 6, i64 0 %232 = icmp eq i8* %230, %231 br i1 %232, label %240, label %233, !prof !10, !misexpect !5 %241 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 0 %242 = bitcast %struct.anon.1* %241 to %struct.static_call_site* %243 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %242, i64 0, i32 1 %244 = load i32, i32* %243, align 4 %245 = add i32 %244, 1 %246 = zext i32 %245 to i64 store i8* %224, i8** %222, align 8 %247 = getelementptr %struct.anon.1, %struct.anon.1* %241, i64 0, i32 0 %248 = load i64, i64* %247, align 8 %249 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 0, i32 0 store i64 %248, i64* %249, align 8 br label %250 %251 = icmp eq %struct.external_name* %228, null br i1 %251, label %259, label %252 %253 = bitcast %struct.external_name* %228 to i32* %254 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %253, i32* nonnull %253) #6, !srcloc !30 %255 = and i8 %254, 1 %256 = icmp eq i8 %255, 0 br i1 %256, label %259, label %257, !prof !4, !misexpect !31 %258 = getelementptr inbounds %struct.external_name, %struct.external_name* %228, i64 0, i32 0, i32 0 tail call void @kvfree_call_rcu(%struct.callback_head* %258, void (%struct.callback_head*)* null) #83 ------------- Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #83 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.148048* %0, %struct.dentry.148048* %1, i1 zeroext false) #84 Function:__d_move %4 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 5 %5 = load %struct.inode.148060*, %struct.inode.148060** %4, align 8 %6 = icmp eq %struct.inode.148060* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16761, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "345:\0A\09.pushsection .discard.reachable\0A\09.long 345b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.148048* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.148048* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %12, i64 0, i32 3 %14 = load %struct.dentry.148048*, %struct.dentry.148048** %13, align 8 %15 = icmp eq %struct.dentry.148048* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %23 = load %struct.dentry.148048*, %struct.dentry.148048** %22, align 8 br label %24 %25 = phi %struct.dentry.148048* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %25, i64 0, i32 3 %27 = load %struct.dentry.148048*, %struct.dentry.148048** %26, align 8 %28 = icmp eq %struct.dentry.148048* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.148048* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.148048* %23, %0 %34 = icmp eq %struct.dentry.148048* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %43 = load %struct.dentry.148048*, %struct.dentry.148048** %42, align 8 %44 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #83 br label %56 %57 = phi %struct.dentry.148048* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #83 br label %60 %61 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #83 %63 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #83 %65 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %88 = phi i32 [ %86, %85 ], [ undef, %60 ] %89 = phi %struct.inode.148060* [ %73, %85 ], [ null, %60 ] %90 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 1, i32 0, i32 0 %91 = load i32, i32* %90, align 4 %92 = add i32 %91, 1 store i32 %92, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %93 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 1, i32 0, i32 0 %94 = load i32, i32* %93, align 4 %95 = add i32 %94, 1 store i32 %95, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %96 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 2, i32 1 %97 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %96, align 8 %98 = icmp eq %struct.hlist_bl_node** %97, null br i1 %98, label %155, label %99 %156 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 2, i32 1 %157 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %156, align 8 %158 = icmp eq %struct.hlist_bl_node** %157, null br i1 %158, label %216, label %159 %217 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %218 = bitcast %struct.dentry.148048** %217 to i64* %219 = load i64, i64* %218, align 8 %220 = bitcast %struct.dentry.148048** %22 to i64* store i64 %219, i64* %220, align 8 br i1 %2, label %274, label %221 %222 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 1 %223 = load i8*, i8** %222, align 8 %224 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 6, i64 0 %225 = icmp eq i8* %223, %224 %226 = getelementptr i8, i8* %223, i64 -16 %227 = bitcast i8* %226 to %struct.external_name* %228 = select i1 %225, %struct.external_name* null, %struct.external_name* %227, !prof !10 %229 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 1 %230 = load i8*, i8** %229, align 8 %231 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 6, i64 0 %232 = icmp eq i8* %230, %231 br i1 %232, label %240, label %233, !prof !10, !misexpect !5 %241 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 0 %242 = bitcast %struct.anon.1* %241 to %struct.static_call_site* %243 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %242, i64 0, i32 1 %244 = load i32, i32* %243, align 4 %245 = add i32 %244, 1 %246 = zext i32 %245 to i64 store i8* %224, i8** %222, align 8 %247 = getelementptr %struct.anon.1, %struct.anon.1* %241, i64 0, i32 0 %248 = load i64, i64* %247, align 8 %249 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 0, i32 0 store i64 %248, i64* %249, align 8 br label %250 %251 = icmp eq %struct.external_name* %228, null br i1 %251, label %259, label %252 %253 = bitcast %struct.external_name* %228 to i32* %254 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %253, i32* nonnull %253) #6, !srcloc !30 %255 = and i8 %254, 1 %256 = icmp eq i8 %255, 0 br i1 %256, label %259, label %257, !prof !4, !misexpect !31 %258 = getelementptr inbounds %struct.external_name, %struct.external_name* %228, i64 0, i32 0, i32 0 tail call void @kvfree_call_rcu(%struct.callback_head* %258, void (%struct.callback_head*)* null) #83 ------------- Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #83 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.148048* %0, %struct.dentry.148048* %1, i1 zeroext false) #84 Function:__d_move %4 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 5 %5 = load %struct.inode.148060*, %struct.inode.148060** %4, align 8 %6 = icmp eq %struct.inode.148060* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16761, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "345:\0A\09.pushsection .discard.reachable\0A\09.long 345b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.148048* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.148048* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %12, i64 0, i32 3 %14 = load %struct.dentry.148048*, %struct.dentry.148048** %13, align 8 %15 = icmp eq %struct.dentry.148048* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %23 = load %struct.dentry.148048*, %struct.dentry.148048** %22, align 8 br label %24 %25 = phi %struct.dentry.148048* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %25, i64 0, i32 3 %27 = load %struct.dentry.148048*, %struct.dentry.148048** %26, align 8 %28 = icmp eq %struct.dentry.148048* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.148048* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.148048* %23, %0 %34 = icmp eq %struct.dentry.148048* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %43 = load %struct.dentry.148048*, %struct.dentry.148048** %42, align 8 %44 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #83 br label %56 %57 = phi %struct.dentry.148048* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #83 br label %60 %61 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #83 %63 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #83 %65 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %88 = phi i32 [ %86, %85 ], [ undef, %60 ] %89 = phi %struct.inode.148060* [ %73, %85 ], [ null, %60 ] %90 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 1, i32 0, i32 0 %91 = load i32, i32* %90, align 4 %92 = add i32 %91, 1 store i32 %92, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %93 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 1, i32 0, i32 0 %94 = load i32, i32* %93, align 4 %95 = add i32 %94, 1 store i32 %95, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %96 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 2, i32 1 %97 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %96, align 8 %98 = icmp eq %struct.hlist_bl_node** %97, null br i1 %98, label %155, label %99 %156 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 2, i32 1 %157 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %156, align 8 %158 = icmp eq %struct.hlist_bl_node** %157, null br i1 %158, label %216, label %159 %217 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %218 = bitcast %struct.dentry.148048** %217 to i64* %219 = load i64, i64* %218, align 8 %220 = bitcast %struct.dentry.148048** %22 to i64* store i64 %219, i64* %220, align 8 br i1 %2, label %274, label %221 %222 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 1 %223 = load i8*, i8** %222, align 8 %224 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 6, i64 0 %225 = icmp eq i8* %223, %224 %226 = getelementptr i8, i8* %223, i64 -16 %227 = bitcast i8* %226 to %struct.external_name* %228 = select i1 %225, %struct.external_name* null, %struct.external_name* %227, !prof !10 %229 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 1 %230 = load i8*, i8** %229, align 8 %231 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 6, i64 0 %232 = icmp eq i8* %230, %231 br i1 %232, label %240, label %233, !prof !10, !misexpect !5 %241 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 0 %242 = bitcast %struct.anon.1* %241 to %struct.static_call_site* %243 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %242, i64 0, i32 1 %244 = load i32, i32* %243, align 4 %245 = add i32 %244, 1 %246 = zext i32 %245 to i64 store i8* %224, i8** %222, align 8 %247 = getelementptr %struct.anon.1, %struct.anon.1* %241, i64 0, i32 0 %248 = load i64, i64* %247, align 8 %249 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 0, i32 0 store i64 %248, i64* %249, align 8 br label %250 %251 = icmp eq %struct.external_name* %228, null br i1 %251, label %259, label %252 %253 = bitcast %struct.external_name* %228 to i32* %254 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %253, i32* nonnull %253) #6, !srcloc !30 %255 = and i8 %254, 1 %256 = icmp eq i8 %255, 0 br i1 %256, label %259, label %257, !prof !4, !misexpect !31 %258 = getelementptr inbounds %struct.external_name, %struct.external_name* %228, i64 0, i32 0, i32 0 tail call void @kvfree_call_rcu(%struct.callback_head* %258, void (%struct.callback_head*)* null) #83 ------------- Good: 979 Bad: 22 Ignored: 586 Check Use of Function:tg3_ptp_enable Check Use of Function:free_pid Check Use of Function:__SCT__cond_resched Use: =BAD PATH= Call Stack: 0 netlink_autobind 1 netlink_connect ------------- Path:  Function:netlink_connect %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.sock* %6 to %struct.netlink_sock* %8 = icmp ult i32 %2, 2 br i1 %8, label %61, label %9 %10 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %11 = load i16, i16* %10, align 2 switch i16 %11, label %61 [ i16 0, label %12 i16 16, label %16 ] %17 = icmp ult i32 %2, 12 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 6 %20 = bitcast i8* %19 to i32* %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 2 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %43, label %28 %29 = load %struct.netlink_table*, %struct.netlink_table** @nl_table, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 47 %31 = load i16, i16* %30, align 4 %32 = zext i16 %31 to i64 %33 = getelementptr %struct.netlink_table, %struct.netlink_table* %29, i64 %32, i32 3 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 2 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %43 %38 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %39 = load %struct.net*, %struct.net** %38, align 8 %40 = getelementptr inbounds %struct.net, %struct.net* %39, i64 0, i32 11 %41 = load %struct.user_namespace*, %struct.user_namespace** %40, align 16 %42 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %41, i32 12) #83 br i1 %42, label %43, label %61 %44 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 1, i32 0, i32 11 %45 = bitcast %struct.in6_addr* %44 to i8* %46 = load volatile i8, i8* %45, align 8, !range !4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51 %49 = tail call fastcc i32 @netlink_autobind(%struct.socket* %0) #84 Function:netlink_autobind %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 9, i32 0 %5 = load %struct.net*, %struct.net** %4, align 8 %6 = load %struct.netlink_table*, %struct.netlink_table** @nl_table, align 8 %7 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 47 %8 = load i16, i16* %7, align 4 %9 = zext i16 %8 to i64 %10 = getelementptr %struct.netlink_table, %struct.netlink_table* %6, i64 %9 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %12, i32 1, %struct.pid_namespace* null) #83 br label %14 %15 = phi i32 [ %35, %33 ], [ -4096, %1 ] %16 = phi i32 [ %34, %33 ], [ %13, %1 ] br label %17 %18 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 netlink_autobind 1 netlink_sendmsg ------------- Path:  Function:netlink_sendmsg %4 = alloca %struct.scm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.sock* %6 to %struct.netlink_sock* %8 = bitcast %struct.msghdr* %1 to %struct.sctphdr** %9 = load %struct.sctphdr*, %struct.sctphdr** %8, align 8 %10 = bitcast %struct.scm_cookie* %4 to i8* %11 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %194 %16 = icmp eq i64 %2, 0 br i1 %16, label %17, label %21 %22 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 1, i32 0 store i32 -1, i32* %22, align 4 %23 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 2, i32 0 store i32 -1, i32* %23, align 8 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 104 %27 = load %struct.signal_struct*, %struct.signal_struct** %26, align 8 %28 = getelementptr %struct.signal_struct, %struct.signal_struct* %27, i64 0, i32 22, i64 1 %29 = load %struct.pid*, %struct.pid** %28, align 8 %30 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 94 %31 = load %struct.cred*, %struct.cred** %30, align 8 %32 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 1, i32 0 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 2, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq %struct.pid* %29, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0 %39 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0, i32 0, i32 0 %40 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 1, i32* %39) #6, !srcloc !7 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43, !prof !8, !misexpect !5 %44 = add i32 %40, 1 %45 = or i32 %44, %40 %46 = icmp sgt i32 %45, -1 br i1 %46, label %48, label %47, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %38, i32 1) #84 br label %48 %49 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 0 store %struct.pid* %29, %struct.pid** %49, align 8 %50 = tail call i32 @pid_vnr(%struct.pid* %29) #84 %51 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 0 store i32 %50, i32* %51, align 8 store i32 %33, i32* %22, align 4 store i32 %35, i32* %23, align 8 %52 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 3 %53 = call i32 @security_socket_getpeersec_dgram(%struct.socket* %0, %struct.sk_buff* null, i32* %52) #84 %54 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %60, label %57 %61 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %62 = load i32, i32* %61, align 8 %63 = icmp eq i32 %62, 0 br i1 %63, label %95, label %64 %65 = icmp ult i32 %62, 12 br i1 %65, label %187, label %66 %67 = getelementptr inbounds %struct.sctphdr, %struct.sctphdr* %9, i64 0, i32 0 %68 = load i16, i16* %67, align 4 %69 = icmp eq i16 %68, 16 br i1 %69, label %70, label %187 %71 = getelementptr inbounds %struct.sctphdr, %struct.sctphdr* %9, i64 0, i32 2 %72 = load i32, i32* %71, align 4 %73 = getelementptr inbounds %struct.sctphdr, %struct.sctphdr* %9, i64 0, i32 3 %74 = load i32, i32* %73, align 4 %75 = call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %74, i32 -1) #4, !srcloc !9 %76 = add i32 %75, 1 %77 = or i32 %76, %72 %78 = icmp eq i32 %77, 0 br i1 %78, label %100, label %79 %80 = load %struct.netlink_table*, %struct.netlink_table** @nl_table, align 8 %81 = load %struct.sock*, %struct.sock** %5, align 8 %82 = getelementptr inbounds %struct.sock, %struct.sock* %81, i64 0, i32 47 %83 = load i16, i16* %82, align 4 %84 = zext i16 %83 to i64 %85 = getelementptr %struct.netlink_table, %struct.netlink_table* %80, i64 %84, i32 3 %86 = load i32, i32* %85, align 8 %87 = and i32 %86, 2 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %100 %90 = getelementptr inbounds %struct.sock, %struct.sock* %81, i64 0, i32 0, i32 9, i32 0 %91 = load %struct.net*, %struct.net** %90, align 8 %92 = getelementptr inbounds %struct.net, %struct.net* %91, i64 0, i32 11 %93 = load %struct.user_namespace*, %struct.user_namespace** %92, align 16 %94 = call zeroext i1 @ns_capable(%struct.user_namespace* %93, i32 12) #84 br i1 %94, label %100, label %187 %101 = phi i32 [ 0, %95 ], [ 8, %89 ], [ 8, %70 ], [ 8, %79 ] %102 = phi i32 [ %99, %95 ], [ %76, %89 ], [ %76, %70 ], [ %76, %79 ] %103 = phi i32 [ %97, %95 ], [ %72, %89 ], [ %72, %70 ], [ %72, %79 ] %104 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 1, i32 0, i32 11 %105 = bitcast %struct.in6_addr* %104 to i8* %106 = load volatile i8, i8* %105, align 8, !range !10 %107 = icmp eq i8 %106, 0 br i1 %107, label %108, label %111 %109 = call fastcc i32 @netlink_autobind(%struct.socket* %0) #85 Function:netlink_autobind %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 9, i32 0 %5 = load %struct.net*, %struct.net** %4, align 8 %6 = load %struct.netlink_table*, %struct.netlink_table** @nl_table, align 8 %7 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 47 %8 = load i16, i16* %7, align 4 %9 = zext i16 %8 to i64 %10 = getelementptr %struct.netlink_table, %struct.netlink_table* %6, i64 %9 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %12, i32 1, %struct.pid_namespace* null) #83 br label %14 %15 = phi i32 [ %35, %33 ], [ -4096, %1 ] %16 = phi i32 [ %34, %33 ], [ %13, %1 ] br label %17 %18 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 read_zero ------------- Path:  Function:read_zero %5 = icmp eq i64 %2, 0 br i1 %5, label %36, label %6 %7 = phi i64 [ %20, %33 ], [ %2, %4 ] %8 = phi i64 [ %19, %33 ], [ 0, %4 ] %9 = icmp ult i64 %7, 4096 %10 = select i1 %9, i64 %7, i64 4096 %11 = getelementptr i8, i8* %1, i64 %8 %12 = tail call i64 @clear_user(i8* %11, i64 %10) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %19 = add i64 %10, %8 %20 = sub i64 %7, %10 %21 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %22 = inttoptr i64 %21 to %struct.task_struct* %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 0, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = and i64 %24, 131072 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %31, !prof !4, !misexpect !5 %28 = load volatile i64, i64* %23, align 8 %29 = and i64 %28, 4 %30 = icmp eq i64 %29, 0 br i1 %30, label %33, label %31 %34 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __ext4_find_entry 1 ext4_lookup ------------- Path:  Function:ext4_lookup %4 = alloca %struct.ext4_filename, align 8 %5 = alloca %struct.ext4_dir_entry_2*, align 8 %6 = bitcast %struct.ext4_dir_entry_2** %5 to i8* %7 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4, i32 0 %8 = bitcast %struct.anon.1* %7 to %struct.static_call_site* %9 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %8, i64 0, i32 1 %10 = load i32, i32* %9, align 4 %11 = icmp ugt i32 %10, 255 br i1 %11, label %80, label %12 %13 = bitcast %struct.ext4_filename* %4 to i8* %14 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4 %15 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 0 store %struct.qstr* %14, %struct.qstr** %15, align 8 %16 = getelementptr inbounds %struct.dentry.190016, %struct.dentry.190016* %1, i64 0, i32 4, i32 1 %17 = bitcast i8** %16 to i64* %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1 %20 = bitcast %struct.uuidcmp* %19 to i64* store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1, i32 1 store i32 %10, i32* %21, align 8 tail call void bitcast (void (%struct.dentry.151783*)* @generic_set_encrypted_ci_d_ops to void (%struct.dentry.190016*)*)(%struct.dentry.190016* %1) #83 %22 = call fastcc %struct.buffer_head.190040* @__ext4_find_entry(%struct.inode.190029* %0, %struct.ext4_filename* nonnull %4, %struct.ext4_dir_entry_2** nonnull %5, i32* null) #83 Function:__ext4_find_entry %5 = alloca [3 x %struct.dx_frame], align 16 %6 = alloca [8 x %struct.buffer_head.190040*], align 16 %7 = alloca i32, align 4 %8 = bitcast [8 x %struct.buffer_head.190040*]* %6 to i8* %9 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 0 %10 = load %struct.qstr*, %struct.qstr** %9, align 8 %11 = getelementptr inbounds %struct.qstr, %struct.qstr* %10, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 store %struct.ext4_dir_entry_2* null, %struct.ext4_dir_entry_2** %2, align 8 %13 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 8 %14 = load %struct.super_block.190011*, %struct.super_block.190011** %13, align 8 %15 = bitcast %struct.ext4_filename* %1 to %struct.static_call_site** %16 = load %struct.static_call_site*, %struct.static_call_site** %15, align 8 %17 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %16, i64 0, i32 1 %18 = load i32, i32* %17, align 4 %19 = icmp sgt i32 %18, 255 br i1 %19, label %449, label %20 %21 = getelementptr %struct.inode.190029, %struct.inode.190029* %0, i64 -1, i32 34 %22 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %21, i64 10, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 268435456 %25 = icmp eq i64 %24, 0 br i1 %25, label %41, label %26 %42 = phi %struct.buffer_head.190040* [ %33, %40 ], [ null, %26 ], [ null, %20 ] %43 = icmp slt i32 %18, 3 br i1 %43, label %44, label %50 %45 = load i8, i8* %12, align 1 %46 = icmp eq i8 %45, 46 br i1 %46, label %47, label %50 %48 = getelementptr i8, i8* %12, i64 1 %49 = load i8, i8* %48, align 1 switch i8 %49, label %50 [ i8 46, label %267 i8 0, label %267 ] %268 = phi i32 [ %259, %261 ], [ 1, %47 ], [ 1, %47 ] %269 = phi i32 [ %266, %261 ], [ 0, %47 ], [ 0, %47 ] %270 = phi %struct.buffer_head.190040* [ %252, %261 ], [ %42, %47 ], [ %42, %47 ] %271 = getelementptr inbounds [8 x %struct.buffer_head.190040*], [8 x %struct.buffer_head.190040*]* %6, i64 0, i64 0 %272 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %14, i64 0, i32 2 %273 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 1, i32 1 %274 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 1, i32 0 %275 = getelementptr inbounds %struct.inode.190029, %struct.inode.190029* %0, i64 0, i32 14 br label %276 %277 = phi i32 [ %435, %430 ], [ %268, %267 ] %278 = phi i64 [ %304, %430 ], [ 0, %267 ] %279 = phi i64 [ %303, %430 ], [ 0, %267 ] %280 = phi i32 [ %277, %430 ], [ %269, %267 ] %281 = phi i32 [ 0, %430 ], [ %269, %267 ] br label %282 %283 = phi i64 [ %278, %276 ], [ %304, %425 ] %284 = phi i64 [ %279, %276 ], [ %303, %425 ] %285 = phi i32 [ %280, %276 ], [ %428, %425 ] %286 = call i32 @__SCT__cond_resched() #83 %289 = icmp ugt i32 %281, %285 %290 = select i1 %289, i32 %281, i32 %277 %291 = sub i32 %290, %285 %292 = zext i32 %291 to i64 %293 = icmp ult i64 %292, 8 %294 = select i1 %293, i64 %292, i64 8 %295 = trunc i64 %294 to i32 %296 = call i32 @ext4_bread_batch(%struct.inode.190029* %0, i32 %285, i32 %295, i1 zeroext false, %struct.buffer_head.190040** nonnull %271) #83 %297 = icmp eq i32 %296, 0 br i1 %297, label %301, label %298 %302 = phi i64 [ 0, %288 ], [ %283, %282 ] %303 = phi i64 [ %294, %288 ], [ %284, %282 ] %304 = add nuw i64 %302, 1 %305 = getelementptr [8 x %struct.buffer_head.190040*], [8 x %struct.buffer_head.190040*]* %6, i64 0, i64 %302 %306 = load %struct.buffer_head.190040*, %struct.buffer_head.190040** %305, align 8 %307 = icmp eq %struct.buffer_head.190040* %306, null br i1 %307, label %425, label %308 %309 = call i32 @__SCT__might_resched() #83 %310 = getelementptr inbounds %struct.buffer_head.190040, %struct.buffer_head.190040* %306, i64 0, i32 0 %311 = load volatile i64, i64* %310, align 8 %312 = and i64 %311, 4 %313 = icmp eq i64 %312, 0 br i1 %313, label %315, label %314 %316 = load volatile i64, i64* %310, align 8 %317 = and i64 %316, 1 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %321 %322 = load volatile i64, i64* %310, align 8 %323 = and i64 %322, 16777216 %324 = icmp eq i64 %323, 0 br i1 %324, label %325, label %361 %326 = getelementptr inbounds %struct.buffer_head.190040, %struct.buffer_head.190040* %306, i64 0, i32 5 %327 = bitcast i8** %326 to %struct.ext4_dir_entry** %328 = load %struct.ext4_dir_entry*, %struct.ext4_dir_entry** %327, align 8 %329 = load %struct.super_block.190011*, %struct.super_block.190011** %13, align 8 %330 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %329, i64 0, i32 28 %331 = bitcast i8** %330 to %struct.ext4_sb_info.190078** %332 = load %struct.ext4_sb_info.190078*, %struct.ext4_sb_info.190078** %331, align 16 %333 = getelementptr inbounds %struct.ext4_sb_info.190078, %struct.ext4_sb_info.190078* %332, i64 0, i32 15 %334 = load %struct.ext4_super_block*, %struct.ext4_super_block** %333, align 8 %335 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %334, i64 0, i32 28 %336 = load i32, i32* %335, align 4 %337 = and i32 %336, 32 %338 = icmp eq i32 %337, 0 br i1 %338, label %356, label %339 %340 = load volatile i64, i64* %22, align 8 %341 = and i64 %340, 4096 %342 = icmp eq i64 %341, 0 br i1 %342, label %356, label %343 %344 = icmp eq i32 %285, 0 br i1 %344, label %361, label %345 %346 = getelementptr inbounds %struct.ext4_dir_entry, %struct.ext4_dir_entry* %328, i64 0, i32 0 %347 = load i32, i32* %346, align 4 %348 = icmp eq i32 %347, 0 br i1 %348, label %349, label %356 %350 = getelementptr inbounds %struct.ext4_dir_entry, %struct.ext4_dir_entry* %328, i64 0, i32 1 %351 = load i16, i16* %350, align 4 %352 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %329, i64 0, i32 3 %353 = zext i16 %351 to i64 %354 = load i64, i64* %352, align 8 %355 = icmp eq i64 %354, %353 br i1 %355, label %361, label %356 %362 = load volatile i64, i64* %310, align 8 %363 = and i64 %362, 16777216 %364 = icmp eq i64 %363, 0 br i1 %364, label %365, label %368 %369 = getelementptr inbounds %struct.buffer_head.190040, %struct.buffer_head.190040* %306, i64 0, i32 5 %370 = load i8*, i8** %369, align 8 %371 = load %struct.super_block.190011*, %struct.super_block.190011** %13, align 8 %372 = getelementptr inbounds %struct.super_block.190011, %struct.super_block.190011* %371, i64 0, i32 3 %373 = load i64, i64* %372, align 8 %374 = shl i64 %373, 32 %375 = ashr exact i64 %374, 32 %376 = getelementptr i8, i8* %370, i64 %375 %377 = icmp ugt i8* %376, %370 br i1 %377, label %378, label %424 %379 = load i8, i8* %272, align 4 %380 = zext i8 %379 to i32 %381 = shl i32 %285, %380 br label %382 %383 = phi i8* [ %370, %378 ], [ %417, %413 ] %384 = phi i32 [ %381, %378 ], [ %415, %413 ] %385 = getelementptr inbounds i8, i8* %383, i64 6 %386 = load i8, i8* %385, align 2 %387 = zext i8 %386 to i64 %388 = getelementptr i8, i8* %383, i64 %387 %389 = icmp ugt i8* %388, %376 br i1 %389, label %408, label %390 %391 = bitcast i8* %383 to i32* %392 = load i32, i32* %391, align 4 %393 = icmp eq i32 %392, 0 br i1 %393, label %408, label %394 %395 = load i32, i32* %273, align 8 %396 = zext i8 %386 to i32 %397 = icmp eq i32 %395, %396 br i1 %397, label %398, label %408 %399 = getelementptr inbounds i8, i8* %383, i64 8 %400 = load i8*, i8** %274, align 8 %401 = call i32 @bcmp(i8* %399, i8* %400, i64 %387) #6 %402 = icmp eq i32 %401, 0 br i1 %402, label %403, label %408 %409 = getelementptr inbounds i8, i8* %383, i64 4 %410 = bitcast i8* %409 to i16* %411 = load i16, i16* %410, align 4 %412 = icmp eq i16 %411, 0 br i1 %412, label %423, label %413 %414 = zext i16 %411 to i32 %415 = add i32 %384, %414 %416 = zext i16 %411 to i64 %417 = getelementptr i8, i8* %383, i64 %416 %418 = icmp ult i8* %417, %376 br i1 %418, label %382, label %424 call void bitcast (void (%struct.buffer_head.158297*)* @__brelse to void (%struct.buffer_head.190040*)*)(%struct.buffer_head.190040* nonnull %306) #83 br label %425 %426 = add i32 %285, 1 %427 = icmp ult i32 %426, %277 %428 = select i1 %427, i32 %426, i32 0 %429 = icmp eq i32 %428, %281 br i1 %429, label %430, label %282 %283 = phi i64 [ %278, %276 ], [ %304, %425 ] %284 = phi i64 [ %279, %276 ], [ %303, %425 ] %285 = phi i32 [ %280, %276 ], [ %428, %425 ] %286 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca %struct.readahead_control.189108, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.hw_perf_event_extra, align 8 %6 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 2 %7 = load %struct.inode.189107*, %struct.inode.189107** %6, align 8 %8 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 8 %9 = load %struct.super_block.189089*, %struct.super_block.189089** %8, align 8 %10 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 4 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 16384 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %853 %15 = getelementptr inbounds %struct.super_block.189089, %struct.super_block.189089* %9, i64 0, i32 28 %16 = bitcast i8** %15 to %struct.ext4_sb_info.189208** %17 = load %struct.ext4_sb_info.189208*, %struct.ext4_sb_info.189208** %16, align 16 %18 = getelementptr inbounds %struct.ext4_sb_info.189208, %struct.ext4_sb_info.189208* %17, i64 0, i32 15 %19 = load %struct.ext4_super_block*, %struct.ext4_super_block** %18, align 8 %20 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %19, i64 0, i32 28 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 32 %23 = icmp eq i32 %22, 0 br i1 %23, label %540, label %24 %25 = getelementptr %struct.inode.189107, %struct.inode.189107* %7, i64 -1, i32 34 %26 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %25, i64 10, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = and i64 %27, 4096 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %47 %31 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.super_block.189089, %struct.super_block.189089* %9, i64 0, i32 2 %34 = load i8, i8* %33, align 4 %35 = zext i8 %34 to i64 %36 = ashr i64 %32, %35 %37 = icmp eq i64 %36, 1 br i1 %37, label %47, label %38 %39 = load volatile i64, i64* %26, align 8 %40 = and i64 %39, 268435456 %41 = icmp eq i64 %40, 0 br i1 %41, label %540, label %42 %43 = bitcast %struct.anon.1* %25 to %struct.ext4_inode_info* %44 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %43, i64 0, i32 33 %45 = load i16, i16* %44, align 2 %46 = icmp eq i16 %45, 0 br i1 %46, label %540, label %47 %48 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 16 %49 = bitcast i8** %48 to %struct.dir_private_info** %50 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %51 = icmp eq %struct.dir_private_info* %50, null br i1 %51, label %55, label %52 %56 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 48) #83 %60 = icmp eq i8* %59, null br i1 %60, label %853, label %61 %62 = bitcast i8* %59 to %struct.dir_private_info* %63 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 8 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 512 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %88 %68 = and i32 %64, 1024 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %93 %71 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.189079** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.189079**)) #11, !srcloc !4 %72 = inttoptr i64 %71 to %struct.task_struct.189079* %73 = getelementptr inbounds %struct.task_struct.189079, %struct.task_struct.189079* %72, i64 0, i32 0, i32 2 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2 %76 = icmp eq i32 %75, 0 %77 = trunc i64 %57 to i32 %78 = shl i32 %77, 1 %79 = lshr i64 %57, 31 %80 = trunc i64 %79 to i32 %81 = and i32 %80, -2 %82 = select i1 %76, i32 %81, i32 %78 %83 = getelementptr inbounds i8, i8* %59, i64 32 %84 = bitcast i8* %83 to i32* store i32 %82, i32* %84, align 8 %85 = load i32, i32* %73, align 8 %86 = and i32 %85, 2 %87 = icmp eq i32 %86, 0 br i1 %87, label %99, label %101 %100 = trunc i64 %57 to i32 br label %101 %102 = phi i32 [ %100, %99 ], [ 0, %70 ], [ 0, %88 ] %103 = getelementptr inbounds i8, i8* %59, i64 36 %104 = bitcast i8* %103 to i32* store i32 %102, i32* %104, align 4 store i8* %59, i8** %48, align 8 br label %105 %106 = phi %struct.dir_private_info* [ %50, %52 ], [ %62, %101 ] %107 = phi i32 [ %54, %52 ], [ %64, %101 ] %108 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %109 = load i64, i64* %108, align 8 %110 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 8 %111 = and i32 %107, 512 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %124 %114 = and i32 %107, 1024 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %123 %117 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.189079** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.189079**)) #11, !srcloc !4 %118 = inttoptr i64 %117 to %struct.task_struct.189079* %119 = getelementptr inbounds %struct.task_struct.189079, %struct.task_struct.189079* %118, i64 0, i32 0, i32 2 %120 = load i32, i32* %119, align 8 %121 = and i32 %120, 2 %122 = icmp eq i32 %121, 0 br i1 %122, label %123, label %124 br label %124 %125 = phi i64 [ 9223372036854775807, %123 ], [ 2147483647, %116 ], [ 2147483647, %105 ] %126 = icmp eq i64 %109, %125 br i1 %126, label %853, label %127 %128 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 3 %129 = load i64, i64* %128, align 8 %130 = icmp eq i64 %129, %109 br i1 %130, label %202, label %131 %203 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 2 %204 = load %struct.fname*, %struct.fname** %203, align 8 %205 = icmp eq %struct.fname* %204, null br i1 %205, label %277, label %206 %207 = load %struct.inode.189107*, %struct.inode.189107** %6, align 8 %208 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %207, i64 0, i32 8 %209 = load %struct.super_block.189089*, %struct.super_block.189089** %208, align 8 %210 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 0 %211 = load i32, i32* %210, align 8 %212 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 1 %213 = load i32, i32* %212, align 4 br i1 %112, label %214, label %224 %215 = and i32 %107, 1024 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %227 %218 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.189079** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.189079**)) #11, !srcloc !4 %219 = inttoptr i64 %218 to %struct.task_struct.189079* %220 = getelementptr inbounds %struct.task_struct.189079, %struct.task_struct.189079* %219, i64 0, i32 0, i32 2 %221 = load i32, i32* %220, align 8 %222 = and i32 %221, 2 %223 = icmp eq i32 %222, 0 br i1 %223, label %227, label %224 %228 = lshr i32 %211, 1 %229 = zext i32 %228 to i64 %230 = shl nuw nsw i64 %229, 32 %231 = zext i32 %213 to i64 %232 = or i64 %230, %231 br label %233 %234 = phi i64 [ %226, %224 ], [ %232, %227 ] store i64 %234, i64* %108, align 8 %235 = getelementptr inbounds %struct.super_block.189089, %struct.super_block.189089* %209, i64 0, i32 28 %236 = bitcast i8** %235 to %struct.ext4_sb_info.189208** %237 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %238 %239 = phi %struct.fname* [ %204, %233 ], [ %271, %269 ] %240 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 7, i64 0 %241 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 5 %242 = load i8, i8* %241, align 4 %243 = zext i8 %242 to i32 %244 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 4 %245 = load i32, i32* %244, align 8 %246 = zext i32 %245 to i64 %247 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 6 %248 = load i8, i8* %247, align 1 %249 = load %struct.ext4_sb_info.189208*, %struct.ext4_sb_info.189208** %236, align 16 %250 = getelementptr inbounds %struct.ext4_sb_info.189208, %struct.ext4_sb_info.189208* %249, i64 0, i32 15 %251 = load %struct.ext4_super_block*, %struct.ext4_super_block** %250, align 8 %252 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %251, i64 0, i32 29 %253 = load i32, i32* %252, align 8 %254 = and i32 %253, 2 %255 = icmp eq i32 %254, 0 %256 = icmp ugt i8 %248, 7 %257 = or i1 %256, %255 br i1 %257, label %262, label %258 %259 = zext i8 %248 to i64 %260 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %259 %261 = load i8, i8* %260, align 1 br label %262 %263 = phi i8 [ %261, %258 ], [ 0, %238 ] %264 = zext i8 %263 to i32 %265 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %237, align 8 %266 = load i64, i64* %108, align 8 %267 = tail call i32 %265(%struct.dir_context* %1, i8* %240, i32 %243, i64 %266, i64 %246, i32 %264) #84 %268 = icmp eq i32 %267, 0 br i1 %268, label %269, label %273 %270 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 3 %271 = load %struct.fname*, %struct.fname** %270, align 8 %272 = icmp eq %struct.fname* %271, null br i1 %272, label %276, label %238 store %struct.fname* null, %struct.fname** %203, align 8 br label %464 %465 = phi i32 [ 0, %276 ], [ %375, %390 ], [ %375, %457 ] %466 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %467 = load %struct.rb_node*, %struct.rb_node** %466, align 8 %468 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %467) #84 store %struct.rb_node* %468, %struct.rb_node** %466, align 8 %469 = icmp eq %struct.rb_node* %468, null %470 = bitcast %struct.rb_node* %468 to i8* br i1 %469, label %480, label %471 %481 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %482 = load i32, i32* %481, align 8 %483 = icmp eq i32 %482, -1 br i1 %483, label %484, label %501 %502 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 store i32 %482, i32* %502, align 8 %503 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 store i32 0, i32* %503, align 4 br label %287 %288 = phi i8* [ %470, %471 ], [ %470, %501 ], [ %281, %277 ], [ %286, %282 ] %289 = phi %struct.rb_node* [ %468, %471 ], [ null, %501 ], [ %279, %277 ], [ %285, %282 ] %290 = phi i32 [ %465, %471 ], [ %465, %501 ], [ 0, %277 ], [ 0, %282 ] %291 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %292 = icmp eq %struct.rb_node* %289, null br i1 %292, label %300, label %293 %294 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 14 %295 = load i64, i64* %294, align 8 %296 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 33, i32 0 %297 = load volatile i64, i64* %296, align 8 %298 = lshr i64 %297, 1 %299 = icmp eq i64 %298, %295 br i1 %299, label %373, label %300 store %struct.rb_node* null, %struct.rb_node** %291, align 8 %301 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0 %302 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %301) #84 %303 = icmp eq %struct.rb_node* %302, null %304 = getelementptr %struct.rb_node, %struct.rb_node* %302, i64 -1, i32 2 %305 = icmp eq %struct.rb_node** %304, null %306 = or i1 %303, %305 br i1 %306, label %326, label %307 %308 = bitcast %struct.rb_node** %304 to %struct.fname* br label %311 %312 = phi %struct.fname* [ %318, %309 ], [ %308, %307 ] %313 = getelementptr inbounds %struct.fname, %struct.fname* %312, i64 0, i32 2 %314 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %313) #84 %315 = icmp eq %struct.rb_node* %314, null %316 = getelementptr %struct.rb_node, %struct.rb_node* %314, i64 -1, i32 2 %317 = bitcast %struct.rb_node** %316 to %struct.fname* %318 = select i1 %315, %struct.fname* null, %struct.fname* %317 %319 = icmp eq %struct.fname* %312, null br i1 %319, label %309, label %320 %321 = phi %struct.fname* [ %323, %320 ], [ %312, %311 ] %322 = getelementptr inbounds %struct.fname, %struct.fname* %321, i64 0, i32 3 %323 = load %struct.fname*, %struct.fname** %322, align 8 %324 = bitcast %struct.fname* %321 to i8* tail call void @kfree(i8* nonnull %324) #84 %325 = icmp eq %struct.fname* %323, null br i1 %325, label %309, label %320 %310 = icmp eq %struct.fname* %318, null br i1 %310, label %326, label %311 %327 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %327, align 8 %328 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 33, i32 0 %329 = load volatile i64, i64* %328, align 8 br label %330 %331 = phi i64 [ %329, %326 ], [ %337, %335 ] %332 = and i64 %331, 1 %333 = icmp eq i64 %332, 0 br i1 %333, label %335, label %334 %336 = or i64 %331, 1 %337 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %328, i64 %336, i64 %331, i64* %328) #6, !srcloc !6 %338 = icmp eq i64 %337, %331 br i1 %338, label %339, label %330, !prof !7, !misexpect !8 %340 = lshr i64 %331, 1 %341 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 14 store i64 %340, i64* %341, align 8 %342 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 %343 = load i32, i32* %342, align 8 %344 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 %345 = load i32, i32* %344, align 4 %346 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %347 = tail call i32 bitcast (i32 (%struct.file.189755*, i32, i32, i32*)* @ext4_htree_fill_tree to i32 (%struct.file.188978*, i32, i32, i32*)*)(%struct.file.188978* %0, i32 %343, i32 %345, i32* %346) #84 %348 = icmp slt i32 %347, 0 br i1 %348, label %349, label %351 %350 = load i64, i64* %108, align 8 store i64 %350, i64* %128, align 8 br label %510 %511 = phi i32 [ %347, %349 ], [ %508, %506 ] %512 = icmp eq i32 %511, -4094 br i1 %512, label %513, label %853 %514 = load %struct.ext4_sb_info.189208*, %struct.ext4_sb_info.189208** %16, align 16 %515 = getelementptr inbounds %struct.ext4_sb_info.189208, %struct.ext4_sb_info.189208* %514, i64 0, i32 15 %516 = load %struct.ext4_super_block*, %struct.ext4_super_block** %515, align 8 %517 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %516, i64 0, i32 30 %518 = load i32, i32* %517, align 4 %519 = and i32 %518, 1024 %520 = icmp eq i32 %519, 0 br i1 %520, label %537, label %521 %522 = getelementptr inbounds %struct.ext4_sb_info.189208, %struct.ext4_sb_info.189208* %514, i64 0, i32 121 %523 = load %struct.crypto_shash.189184*, %struct.crypto_shash.189184** %522, align 64 %524 = icmp eq %struct.crypto_shash.189184* %523, null br i1 %524, label %525, label %540, !prof !9, !misexpect !10 %541 = getelementptr %struct.inode.189107, %struct.inode.189107* %7, i64 -1, i32 34 %542 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %541, i64 10, i32 0 %543 = load volatile i64, i64* %542, align 8 %544 = and i64 %543, 268435456 %545 = icmp eq i64 %544, 0 br i1 %545, label %556, label %546 %557 = load i32, i32* %10, align 4 %558 = and i32 %557, 16384 %559 = icmp eq i32 %558, 0 br i1 %559, label %560, label %853 %561 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %562 = load i64, i64* %561, align 8 %563 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 14 %564 = load i64, i64* %563, align 8 %565 = icmp slt i64 %562, %564 br i1 %565, label %566, label %853 %567 = bitcast %struct.hw_perf_event_extra* %5 to i8* %568 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.189079** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.189079**)) #11, !srcloc !4 %569 = inttoptr i64 %568 to %struct.task_struct.189079* %570 = getelementptr inbounds %struct.task_struct.189079, %struct.task_struct.189079* %569, i64 0, i32 0, i32 0 %571 = getelementptr inbounds %struct.task_struct.189079, %struct.task_struct.189079* %569, i64 0, i32 109, i32 1, i32 0, i64 0 %572 = getelementptr inbounds %struct.super_block.189089, %struct.super_block.189089* %9, i64 0, i32 3 %573 = getelementptr inbounds %struct.super_block.189089, %struct.super_block.189089* %9, i64 0, i32 2 %574 = getelementptr inbounds %struct.hw_perf_event_extra, %struct.hw_perf_event_extra* %5, i64 0, i32 1 %575 = getelementptr inbounds %struct.hw_perf_event_extra, %struct.hw_perf_event_extra* %5, i64 0, i32 2 %576 = getelementptr inbounds %struct.hw_perf_event_extra, %struct.hw_perf_event_extra* %5, i64 0, i32 0 %577 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 20 %578 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 13 %579 = getelementptr inbounds %struct.file_ra_state, %struct.file_ra_state* %578, i64 0, i32 0 %580 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 13, i32 1 %581 = getelementptr inbounds %struct.super_block.189089, %struct.super_block.189089* %9, i64 0, i32 21 %582 = bitcast %struct.readahead_control.189108* %3 to i8* %583 = getelementptr inbounds %struct.readahead_control.189108, %struct.readahead_control.189108* %3, i64 0, i32 0 %584 = getelementptr inbounds %struct.readahead_control.189108, %struct.readahead_control.189108* %3, i64 0, i32 1 %585 = bitcast %struct.address_space.189120** %584 to i64* %586 = getelementptr inbounds %struct.readahead_control.189108, %struct.readahead_control.189108* %3, i64 0, i32 2 %587 = getelementptr inbounds %struct.readahead_control.189108, %struct.readahead_control.189108* %3, i64 0, i32 3 %588 = getelementptr inbounds %struct.readahead_control.189108, %struct.readahead_control.189108* %3, i64 0, i32 4 %589 = getelementptr inbounds %struct.readahead_control.189108, %struct.readahead_control.189108* %3, i64 0, i32 5 %590 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 13, i32 5 %591 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 14 %592 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 33, i32 0 %593 = icmp eq %struct.inode.189107* %7, null %594 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %595 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 24 %596 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 22 br label %597 %598 = load volatile i64, i64* %570, align 8 %599 = and i64 %598, 4 %600 = icmp eq i64 %599, 0 br i1 %600, label %605, label %601 %606 = call i32 @__SCT__cond_resched() #84 ------------- Use: =BAD PATH= Call Stack: 0 kpagecount_read ------------- Path:  Function:kpagecount_read %5 = bitcast i8* %1 to i64* %6 = load i64, i64* %3, align 8 %7 = lshr i64 %6, 3 %8 = or i64 %6, %2 %9 = and i64 %8, 7 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %134 %12 = load i64, i64* @max_pfn, align 8 %13 = shl i64 %12, 3 %14 = add i64 %13, -8 %15 = or i64 %14, 262136 %16 = add i64 %15, 8 %17 = icmp ugt i64 %16, %6 br i1 %17, label %18, label %134 %19 = sub i64 %16, %6 %20 = icmp ugt i64 %19, %2 %21 = select i1 %20, i64 %2, i64 %19 %22 = icmp eq i64 %21, 0 br i1 %22, label %127, label %23 %24 = phi i64 [ %116, %113 ], [ %21, %18 ] %25 = phi i64* [ %115, %113 ], [ %5, %18 ] %26 = phi i64 [ %114, %113 ], [ %7, %18 ] %27 = icmp ult i64 %26, 4503599627370496 br i1 %27, label %28, label %103 %29 = lshr i64 %26, 15 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@kpagecount_read, %32), i8* blockaddress(@kpagecount_read, %31)) #6 to label %30 [label %32, label %31], !srcloc !4 br label %32 %33 = phi i64 [ 524288, %31 ], [ 33554432, %28 ], [ 33554432, %30 ] %34 = icmp ult i64 %29, %33 br i1 %34, label %35, label %103 %36 = load %struct.mem_section**, %struct.mem_section*** @mem_section, align 8 %37 = icmp eq %struct.mem_section** %36, null br i1 %37, label %103, label %38 %39 = lshr i64 %26, 23 %40 = getelementptr %struct.mem_section*, %struct.mem_section** %36, i64 %39 %41 = load %struct.mem_section*, %struct.mem_section** %40, align 8 %42 = icmp eq %struct.mem_section* %41, null br i1 %42, label %103, label %43 %44 = and i64 %29, 255 %45 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44 %46 = icmp eq %struct.mem_section* %45, null br i1 %46, label %103, label %47 %48 = getelementptr inbounds %struct.mem_section, %struct.mem_section* %45, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = and i64 %49, 2 %51 = icmp eq i64 %50, 0 br i1 %51, label %103, label %52 %53 = and i64 %49, 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %64 %56 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44, i32 1 %57 = load %struct.mem_section_usage*, %struct.mem_section_usage** %56, align 8 %58 = getelementptr inbounds %struct.mem_section_usage, %struct.mem_section_usage* %57, i64 0, i32 0, i64 0 %59 = lshr i64 %26, 9 %60 = and i64 %59, 63 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %58, i64 %60) #6, !srcloc !5 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %103, label %64 %104 = phi i64 [ %102, %100 ], [ 0, %82 ], [ 0, %68 ], [ 0, %64 ], [ 0, %55 ], [ 0, %23 ], [ 0, %32 ], [ 0, %47 ], [ 0, %43 ], [ 0, %35 ], [ 0, %38 ] %105 = bitcast i64* %25 to i8* %107 = tail call { i8*, i64 } asm sideeffect "call __put_user_${4:P}", "={cx},={rsp},0,{rax},i,1,~{ebx},~{dirflag},~{fpsr},~{flags}"(i8* %105, i64 %104, i64 8, i64 %106) #6, !srcloc !8 %108 = extractvalue { i8*, i64 } %107, 0 %109 = extractvalue { i8*, i64 } %107, 1 %110 = ptrtoint i8* %108 to i64 %111 = and i64 %110, 4294967295 %112 = icmp eq i64 %111, 0 br i1 %112, label %113, label %119, !prof !6, !misexpect !7 %114 = add i64 %26, 1 %115 = getelementptr i64, i64* %25, i64 1 %116 = add i64 %24, -8 %117 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 kpageflags_read ------------- Path:  Function:kpageflags_read %5 = bitcast i8* %1 to i64* %6 = load i64, i64* %3, align 8 %7 = lshr i64 %6, 3 %8 = or i64 %6, %2 %9 = and i64 %8, 7 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %102 %12 = load i64, i64* @max_pfn, align 8 %13 = shl i64 %12, 3 %14 = add i64 %13, -8 %15 = or i64 %14, 262136 %16 = add i64 %15, 8 %17 = icmp ugt i64 %16, %6 br i1 %17, label %18, label %102 %19 = sub i64 %16, %6 %20 = icmp ugt i64 %19, %2 %21 = select i1 %20, i64 %2, i64 %19 %22 = icmp eq i64 %21, 0 br i1 %22, label %95, label %23 %24 = phi i64 [ %84, %81 ], [ %21, %18 ] %25 = phi i64* [ %83, %81 ], [ %5, %18 ] %26 = phi i64 [ %82, %81 ], [ %7, %18 ] %27 = icmp ult i64 %26, 4503599627370496 br i1 %27, label %28, label %69 %29 = lshr i64 %26, 15 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@kpageflags_read, %32), i8* blockaddress(@kpageflags_read, %31)) #6 to label %30 [label %32, label %31], !srcloc !4 br label %32 %33 = phi i64 [ 524288, %31 ], [ 33554432, %28 ], [ 33554432, %30 ] %34 = icmp ult i64 %29, %33 br i1 %34, label %35, label %69 %36 = load %struct.mem_section**, %struct.mem_section*** @mem_section, align 8 %37 = icmp eq %struct.mem_section** %36, null br i1 %37, label %69, label %38 %39 = lshr i64 %26, 23 %40 = getelementptr %struct.mem_section*, %struct.mem_section** %36, i64 %39 %41 = load %struct.mem_section*, %struct.mem_section** %40, align 8 %42 = icmp eq %struct.mem_section* %41, null br i1 %42, label %69, label %43 %44 = and i64 %29, 255 %45 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44 %46 = icmp eq %struct.mem_section* %45, null br i1 %46, label %69, label %47 %48 = getelementptr inbounds %struct.mem_section, %struct.mem_section* %45, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = and i64 %49, 2 %51 = icmp eq i64 %50, 0 br i1 %51, label %69, label %52 %53 = and i64 %49, 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %58, label %55 %59 = getelementptr %struct.mem_section, %struct.mem_section* %41, i64 %44, i32 1 %60 = load %struct.mem_section_usage*, %struct.mem_section_usage** %59, align 8 %61 = getelementptr inbounds %struct.mem_section_usage, %struct.mem_section_usage* %60, i64 0, i32 0, i64 0 %62 = lshr i64 %26, 9 %63 = and i64 %62, 63 %64 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %61, i64 %63) #6, !srcloc !5 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 %67 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %68 = getelementptr %struct.page, %struct.page* %67, i64 %26 br i1 %66, label %69, label %70 %71 = phi %struct.page* [ null, %69 ], [ %68, %58 ], [ %57, %55 ] %72 = bitcast i64* %25 to i8* %73 = tail call i64 @stable_page_flags(%struct.page* %71) #83 %75 = tail call { i8*, i64 } asm sideeffect "call __put_user_${4:P}", "={cx},={rsp},0,{rax},i,1,~{ebx},~{dirflag},~{fpsr},~{flags}"(i8* %72, i64 %73, i64 8, i64 %74) #6, !srcloc !6 %76 = extractvalue { i8*, i64 } %75, 0 %77 = extractvalue { i8*, i64 } %75, 1 %78 = ptrtoint i8* %76 to i64 %79 = and i64 %78, 4294967295 %80 = icmp eq i64 %79, 0 br i1 %80, label %81, label %87, !prof !7, !misexpect !8 %82 = add i64 %26, 1 %83 = getelementptr i64, i64* %25, i64 1 %84 = add i64 %24, -8 %85 = tail call i32 @__SCT__cond_resched() #84 ------------- Use: =BAD PATH= Call Stack: 0 do_select 1 compat_core_sys_select 2 do_compat_select 3 __ia32_compat_sys_old_select ------------- Path:  Function:__ia32_compat_sys_old_select %2 = alloca %struct.gnet_stats_queue, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.gnet_stats_queue* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 20) #83 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %31 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 1 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = inttoptr i64 %15 to i32* %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = inttoptr i64 %19 to i32* %21 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 3 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = inttoptr i64 %23 to i32* %25 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = inttoptr i64 %27 to %struct.static_call_site* %29 = call fastcc i32 @do_compat_select(i32 %12, i32* %16, i32* %20, i32* %24, %struct.static_call_site* %28) #83 Function:do_compat_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.static_call_site, align 4 %8 = bitcast %struct.cpu_itimer* %6 to i8* %9 = bitcast %struct.static_call_site* %7 to i8* %10 = icmp eq %struct.static_call_site* %4, null %11 = bitcast %struct.static_call_site* %4 to i8* br i1 %10, label %41, label %12 %42 = phi %struct.cpu_itimer* [ %6, %32 ], [ %6, %33 ], [ null, %5 ] %43 = call fastcc i32 @compat_core_sys_select(i32 %0, i32* %1, i32* %2, i32* %3, %struct.cpu_itimer* %42) #84 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void @__rcu_read_lock() #83 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 101 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 16 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void @__rcu_read_unlock() #83 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !5, !misexpect !6 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #84 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #83 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #85 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void @__rcu_read_lock() #83 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 101 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 16 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %100, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %100, label %63 tail call void @__rcu_read_unlock() #83 %101 = icmp slt i32 %51, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %117 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %118 = load i64, i64* %117, align 8 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %121 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 br label %168 %169 = phi i32 [ 0, %166 ], [ 1, %120 ], [ 0, %102 ] %170 = phi i64 [ %167, %166 ], [ 0, %120 ], [ 0, %102 ] %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %172 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %173 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %178 = icmp sgt i32 %51, 0 %179 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %180 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %182 %183 = phi i64 [ %366, %363 ], [ 0, %168 ] %184 = phi i32 [ %340, %363 ], [ %12, %168 ] %185 = phi i32 [ 0, %363 ], [ %169, %168 ] %186 = phi i64* [ %191, %363 ], [ null, %168 ] %187 = icmp eq i64 %183, 0 br label %188 %189 = phi i32 [ %184, %182 ], [ 0, %394 ] %190 = phi i32 [ %185, %182 ], [ %395, %394 ] %191 = phi i64* [ %186, %182 ], [ %388, %394 ] br label %192 %193 = phi i32 [ %340, %370 ], [ %189, %188 ] %194 = phi i32 [ 0, %370 ], [ %190, %188 ] br i1 %178, label %195, label %338 %196 = load i64*, i64** %177, align 8 %197 = load i64*, i64** %176, align 8 %198 = load i64*, i64** %175, align 8 %199 = load i64*, i64** %174, align 8 %200 = load i64*, i64** %173, align 8 %201 = load i64*, i64** %172, align 8 br label %202 %203 = phi i32 [ %333, %329 ], [ 0, %195 ] %204 = phi i32 [ %332, %329 ], [ 0, %195 ] %205 = phi i32 [ %331, %329 ], [ %193, %195 ] %206 = phi i64* [ %334, %329 ], [ %198, %195 ] %207 = phi i64* [ %335, %329 ], [ %197, %195 ] %208 = phi i8 [ %330, %329 ], [ 0, %195 ] %209 = phi i64* [ %217, %329 ], [ %199, %195 ] %210 = phi i64* [ %215, %329 ], [ %200, %195 ] %211 = phi i64* [ %213, %329 ], [ %201, %195 ] %212 = phi i64* [ %336, %329 ], [ %196, %195 ] %213 = getelementptr i64, i64* %211, i64 1 %214 = load i64, i64* %211, align 8 %215 = getelementptr i64, i64* %210, i64 1 %216 = load i64, i64* %210, align 8 %217 = getelementptr i64, i64* %209, i64 1 %218 = load i64, i64* %209, align 8 %219 = or i64 %216, %214 %220 = or i64 %219, %218 %221 = icmp eq i64 %220, 0 br i1 %221, label %224, label %222 %223 = icmp slt i32 %204, %51 br i1 %223, label %226, label %323 %324 = phi i32 [ %307, %320 ], [ %307, %322 ], [ %203, %222 ] %325 = phi i32 [ %309, %320 ], [ %309, %322 ], [ %204, %222 ] %326 = phi i32 [ %306, %320 ], [ %306, %322 ], [ %205, %222 ] %327 = phi i8 [ %302, %320 ], [ %302, %322 ], [ %208, %222 ] %328 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 do_select 1 compat_core_sys_select 2 do_compat_select 3 __ia32_compat_sys_select ------------- Path:  Function:__ia32_compat_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = inttoptr i64 %6 to i32* %18 = inttoptr i64 %9 to i32* %19 = inttoptr i64 %12 to i32* %20 = inttoptr i64 %15 to %struct.static_call_site* %21 = tail call fastcc i32 @do_compat_select(i32 %16, i32* %17, i32* %18, i32* %19, %struct.static_call_site* %20) #83 Function:do_compat_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.static_call_site, align 4 %8 = bitcast %struct.cpu_itimer* %6 to i8* %9 = bitcast %struct.static_call_site* %7 to i8* %10 = icmp eq %struct.static_call_site* %4, null %11 = bitcast %struct.static_call_site* %4 to i8* br i1 %10, label %41, label %12 %42 = phi %struct.cpu_itimer* [ %6, %32 ], [ %6, %33 ], [ null, %5 ] %43 = call fastcc i32 @compat_core_sys_select(i32 %0, i32* %1, i32* %2, i32* %3, %struct.cpu_itimer* %42) #84 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void @__rcu_read_lock() #83 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 101 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 16 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void @__rcu_read_unlock() #83 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !5, !misexpect !6 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #84 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #83 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #85 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void @__rcu_read_lock() #83 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 101 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 16 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %100, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %100, label %63 tail call void @__rcu_read_unlock() #83 %101 = icmp slt i32 %51, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %117 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %118 = load i64, i64* %117, align 8 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %121 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 br label %168 %169 = phi i32 [ 0, %166 ], [ 1, %120 ], [ 0, %102 ] %170 = phi i64 [ %167, %166 ], [ 0, %120 ], [ 0, %102 ] %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %172 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %173 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %178 = icmp sgt i32 %51, 0 %179 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %180 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %182 %183 = phi i64 [ %366, %363 ], [ 0, %168 ] %184 = phi i32 [ %340, %363 ], [ %12, %168 ] %185 = phi i32 [ 0, %363 ], [ %169, %168 ] %186 = phi i64* [ %191, %363 ], [ null, %168 ] %187 = icmp eq i64 %183, 0 br label %188 %189 = phi i32 [ %184, %182 ], [ 0, %394 ] %190 = phi i32 [ %185, %182 ], [ %395, %394 ] %191 = phi i64* [ %186, %182 ], [ %388, %394 ] br label %192 %193 = phi i32 [ %340, %370 ], [ %189, %188 ] %194 = phi i32 [ 0, %370 ], [ %190, %188 ] br i1 %178, label %195, label %338 %196 = load i64*, i64** %177, align 8 %197 = load i64*, i64** %176, align 8 %198 = load i64*, i64** %175, align 8 %199 = load i64*, i64** %174, align 8 %200 = load i64*, i64** %173, align 8 %201 = load i64*, i64** %172, align 8 br label %202 %203 = phi i32 [ %333, %329 ], [ 0, %195 ] %204 = phi i32 [ %332, %329 ], [ 0, %195 ] %205 = phi i32 [ %331, %329 ], [ %193, %195 ] %206 = phi i64* [ %334, %329 ], [ %198, %195 ] %207 = phi i64* [ %335, %329 ], [ %197, %195 ] %208 = phi i8 [ %330, %329 ], [ 0, %195 ] %209 = phi i64* [ %217, %329 ], [ %199, %195 ] %210 = phi i64* [ %215, %329 ], [ %200, %195 ] %211 = phi i64* [ %213, %329 ], [ %201, %195 ] %212 = phi i64* [ %336, %329 ], [ %196, %195 ] %213 = getelementptr i64, i64* %211, i64 1 %214 = load i64, i64* %211, align 8 %215 = getelementptr i64, i64* %210, i64 1 %216 = load i64, i64* %210, align 8 %217 = getelementptr i64, i64* %209, i64 1 %218 = load i64, i64* %209, align 8 %219 = or i64 %216, %214 %220 = or i64 %219, %218 %221 = icmp eq i64 %220, 0 br i1 %221, label %224, label %222 %223 = icmp slt i32 %204, %51 br i1 %223, label %226, label %323 %324 = phi i32 [ %307, %320 ], [ %307, %322 ], [ %203, %222 ] %325 = phi i32 [ %309, %320 ], [ %309, %322 ], [ %204, %222 ] %326 = phi i32 [ %306, %320 ], [ %306, %322 ], [ %205, %222 ] %327 = phi i8 [ %302, %320 ], [ %302, %322 ], [ %208, %222 ] %328 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 do_select 1 core_sys_select 2 __se_sys_select 3 __ia32_sys_select ------------- Path:  Function:__ia32_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_select(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #83 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #83 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #83 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void @__rcu_read_lock() #83 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 101 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 16 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void @__rcu_read_unlock() #83 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call noalias i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #84 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #83 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !5, !misexpect !6 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #83 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !5, !misexpect !6 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #83 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #85 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void @__rcu_read_lock() #83 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 101 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 16 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %100, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %100, label %63 tail call void @__rcu_read_unlock() #83 %101 = icmp slt i32 %51, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %117 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %118 = load i64, i64* %117, align 8 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %121 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 br label %168 %169 = phi i32 [ 0, %166 ], [ 1, %120 ], [ 0, %102 ] %170 = phi i64 [ %167, %166 ], [ 0, %120 ], [ 0, %102 ] %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %172 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %173 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %178 = icmp sgt i32 %51, 0 %179 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %180 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %182 %183 = phi i64 [ %366, %363 ], [ 0, %168 ] %184 = phi i32 [ %340, %363 ], [ %12, %168 ] %185 = phi i32 [ 0, %363 ], [ %169, %168 ] %186 = phi i64* [ %191, %363 ], [ null, %168 ] %187 = icmp eq i64 %183, 0 br label %188 %189 = phi i32 [ %184, %182 ], [ 0, %394 ] %190 = phi i32 [ %185, %182 ], [ %395, %394 ] %191 = phi i64* [ %186, %182 ], [ %388, %394 ] br label %192 %193 = phi i32 [ %340, %370 ], [ %189, %188 ] %194 = phi i32 [ 0, %370 ], [ %190, %188 ] br i1 %178, label %195, label %338 %196 = load i64*, i64** %177, align 8 %197 = load i64*, i64** %176, align 8 %198 = load i64*, i64** %175, align 8 %199 = load i64*, i64** %174, align 8 %200 = load i64*, i64** %173, align 8 %201 = load i64*, i64** %172, align 8 br label %202 %203 = phi i32 [ %333, %329 ], [ 0, %195 ] %204 = phi i32 [ %332, %329 ], [ 0, %195 ] %205 = phi i32 [ %331, %329 ], [ %193, %195 ] %206 = phi i64* [ %334, %329 ], [ %198, %195 ] %207 = phi i64* [ %335, %329 ], [ %197, %195 ] %208 = phi i8 [ %330, %329 ], [ 0, %195 ] %209 = phi i64* [ %217, %329 ], [ %199, %195 ] %210 = phi i64* [ %215, %329 ], [ %200, %195 ] %211 = phi i64* [ %213, %329 ], [ %201, %195 ] %212 = phi i64* [ %336, %329 ], [ %196, %195 ] %213 = getelementptr i64, i64* %211, i64 1 %214 = load i64, i64* %211, align 8 %215 = getelementptr i64, i64* %210, i64 1 %216 = load i64, i64* %210, align 8 %217 = getelementptr i64, i64* %209, i64 1 %218 = load i64, i64* %209, align 8 %219 = or i64 %216, %214 %220 = or i64 %219, %218 %221 = icmp eq i64 %220, 0 br i1 %221, label %224, label %222 %223 = icmp slt i32 %204, %51 br i1 %223, label %226, label %323 %324 = phi i32 [ %307, %320 ], [ %307, %322 ], [ %203, %222 ] %325 = phi i32 [ %309, %320 ], [ %309, %322 ], [ %204, %222 ] %326 = phi i32 [ %306, %320 ], [ %306, %322 ], [ %205, %222 ] %327 = phi i8 [ %302, %320 ], [ %302, %322 ], [ %208, %222 ] %328 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 do_select 1 core_sys_select 2 __se_sys_select 3 __x64_sys_select ------------- Path:  Function:__x64_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_select(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #83 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #83 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #83 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void @__rcu_read_lock() #83 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 101 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 16 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void @__rcu_read_unlock() #83 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call noalias i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #84 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #83 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !5, !misexpect !6 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #83 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !5, !misexpect !6 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #83 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #85 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void @__rcu_read_lock() #83 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 101 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 16 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %100, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %100, label %63 tail call void @__rcu_read_unlock() #83 %101 = icmp slt i32 %51, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %117 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %118 = load i64, i64* %117, align 8 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %121 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 br label %168 %169 = phi i32 [ 0, %166 ], [ 1, %120 ], [ 0, %102 ] %170 = phi i64 [ %167, %166 ], [ 0, %120 ], [ 0, %102 ] %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %172 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %173 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %178 = icmp sgt i32 %51, 0 %179 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %180 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %182 %183 = phi i64 [ %366, %363 ], [ 0, %168 ] %184 = phi i32 [ %340, %363 ], [ %12, %168 ] %185 = phi i32 [ 0, %363 ], [ %169, %168 ] %186 = phi i64* [ %191, %363 ], [ null, %168 ] %187 = icmp eq i64 %183, 0 br label %188 %189 = phi i32 [ %184, %182 ], [ 0, %394 ] %190 = phi i32 [ %185, %182 ], [ %395, %394 ] %191 = phi i64* [ %186, %182 ], [ %388, %394 ] br label %192 %193 = phi i32 [ %340, %370 ], [ %189, %188 ] %194 = phi i32 [ 0, %370 ], [ %190, %188 ] br i1 %178, label %195, label %338 %196 = load i64*, i64** %177, align 8 %197 = load i64*, i64** %176, align 8 %198 = load i64*, i64** %175, align 8 %199 = load i64*, i64** %174, align 8 %200 = load i64*, i64** %173, align 8 %201 = load i64*, i64** %172, align 8 br label %202 %203 = phi i32 [ %333, %329 ], [ 0, %195 ] %204 = phi i32 [ %332, %329 ], [ 0, %195 ] %205 = phi i32 [ %331, %329 ], [ %193, %195 ] %206 = phi i64* [ %334, %329 ], [ %198, %195 ] %207 = phi i64* [ %335, %329 ], [ %197, %195 ] %208 = phi i8 [ %330, %329 ], [ 0, %195 ] %209 = phi i64* [ %217, %329 ], [ %199, %195 ] %210 = phi i64* [ %215, %329 ], [ %200, %195 ] %211 = phi i64* [ %213, %329 ], [ %201, %195 ] %212 = phi i64* [ %336, %329 ], [ %196, %195 ] %213 = getelementptr i64, i64* %211, i64 1 %214 = load i64, i64* %211, align 8 %215 = getelementptr i64, i64* %210, i64 1 %216 = load i64, i64* %210, align 8 %217 = getelementptr i64, i64* %209, i64 1 %218 = load i64, i64* %209, align 8 %219 = or i64 %216, %214 %220 = or i64 %219, %218 %221 = icmp eq i64 %220, 0 br i1 %221, label %224, label %222 %223 = icmp slt i32 %204, %51 br i1 %223, label %226, label %323 %324 = phi i32 [ %307, %320 ], [ %307, %322 ], [ %203, %222 ] %325 = phi i32 [ %309, %320 ], [ %309, %322 ], [ %204, %222 ] %326 = phi i32 [ %306, %320 ], [ %306, %322 ], [ %205, %222 ] %327 = phi i8 [ %302, %320 ], [ %302, %322 ], [ %208, %222 ] %328 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 vunmap_p4d_range 1 vunmap_range_noflush 2 remove_vm_area 3 __vunmap 4 vunmap 5 relay_destroy_buf 6 relay_file_release ------------- Path:  Function:relay_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.rchan_buf** %5 = load %struct.rchan_buf*, %struct.rchan_buf** %4, align 8 %6 = getelementptr inbounds %struct.rchan_buf, %struct.rchan_buf* %5, i64 0, i32 9 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %6, i64 0, i32 0 %8 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %6, i64 0, i32 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %17 = getelementptr %struct.qspinlock, %struct.qspinlock* %6, i64 -28 %18 = bitcast %struct.qspinlock* %17 to %struct.rchan_buf* tail call fastcc void @relay_destroy_buf(%struct.rchan_buf* %18) #83 Function:relay_destroy_buf %2 = getelementptr inbounds %struct.rchan_buf, %struct.rchan_buf* %0, i64 0, i32 5 %3 = load %struct.rchan*, %struct.rchan** %2, align 8 %4 = getelementptr inbounds %struct.rchan_buf, %struct.rchan_buf* %0, i64 0, i32 0 %5 = load i8*, i8** %4, align 64 %6 = icmp eq i8* %5, null br i1 %6, label %26, label %7, !prof !4, !misexpect !5 tail call void @vunmap(i8* nonnull %5) #83 Function:vunmap %2 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %3 = and i32 %2, 16776960 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !5, !misexpect !6 %7 = tail call i32 @__SCT__might_resched() #83 %8 = icmp eq i8* %0, null br i1 %8, label %10, label %9 tail call fastcc void @__vunmap(i8* nonnull %0, i32 0) #84 Function:__vunmap %3 = icmp eq i8* %0, null br i1 %3, label %169, label %4 %5 = ptrtoint i8* %0 to i64 %6 = and i64 %5, 4095 %7 = icmp eq i64 %6, 0 br i1 %7, label %9, label %8, !prof !4, !misexpect !5 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vmap_area_lock, i64 0, i32 0, i32 0)) #83 %10 = load %struct.rb_node*, %struct.rb_node** getelementptr inbounds (%struct.rb_root, %struct.rb_root* @vmap_area_root, i64 0, i32 0), align 8 %11 = icmp eq %struct.rb_node* %10, null br i1 %11, label %31, label %12 %13 = phi %struct.rb_node* [ %29, %27 ], [ %10, %9 ] %14 = getelementptr %struct.rb_node, %struct.rb_node* %13, i64 -1, i32 1 %15 = bitcast %struct.rb_node** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = icmp ugt i64 %16, %5 br i1 %17, label %18, label %20 %21 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %14, i64 1 %22 = bitcast %struct.rb_node** %21 to i64* %23 = load i64, i64* %22, align 8 %24 = icmp ugt i64 %23, %5 br i1 %24, label %32, label %25 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vmap_area_lock, i64 0, i32 0, i32 0)) #83 %33 = icmp eq %struct.rb_node** %14, null br i1 %33, label %39, label %34 %35 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %14, i64 7 %36 = bitcast %struct.rb_node** %35 to %struct.vm_struct** %37 = load %struct.vm_struct*, %struct.vm_struct** %36, align 8 %38 = icmp eq %struct.vm_struct* %37, null br i1 %38, label %39, label %40, !prof !8, !misexpect !5 %41 = getelementptr inbounds %struct.vm_struct, %struct.vm_struct* %37, i64 0, i32 3 %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.vm_struct, %struct.vm_struct* %37, i64 0, i32 1 %44 = load i8*, i8** %43, align 8 %45 = tail call %struct.vm_struct* @remove_vm_area(i8* %44) #83 Function:remove_vm_area %2 = tail call i32 @__SCT__might_resched() #83 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vmap_area_lock, i64 0, i32 0, i32 0)) #83 %3 = ptrtoint i8* %0 to i64 %4 = load %struct.rb_node*, %struct.rb_node** getelementptr inbounds (%struct.rb_root, %struct.rb_root* @vmap_area_root, i64 0, i32 0), align 8 %5 = icmp eq %struct.rb_node* %4, null br i1 %5, label %38, label %6 %7 = phi %struct.rb_node* [ %23, %21 ], [ %4, %1 ] %8 = getelementptr %struct.rb_node, %struct.rb_node* %7, i64 -1, i32 1 %9 = bitcast %struct.rb_node** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = icmp ugt i64 %10, %3 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %8, i64 1 %16 = bitcast %struct.rb_node** %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %3 br i1 %18, label %25, label %19 %26 = bitcast %struct.rb_node** %8 to i64* %27 = bitcast %struct.rb_node** %15 to i64* %28 = bitcast %struct.rb_node** %8 to %struct.vmap_area* %29 = icmp eq %struct.rb_node** %8, null br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %8, i64 7 %32 = bitcast %struct.rb_node** %31 to %struct.vm_struct** %33 = load %struct.vm_struct*, %struct.vm_struct** %32, align 8 %34 = icmp eq %struct.vm_struct* %33, null br i1 %34, label %38, label %35 store %struct.vm_struct* null, %struct.vm_struct** %32, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vmap_area_lock, i64 0, i32 0, i32 0)) #83 %36 = load i64, i64* %26, align 8 %37 = load i64, i64* %27, align 8 tail call void @vunmap_range_noflush(i64 %36, i64 %37) #83 Function:vunmap_range_noflush %3 = alloca i32, align 4 %4 = bitcast i32* %3 to i8* store i32 0, i32* %3, align 4 %5 = icmp ult i64 %0, %1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = load %struct.anon.1*, %struct.anon.1** getelementptr inbounds (%struct.mm_struct, %struct.mm_struct* bitcast ({ %struct.anon.135312, [1 x i64] }* @init_mm to %struct.mm_struct*), i64 0, i32 0, i32 10), align 8 %9 = load i32, i32* @pgdir_shift, align 4 %10 = zext i32 %9 to i64 %11 = lshr i64 %0, %10 %12 = and i64 %11, 511 %13 = getelementptr %struct.anon.1, %struct.anon.1* %8, i64 %12 %14 = add i64 %1, -1 br label %15 %16 = phi i32 [ %9, %7 ], [ %55, %53 ] %17 = phi i64 [ %0, %7 ], [ %26, %53 ] %18 = phi %struct.anon.1* [ %13, %7 ], [ %54, %53 ] %19 = zext i32 %16 to i64 %20 = shl nuw i64 1, %19 %21 = add i64 %20, %17 %22 = sub i64 0, %20 %23 = and i64 %21, %22 %24 = add i64 %23, -1 %25 = icmp ult i64 %24, %14 %26 = select i1 %25, i64 %23, i64 %1 %27 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %18, i64 0, i32 0 %28 = load i64, i64* %27, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@vunmap_range_noflush, %30), i8* blockaddress(@vunmap_range_noflush, %34)) #6 to label %29 [label %30, label %34], !srcloc !8 %35 = phi i32 [ %33, %30 ], [ 0, %15 ] %36 = icmp eq i32 %35, 0 br i1 %36, label %40, label %37 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@vunmap_range_noflush, %42), i8* blockaddress(@vunmap_range_noflush, %44)) #6 to label %41 [label %42, label %44], !srcloc !8 br label %42 %43 = icmp eq i64 %28, 0 br i1 %43, label %51, label %44 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@vunmap_range_noflush, %46), i8* blockaddress(@vunmap_range_noflush, %50)) #6 to label %45 [label %46, label %50], !srcloc !8 br label %46 %47 = and i64 %28, 9218868437227409403 %48 = icmp eq i64 %47, 99 br i1 %48, label %50, label %49, !prof !4, !misexpect !5 call fastcc void @vunmap_p4d_range(%struct.anon.1* %18, i64 %17, i64 %26, i32* nonnull %3) #84 Function:vunmap_p4d_range callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.pushsection .altinstr_aux,\22ax\22\0A6:\0A testb $1,${2:P} (% rip)\0A jnz ${3:l}\0A jmp ${4:l}\0A.popsection\0A", "i,i,i,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@vunmap_p4d_range, %8), i8* blockaddress(@vunmap_p4d_range, %6)) #6 to label %5 [label %8, label %6], !srcloc !4 %7 = bitcast %struct.anon.1* %0 to %struct.anon.1* br label %21 %22 = phi %struct.anon.1* [ %20, %8 ], [ %7, %6 ] %23 = add i64 %2, -1 br label %24 %25 = phi %struct.anon.1* [ %22, %21 ], [ %180, %179 ] %26 = phi i64 [ %1, %21 ], [ %31, %179 ] %27 = add i64 %26, 549755813888 %28 = and i64 %27, -549755813888 %29 = add i64 %28, -1 %30 = icmp ult i64 %29, %23 %31 = select i1 %30, i64 %28, i64 %2 %32 = tail call i32 @p4d_clear_huge(%struct.anon.1* %25) #83 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %43 %35 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %25, i64 0, i32 0 %36 = load i64, i64* %35, align 8 %37 = and i64 %36, 9218868437227409304 %38 = icmp eq i64 %37, 0 br i1 %38, label %46, label %39 %47 = phi i64 [ %36, %34 ], [ %42, %39 ] %48 = and i64 %47, -97 %49 = icmp eq i64 %48, 0 br i1 %49, label %179, label %50 %51 = and i64 %47, 9218868437227409304 %52 = icmp eq i64 %51, 0 br i1 %52, label %54, label %53, !prof !5, !misexpect !6 %55 = and i64 %47, 4503599627366400 %56 = load i64, i64* @page_offset_base, align 8 %57 = add i64 %56, %55 %58 = inttoptr i64 %57 to %struct.anon.1* %59 = lshr i64 %26, 30 %60 = and i64 %59, 511 %61 = getelementptr %struct.anon.1, %struct.anon.1* %58, i64 %60 %62 = add i64 %31, -1 br label %63 %64 = phi %struct.anon.1* [ %61, %54 ], [ %177, %176 ] %65 = phi i64 [ %26, %54 ], [ %70, %176 ] %66 = add i64 %65, 1073741824 %67 = and i64 %66, -1073741824 %68 = add i64 %67, -1 %69 = icmp ult i64 %68, %62 %70 = select i1 %69, i64 %67, i64 %31 %71 = tail call i32 @pud_clear_huge(%struct.anon.1* %64) #83 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %85 %74 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %64, i64 0, i32 0 %75 = load i64, i64* %74, align 8 %76 = trunc i64 %75 to i8 %77 = icmp sgt i8 %76, -1 %78 = select i1 %77, i64 -4503599627366504, i64 -4503598553628776 %79 = and i64 %78, %75 %80 = icmp eq i64 %79, 0 br i1 %80, label %88, label %81 %82 = load i32, i32* %3, align 4 %83 = or i32 %82, 4 store i32 %83, i32* %3, align 4 %84 = load i64, i64* %74, align 8 br label %88 %89 = phi i64 [ %75, %73 ], [ %84, %81 ] %90 = and i64 %89, -97 %91 = icmp eq i64 %90, 0 br i1 %91, label %176, label %92 %93 = trunc i64 %89 to i8 %94 = icmp sgt i8 %93, -1 %95 = select i1 %94, i64 -4503599627366504, i64 -4503598553628776 %96 = and i64 %95, %89 %97 = icmp eq i64 %96, 0 br i1 %97, label %99, label %98, !prof !5, !misexpect !6 %100 = select i1 %94, i64 4503599627366400, i64 4503598553628672 %101 = and i64 %100, %89 %102 = load i64, i64* @page_offset_base, align 8 %103 = add i64 %102, %101 %104 = inttoptr i64 %103 to %struct.anon.1* %105 = lshr i64 %65, 21 %106 = and i64 %105, 511 %107 = getelementptr %struct.anon.1, %struct.anon.1* %104, i64 %106 %108 = add i64 %70, -1 br label %109 %110 = phi %struct.anon.1* [ %107, %99 ], [ %174, %173 ] %111 = phi i64 [ %65, %99 ], [ %116, %173 ] %112 = add i64 %111, 2097152 %113 = and i64 %112, -2097152 %114 = add i64 %113, -1 %115 = icmp ult i64 %114, %108 %116 = select i1 %115, i64 %113, i64 %70 %117 = tail call i32 @pmd_clear_huge(%struct.anon.1* %110) #83 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %131 %120 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %110, i64 0, i32 0 %121 = load i64, i64* %120, align 8 %122 = trunc i64 %121 to i8 %123 = icmp sgt i8 %122, -1 %124 = select i1 %123, i64 -4503599627366405, i64 -4503599625273349 %125 = and i64 %124, %121 %126 = icmp eq i64 %125, 99 br i1 %126, label %134, label %127 %128 = load i32, i32* %3, align 4 %129 = or i32 %128, 8 store i32 %129, i32* %3, align 4 %130 = load i64, i64* %120, align 8 br label %134 %135 = phi i64 [ %121, %119 ], [ %130, %127 ] %136 = and i64 %135, -97 %137 = icmp eq i64 %136, 0 br i1 %137, label %173, label %138 %139 = trunc i64 %135 to i8 %140 = icmp sgt i8 %139, -1 %141 = select i1 %140, i64 -4503599627366405, i64 -4503599625273349 %142 = and i64 %141, %135 %143 = icmp eq i64 %142, 99 br i1 %143, label %145, label %144, !prof !5, !misexpect !6 %146 = select i1 %140, i64 4503599627366400, i64 4503599625273344 %147 = and i64 %146, %135 %148 = load i64, i64* @page_offset_base, align 8 %149 = add i64 %148, %147 %150 = inttoptr i64 %149 to %struct.anon.1* %151 = lshr i64 %111, 12 %152 = and i64 %151, 511 %153 = getelementptr %struct.anon.1, %struct.anon.1* %150, i64 %152 br label %154 %155 = phi %struct.anon.1* [ %153, %145 ], [ %166, %165 ] %156 = phi i64 [ %111, %145 ], [ %167, %165 ] %157 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %155, i64 0, i32 0 %158 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %157, i64 0, i64* %157) #6, !srcloc !7 %159 = and i64 %158, -97 %160 = icmp ne i64 %159, 0 %161 = and i64 %158, 257 %162 = icmp eq i64 %161, 0 %163 = and i1 %160, %162 br i1 %163, label %164, label %165, !prof !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.15044, i64 0, i64 0), i32 333, i32 2305, i64 12) #6, !srcloc !9 tail call void asm sideeffect "312:\0A\09.pushsection .discard.reachable\0A\09.long 312b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %165 %166 = getelementptr %struct.anon.1, %struct.anon.1* %155, i64 1 %167 = add i64 %156, 4096 %168 = icmp eq i64 %167, %116 br i1 %168, label %169, label %154 %170 = load i32, i32* %3, align 4 %171 = or i32 %170, 16 store i32 %171, i32* %3, align 4 %172 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __get_user_pages 1 faultin_vma_page_range 2 madvise_populate 3 do_madvise 4 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #83 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %224, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #83 store %struct.vm_area_struct* %37, %struct.vm_area_struct** %10, align 8 %38 = icmp eq %struct.vm_area_struct* %37, null br i1 %38, label %39, label %53 %54 = call fastcc i32 @check_vma_flags(%struct.vm_area_struct* nonnull %37, i64 %20) #84 %55 = icmp eq i32 %54, 0 br i1 %55, label %58, label %56 %59 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %37, i64 0, i32 8 %60 = load i64, i64* %59, align 8 %61 = and i64 %60, 4194304 %62 = icmp eq i64 %61, 0 br i1 %62, label %72, label %63 %73 = phi %struct.vm_area_struct* [ %37, %58 ], [ %27, %32 ] %74 = phi i64 [ 0, %58 ], [ %28, %32 ] %75 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct* %77 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 0, i32 0 %78 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 109, i32 1, i32 0, i64 0 %79 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 8 br label %80 %81 = phi i32 [ %151, %146 ], [ %19, %72 ] %82 = phi i64 [ 0, %146 ], [ %74, %72 ] %83 = and i32 %81, 4160 %84 = icmp eq i32 %83, 4096 %85 = trunc i32 %81 to i8 %86 = icmp sgt i8 %85, -1 %87 = and i32 %81, 1 %88 = lshr i32 %81, 6 %89 = and i32 %88, 128 %90 = or i32 %89, %87 %91 = or i32 %90, 20 %92 = select i1 %21, i32 %90, i32 %91 %93 = and i32 %81, 32 %94 = icmp eq i32 %93, 0 %95 = or i32 %92, 12 %96 = select i1 %94, i32 %92, i32 %95 %97 = and i32 %88, 32 %98 = or i32 %96, %97 br label %99 %100 = phi i64 [ 0, %143 ], [ %82, %80 ] %101 = load volatile i64, i64* %77, align 8 %102 = and i64 %101, 4 %103 = icmp eq i64 %102, 0 br i1 %103, label %108, label %104 %109 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __get_user_pages 1 faultin_vma_page_range 2 madvise_populate 3 do_madvise 4 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #83 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %224, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #83 store %struct.vm_area_struct* %37, %struct.vm_area_struct** %10, align 8 %38 = icmp eq %struct.vm_area_struct* %37, null br i1 %38, label %39, label %53 %54 = call fastcc i32 @check_vma_flags(%struct.vm_area_struct* nonnull %37, i64 %20) #84 %55 = icmp eq i32 %54, 0 br i1 %55, label %58, label %56 %59 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %37, i64 0, i32 8 %60 = load i64, i64* %59, align 8 %61 = and i64 %60, 4194304 %62 = icmp eq i64 %61, 0 br i1 %62, label %72, label %63 %73 = phi %struct.vm_area_struct* [ %37, %58 ], [ %27, %32 ] %74 = phi i64 [ 0, %58 ], [ %28, %32 ] %75 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct* %77 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 0, i32 0 %78 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 109, i32 1, i32 0, i64 0 %79 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 8 br label %80 %81 = phi i32 [ %151, %146 ], [ %19, %72 ] %82 = phi i64 [ 0, %146 ], [ %74, %72 ] %83 = and i32 %81, 4160 %84 = icmp eq i32 %83, 4096 %85 = trunc i32 %81 to i8 %86 = icmp sgt i8 %85, -1 %87 = and i32 %81, 1 %88 = lshr i32 %81, 6 %89 = and i32 %88, 128 %90 = or i32 %89, %87 %91 = or i32 %90, 20 %92 = select i1 %21, i32 %90, i32 %91 %93 = and i32 %81, 32 %94 = icmp eq i32 %93, 0 %95 = or i32 %92, 12 %96 = select i1 %94, i32 %92, i32 %95 %97 = and i32 %88, 32 %98 = or i32 %96, %97 br label %99 %100 = phi i64 [ 0, %143 ], [ %82, %80 ] %101 = load volatile i64, i64* %77, align 8 %102 = and i64 %101, 4 %103 = icmp eq i64 %102, 0 br i1 %103, label %108, label %104 %109 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __node_reclaim 1 node_reclaim 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 nfs4_proc_set_acl 6 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #83 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %18 = bitcast %struct.nfs_fh** %16 to %struct.list_head*** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %12, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %17, %struct.list_head*** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %165, label %63 %64 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %62, i64 0, i32 10 %65 = load i32, i32* %64, align 8 %66 = and i32 %65, 8 %67 = icmp eq i32 %66, 0 %68 = or i1 %67, %33 %69 = select i1 %67, i32 -95, i32 -34 br i1 %68, label %165, label %70 %71 = phi i32 [ %94, %83 ], [ 0, %63 ] %72 = phi %struct.page** [ %93, %83 ], [ %21, %63 ] %73 = phi i64 [ %92, %83 ], [ %2, %63 ] %74 = phi i8* [ %91, %83 ], [ %1, %63 ] %75 = icmp ult i64 %73, 4096 %76 = select i1 %75, i64 %73, i64 4096 %77 = call %struct.page* @alloc_pages(i32 3264, i32 0) #83 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %517, label %233 %234 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %234, i64 0, i32 0 %236 = load %struct.zone.134881*, %struct.zone.134881** %235, align 8 %237 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #83 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %517, label %244 %245 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 5 %246 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.134877*, i32, i32)*)(%struct.pglist_data.134877* %246, i32 %0, i32 %1) #83 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #83 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #83 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #83 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 22 %26 = load i64, i64* %25, align 32 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #83 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 27 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #84 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %75 [label %55], !srcloc !7 %76 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __node_reclaim 1 node_reclaim 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 nfs_symlink ------------- Path:  Function:nfs_symlink %5 = alloca %struct.iattr, align 8 %6 = bitcast %struct.iattr* %5 to i8* %7 = tail call i64 @strlen(i8* %3) #83 %8 = trunc i64 %7 to i32 %9 = and i64 %7, 4294967295 %10 = icmp ugt i64 %9, 4096 br i1 %10, label %148, label %11 %12 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 1 store i16 -24065, i16* %12, align 4 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 0 store i32 1, i32* %13, align 8 %14 = tail call %struct.page* @alloc_pages(i32 1051840, i32 0) #84 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %517, label %233 %234 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %234, i64 0, i32 0 %236 = load %struct.zone.134881*, %struct.zone.134881** %235, align 8 %237 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #83 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %517, label %244 %245 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 5 %246 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.134877*, i32, i32)*)(%struct.pglist_data.134877* %246, i32 %0, i32 %1) #83 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #83 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #83 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #83 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 22 %26 = load i64, i64* %25, align 32 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #83 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 27 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #84 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %75 [label %55], !srcloc !7 %76 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __node_reclaim 1 node_reclaim 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 nfs_symlink ------------- Path:  Function:nfs_symlink %5 = alloca %struct.iattr, align 8 %6 = bitcast %struct.iattr* %5 to i8* %7 = tail call i64 @strlen(i8* %3) #83 %8 = trunc i64 %7 to i32 %9 = and i64 %7, 4294967295 %10 = icmp ugt i64 %9, 4096 br i1 %10, label %148, label %11 %12 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 1 store i16 -24065, i16* %12, align 4 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 0 store i32 1, i32* %13, align 8 %14 = tail call %struct.page* @alloc_pages(i32 1051840, i32 0) #84 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %517, label %233 %234 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %234, i64 0, i32 0 %236 = load %struct.zone.134881*, %struct.zone.134881** %235, align 8 %237 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #83 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %517, label %244 %245 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 5 %246 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.134877*, i32, i32)*)(%struct.pglist_data.134877* %246, i32 %0, i32 %1) #83 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #83 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #83 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #83 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 22 %26 = load i64, i64* %25, align 32 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #83 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 27 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #84 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %75 [label %55], !srcloc !7 %76 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __node_reclaim 1 node_reclaim 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 nfs_symlink ------------- Path:  Function:nfs_symlink %5 = alloca %struct.iattr, align 8 %6 = bitcast %struct.iattr* %5 to i8* %7 = tail call i64 @strlen(i8* %3) #83 %8 = trunc i64 %7 to i32 %9 = and i64 %7, 4294967295 %10 = icmp ugt i64 %9, 4096 br i1 %10, label %148, label %11 %12 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 1 store i16 -24065, i16* %12, align 4 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 0 store i32 1, i32* %13, align 8 %14 = tail call %struct.page* @alloc_pages(i32 1051840, i32 0) #84 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %517, label %233 %234 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %234, i64 0, i32 0 %236 = load %struct.zone.134881*, %struct.zone.134881** %235, align 8 %237 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #83 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %517, label %244 %245 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 5 %246 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.134877*, i32, i32)*)(%struct.pglist_data.134877* %246, i32 %0, i32 %1) #83 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #83 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #83 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #83 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 22 %26 = load i64, i64* %25, align 32 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #83 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 27 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #84 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %75 [label %55], !srcloc !7 %76 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __node_reclaim 1 node_reclaim 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 get_zeroed_page 6 simple_transaction_get 7 selinux_transaction_write ------------- Path:  Function:selinux_transaction_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = icmp ugt i64 %8, 14 br i1 %9, label %25, label %10 %11 = getelementptr [15 x i64 (%struct.file*, i8*, i64)*], [15 x i64 (%struct.file*, i8*, i64)*]* @write_op, i64 0, i64 %8 %12 = lshr i64 15391, %8 %13 = and i64 %12, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %25 %16 = tail call i8* bitcast (i8* (%struct.file.151769*, i8*, i64)* @simple_transaction_get to i8* (%struct.file*, i8*, i64)*)(%struct.file* %0, i8* %1, i64 %2) #83 Function:simple_transaction_get %4 = icmp ugt i64 %2, 4087 br i1 %4, label %20, label %5 %6 = tail call i64 @get_zeroed_page(i32 3264) #83 Function:get_zeroed_page %2 = and i32 %0, -259 %3 = or i32 %2, 256 %4 = tail call %struct.page.135016* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.135016* (i32, i32)*)(i32 %3, i32 0) #83 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %517, label %233 %234 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %234, i64 0, i32 0 %236 = load %struct.zone.134881*, %struct.zone.134881** %235, align 8 %237 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #83 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %517, label %244 %245 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 5 %246 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.134877*, i32, i32)*)(%struct.pglist_data.134877* %246, i32 %0, i32 %1) #83 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #83 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #83 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #83 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 22 %26 = load i64, i64* %25, align 32 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #83 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 27 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #84 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %75 [label %55], !srcloc !7 %76 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __node_reclaim 1 node_reclaim 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 isofs_lookup ------------- Path:  Function:isofs_lookup %4 = alloca %struct.qstr, align 8 %5 = tail call %struct.page.209199* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.209199* (i32, i32)*)(i32 1051840, i32 0) #83 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %517, label %233 %234 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %234, i64 0, i32 0 %236 = load %struct.zone.134881*, %struct.zone.134881** %235, align 8 %237 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #83 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %517, label %244 %245 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 5 %246 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.134877*, i32, i32)*)(%struct.pglist_data.134877* %246, i32 %0, i32 %1) #83 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #83 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #83 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #83 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 22 %26 = load i64, i64* %25, align 32 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #83 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 27 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #84 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %75 [label %55], !srcloc !7 %76 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __node_reclaim 1 node_reclaim 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 __nfs3_proc_setacls 6 nfs3_set_acl ------------- Path:  Function:nfs3_set_acl %5 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %1, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, -4096 %8 = icmp eq i16 %7, 16384 br i1 %8, label %9, label %16 switch i32 %3, label %16 [ i32 32768, label %10 i32 16384, label %13 ] %14 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.232196*, i32)*)(%struct.inode.232196* %1, i32 32768) #83 %15 = icmp ugt %struct.posix_acl* %14, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %15, label %63, label %16 %17 = phi %struct.posix_acl* [ %2, %9 ], [ %2, %4 ], [ %2, %10 ], [ %14, %13 ] %18 = phi %struct.posix_acl* [ null, %9 ], [ null, %4 ], [ %11, %10 ], [ %2, %13 ] %19 = icmp eq %struct.posix_acl* %17, null br i1 %19, label %20, label %24 %21 = load i16, i16* %5, align 8 %22 = tail call %struct.posix_acl* @posix_acl_from_mode(i16 zeroext %21, i32 3264) #83 %23 = icmp ugt %struct.posix_acl* %22, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %23, label %63, label %24 %25 = phi %struct.posix_acl* [ %17, %16 ], [ %22, %20 ] %26 = tail call fastcc i32 @__nfs3_proc_setacls(%struct.inode.232196* %1, %struct.posix_acl* %25, %struct.posix_acl* %18) #84 Function:__nfs3_proc_setacls %4 = alloca %struct.nfs_fattr*, align 8 %5 = alloca [7 x %struct.page.232204*], align 16 %6 = alloca %struct.nfs3_setaclargs, align 8 %7 = alloca %struct.rpc_message.232335, align 8 %8 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %0, i64 0, i32 8 %9 = load %struct.super_block.232179*, %struct.super_block.232179** %8, align 8 %10 = getelementptr inbounds %struct.super_block.232179, %struct.super_block.232179* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.232431** %12 = load %struct.nfs_server.232431*, %struct.nfs_server.232431** %11, align 16 %13 = bitcast %struct.nfs_fattr** %4 to i8* %14 = bitcast [7 x %struct.page.232204*]* %5 to i8* %15 = bitcast %struct.nfs3_setaclargs* %6 to i8* %16 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 0 store %struct.inode.232196* %0, %struct.inode.232196** %16, align 8 %17 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 1 store i32 1, i32* %17, align 8 %18 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 2 store %struct.posix_acl* %1, %struct.posix_acl** %18, align 8 %19 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 4 %21 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 5 %22 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 6 %23 = getelementptr inbounds [7 x %struct.page.232204*], [7 x %struct.page.232204*]* %5, i64 0, i64 0 %24 = bitcast %struct.posix_acl** %19 to i8* store %struct.page.232204** %23, %struct.page.232204*** %22, align 8 %25 = bitcast %struct.rpc_message.232335* %7 to i8* %26 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 0 store %struct.rpc_procinfo.232334* null, %struct.rpc_procinfo.232334** %26, align 8 %27 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 1 %28 = bitcast i8** %27 to %struct.nfs3_setaclargs** store %struct.nfs3_setaclargs* %6, %struct.nfs3_setaclargs** %28, align 8 %29 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 2 %30 = bitcast i8** %29 to %struct.nfs_fattr*** store %struct.nfs_fattr** %4, %struct.nfs_fattr*** %30, align 8 %31 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 3 store %struct.cred* null, %struct.cred** %31, align 8 %32 = icmp eq %struct.posix_acl* %1, null br i1 %32, label %33, label %45 %46 = getelementptr inbounds %struct.nfs_server.232431, %struct.nfs_server.232431* %12, i64 0, i32 10 %47 = load i32, i32* %46, align 8 %48 = and i32 %47, 8 %49 = icmp eq i32 %48, 0 br i1 %49, label %153, label %50 %51 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %1, i64 0, i32 2 %52 = load i32, i32* %51, align 8 %53 = icmp ugt i32 %52, 1024 br i1 %53, label %153, label %54 %55 = icmp eq %struct.posix_acl* %2, null br i1 %55, label %65, label %56 %66 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %0, i64 0, i32 0 %67 = load i16, i16* %66, align 8 %68 = and i16 %67, -4096 %69 = icmp eq i16 %68, 16384 br i1 %69, label %70, label %84 %85 = phi i32 [ %52, %70 ], [ %58, %71 ], [ %58, %72 ], [ %82, %80 ], [ %52, %65 ] %86 = phi i32 [ 16, %70 ], [ 64, %71 ], [ %78, %72 ], [ 16, %80 ], [ 16, %65 ] %87 = icmp sgt i32 %85, 4 %88 = select i1 %87, i32 %85, i32 4 %89 = mul i32 %88, 12 %90 = add i32 %89, %86 %91 = zext i32 %90 to i64 store i64 %91, i64* %20, align 8 %92 = icmp ugt i32 %90, 136 br i1 %92, label %93, label %113 %94 = add nuw nsw i64 %91, 17592186044415 %95 = lshr i64 %94, 12 %96 = trunc i64 %95 to i32 %97 = add nsw i32 %96, 1 br label %98 %99 = call %struct.page.232204* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.232204* (i32, i32)*)(i32 3264, i32 0) #83 %111 = add i32 %105, 1 store i32 %111, i32* %21, align 8 %112 = icmp ult i32 %111, %97 br i1 %112, label %98, label %113 %99 = call %struct.page.232204* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.232204* (i32, i32)*)(i32 3264, i32 0) #83 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %517, label %233 %234 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %234, i64 0, i32 0 %236 = load %struct.zone.134881*, %struct.zone.134881** %235, align 8 %237 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #83 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %517, label %244 %245 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 5 %246 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.134877*, i32, i32)*)(%struct.pglist_data.134877* %246, i32 %0, i32 %1) #83 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #83 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #83 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #83 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 22 %26 = load i64, i64* %25, align 32 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #83 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 27 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #84 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %75 [label %55], !srcloc !7 %76 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __node_reclaim 1 node_reclaim 2 get_page_from_freelist 3 __alloc_pages 4 ring_buffer_alloc_read_page 5 tracing_buffers_read ------------- Path:  Function:tracing_buffers_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.ftrace_buffer_info** %7 = load %struct.ftrace_buffer_info*, %struct.ftrace_buffer_info** %6, align 8 %8 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0 %9 = icmp eq i64 %2, 0 br i1 %9, label %114, label %10 %11 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null br i1 %13, label %14, label %29 %15 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 2 %16 = load %struct.array_buffer*, %struct.array_buffer** %15, align 8 %17 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %16, i64 0, i32 1 %18 = load %struct.trace_buffer*, %struct.trace_buffer** %17, align 8 %19 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = tail call i8* @ring_buffer_alloc_read_page(%struct.trace_buffer* %18, i32 %20) #83 Function:ring_buffer_alloc_read_page %3 = alloca i64, align 8 %4 = zext i32 %1 to i64 %5 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 3, i64 0, i32 0, i64 0 %6 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4) #6, !srcloc !4 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %61, label %9 %10 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 6 %11 = load %struct.ring_buffer_per_cpu**, %struct.ring_buffer_per_cpu*** %10, align 8 %12 = sext i32 %1 to i64 %13 = getelementptr %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %11, i64 %12 %14 = load %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %13, align 8 %15 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !5 %16 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %14, i64 0, i32 5 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %17, i64 0, i32 0, i32 0, i32 0 %19 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18, i32 0) #6, !srcloc !7 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %25, !prof !8, !misexpect !9 %26 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %14, i64 0, i32 7 %27 = load %struct.buffer_data_page*, %struct.buffer_data_page** %26, align 8 %28 = icmp eq %struct.buffer_data_page* %27, null br i1 %28, label %30, label %29 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = bitcast %struct.qspinlock* %17 to i8* store volatile i8 0, i8* %31, align 4 %32 = and i64 %16, 512 %33 = icmp eq i64 %32, 0 br i1 %33, label %35, label %34 br i1 %28, label %36, label %57 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (i32* @numa_node to i64) %40 = inttoptr i64 %39 to i32* %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, -1 br i1 %42, label %43, label %45 %46 = phi i32 [ %44, %43 ], [ %41, %36 ] %47 = call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 68800, i32 0, i32 %46, %struct.cpumask* null) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %517, label %233 %234 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %234, i64 0, i32 0 %236 = load %struct.zone.134881*, %struct.zone.134881** %235, align 8 %237 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #83 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %517, label %244 %245 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 5 %246 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.134877*, i32, i32)*)(%struct.pglist_data.134877* %246, i32 %0, i32 %1) #83 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #83 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #83 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #83 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 22 %26 = load i64, i64* %25, align 32 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #83 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 27 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #84 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %75 [label %55], !srcloc !7 %76 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 __node_reclaim 1 node_reclaim 2 get_page_from_freelist 3 __alloc_pages 4 kmalloc_large_node 5 __kmalloc_node 6 rb_alloc_aux 7 perf_mmap ------------- Path:  Function:perf_mmap %3 = getelementptr inbounds %struct.file.114997, %struct.file.114997* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.perf_event.115065** %5 = load %struct.perf_event.115065*, %struct.perf_event.115065** %4, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.115211** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.115211**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.115211* %8 = getelementptr inbounds %struct.task_struct.115211, %struct.task_struct.115211* %7, i64 0, i32 94 %9 = load %struct.cred.114987*, %struct.cred.114987** %8, align 8 %10 = getelementptr inbounds %struct.cred.114987, %struct.cred.114987* %9, i64 0, i32 21 %11 = load %struct.user_struct*, %struct.user_struct** %10, align 8 %12 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 35 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, -1 br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 22, i32 6 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 2 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %324 %21 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 8 %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %324, label %25 %26 = tail call i32 bitcast (i32 (%struct.perf_event*)* @security_perf_event_read to i32 (%struct.perf_event.115065*)*)(%struct.perf_event.115065* %5) #83 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %324 %29 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = sub i64 %30, %32 %34 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 13 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %47 %38 = lshr i64 %33, 12 %39 = add nsw i64 %38, -1 %40 = icmp eq i64 %39, 0 %42 = icmp eq i64 %41, 1 %43 = or i1 %40, %42 %44 = and i64 %33, -4096 %45 = icmp eq i64 %33, %44 %46 = and i1 %45, %43 br i1 %46, label %117, label %324 %118 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 27 %119 = load %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %118, align 8 %120 = getelementptr inbounds %struct.perf_event_context.115041, %struct.perf_event_context.115041* %119, i64 0, i32 20 %121 = load %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %120, align 8 %122 = icmp eq %struct.perf_event_context.115041* %121, null br i1 %122, label %124, label %123, !prof !10, !misexpect !7 %125 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 38 tail call void @mutex_lock(%struct.mutex* %125) #83 %126 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 40 %127 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %128 = icmp eq %struct.perf_buffer* %127, null br i1 %128, label %152, label %129 %130 = phi %struct.perf_buffer* [ %150, %149 ], [ %127, %124 ] %131 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 8 %133 = sext i32 %132 to i64 %134 = icmp eq i64 %39, %133 br i1 %134, label %135, label %310 %136 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 15, i32 0 %137 = load volatile i32, i32* %136, align 4 %138 = icmp eq i32 %137, 0 br i1 %138, label %149, label %139, !prof !6, !misexpect !7 %140 = phi i32 [ %147, %146 ], [ %137, %135 ] %141 = add i32 %140, 1 %142 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %136, i32 %141, i32* %136, i32 %140) #6, !srcloc !8 %143 = extractvalue { i8, i32 } %142, 0 %144 = and i8 %143, 1 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %296, !prof !6, !misexpect !7 %147 = extractvalue { i8, i32 } %142, 1 %148 = icmp eq i32 %147, 0 br i1 %148, label %149, label %139, !prof !6, !misexpect !7 tail call void @mutex_unlock(%struct.mutex* %125) #83 tail call void @mutex_lock(%struct.mutex* %125) #83 %150 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %151 = icmp eq %struct.perf_buffer* %150, null br i1 %151, label %152, label %129 %153 = phi i1 [ false, %115 ], [ true, %124 ], [ true, %149 ] %154 = phi i32 [ -22, %115 ], [ 0, %124 ], [ 0, %149 ] %155 = phi i64 [ %52, %115 ], [ %38, %124 ], [ %38, %149 ] %156 = phi i64 [ %52, %115 ], [ %39, %124 ], [ %39, %149 ] %157 = phi %struct.perf_buffer* [ %54, %115 ], [ null, %124 ], [ null, %149 ] %158 = load i32, i32* @sysctl_perf_event_mlock, align 4 %159 = ashr i32 %158, 2 %160 = sext i32 %159 to i64 %161 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %162 = zext i32 %161 to i64 %163 = mul nsw i64 %160, %162 %164 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %11, i64 0, i32 6, i32 0 %165 = load volatile i64, i64* %164, align 8 %166 = icmp ugt i64 %165, %163 %167 = select i1 %166, i64 %163, i64 %165 %168 = add i64 %167, %155 %170 = sub i64 %155, %169 %171 = getelementptr inbounds %struct.task_struct.115211, %struct.task_struct.115211* %7, i64 0, i32 104 %172 = load %struct.signal_struct.115167*, %struct.signal_struct.115167** %171, align 8 %173 = getelementptr %struct.signal_struct.115167, %struct.signal_struct.115167* %172, i64 0, i32 50, i64 8, i32 0 %174 = load volatile i64, i64* %173, align 8 %175 = lshr i64 %174, 12 %176 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 6 %177 = load %struct.mm_struct.115142*, %struct.mm_struct.115142** %176, align 8 %178 = getelementptr inbounds %struct.mm_struct.115142, %struct.mm_struct.115142* %177, i64 0, i32 0, i32 23, i32 0 %179 = load volatile i64, i64* %178, align 8 %180 = add i64 %169, %179 %181 = icmp ule i64 %180, %175 %182 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %183 = icmp slt i32 %182, 0 %184 = or i1 %183, %181 br i1 %184, label %187, label %185 %188 = icmp eq %struct.perf_buffer* %157, null br i1 %188, label %189, label %281 %282 = load i64, i64* %21, align 8 %283 = lshr i64 %282, 1 %284 = trunc i64 %283 to i32 %285 = and i32 %284, 1 %286 = load i64, i64* %34, align 8 %287 = trunc i64 %156 to i32 %288 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 22, i32 16 %289 = load i32, i32* %288, align 8 %290 = zext i32 %289 to i64 %291 = tail call i32 bitcast (i32 (%struct.perf_buffer*, %struct.perf_event*, i64, i32, i64, i32)* @rb_alloc_aux to i32 (%struct.perf_buffer*, %struct.perf_event.115065*, i64, i32, i64, i32)*)(%struct.perf_buffer* nonnull %157, %struct.perf_event.115065* %5, i64 %286, i32 %287, i64 %290, i32 %285) #83 Function:rb_alloc_aux %7 = and i32 %5, 1 %8 = icmp eq i32 %7, 0 %9 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 35 %10 = load i32, i32* %9, align 4 %11 = icmp eq i32 %10, -1 br i1 %11, label %19, label %12 %20 = phi i32 [ %18, %12 ], [ -1, %6 ] %21 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 12 %22 = load %struct.pmu*, %struct.pmu** %21, align 8 %23 = getelementptr inbounds %struct.pmu, %struct.pmu* %22, i64 0, i32 31 %24 = load i8* (%struct.perf_event*, i8**, i32, i1)*, i8* (%struct.perf_event*, i8**, i32, i1)** %23, align 8 %25 = icmp eq i8* (%struct.perf_event*, i8**, i32, i1)* %24, null br i1 %25, label %162, label %26 br i1 %8, label %36, label %27 %28 = icmp eq i64 %4, 0 %29 = shl i32 %3, 11 %30 = sext i32 %29 to i64 %31 = select i1 %28, i64 %30, i64 %4 %32 = add i64 %31, -1 %33 = lshr i64 %32, 12 %34 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %33, i32 -1) #4, !srcloc !4 %35 = add i32 %34, 1 br label %38 %39 = phi i32 [ %37, %36 ], [ %35, %27 ] %40 = phi i64 [ 0, %36 ], [ %31, %27 ] %41 = sext i32 %3 to i64 %43 = extractvalue { i64, i1 } %42, 1 br i1 %43, label %44, label %47, !prof !6, !misexpect !7 %48 = extractvalue { i64, i1 } %42, 0 %49 = tail call noalias align 8 i8* @__kmalloc_node(i64 %48, i32 3520, i32 %20) #83 Function:__kmalloc_node %4 = icmp ugt i64 %0, 8192 br i1 %4, label %5, label %35, !prof !4, !misexpect !5 %6 = tail call fastcc i8* @kmalloc_large_node(i64 %0, i32 %1, i32 %2) #83 Function:kmalloc_large_node %4 = add i64 %0, -1 %5 = lshr i64 %4, 12 %6 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %5, i32 -1) #4, !srcloc !4 %7 = add i32 %6, 1 %8 = or i32 %1, 262144 %9 = icmp eq i32 %2, -1 br i1 %9, label %10, label %12 %13 = phi i32 [ %11, %10 ], [ %2, %3 ] %14 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %8, i32 %7, i32 %13, %struct.cpumask* null) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 br i1 %109, label %158, label %153 %159 = add nsw i64 %139, 1 %160 = icmp eq i64 %159, 11 br i1 %160, label %167, label %138 %168 = icmp eq i64 %88, 0 %169 = or i1 %41, %168 %170 = or i1 %17, %169 br i1 %170, label %228, label %171, !prof !9 %172 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 0 %173 = load i64, i64* %172, align 64 br i1 %109, label %174, label %178, !prof !6, !misexpect !7 %175 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %176 = load i64, i64* %175, align 32 %177 = add i64 %176, %11 br label %178 %179 = phi i64 [ %177, %174 ], [ %11, %171 ] %180 = sub i64 %94, %179 br i1 %38, label %184, label %181 %182 = sdiv i64 %173, -2 %183 = add i64 %182, %173 br label %184 %185 = phi i64 [ %183, %181 ], [ %173, %178 ] br i1 %109, label %193, label %186, !prof !6, !misexpect !8 br i1 %43, label %190, label %187 %191 = sdiv i64 %185, -4 %192 = add i64 %191, %185 br label %193 %194 = phi i64 [ %189, %187 ], [ %192, %190 ], [ %185, %184 ] %195 = add i64 %194, %133 %196 = icmp sgt i64 %180, %195 br i1 %196, label %197, label %228 br i1 %8, label %252, label %198 br i1 %12, label %199, label %228 %200 = phi i64 [ %220, %219 ], [ %13, %198 ] %201 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 1 %202 = load i64, i64* %201, align 8 %203 = icmp eq i64 %202, 0 br i1 %203, label %219, label %204 %205 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 0 %206 = getelementptr inbounds %struct.list_head, %struct.list_head* %205, i64 0, i32 0 %207 = load volatile %struct.list_head*, %struct.list_head** %206, align 8 %208 = icmp eq %struct.list_head* %207, %205 br i1 %208, label %209, label %252 %210 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 1 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %222, label %252 %223 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %200, i32 0, i64 2 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %223, i64 0, i32 0 %225 = load volatile %struct.list_head*, %struct.list_head** %224, align 8 %226 = icmp eq %struct.list_head* %225, %223 br i1 %226, label %227, label %252 br i1 %109, label %219, label %214 %220 = add nsw i64 %200, 1 %221 = icmp eq i64 %220, 11 br i1 %221, label %228, label %199 br i1 %45, label %229, label %252 %230 = load i32, i32* @node_reclaim_mode, align 4 %231 = and i32 %230, 7 %232 = icmp eq i32 %231, 0 br i1 %232, label %517, label %233 %234 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %235 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %234, i64 0, i32 0 %236 = load %struct.zone.134881*, %struct.zone.134881** %235, align 8 %237 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %236, i64 0, i32 4 %238 = load i32, i32* %237, align 8 %239 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = tail call i32 @__node_distance(i32 %238, i32 %240) #83 %242 = load i32, i32* @node_reclaim_distance, align 4 %243 = icmp sgt i32 %241, %242 br i1 %243, label %517, label %244 %245 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 5 %246 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %245, align 16 %247 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.134877*, i32, i32)*)(%struct.pglist_data.134877* %246, i32 %0, i32 %1) #83 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #83 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #83 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #83 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 22 %26 = load i64, i64* %25, align 32 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124020*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #83 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %31 = load i64, i64* %30, align 8 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 27 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #84 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %11 = bitcast %struct.cpumask** %10 to i8* %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %13 = icmp ugt i64 %6, 32 %14 = select i1 %13, i64 %6, i64 32 store i64 %14, i64* %12, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %75 [label %55], !srcloc !7 %76 = tail call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 filemap_read 1 generic_file_read_iter ------------- Path:  Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %62 = phi i64 [ %42, %56 ], [ 0, %6 ] %63 = tail call i64 @filemap_read(%struct.kiocb* %0, %struct.iov_iter* %1, i64 %62) #83 Function:filemap_read %4 = alloca %struct.readahead_control, align 8 %5 = alloca %struct.readahead_control, align 8 %6 = alloca %struct.pagevec, align 8 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %8 = load %struct.file*, %struct.file** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %8, i64 0, i32 18 %10 = load %struct.address_space*, %struct.address_space** %9, align 8 %11 = getelementptr inbounds %struct.address_space, %struct.address_space* %10, i64 0, i32 0 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %6, i64 0, i32 0 %14 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 8 %17 = load %struct.super_block*, %struct.super_block** %16, align 8 %18 = getelementptr inbounds %struct.super_block, %struct.super_block* %17, i64 0, i32 4 %19 = load i64, i64* %18, align 32 %20 = icmp slt i64 %15, %19 br i1 %20, label %21, label %471, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %471, label %25, !prof !6, !misexpect !5 %26 = icmp ugt i64 %23, %19 br i1 %26, label %27, label %28 store i8 0, i8* %13, align 8 %29 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %6, i64 0, i32 1 store i8 0, i8* %29, align 1 %30 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %31 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 14 %32 = bitcast %struct.readahead_control* %5 to i8* %33 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %5, i64 0, i32 0 %34 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %5, i64 0, i32 1 %35 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %5, i64 0, i32 2 %36 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %5, i64 0, i32 3 %37 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %5, i64 0, i32 4 %38 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %5, i64 0, i32 5 %39 = bitcast %struct.readahead_control* %4 to i8* %40 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %4, i64 0, i32 1 %42 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %4, i64 0, i32 2 %43 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %4, i64 0, i32 3 %44 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %4, i64 0, i32 4 %45 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %4, i64 0, i32 5 %46 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 7 %47 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %48 = getelementptr inbounds %struct.address_space, %struct.address_space* %10, i64 0, i32 4, i32 0 %49 = getelementptr inbounds %struct.file, %struct.file* %8, i64 0, i32 13, i32 5 %50 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %6, i64 0, i32 2, i64 0 br label %51 %52 = phi i64 [ %2, %28 ], [ %449, %453 ] %53 = call i32 @__SCT__cond_resched() #83 %60 = or i32 %54, 8 store i32 %60, i32* %30, align 8 br label %61 %62 = load i64, i64* %14, align 8 %63 = load i64, i64* %31, align 8 %64 = icmp slt i64 %62, %63 br i1 %64, label %65, label %458, !prof !4, !misexpect !5 %66 = load %struct.file*, %struct.file** %7, align 8 %67 = getelementptr inbounds %struct.file, %struct.file* %66, i64 0, i32 18 %68 = load %struct.address_space*, %struct.address_space** %67, align 8 %69 = getelementptr inbounds %struct.file, %struct.file* %66, i64 0, i32 13 %70 = ashr i64 %62, 12 %71 = load i64, i64* %22, align 8 %72 = add i64 %62, 4095 %73 = add i64 %72, %71 %74 = lshr i64 %73, 12 %75 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %76 = inttoptr i64 %75 to %struct.task_struct* %77 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 0, i32 0 %78 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 109, i32 1, i32 0, i64 0 %79 = sub nsw i64 %74, %70 %80 = getelementptr inbounds %struct.address_space, %struct.address_space* %68, i64 0, i32 2 %81 = getelementptr inbounds %struct.address_space, %struct.address_space* %68, i64 0, i32 9 %82 = getelementptr inbounds %struct.address_space, %struct.address_space* %68, i64 0, i32 0 br label %83 %84 = load volatile i64, i64* %77, align 8 %85 = and i64 %84, 4 %86 = icmp eq i64 %85, 0 br i1 %86, label %91, label %87 %88 = load i64, i64* %78, align 8 %89 = and i64 %88, 256 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %458 call fastcc void @filemap_get_read_batch(%struct.address_space* %68, i64 %70, i64 %74, %struct.pagevec* nonnull %6) #83 %92 = load i8, i8* %13, align 8 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %110 %95 = load i32, i32* %30, align 8 %96 = and i32 %95, 1048576 %97 = icmp eq i32 %96, 0 br i1 %97, label %98, label %458 store %struct.file* %66, %struct.file** %33, align 8 store %struct.address_space* %68, %struct.address_space** %34, align 8 store %struct.file_ra_state* %69, %struct.file_ra_state** %35, align 8 store i64 %70, i64* %36, align 8 store i32 0, i32* %37, align 8 store i32 0, i32* %38, align 4 call void @page_cache_sync_ra(%struct.readahead_control* nonnull %5, i64 %79) #83 call fastcc void @filemap_get_read_batch(%struct.address_space* %68, i64 %70, i64 %74, %struct.pagevec* nonnull %6) #83 %99 = load i8, i8* %13, align 8 %100 = icmp eq i8 %99, 0 br i1 %100, label %101, label %110 %111 = phi i8 [ %99, %98 ], [ %92, %91 ] %112 = zext i8 %111 to i64 %113 = add nuw nsw i64 %112, 4294967295 %114 = and i64 %113, 4294967295 %115 = getelementptr %struct.pagevec, %struct.pagevec* %6, i64 0, i32 2, i64 %114 %116 = load %struct.page*, %struct.page** %115, align 8 %117 = getelementptr inbounds %struct.page, %struct.page* %116, i64 0, i32 0 %118 = load volatile i64, i64* %117, align 8 %119 = and i64 %118, 262144 %120 = icmp eq i64 %119, 0 br i1 %120, label %131, label %121 %122 = load i32, i32* %30, align 8 %123 = and i32 %122, 1048576 %124 = icmp eq i32 %123, 0 br i1 %124, label %127, label %125 %128 = getelementptr inbounds %struct.page, %struct.page* %116, i64 0, i32 1, i32 0, i32 2 %129 = load i64, i64* %128, align 8 %130 = sub i64 %74, %129 store %struct.file* %66, %struct.file** %40, align 8 store %struct.address_space* %68, %struct.address_space** %41, align 8 store %struct.file_ra_state* %69, %struct.file_ra_state** %42, align 8 store i64 %129, i64* %43, align 8 store i32 0, i32* %44, align 8 store i32 0, i32* %45, align 4 call void @page_cache_async_ra(%struct.readahead_control* nonnull %4, %struct.page* %116, i64 %130) #83 br label %131 %132 = getelementptr inbounds %struct.page, %struct.page* %116, i64 0, i32 1 %133 = bitcast %union.anon.20* %132 to i64* %134 = load volatile i64, i64* %133, align 8 %135 = and i64 %134, 1 %136 = icmp eq i64 %135, 0 %137 = add i64 %134, -1 %138 = ptrtoint %struct.page* %116 to i64 %139 = select i1 %136, i64 %138, i64 %137, !prof !4 %140 = inttoptr i64 %139 to %struct.folio* %141 = getelementptr inbounds %struct.folio, %struct.folio* %140, i64 0, i32 0, i32 0, i32 0 %142 = load volatile i64, i64* %141, align 8 %143 = and i64 %142, 4 %144 = icmp eq i64 %143, 0 br i1 %144, label %146, label %145 %147 = load i32, i32* %30, align 8 %148 = and i32 %147, 524288 %149 = icmp ne i32 %148, 0 %150 = icmp ugt i8 %111, 1 %151 = and i1 %149, %150 br i1 %151, label %152, label %154 %155 = phi i32 [ %147, %146 ], [ %153, %152 ] %156 = load volatile i64, i64* %133, align 8 %157 = and i64 %156, 1 %158 = icmp eq i64 %157, 0 %159 = add i64 %156, -1 %160 = select i1 %158, i64 %138, i64 %159, !prof !4 %161 = inttoptr i64 %160 to %struct.folio* %162 = and i32 %155, 8 %163 = icmp eq i32 %162, 0 br i1 %163, label %167, label %164 call void @down_read(%struct.rw_semaphore* %80) #83 br label %168 %169 = getelementptr inbounds %struct.folio, %struct.folio* %161, i64 0, i32 0, i32 0, i32 0 %170 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %169, i64 0, i64* %169) #6, !srcloc !9 %171 = and i8 %170, 1 %172 = icmp eq i8 %171, 0 br i1 %172, label %215, label %173 %174 = load i32, i32* %30, align 8 %175 = and i32 %174, 1048584 %176 = icmp eq i32 %175, 0 br i1 %176, label %177, label %318 %178 = and i32 %174, 524288 %179 = icmp eq i32 %178, 0 br i1 %179, label %180, label %190 %191 = load %struct.wait_page_queue*, %struct.wait_page_queue** %46, align 8 %192 = mul i64 %160, 7046029254386353131 %193 = lshr i64 %192, 56 %194 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %191, i64 0, i32 0 store %struct.folio* %161, %struct.folio** %194, align 8 %195 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %191, i64 0, i32 1 store i32 0, i32* %195, align 8 %196 = getelementptr [256 x %struct.wait_queue_head], [256 x %struct.wait_queue_head]* @folio_wait_table, i64 0, i64 %193, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %196) #83 %197 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %191, i64 0, i32 2, i32 3 %198 = getelementptr [256 x %struct.wait_queue_head], [256 x %struct.wait_queue_head]* @folio_wait_table, i64 0, i64 %193, i32 1 %199 = getelementptr [256 x %struct.wait_queue_head], [256 x %struct.wait_queue_head]* @folio_wait_table, i64 0, i64 %193, i32 1, i32 1 %200 = load %struct.list_head*, %struct.list_head** %199, align 8 store %struct.list_head* %197, %struct.list_head** %199, align 8 %201 = getelementptr inbounds %struct.list_head, %struct.list_head* %197, i64 0, i32 0 store %struct.list_head* %198, %struct.list_head** %201, align 8 %202 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %191, i64 0, i32 2, i32 3, i32 1 store %struct.list_head* %200, %struct.list_head** %202, align 8 %203 = getelementptr inbounds %struct.list_head, %struct.list_head* %200, i64 0, i32 0 store volatile %struct.list_head* %197, %struct.list_head** %203, align 8 %204 = inttoptr i64 %160 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %204, i32 128, i8* %204) #6, !srcloc !10 %205 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %169, i64 0, i64* %169) #6, !srcloc !9 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %208, label %214 %209 = load %struct.list_head*, %struct.list_head** %202, align 8 %210 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %191, i64 0, i32 2, i32 3, i32 0 %211 = load %struct.list_head*, %struct.list_head** %210, align 8 %212 = getelementptr inbounds %struct.list_head, %struct.list_head* %211, i64 0, i32 1 store %struct.list_head* %209, %struct.list_head** %212, align 8 %213 = getelementptr inbounds %struct.list_head, %struct.list_head* %209, i64 0, i32 0 store volatile %struct.list_head* %211, %struct.list_head** %213, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %210, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %202, align 8 call void @_raw_spin_unlock_irq(%struct.raw_spinlock* %196) #83 br label %215 %216 = inttoptr i64 %160 to %struct.anon.95.118310* %217 = getelementptr inbounds %struct.anon.95.118310, %struct.anon.95.118310* %216, i64 0, i32 2 %218 = load %struct.address_space*, %struct.address_space** %217, align 8 %219 = icmp eq %struct.address_space* %218, null br i1 %219, label %311, label %220 %221 = load i64, i64* %14, align 8 %222 = getelementptr inbounds %struct.folio, %struct.folio* %161, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.folio, %struct.folio* %161, i64 0, i32 0, i32 0, i32 1 %224 = bitcast %union.anon.20* %223 to i64* %225 = load volatile i64, i64* %224, align 8 %226 = and i64 %225, 1 %227 = icmp eq i64 %226, 0 %228 = add i64 %225, -1 %229 = select i1 %227, i64 %160, i64 %228, !prof !4 %230 = inttoptr i64 %229 to %struct.folio* %231 = getelementptr inbounds %struct.folio, %struct.folio* %230, i64 0, i32 0, i32 0, i32 0 %232 = load volatile i64, i64* %231, align 8 %233 = and i64 %232, 4 %234 = icmp eq i64 %233, 0 br i1 %234, label %236, label %235 %237 = load i8, i8* %47, align 8 %238 = icmp eq i8 %237, 3 br i1 %238, label %263, label %239 %240 = load %struct.address_space_operations*, %struct.address_space_operations** %81, align 8 %241 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %240, i64 0, i32 17 %242 = load i32 (%struct.page*, i64, i64)*, i32 (%struct.page*, i64, i64)** %241, align 8 %243 = icmp eq i32 (%struct.page*, i64, i64)* %242, null br i1 %243, label %263, label %244 %245 = load %struct.inode*, %struct.inode** %82, align 8 %246 = getelementptr inbounds %struct.inode, %struct.inode* %245, i64 0, i32 20 %247 = load i8, i8* %246, align 2 %248 = icmp ugt i8 %247, 11 br i1 %248, label %263, label %249 %250 = load i64, i64* %22, align 8 %251 = getelementptr inbounds %struct.folio, %struct.folio* %161, i64 0, i32 0, i32 0, i32 1, i32 0, i32 2 %252 = load i64, i64* %251, align 8 %253 = shl i64 %252, 12 %254 = icmp slt i64 %221, %253 %255 = sub i64 %221, %253 %256 = select i1 %254, i64 0, i64 %255 %257 = select i1 %254, i64 %255, i64 0 %258 = add i64 %257, %250 %259 = shl i64 %258, 32 %260 = ashr exact i64 %259, 32 %261 = call i32 %242(%struct.page* %222, i64 %256, i64 %260) #83 %262 = icmp eq i32 %261, 0 br i1 %262, label %263, label %311 %264 = load i32, i32* %30, align 8 %265 = and i32 %264, 1572872 %266 = icmp eq i32 %265, 0 br i1 %266, label %267, label %311 %312 = phi i32 [ 0, %249 ], [ -11, %263 ], [ 524289, %215 ], [ 0, %235 ] %313 = inttoptr i64 %160 to i8* %314 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $2,$1\0A\09/* output condition code s*/\0A", "={@ccs},=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %313, i8 -2, i8* %313) #6, !srcloc !12 %315 = and i8 %314, 1 %316 = icmp eq i8 %315, 0 br i1 %316, label %320, label %317 call fastcc void @folio_wake_bit(%struct.folio* %161, i32 0) #83 br label %320 %321 = phi i32 [ %279, %267 ], [ %293, %292 ], [ %312, %311 ], [ %312, %317 ] call void @up_read(%struct.rw_semaphore* %80) #83 %322 = icmp eq i32 %321, 524289 br i1 %322, label %323, label %330 %331 = phi i32 [ %321, %320 ], [ %319, %318 ] %332 = icmp eq i32 %331, 0 br i1 %332, label %362, label %333 %363 = phi i32 [ %360, %359 ], [ 0, %145 ], [ 0, %352 ], [ 0, %330 ] %364 = load i64, i64* %31, align 8 %365 = load i64, i64* %14, align 8 %366 = icmp slt i64 %365, %364 br i1 %366, label %369, label %367, !prof !4, !misexpect !5 %370 = load i64, i64* %22, align 8 %371 = add i64 %370, %365 %372 = icmp slt i64 %364, %371 %373 = select i1 %372, i64 %364, i64 %371 %374 = load volatile i32, i32* %48, align 4 %375 = load i64, i64* %49, align 8 %376 = xor i64 %375, %365 %377 = icmp ult i64 %376, 4096 br i1 %377, label %380, label %378 %381 = load i8, i8* %13, align 8 %382 = icmp eq i8 %381, 0 br i1 %382, label %448, label %383 %384 = zext i8 %381 to i32 br label %385 %386 = phi i64 [ %52, %383 ], [ %407, %405 ] %387 = phi i32 [ 0, %383 ], [ %412, %405 ] %388 = phi i32 [ %363, %383 ], [ %411, %405 ] %389 = sext i32 %387 to i64 %390 = getelementptr %struct.pagevec, %struct.pagevec* %6, i64 0, i32 2, i64 %389 %391 = load %struct.page*, %struct.page** %390, align 8 %392 = load i64, i64* %14, align 8 %393 = and i64 %392, 4095 %394 = sub i64 %373, %392 %395 = sub nuw nsw i64 4096, %393 %396 = icmp slt i64 %394, %395 %397 = select i1 %396, i64 %394, i64 %395 %398 = getelementptr inbounds %struct.page, %struct.page* %391, i64 0, i32 1, i32 0, i32 2 %399 = load i64, i64* %398, align 8 %400 = shl i64 %399, 12 %401 = icmp slt i64 %373, %400 br i1 %401, label %416, label %402 %417 = phi i8 [ %368, %367 ], [ %381, %405 ], [ %381, %385 ] %418 = phi i32 [ %363, %367 ], [ %388, %385 ], [ %411, %405 ] %419 = phi i64 [ %52, %367 ], [ %386, %385 ], [ %407, %405 ] %420 = icmp eq i8 %417, 0 br i1 %420, label %448, label %421 %422 = zext i8 %417 to i32 %423 = icmp ugt i32 %422, 1 %424 = select i1 %423, i32 %422, i32 1 %425 = zext i32 %424 to i64 br label %426 %427 = phi i64 [ 0, %421 ], [ %446, %445 ] %428 = getelementptr %struct.pagevec, %struct.pagevec* %6, i64 0, i32 2, i64 %427 %429 = load %struct.page*, %struct.page** %428, align 8 %430 = getelementptr inbounds %struct.page, %struct.page* %429, i64 0, i32 1 %431 = bitcast %union.anon.20* %430 to i64* %432 = load volatile i64, i64* %431, align 8 %433 = and i64 %432, 1 %434 = icmp eq i64 %433, 0 %435 = add i64 %432, -1 %436 = ptrtoint %struct.page* %429 to i64 %437 = select i1 %434, i64 %436, i64 %435, !prof !4 %438 = inttoptr i64 %437 to %struct.folio* %439 = getelementptr inbounds %struct.folio, %struct.folio* %438, i64 0, i32 0, i32 0, i32 3, i32 0 %440 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %439, i32* %439) #6, !srcloc !13 %441 = and i8 %440, 1 %442 = icmp eq i8 %441, 0 br i1 %442, label %445, label %443 %446 = add nuw nsw i64 %427, 1 %447 = icmp eq i64 %446, %425 br i1 %447, label %448, label %426 %449 = phi i64 [ %419, %416 ], [ %52, %380 ], [ %419, %445 ] %450 = phi i32 [ %418, %416 ], [ %363, %380 ], [ %418, %445 ] store i8 0, i8* %13, align 8 %451 = load i64, i64* %22, align 8 %452 = icmp eq i64 %451, 0 br i1 %452, label %458, label %453 %454 = load i64, i64* %14, align 8 %455 = icmp slt i64 %454, %364 %456 = icmp eq i32 %450, 0 %457 = and i1 %456, %455 br i1 %457, label %51, label %458 %52 = phi i64 [ %2, %28 ], [ %449, %453 ] %53 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 filemap_read 1 generic_file_read_iter 2 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.289133, %struct.kiocb.289133* %0, i64 0, i32 0 %4 = load %struct.file.289341*, %struct.file.289341** %3, align 8 %5 = getelementptr inbounds %struct.file.289341, %struct.file.289341* %4, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.block_device.289220** %7 = load %struct.block_device.289220*, %struct.block_device.289220** %6, align 8 %8 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %7, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = shl i64 %9, 9 %11 = getelementptr inbounds %struct.kiocb.289133, %struct.kiocb.289133* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, %12 %16 = icmp ugt i64 %15, %10 br i1 %16, label %17, label %22, !prof !4, !misexpect !5 %18 = icmp sgt i64 %10, %12 br i1 %18, label %19, label %31 %20 = sub i64 %10, %12 %21 = icmp ugt i64 %14, %20 br i1 %21, label %24, label %22 %23 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.289133*, %struct.iov_iter*)*)(%struct.kiocb.289133* %0, %struct.iov_iter* %1) #83 Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %62 = phi i64 [ %42, %56 ], [ 0, %6 ] %63 = tail call i64 @filemap_read(%struct.kiocb* %0, %struct.iov_iter* %1, i64 %62) #83 Function:filemap_read %4 = alloca %struct.readahead_control, align 8 %5 = alloca %struct.readahead_control, align 8 %6 = alloca %struct.pagevec, align 8 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %8 = load %struct.file*, %struct.file** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %8, i64 0, i32 18 %10 = load %struct.address_space*, %struct.address_space** %9, align 8 %11 = getelementptr inbounds %struct.address_space, %struct.address_space* %10, i64 0, i32 0 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %6, i64 0, i32 0 %14 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 8 %17 = load %struct.super_block*, %struct.super_block** %16, align 8 %18 = getelementptr inbounds %struct.super_block, %struct.super_block* %17, i64 0, i32 4 %19 = load i64, i64* %18, align 32 %20 = icmp slt i64 %15, %19 br i1 %20, label %21, label %471, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %471, label %25, !prof !6, !misexpect !5 %26 = icmp ugt i64 %23, %19 br i1 %26, label %27, label %28 store i8 0, i8* %13, align 8 %29 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %6, i64 0, i32 1 store i8 0, i8* %29, align 1 %30 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %31 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 14 %32 = bitcast %struct.readahead_control* %5 to i8* %33 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %5, i64 0, i32 0 %34 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %5, i64 0, i32 1 %35 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %5, i64 0, i32 2 %36 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %5, i64 0, i32 3 %37 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %5, i64 0, i32 4 %38 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %5, i64 0, i32 5 %39 = bitcast %struct.readahead_control* %4 to i8* %40 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %4, i64 0, i32 1 %42 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %4, i64 0, i32 2 %43 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %4, i64 0, i32 3 %44 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %4, i64 0, i32 4 %45 = getelementptr inbounds %struct.readahead_control, %struct.readahead_control* %4, i64 0, i32 5 %46 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 7 %47 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %48 = getelementptr inbounds %struct.address_space, %struct.address_space* %10, i64 0, i32 4, i32 0 %49 = getelementptr inbounds %struct.file, %struct.file* %8, i64 0, i32 13, i32 5 %50 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %6, i64 0, i32 2, i64 0 br label %51 %52 = phi i64 [ %2, %28 ], [ %449, %453 ] %53 = call i32 @__SCT__cond_resched() #83 %60 = or i32 %54, 8 store i32 %60, i32* %30, align 8 br label %61 %62 = load i64, i64* %14, align 8 %63 = load i64, i64* %31, align 8 %64 = icmp slt i64 %62, %63 br i1 %64, label %65, label %458, !prof !4, !misexpect !5 %66 = load %struct.file*, %struct.file** %7, align 8 %67 = getelementptr inbounds %struct.file, %struct.file* %66, i64 0, i32 18 %68 = load %struct.address_space*, %struct.address_space** %67, align 8 %69 = getelementptr inbounds %struct.file, %struct.file* %66, i64 0, i32 13 %70 = ashr i64 %62, 12 %71 = load i64, i64* %22, align 8 %72 = add i64 %62, 4095 %73 = add i64 %72, %71 %74 = lshr i64 %73, 12 %75 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %76 = inttoptr i64 %75 to %struct.task_struct* %77 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 0, i32 0 %78 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %76, i64 0, i32 109, i32 1, i32 0, i64 0 %79 = sub nsw i64 %74, %70 %80 = getelementptr inbounds %struct.address_space, %struct.address_space* %68, i64 0, i32 2 %81 = getelementptr inbounds %struct.address_space, %struct.address_space* %68, i64 0, i32 9 %82 = getelementptr inbounds %struct.address_space, %struct.address_space* %68, i64 0, i32 0 br label %83 %84 = load volatile i64, i64* %77, align 8 %85 = and i64 %84, 4 %86 = icmp eq i64 %85, 0 br i1 %86, label %91, label %87 %88 = load i64, i64* %78, align 8 %89 = and i64 %88, 256 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %458 call fastcc void @filemap_get_read_batch(%struct.address_space* %68, i64 %70, i64 %74, %struct.pagevec* nonnull %6) #83 %92 = load i8, i8* %13, align 8 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %110 %95 = load i32, i32* %30, align 8 %96 = and i32 %95, 1048576 %97 = icmp eq i32 %96, 0 br i1 %97, label %98, label %458 store %struct.file* %66, %struct.file** %33, align 8 store %struct.address_space* %68, %struct.address_space** %34, align 8 store %struct.file_ra_state* %69, %struct.file_ra_state** %35, align 8 store i64 %70, i64* %36, align 8 store i32 0, i32* %37, align 8 store i32 0, i32* %38, align 4 call void @page_cache_sync_ra(%struct.readahead_control* nonnull %5, i64 %79) #83 call fastcc void @filemap_get_read_batch(%struct.address_space* %68, i64 %70, i64 %74, %struct.pagevec* nonnull %6) #83 %99 = load i8, i8* %13, align 8 %100 = icmp eq i8 %99, 0 br i1 %100, label %101, label %110 %111 = phi i8 [ %99, %98 ], [ %92, %91 ] %112 = zext i8 %111 to i64 %113 = add nuw nsw i64 %112, 4294967295 %114 = and i64 %113, 4294967295 %115 = getelementptr %struct.pagevec, %struct.pagevec* %6, i64 0, i32 2, i64 %114 %116 = load %struct.page*, %struct.page** %115, align 8 %117 = getelementptr inbounds %struct.page, %struct.page* %116, i64 0, i32 0 %118 = load volatile i64, i64* %117, align 8 %119 = and i64 %118, 262144 %120 = icmp eq i64 %119, 0 br i1 %120, label %131, label %121 %122 = load i32, i32* %30, align 8 %123 = and i32 %122, 1048576 %124 = icmp eq i32 %123, 0 br i1 %124, label %127, label %125 %128 = getelementptr inbounds %struct.page, %struct.page* %116, i64 0, i32 1, i32 0, i32 2 %129 = load i64, i64* %128, align 8 %130 = sub i64 %74, %129 store %struct.file* %66, %struct.file** %40, align 8 store %struct.address_space* %68, %struct.address_space** %41, align 8 store %struct.file_ra_state* %69, %struct.file_ra_state** %42, align 8 store i64 %129, i64* %43, align 8 store i32 0, i32* %44, align 8 store i32 0, i32* %45, align 4 call void @page_cache_async_ra(%struct.readahead_control* nonnull %4, %struct.page* %116, i64 %130) #83 br label %131 %132 = getelementptr inbounds %struct.page, %struct.page* %116, i64 0, i32 1 %133 = bitcast %union.anon.20* %132 to i64* %134 = load volatile i64, i64* %133, align 8 %135 = and i64 %134, 1 %136 = icmp eq i64 %135, 0 %137 = add i64 %134, -1 %138 = ptrtoint %struct.page* %116 to i64 %139 = select i1 %136, i64 %138, i64 %137, !prof !4 %140 = inttoptr i64 %139 to %struct.folio* %141 = getelementptr inbounds %struct.folio, %struct.folio* %140, i64 0, i32 0, i32 0, i32 0 %142 = load volatile i64, i64* %141, align 8 %143 = and i64 %142, 4 %144 = icmp eq i64 %143, 0 br i1 %144, label %146, label %145 %147 = load i32, i32* %30, align 8 %148 = and i32 %147, 524288 %149 = icmp ne i32 %148, 0 %150 = icmp ugt i8 %111, 1 %151 = and i1 %149, %150 br i1 %151, label %152, label %154 %155 = phi i32 [ %147, %146 ], [ %153, %152 ] %156 = load volatile i64, i64* %133, align 8 %157 = and i64 %156, 1 %158 = icmp eq i64 %157, 0 %159 = add i64 %156, -1 %160 = select i1 %158, i64 %138, i64 %159, !prof !4 %161 = inttoptr i64 %160 to %struct.folio* %162 = and i32 %155, 8 %163 = icmp eq i32 %162, 0 br i1 %163, label %167, label %164 call void @down_read(%struct.rw_semaphore* %80) #83 br label %168 %169 = getelementptr inbounds %struct.folio, %struct.folio* %161, i64 0, i32 0, i32 0, i32 0 %170 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %169, i64 0, i64* %169) #6, !srcloc !9 %171 = and i8 %170, 1 %172 = icmp eq i8 %171, 0 br i1 %172, label %215, label %173 %174 = load i32, i32* %30, align 8 %175 = and i32 %174, 1048584 %176 = icmp eq i32 %175, 0 br i1 %176, label %177, label %318 %178 = and i32 %174, 524288 %179 = icmp eq i32 %178, 0 br i1 %179, label %180, label %190 %191 = load %struct.wait_page_queue*, %struct.wait_page_queue** %46, align 8 %192 = mul i64 %160, 7046029254386353131 %193 = lshr i64 %192, 56 %194 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %191, i64 0, i32 0 store %struct.folio* %161, %struct.folio** %194, align 8 %195 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %191, i64 0, i32 1 store i32 0, i32* %195, align 8 %196 = getelementptr [256 x %struct.wait_queue_head], [256 x %struct.wait_queue_head]* @folio_wait_table, i64 0, i64 %193, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %196) #83 %197 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %191, i64 0, i32 2, i32 3 %198 = getelementptr [256 x %struct.wait_queue_head], [256 x %struct.wait_queue_head]* @folio_wait_table, i64 0, i64 %193, i32 1 %199 = getelementptr [256 x %struct.wait_queue_head], [256 x %struct.wait_queue_head]* @folio_wait_table, i64 0, i64 %193, i32 1, i32 1 %200 = load %struct.list_head*, %struct.list_head** %199, align 8 store %struct.list_head* %197, %struct.list_head** %199, align 8 %201 = getelementptr inbounds %struct.list_head, %struct.list_head* %197, i64 0, i32 0 store %struct.list_head* %198, %struct.list_head** %201, align 8 %202 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %191, i64 0, i32 2, i32 3, i32 1 store %struct.list_head* %200, %struct.list_head** %202, align 8 %203 = getelementptr inbounds %struct.list_head, %struct.list_head* %200, i64 0, i32 0 store volatile %struct.list_head* %197, %struct.list_head** %203, align 8 %204 = inttoptr i64 %160 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %204, i32 128, i8* %204) #6, !srcloc !10 %205 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %169, i64 0, i64* %169) #6, !srcloc !9 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %208, label %214 %209 = load %struct.list_head*, %struct.list_head** %202, align 8 %210 = getelementptr inbounds %struct.wait_page_queue, %struct.wait_page_queue* %191, i64 0, i32 2, i32 3, i32 0 %211 = load %struct.list_head*, %struct.list_head** %210, align 8 %212 = getelementptr inbounds %struct.list_head, %struct.list_head* %211, i64 0, i32 1 store %struct.list_head* %209, %struct.list_head** %212, align 8 %213 = getelementptr inbounds %struct.list_head, %struct.list_head* %209, i64 0, i32 0 store volatile %struct.list_head* %211, %struct.list_head** %213, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %210, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %202, align 8 call void @_raw_spin_unlock_irq(%struct.raw_spinlock* %196) #83 br label %215 %216 = inttoptr i64 %160 to %struct.anon.95.118310* %217 = getelementptr inbounds %struct.anon.95.118310, %struct.anon.95.118310* %216, i64 0, i32 2 %218 = load %struct.address_space*, %struct.address_space** %217, align 8 %219 = icmp eq %struct.address_space* %218, null br i1 %219, label %311, label %220 %221 = load i64, i64* %14, align 8 %222 = getelementptr inbounds %struct.folio, %struct.folio* %161, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.folio, %struct.folio* %161, i64 0, i32 0, i32 0, i32 1 %224 = bitcast %union.anon.20* %223 to i64* %225 = load volatile i64, i64* %224, align 8 %226 = and i64 %225, 1 %227 = icmp eq i64 %226, 0 %228 = add i64 %225, -1 %229 = select i1 %227, i64 %160, i64 %228, !prof !4 %230 = inttoptr i64 %229 to %struct.folio* %231 = getelementptr inbounds %struct.folio, %struct.folio* %230, i64 0, i32 0, i32 0, i32 0 %232 = load volatile i64, i64* %231, align 8 %233 = and i64 %232, 4 %234 = icmp eq i64 %233, 0 br i1 %234, label %236, label %235 %237 = load i8, i8* %47, align 8 %238 = icmp eq i8 %237, 3 br i1 %238, label %263, label %239 %240 = load %struct.address_space_operations*, %struct.address_space_operations** %81, align 8 %241 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %240, i64 0, i32 17 %242 = load i32 (%struct.page*, i64, i64)*, i32 (%struct.page*, i64, i64)** %241, align 8 %243 = icmp eq i32 (%struct.page*, i64, i64)* %242, null br i1 %243, label %263, label %244 %245 = load %struct.inode*, %struct.inode** %82, align 8 %246 = getelementptr inbounds %struct.inode, %struct.inode* %245, i64 0, i32 20 %247 = load i8, i8* %246, align 2 %248 = icmp ugt i8 %247, 11 br i1 %248, label %263, label %249 %250 = load i64, i64* %22, align 8 %251 = getelementptr inbounds %struct.folio, %struct.folio* %161, i64 0, i32 0, i32 0, i32 1, i32 0, i32 2 %252 = load i64, i64* %251, align 8 %253 = shl i64 %252, 12 %254 = icmp slt i64 %221, %253 %255 = sub i64 %221, %253 %256 = select i1 %254, i64 0, i64 %255 %257 = select i1 %254, i64 %255, i64 0 %258 = add i64 %257, %250 %259 = shl i64 %258, 32 %260 = ashr exact i64 %259, 32 %261 = call i32 %242(%struct.page* %222, i64 %256, i64 %260) #83 %262 = icmp eq i32 %261, 0 br i1 %262, label %263, label %311 %264 = load i32, i32* %30, align 8 %265 = and i32 %264, 1572872 %266 = icmp eq i32 %265, 0 br i1 %266, label %267, label %311 %312 = phi i32 [ 0, %249 ], [ -11, %263 ], [ 524289, %215 ], [ 0, %235 ] %313 = inttoptr i64 %160 to i8* %314 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $2,$1\0A\09/* output condition code s*/\0A", "={@ccs},=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %313, i8 -2, i8* %313) #6, !srcloc !12 %315 = and i8 %314, 1 %316 = icmp eq i8 %315, 0 br i1 %316, label %320, label %317 call fastcc void @folio_wake_bit(%struct.folio* %161, i32 0) #83 br label %320 %321 = phi i32 [ %279, %267 ], [ %293, %292 ], [ %312, %311 ], [ %312, %317 ] call void @up_read(%struct.rw_semaphore* %80) #83 %322 = icmp eq i32 %321, 524289 br i1 %322, label %323, label %330 %331 = phi i32 [ %321, %320 ], [ %319, %318 ] %332 = icmp eq i32 %331, 0 br i1 %332, label %362, label %333 %363 = phi i32 [ %360, %359 ], [ 0, %145 ], [ 0, %352 ], [ 0, %330 ] %364 = load i64, i64* %31, align 8 %365 = load i64, i64* %14, align 8 %366 = icmp slt i64 %365, %364 br i1 %366, label %369, label %367, !prof !4, !misexpect !5 %370 = load i64, i64* %22, align 8 %371 = add i64 %370, %365 %372 = icmp slt i64 %364, %371 %373 = select i1 %372, i64 %364, i64 %371 %374 = load volatile i32, i32* %48, align 4 %375 = load i64, i64* %49, align 8 %376 = xor i64 %375, %365 %377 = icmp ult i64 %376, 4096 br i1 %377, label %380, label %378 %381 = load i8, i8* %13, align 8 %382 = icmp eq i8 %381, 0 br i1 %382, label %448, label %383 %384 = zext i8 %381 to i32 br label %385 %386 = phi i64 [ %52, %383 ], [ %407, %405 ] %387 = phi i32 [ 0, %383 ], [ %412, %405 ] %388 = phi i32 [ %363, %383 ], [ %411, %405 ] %389 = sext i32 %387 to i64 %390 = getelementptr %struct.pagevec, %struct.pagevec* %6, i64 0, i32 2, i64 %389 %391 = load %struct.page*, %struct.page** %390, align 8 %392 = load i64, i64* %14, align 8 %393 = and i64 %392, 4095 %394 = sub i64 %373, %392 %395 = sub nuw nsw i64 4096, %393 %396 = icmp slt i64 %394, %395 %397 = select i1 %396, i64 %394, i64 %395 %398 = getelementptr inbounds %struct.page, %struct.page* %391, i64 0, i32 1, i32 0, i32 2 %399 = load i64, i64* %398, align 8 %400 = shl i64 %399, 12 %401 = icmp slt i64 %373, %400 br i1 %401, label %416, label %402 %417 = phi i8 [ %368, %367 ], [ %381, %405 ], [ %381, %385 ] %418 = phi i32 [ %363, %367 ], [ %388, %385 ], [ %411, %405 ] %419 = phi i64 [ %52, %367 ], [ %386, %385 ], [ %407, %405 ] %420 = icmp eq i8 %417, 0 br i1 %420, label %448, label %421 %422 = zext i8 %417 to i32 %423 = icmp ugt i32 %422, 1 %424 = select i1 %423, i32 %422, i32 1 %425 = zext i32 %424 to i64 br label %426 %427 = phi i64 [ 0, %421 ], [ %446, %445 ] %428 = getelementptr %struct.pagevec, %struct.pagevec* %6, i64 0, i32 2, i64 %427 %429 = load %struct.page*, %struct.page** %428, align 8 %430 = getelementptr inbounds %struct.page, %struct.page* %429, i64 0, i32 1 %431 = bitcast %union.anon.20* %430 to i64* %432 = load volatile i64, i64* %431, align 8 %433 = and i64 %432, 1 %434 = icmp eq i64 %433, 0 %435 = add i64 %432, -1 %436 = ptrtoint %struct.page* %429 to i64 %437 = select i1 %434, i64 %436, i64 %435, !prof !4 %438 = inttoptr i64 %437 to %struct.folio* %439 = getelementptr inbounds %struct.folio, %struct.folio* %438, i64 0, i32 0, i32 0, i32 3, i32 0 %440 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %439, i32* %439) #6, !srcloc !13 %441 = and i8 %440, 1 %442 = icmp eq i8 %441, 0 br i1 %442, label %445, label %443 %446 = add nuw nsw i64 %427, 1 %447 = icmp eq i64 %446, %425 br i1 %447, label %448, label %426 %449 = phi i64 [ %419, %416 ], [ %52, %380 ], [ %419, %445 ] %450 = phi i32 [ %418, %416 ], [ %363, %380 ], [ %418, %445 ] store i8 0, i8* %13, align 8 %451 = load i64, i64* %22, align 8 %452 = icmp eq i64 %451, 0 br i1 %452, label %458, label %453 %454 = load i64, i64* %14, align 8 %455 = icmp slt i64 %454, %364 %456 = icmp eq i32 %450, 0 %457 = and i1 %456, %455 br i1 %457, label %51, label %458 %52 = phi i64 [ %2, %28 ], [ %449, %453 ] %53 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 pnp_disable_dev 7 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.343946* %11 = getelementptr inbounds %struct.pnp_dev.343946, %struct.pnp_dev.343946* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #84 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.35209, i64 0, i64 0), i64 7) #85 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.344092*)* @pnp_disable_dev to i32 (%struct.pnp_dev.343946*)*)(%struct.pnp_dev.343946* %10) #84 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.344082*, %struct.pnp_protocol.344082** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.344082, %struct.pnp_protocol.344082* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.344092*)*, i32 (%struct.pnp_dev.344092*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.344092*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %23 = load i32, i32* @pnp_debug, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %51, label %25 %26 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.35105, i64 0, i64 0), %struct.device* %26, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.7.35106, i64 0, i64 0)) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.373290* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.45512, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %70, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %70 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #84 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %70 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.41039, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %66, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %66 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #84 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %66 %38 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.41033, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.41034, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.41035, i64 0, i64 0), i8* %46) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.426591** %7 = load %struct.i915_gpu_coredump.426591*, %struct.i915_gpu_coredump.426591** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.426591* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %10, align 8 %12 = icmp eq %struct.drm_i915_private.426623* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.40.40785, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = icmp eq %struct.drm_i915_private.412466* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.40123, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 cur_state_store ------------- Path:  Function:cur_state_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 36 %7 = bitcast %struct.dev_iommu** %6 to %struct.thermal_cooling_device* %8 = bitcast i64* %5 to i8* %9 = load i1, i1* @cur_state_store.__print_once, align 1 br i1 %9, label %13, label %10 store i1 true, i1* @cur_state_store.__print_once, align 1 %11 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %6, i64 2 %12 = bitcast %struct.dev_iommu** %11 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %12, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.31.59516, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 stable_pages_required_show ------------- Path:  Function:stable_pages_required_show %4 = load i1, i1* @stable_pages_required_show.__print_once, align 1 br i1 %4, label %6, label %5 store i1 true, i1* @stable_pages_required_show.__print_once, align 1 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %0, i8* getelementptr inbounds ([102 x i8], [102 x i8]* @.str.7.14003, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.313800* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.13.30582, i64 0, i64 0)) #83 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 253 %14 = bitcast %struct.irq_domain** %13 to i8* store i8 0, i8* %14, align 8 %15 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 25 %16 = bitcast %struct.irq_domain** %15 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %16, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.79.30583, i64 0, i64 0)) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 pci_vpd_available 7 pci_vpd_read 8 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 pci_vpd_available 7 pci_vpd_write 8 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_write %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %22 = bitcast %struct.list_head** %21 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %23 = bitcast %struct.list_head** %22 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* %21, i8* nonnull %6) #83 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.62.58645, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.58648, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 %165 = zext i32 %164 to i64 %166 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %165) #6, !srcloc !8 %167 = and i8 %166, 1 %168 = icmp eq i8 %167, 0 br i1 %168, label %169, label %173 %170 = load i16, i16* %155, align 8 %171 = and i16 %170, 16 %172 = icmp eq i16 %171, 0 br i1 %172, label %184, label %173 %174 = load i16, i16* %155, align 8 %175 = and i16 %174, 64 %176 = icmp eq i16 %175, 0 br i1 %176, label %179, label %177 br i1 %145, label %182, label %180 %181 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %181(%struct.console* nonnull %149, i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i32 %146) #83 br label %182 %183 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 call void %183(%struct.console* nonnull %149, i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i32 %147) #83 br label %184 %185 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 14 %186 = load %struct.console*, %struct.console** %185, align 8 %187 = icmp eq %struct.console* %186, null br i1 %187, label %188, label %148 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %189 = load volatile i8, i8* @console_waiter, align 1, !range !11 %190 = icmp eq i8 %189, 0 store %struct.task_struct* null, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 br i1 %190, label %192, label %191 %193 = phi i1 [ false, %188 ], [ true, %191 ] call void @__printk_safe_exit() #83 %194 = and i64 %128, 512 %195 = icmp eq i64 %194, 0 br i1 %195, label %197, label %196 %198 = or i1 %193, %24 %199 = zext i1 %193 to i32 br i1 %198, label %202, label %200 %201 = call i32 @__SCT__cond_resched() #83 ------------- Good: 6382 Bad: 43 Ignored: 3823 Check Use of Function:netdev_printk Check Use of Function:ip6_route_add Check Use of Function:find_task_by_vpid Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_set 1 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %154 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %154 tail call void @__rcu_read_lock() #83 switch i32 %4, label %151 [ i32 1, label %19 i32 2, label %31 i32 3, label %87 ] %20 = icmp eq i32 %5, 0 br i1 %20, label %21, label %24 %25 = tail call %struct.task_struct.2039* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.2039* (i32)*)(i32 %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_set 1 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %154 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %154 tail call void @__rcu_read_lock() #83 switch i32 %4, label %151 [ i32 1, label %19 i32 2, label %31 i32 3, label %87 ] %20 = icmp eq i32 %5, 0 br i1 %20, label %21, label %24 %25 = tail call %struct.task_struct.2039* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.2039* (i32)*)(i32 %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_get 1 __ia32_sys_ioprio_get ------------- Path:  Function:__ia32_sys_ioprio_get %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_ioprio_get(i64 %4, i64 %7) #83 Function:__se_sys_ioprio_get %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 tail call void @__rcu_read_lock() #83 switch i32 %3, label %217 [ i32 1, label %5 i32 2, label %29 i32 3, label %119 ] %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %10 %11 = tail call %struct.task_struct.2039* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.2039* (i32)*)(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_get 1 __x64_sys_ioprio_get ------------- Path:  Function:__x64_sys_ioprio_get %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_ioprio_get(i64 %3, i64 %5) #83 Function:__se_sys_ioprio_get %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 tail call void @__rcu_read_lock() #83 switch i32 %3, label %217 [ i32 1, label %5 i32 2, label %29 i32 3, label %119 ] %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %10 %11 = tail call %struct.task_struct.2039* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.2039* (i32)*)(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_move_pages 1 __ia32_sys_move_pages ------------- Path:  Function:__ia32_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_move_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #83 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void @__rcu_read_lock() #83 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_move_pages 1 __x64_sys_move_pages ------------- Path:  Function:__x64_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_move_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #83 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void @__rcu_read_lock() #83 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_migrate_pages 1 __ia32_sys_migrate_pages ------------- Path:  Function:__ia32_sys_migrate_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_migrate_pages(i64 %4, i64 %7, i64 %10, i64 %13) #83 Function:__se_sys_migrate_pages %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.nodemask_scratch, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %2 to i64* %10 = inttoptr i64 %3 to i64* %11 = bitcast %struct.nodemask_scratch* %7 to i8* %12 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 1 %14 = add i64 %1, -1 %15 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0, i32 0, i64 0 store i64 0, i64* %15, align 8 %16 = icmp ne i64 %14, 0 %17 = icmp ne i64 %2, 0 %18 = and i1 %17, %16 br i1 %18, label %19, label %77 %20 = icmp ugt i64 %14, 32768 br i1 %20, label %208, label %21 %22 = bitcast i64* %6 to i8* br label %23 %24 = phi i64 [ %49, %46 ], [ %14, %21 ] %25 = icmp ugt i64 %24, 64 br i1 %25, label %26, label %52 %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 0, i32 2 %56 = load i32, i32* %55, align 8 %57 = and i32 %56, 2 %58 = icmp eq i32 %57, 0 br i1 %58, label %62, label %59 %63 = inttoptr i64 %2 to i8* %64 = call i64 @_copy_from_user(i8* nonnull %11, i8* nonnull %63, i64 8) #83 br label %65 %66 = phi i64 [ %61, %59 ], [ %64, %62 ] %67 = trunc i64 %66 to i32 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %208 %70 = and i64 %24, 63 %71 = icmp eq i64 %70, 0 br i1 %71, label %77, label %72 %73 = shl nsw i64 -1, %70 %74 = xor i64 %73, -1 %75 = load i64, i64* %15, align 8 %76 = and i64 %75, %74 store i64 %76, i64* %15, align 8 br label %77 %78 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %13, i64 0, i32 0, i64 0 store i64 0, i64* %78, align 8 %79 = icmp ne i64 %3, 0 %80 = and i1 %16, %79 br i1 %80, label %81, label %140 %82 = icmp ugt i64 %14, 32768 br i1 %82, label %208, label %83 %84 = bitcast i64* %5 to i8* br label %85 %86 = phi i64 [ %111, %108 ], [ %14, %83 ] %87 = icmp ugt i64 %86, 64 br i1 %87, label %88, label %114 %115 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %116 = inttoptr i64 %115 to %struct.task_struct* %117 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %116, i64 0, i32 0, i32 2 %118 = load i32, i32* %117, align 8 %119 = and i32 %118, 2 %120 = icmp eq i32 %119, 0 br i1 %120, label %124, label %121 %125 = bitcast %struct.cpumask* %13 to i8* %126 = inttoptr i64 %3 to i8* %127 = call i64 @_copy_from_user(i8* %125, i8* nonnull %126, i64 8) #83 br label %128 %129 = phi i64 [ %123, %121 ], [ %127, %124 ] %130 = trunc i64 %129 to i32 %131 = icmp eq i32 %130, 0 br i1 %131, label %132, label %208 %133 = and i64 %86, 63 %134 = icmp eq i64 %133, 0 br i1 %134, label %140, label %135 %136 = shl nsw i64 -1, %133 %137 = xor i64 %136, -1 %138 = load i64, i64* %78, align 8 %139 = and i64 %138, %137 store i64 %139, i64* %78, align 8 br label %140 call void @__rcu_read_lock() #83 %141 = icmp eq i32 %8, 0 br i1 %141, label %144, label %142 %143 = call %struct.task_struct* @find_task_by_vpid(i32 %8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_migrate_pages 1 __x64_sys_migrate_pages ------------- Path:  Function:__x64_sys_migrate_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_migrate_pages(i64 %3, i64 %5, i64 %7, i64 %9) #83 Function:__se_sys_migrate_pages %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.nodemask_scratch, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %2 to i64* %10 = inttoptr i64 %3 to i64* %11 = bitcast %struct.nodemask_scratch* %7 to i8* %12 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 1 %14 = add i64 %1, -1 %15 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0, i32 0, i64 0 store i64 0, i64* %15, align 8 %16 = icmp ne i64 %14, 0 %17 = icmp ne i64 %2, 0 %18 = and i1 %17, %16 br i1 %18, label %19, label %77 %20 = icmp ugt i64 %14, 32768 br i1 %20, label %208, label %21 %22 = bitcast i64* %6 to i8* br label %23 %24 = phi i64 [ %49, %46 ], [ %14, %21 ] %25 = icmp ugt i64 %24, 64 br i1 %25, label %26, label %52 %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 0, i32 2 %56 = load i32, i32* %55, align 8 %57 = and i32 %56, 2 %58 = icmp eq i32 %57, 0 br i1 %58, label %62, label %59 %63 = inttoptr i64 %2 to i8* %64 = call i64 @_copy_from_user(i8* nonnull %11, i8* nonnull %63, i64 8) #83 br label %65 %66 = phi i64 [ %61, %59 ], [ %64, %62 ] %67 = trunc i64 %66 to i32 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %208 %70 = and i64 %24, 63 %71 = icmp eq i64 %70, 0 br i1 %71, label %77, label %72 %73 = shl nsw i64 -1, %70 %74 = xor i64 %73, -1 %75 = load i64, i64* %15, align 8 %76 = and i64 %75, %74 store i64 %76, i64* %15, align 8 br label %77 %78 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %13, i64 0, i32 0, i64 0 store i64 0, i64* %78, align 8 %79 = icmp ne i64 %3, 0 %80 = and i1 %16, %79 br i1 %80, label %81, label %140 %82 = icmp ugt i64 %14, 32768 br i1 %82, label %208, label %83 %84 = bitcast i64* %5 to i8* br label %85 %86 = phi i64 [ %111, %108 ], [ %14, %83 ] %87 = icmp ugt i64 %86, 64 br i1 %87, label %88, label %114 %115 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %116 = inttoptr i64 %115 to %struct.task_struct* %117 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %116, i64 0, i32 0, i32 2 %118 = load i32, i32* %117, align 8 %119 = and i32 %118, 2 %120 = icmp eq i32 %119, 0 br i1 %120, label %124, label %121 %125 = bitcast %struct.cpumask* %13 to i8* %126 = inttoptr i64 %3 to i8* %127 = call i64 @_copy_from_user(i8* %125, i8* nonnull %126, i64 8) #83 br label %128 %129 = phi i64 [ %123, %121 ], [ %127, %124 ] %130 = trunc i64 %129 to i32 %131 = icmp eq i32 %130, 0 br i1 %131, label %132, label %208 %133 = and i64 %86, 63 %134 = icmp eq i64 %133, 0 br i1 %134, label %140, label %135 %136 = shl nsw i64 -1, %133 %137 = xor i64 %136, -1 %138 = load i64, i64* %78, align 8 %139 = and i64 %138, %137 store i64 %139, i64* %78, align 8 br label %140 call void @__rcu_read_lock() #83 %141 = icmp eq i32 %8, 0 br i1 %141, label %144, label %142 %143 = call %struct.task_struct* @find_task_by_vpid(i32 %8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_get_robust_list ------------- Path:  Function:__ia32_compat_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = load i32, i32* @futex_cmpxchg_enabled, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %48, label %13 tail call void @__rcu_read_lock() #83 %14 = icmp eq i32 %10, 0 br i1 %14, label %15, label %18 %19 = tail call %struct.task_struct* @find_task_by_vpid(i32 %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_get_robust_list 1 __ia32_sys_get_robust_list ------------- Path:  Function:__ia32_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_get_robust_list(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_get_robust_list %4 = trunc i64 %0 to i32 %5 = load i32, i32* @futex_cmpxchg_enabled, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %40, label %7 tail call void @__rcu_read_lock() #83 %8 = icmp eq i32 %4, 0 br i1 %8, label %9, label %12 %13 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_get_robust_list 1 __x64_sys_get_robust_list ------------- Path:  Function:__x64_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_get_robust_list(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_get_robust_list %4 = trunc i64 %0 to i32 %5 = load i32, i32* @futex_cmpxchg_enabled, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %40, label %7 tail call void @__rcu_read_lock() #83 %8 = icmp eq i32 %4, 0 br i1 %8, label %9, label %12 %13 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __ia32_sys_kcmp ------------- Path:  Function:__ia32_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_kcmp(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_kcmp %6 = alloca %struct.kernel_symbol, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void @__rcu_read_lock() #83 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #83 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __x64_sys_kcmp ------------- Path:  Function:__x64_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_kcmp(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_kcmp %6 = alloca %struct.kernel_symbol, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void @__rcu_read_lock() #83 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #83 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __ia32_sys_kcmp ------------- Path:  Function:__ia32_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_kcmp(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_kcmp %6 = alloca %struct.kernel_symbol, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void @__rcu_read_lock() #83 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __x64_sys_kcmp ------------- Path:  Function:__x64_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_kcmp(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_kcmp %6 = alloca %struct.kernel_symbol, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void @__rcu_read_lock() #83 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getscheduler ------------- Path:  Function:__ia32_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %31, label %6 tail call void @__rcu_read_lock() #83 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __se_compat_sys_sched_getaffinity 2 __ia32_compat_sys_sched_getaffinity ------------- Path:  Function:__ia32_compat_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #83 Function:__se_compat_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %1 to i32 %6 = inttoptr i64 %2 to i32* %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %5, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %5, 3 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %65 %15 = trunc i64 %0 to i32 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %17 = call i64 @sched_getaffinity(i32 %15, %struct.cpumask* nonnull %16) #83 Function:sched_getaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __ia32_sys_sched_getaffinity ------------- Path:  Function:__ia32_sys_sched_getaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %6 to i32 %11 = bitcast [1 x %struct.cpumask]* %2 to i8* %12 = shl i32 %10, 3 %13 = load i32, i32* @nr_cpu_ids, align 4 %14 = icmp uge i32 %12, %13 %15 = and i32 %10, 7 %16 = icmp eq i32 %15, 0 %17 = and i1 %16, %14 br i1 %17, label %18, label %35 %19 = trunc i64 %4 to i32 %20 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %21 = call i64 @sched_getaffinity(i32 %19, %struct.cpumask* nonnull %20) #83 Function:sched_getaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __x64_sys_sched_getaffinity ------------- Path:  Function:__x64_sys_sched_getaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %6 to i32 %11 = bitcast [1 x %struct.cpumask]* %2 to i8* %12 = shl i32 %10, 3 %13 = load i32, i32* @nr_cpu_ids, align 4 %14 = icmp uge i32 %12, %13 %15 = and i32 %10, 7 %16 = icmp eq i32 %15, 0 %17 = and i1 %16, %14 br i1 %17, label %18, label %34 %19 = trunc i64 %4 to i32 %20 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %21 = call i64 @sched_getaffinity(i32 %19, %struct.cpumask* nonnull %20) #83 Function:sched_getaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __ia32_sys_sched_getattr ------------- Path:  Function:__ia32_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %4, i64 %7, i64 %10, i64 %13) #83 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %81, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %81, label %18 tail call void @__rcu_read_lock() #83 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %21 = tail call %struct.task_struct* @find_task_by_vpid(i32 %6) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __x64_sys_sched_getattr ------------- Path:  Function:__x64_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %3, i64 %5, i64 %7, i64 %9) #83 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %81, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %81, label %18 tail call void @__rcu_read_lock() #83 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %21 = tail call %struct.task_struct* @find_task_by_vpid(i32 %6) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getparam 1 __ia32_sys_sched_getparam ------------- Path:  Function:__ia32_sys_sched_getparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_sched_getparam(i64 %4, i64 %7) #83 Function:__se_sys_sched_getparam %3 = alloca %struct.kuid_t, align 4 %4 = trunc i64 %0 to i32 %5 = bitcast %struct.kuid_t* %3 to i8* %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 store i32 0, i32* %6, align 4 %7 = icmp eq i64 %1, 0 %8 = icmp slt i32 %4, 0 %9 = or i1 %8, %7 br i1 %9, label %39, label %10 tail call void @__rcu_read_lock() #83 %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %13 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getparam 1 __x64_sys_sched_getparam ------------- Path:  Function:__x64_sys_sched_getparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_sched_getparam(i64 %3, i64 %5) #83 Function:__se_sys_sched_getparam %3 = alloca %struct.kuid_t, align 4 %4 = trunc i64 %0 to i32 %5 = bitcast %struct.kuid_t* %3 to i8* %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 store i32 0, i32* %6, align 4 %7 = icmp eq i64 %1, 0 %8 = icmp slt i32 %4, 0 %9 = or i1 %8, %7 br i1 %9, label %39, label %10 tail call void @__rcu_read_lock() #83 %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %13 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getscheduler ------------- Path:  Function:__x64_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %31, label %6 tail call void @__rcu_read_lock() #83 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval ------------- Path:  Function:__ia32_sys_sched_rr_get_interval %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.cpu_itimer* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.cpu_itimer* nonnull %2) #83 Function:sched_rr_get_interval %3 = alloca %struct.rq_flags, align 8 %4 = bitcast %struct.rq_flags* %3 to i8* %5 = icmp slt i32 %0, 0 br i1 %5, label %37, label %6 tail call void @__rcu_read_lock() #83 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__ia32_sys_sched_rr_get_interval_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.cpu_itimer* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.cpu_itimer* nonnull %2) #83 Function:sched_rr_get_interval %3 = alloca %struct.rq_flags, align 8 %4 = bitcast %struct.rq_flags* %3 to i8* %5 = icmp slt i32 %0, 0 br i1 %5, label %37, label %6 tail call void @__rcu_read_lock() #83 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval ------------- Path:  Function:__x64_sys_sched_rr_get_interval %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.cpu_itimer** %7 = load %struct.cpu_itimer*, %struct.cpu_itimer** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.cpu_itimer* nonnull %2) #83 Function:sched_rr_get_interval %3 = alloca %struct.rq_flags, align 8 %4 = bitcast %struct.rq_flags* %3 to i8* %5 = icmp slt i32 %0, 0 br i1 %5, label %37, label %6 tail call void @__rcu_read_lock() #83 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__x64_sys_sched_rr_get_interval_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.cpu_itimer* nonnull %2) #83 Function:sched_rr_get_interval %3 = alloca %struct.rq_flags, align 8 %4 = bitcast %struct.rq_flags* %3 to i8* %5 = icmp slt i32 %0, 0 br i1 %5, label %37, label %6 tail call void @__rcu_read_lock() #83 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __se_compat_sys_sched_setaffinity 2 __ia32_compat_sys_sched_setaffinity ------------- Path:  Function:__ia32_compat_sys_sched_setaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_setaffinity(i64 %4, i64 %7, i64 %10) #83 Function:__se_compat_sys_sched_setaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = inttoptr i64 %2 to i32* %8 = bitcast [1 x %struct.cpumask]* %4 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %10 = icmp ult i32 %6, 8 br i1 %10, label %11, label %16 %12 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = shl i64 %1, 3 %14 = and i64 %13, 4294967288 %15 = add nuw nsw i64 %14, 31 br label %16 %17 = phi i64 [ %15, %11 ], [ 95, %3 ] %18 = lshr i64 %17, 3 %19 = and i64 %18, 2305843009213693948 %20 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %21 = add i64 %19, %2 %22 = icmp ult i64 %21, %19 %23 = icmp ugt i64 %21, %20 %24 = or i1 %22, %23 br i1 %24, label %60, label %25, !prof !5, !misexpect !6 %26 = lshr i64 %17, 5 %27 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %28 %29 = phi i64 [ %26, %25 ], [ %47, %40 ] %30 = phi i32* [ %7, %25 ], [ %41, %40 ] %31 = phi i64* [ %27, %25 ], [ %46, %40 ] %32 = icmp ugt i64 %29, 1 br i1 %32, label %33, label %48 %49 = icmp eq i64 %29, 0 br i1 %49, label %56, label %50 %51 = bitcast i32* %30 to %struct.__large_struct* %52 = callbr i32 asm "\0A1:\09movl $1,$0\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long 3 \0A .popsection\0A", "=r,*m,X,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %51, i8* blockaddress(@__se_compat_sys_sched_setaffinity, %55)) #4 to label %53 [label %55], !srcloc !11 %54 = zext i32 %52 to i64 store i64 %54, i64* %31, align 8 br label %56 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %57 = call i64 @sched_setaffinity(i32 %5, %struct.cpumask* nonnull %9) #83 Function:sched_setaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_sys_sched_setaffinity ------------- Path:  Function:__ia32_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = and i64 %6, 4294967295 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 br label %18 %19 = phi i64 [ %16, %15 ], [ 8, %1 ] %20 = inttoptr i64 %9 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %12, i8* %20, i64 %19) #83 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %27 %24 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #83 Function:sched_setaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __x64_sys_sched_setaffinity ------------- Path:  Function:__x64_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %16, align 8 %17 = and i64 %6, 4294967295 br label %18 %19 = phi i64 [ %17, %15 ], [ 8, %1 ] %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* %9, i64 %19) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 %23 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #83 Function:sched_setaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #83 %44 = icmp sgt i32 %43, 0 %45 = icmp eq i32 %43, 0 %46 = select i1 %45, i32 -7, i32 %43 br i1 %44, label %47, label %50 %48 = call i64 @_copy_from_user(i8* nonnull %7, i8* %29, i64 %33) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %54, label %64 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %31, %58 br i1 %59, label %64, label %67 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %69 = load i32, i32* %68, align 8 %70 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %71 = load i32, i32* %70, align 4 %72 = icmp slt i32 %71, 0 %73 = and i64 %56, 8 %74 = icmp sgt i32 %69, -20 br i1 %74, label %75, label %77 %76 = icmp slt i32 %69, 19 br i1 %76, label %77, label %79 store i32 19, i32* %68, align 8 br i1 %72, label %139, label %80 %81 = icmp eq i64 %73, 0 br i1 %81, label %83, label %82 store i32 -1, i32* %70, align 4 br label %83 %84 = phi i64* [ %53, %51 ], [ %55, %80 ], [ %55, %82 ] %85 = phi i32* [ %52, %51 ], [ %68, %80 ], [ %68, %82 ] call void @__rcu_read_lock() #83 %86 = icmp eq i32 %5, 0 br i1 %86, label %89, label %87 %88 = call %struct.task_struct* @find_task_by_vpid(i32 %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #83 %44 = icmp sgt i32 %43, 0 %45 = icmp eq i32 %43, 0 %46 = select i1 %45, i32 -7, i32 %43 br i1 %44, label %47, label %50 %48 = call i64 @_copy_from_user(i8* nonnull %7, i8* %29, i64 %33) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %54, label %64 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %31, %58 br i1 %59, label %64, label %67 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %69 = load i32, i32* %68, align 8 %70 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %71 = load i32, i32* %70, align 4 %72 = icmp slt i32 %71, 0 %73 = and i64 %56, 8 %74 = icmp sgt i32 %69, -20 br i1 %74, label %75, label %77 %76 = icmp slt i32 %69, 19 br i1 %76, label %77, label %79 store i32 19, i32* %68, align 8 br i1 %72, label %139, label %80 %81 = icmp eq i64 %73, 0 br i1 %81, label %83, label %82 store i32 -1, i32* %70, align 4 br label %83 %84 = phi i64* [ %53, %51 ], [ %55, %80 ], [ %55, %82 ] %85 = phi i32* [ %52, %51 ], [ %68, %80 ], [ %68, %82 ] call void @__rcu_read_lock() #83 %86 = icmp eq i32 %5, 0 br i1 %86, label %89, label %87 %88 = call %struct.task_struct* @find_task_by_vpid(i32 %5) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __ia32_sys_sched_setparam ------------- Path:  Function:__ia32_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = inttoptr i64 %6 to %struct.kuid_t* %9 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %8) #83 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void @__rcu_read_lock() #83 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __ia32_sys_sched_setscheduler ------------- Path:  Function:__ia32_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %16, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %9 to %struct.kuid_t* %13 = trunc i64 %11 to i32 %14 = tail call fastcc i32 @do_sched_setscheduler(i32 %13, i32 %4, %struct.kuid_t* %12) #83 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void @__rcu_read_lock() #83 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __x64_sys_sched_setparam ------------- Path:  Function:__x64_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.kuid_t** %6 = load %struct.kuid_t*, %struct.kuid_t** %5, align 8 %7 = trunc i64 %3 to i32 %8 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %6) #83 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void @__rcu_read_lock() #83 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __x64_sys_sched_setscheduler ------------- Path:  Function:__x64_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %15, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to %struct.kuid_t** %9 = load %struct.kuid_t*, %struct.kuid_t** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %11 to i32 %13 = tail call fastcc i32 @do_sched_setscheduler(i32 %12, i32 %4, %struct.kuid_t* %9) #83 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %63, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %63 call void @__rcu_read_lock() #83 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_tkill 1 __ia32_sys_tkill ------------- Path:  Function:__ia32_sys_tkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_tkill(i64 %4, i64 %7) #83 Function:__se_sys_tkill %3 = alloca %struct.kernel_siginfo, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = icmp slt i32 %4, 1 br i1 %6, label %38, label %7 %8 = bitcast %struct.kernel_siginfo* %3 to i8* %9 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %5, i32* %9, align 8 %10 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 store i32 -6, i32* %11, align 8 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %13, i32 1, %struct.pid_namespace* null) #83 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %14, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 94 %17 = load %struct.cred*, %struct.cred** %16, align 8 %18 = getelementptr inbounds %struct.cred, %struct.cred* %17, i64 0, i32 1, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq i32 %19, -1 %21 = load i32, i32* @overflowuid, align 4 %22 = select i1 %20, i32 %21, i32 %19 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %22, i32* %23, align 4 tail call void @__rcu_read_lock() #83 %24 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_tkill 1 __x64_sys_tkill ------------- Path:  Function:__x64_sys_tkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_tkill(i64 %3, i64 %5) #83 Function:__se_sys_tkill %3 = alloca %struct.kernel_siginfo, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = icmp slt i32 %4, 1 br i1 %6, label %38, label %7 %8 = bitcast %struct.kernel_siginfo* %3 to i8* %9 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %5, i32* %9, align 8 %10 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 store i32 -6, i32* %11, align 8 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %13, i32 1, %struct.pid_namespace* null) #83 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %14, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 94 %17 = load %struct.cred*, %struct.cred** %16, align 8 %18 = getelementptr inbounds %struct.cred, %struct.cred* %17, i64 0, i32 1, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq i32 %19, -1 %21 = load i32, i32* @overflowuid, align 4 %22 = select i1 %20, i32 %21, i32 %19 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %22, i32* %23, align 4 tail call void @__rcu_read_lock() #83 %24 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __ia32_compat_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_compat_sys_rt_tgsigqueueinfo %2 = alloca %struct.compat_siginfo, align 4 %3 = alloca %struct.kernel_siginfo, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %5 to i32 %14 = trunc i64 %7 to i32 %15 = trunc i64 %9 to i32 %16 = bitcast %struct.kernel_siginfo* %3 to i8* %17 = bitcast %struct.compat_siginfo* %2 to i8* %18 = inttoptr i64 %12 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %17, i8* %18, i64 128) #83 %20 = icmp eq i64 %19, 0 br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.compat_siginfo, %struct.compat_siginfo* %2, i64 0, i32 0 store i32 %15, i32* %23, align 4 call fastcc void @post_copy_siginfo_from_user32(%struct.kernel_siginfo* nonnull %3, %struct.compat_siginfo* nonnull %2) #83 %24 = icmp slt i32 %14, 1 %25 = icmp slt i32 %13, 1 %26 = or i1 %25, %24 br i1 %26, label %41, label %27 %28 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %29 = load i32, i32* %28, align 8 %30 = icmp sgt i32 %29, -1 %31 = icmp eq i32 %29, -6 %32 = or i1 %30, %31 br i1 %32, label %33, label %38 %34 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = call i32 @__task_pid_nr_ns(%struct.task_struct* %35, i32 0, %struct.pid_namespace* null) #83 %37 = icmp eq i32 %36, %14 br i1 %37, label %38, label %41 %39 = call fastcc i32 @do_send_specific(i32 %13, i32 %14, i32 %15, %struct.kernel_siginfo* nonnull %3) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __ia32_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_sys_rt_tgsigqueueinfo %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %4 to i32 %13 = trunc i64 %6 to i32 %14 = trunc i64 %8 to i32 %15 = inttoptr i64 %11 to %struct.siginfo* %16 = bitcast %struct.kernel_siginfo* %2 to i8* %17 = call fastcc i32 @__copy_siginfo_from_user(i32 %14, %struct.kernel_siginfo* nonnull %2, %struct.siginfo* %15) #83 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %36, !prof !4, !misexpect !5 %20 = icmp slt i32 %13, 1 %21 = icmp slt i32 %12, 1 %22 = or i1 %21, %20 br i1 %22, label %36, label %23 %24 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = icmp sgt i32 %25, -1 %27 = icmp eq i32 %25, -6 %28 = or i1 %26, %27 br i1 %28, label %29, label %34 %30 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = call i32 @__task_pid_nr_ns(%struct.task_struct* %31, i32 0, %struct.pid_namespace* null) #83 %33 = icmp eq i32 %32, %13 br i1 %33, label %34, label %36 %35 = call fastcc i32 @do_send_specific(i32 %12, i32 %13, i32 %14, %struct.kernel_siginfo* nonnull %2) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __ia32_sys_tgkill ------------- Path:  Function:__ia32_sys_tgkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp slt i32 %10, 1 %13 = icmp slt i32 %9, 1 %14 = or i1 %13, %12 br i1 %14, label %34, label %15 %16 = bitcast %struct.kernel_siginfo* %2 to i8* %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %11, i32* %17, align 8 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %19, align 8 %20 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %21 = inttoptr i64 %20 to %struct.task_struct* %22 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %21, i32 1, %struct.pid_namespace* null) #83 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %22, i32* %23, align 8 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %21, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 1, i32 0 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, -1 %29 = load i32, i32* @overflowuid, align 4 %30 = select i1 %28, i32 %29, i32 %27 %31 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %30, i32* %31, align 4 %32 = call fastcc i32 @do_send_specific(i32 %9, i32 %10, i32 %11, %struct.kernel_siginfo* nonnull %2) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __x64_sys_rt_tgsigqueueinfo ------------- Path:  Function:__x64_sys_rt_tgsigqueueinfo %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to %struct.siginfo** %11 = load %struct.siginfo*, %struct.siginfo** %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %6 to i32 %14 = trunc i64 %8 to i32 %15 = bitcast %struct.kernel_siginfo* %2 to i8* %16 = call fastcc i32 @__copy_siginfo_from_user(i32 %14, %struct.kernel_siginfo* nonnull %2, %struct.siginfo* %11) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %35, !prof !4, !misexpect !5 %19 = icmp slt i32 %13, 1 %20 = icmp slt i32 %12, 1 %21 = or i1 %20, %19 br i1 %21, label %35, label %22 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 %24 = load i32, i32* %23, align 8 %25 = icmp sgt i32 %24, -1 %26 = icmp eq i32 %24, -6 %27 = or i1 %25, %26 br i1 %27, label %28, label %33 %29 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %30 = inttoptr i64 %29 to %struct.task_struct* %31 = call i32 @__task_pid_nr_ns(%struct.task_struct* %30, i32 0, %struct.pid_namespace* null) #83 %32 = icmp eq i32 %31, %13 br i1 %32, label %33, label %35 %34 = call fastcc i32 @do_send_specific(i32 %12, i32 %13, i32 %14, %struct.kernel_siginfo* nonnull %2) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __x64_sys_tgkill ------------- Path:  Function:__x64_sys_tgkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp slt i32 %10, 1 %13 = icmp slt i32 %9, 1 %14 = or i1 %13, %12 br i1 %14, label %34, label %15 %16 = bitcast %struct.kernel_siginfo* %2 to i8* %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %11, i32* %17, align 8 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %19, align 8 %20 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %21 = inttoptr i64 %20 to %struct.task_struct* %22 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %21, i32 1, %struct.pid_namespace* null) #83 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %22, i32* %23, align 8 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %21, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 1, i32 0 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, -1 %29 = load i32, i32* @overflowuid, align 4 %30 = select i1 %28, i32 %29, i32 %27 %31 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %30, i32* %31, align 4 %32 = call fastcc i32 @do_send_specific(i32 %9, i32 %10, i32 %11, %struct.kernel_siginfo* nonnull %2) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_prlimit64 1 __ia32_sys_prlimit64 ------------- Path:  Function:__ia32_sys_prlimit64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_prlimit64(i64 %4, i64 %7, i64 %10, i64 %13) #83 Function:__se_sys_prlimit64 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %1 to i32 %11 = bitcast %struct.cpu_itimer* %5 to i8* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = bitcast %struct.cpu_itimer* %8 to i8* %15 = icmp ne i64 %3, 0 %16 = zext i1 %15 to i32 %17 = icmp eq i64 %2, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %2 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %19, i64 16) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %128 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 store i64 %24, i64* %25, align 8 %26 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 store i64 %27, i64* %28, align 8 %29 = or i32 %16, 2 br label %30 %31 = phi i32 [ %29, %22 ], [ %16, %4 ] call void @__rcu_read_lock() #83 %32 = icmp eq i32 %9, 0 br i1 %32, label %35, label %33 %34 = call %struct.task_struct* @find_task_by_vpid(i32 %9) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_prlimit64 1 __x64_sys_prlimit64 ------------- Path:  Function:__x64_sys_prlimit64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_prlimit64(i64 %3, i64 %5, i64 %7, i64 %9) #83 Function:__se_sys_prlimit64 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %1 to i32 %11 = bitcast %struct.cpu_itimer* %5 to i8* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = bitcast %struct.cpu_itimer* %8 to i8* %15 = icmp ne i64 %3, 0 %16 = zext i1 %15 to i32 %17 = icmp eq i64 %2, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %2 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %19, i64 16) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %128 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 store i64 %24, i64* %25, align 8 %26 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 store i64 %27, i64* %28, align 8 %29 = or i32 %16, 2 br label %30 %31 = phi i32 [ %29, %22 ], [ %16, %4 ] call void @__rcu_read_lock() #83 %32 = icmp eq i32 %9, 0 br i1 %32, label %35, label %33 %34 = call %struct.task_struct* @find_task_by_vpid(i32 %9) #83 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_getsid ------------- Path:  Function:__x64_sys_getsid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void @__rcu_read_lock() #83 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_getpgid ------------- Path:  Function:__x64_sys_getpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void @__rcu_read_lock() #83 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_getsid ------------- Path:  Function:__ia32_sys_getsid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void @__rcu_read_lock() #83 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_getpgid ------------- Path:  Function:__ia32_sys_getpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void @__rcu_read_lock() #83 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 ------------- Good: 11 Bad: 50 Ignored: 7 Check Use of Function:__mark_inode_dirty Use: =BAD PATH= Call Stack: 0 fat_update_time ------------- Path:  Function:fat_update_time %4 = getelementptr inbounds %struct.inode.208037, %struct.inode.208037* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 1 br i1 %6, label %39, label %7 %8 = and i32 %2, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %19, label %10 %11 = tail call i32 @fat_truncate_time(%struct.inode.208037* %0, %struct.cpu_itimer* %1, i32 %2) #83 %12 = getelementptr inbounds %struct.inode.208037, %struct.inode.208037* %0, i64 0, i32 8 %13 = load %struct.super_block.208179*, %struct.super_block.208179** %12, align 8 %14 = getelementptr inbounds %struct.super_block.208179, %struct.super_block.208179* %13, i64 0, i32 10 %15 = load i64, i64* %14, align 16 %16 = and i64 %15, 33554432 %17 = icmp eq i64 %16, 0 %18 = select i1 %17, i32 1, i32 2048 br label %19 %20 = phi i32 [ 0, %7 ], [ %18, %10 ] %21 = and i32 %2, 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %37, label %23 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = getelementptr inbounds %struct.inode.208037, %struct.inode.208037* %0, i64 0, i32 33, i32 0 %25 = load volatile i64, i64* %24, align 8 br label %26 %27 = phi i64 [ %25, %23 ], [ %33, %30 ] %28 = and i64 %27, 1 %29 = icmp eq i64 %28, 0 br i1 %29, label %37, label %30 %38 = phi i32 [ %20, %19 ], [ %36, %35 ], [ %20, %26 ] tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.208037*, i32)*)(%struct.inode.208037* %0, i32 %38) #84 ------------- Use: =BAD PATH= Call Stack: 0 fat_update_time ------------- Path:  Function:fat_update_time %4 = getelementptr inbounds %struct.inode.208037, %struct.inode.208037* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 1 br i1 %6, label %39, label %7 %8 = and i32 %2, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %19, label %10 %11 = tail call i32 @fat_truncate_time(%struct.inode.208037* %0, %struct.cpu_itimer* %1, i32 %2) #83 %12 = getelementptr inbounds %struct.inode.208037, %struct.inode.208037* %0, i64 0, i32 8 %13 = load %struct.super_block.208179*, %struct.super_block.208179** %12, align 8 %14 = getelementptr inbounds %struct.super_block.208179, %struct.super_block.208179* %13, i64 0, i32 10 %15 = load i64, i64* %14, align 16 %16 = and i64 %15, 33554432 %17 = icmp eq i64 %16, 0 %18 = select i1 %17, i32 1, i32 2048 br label %19 %20 = phi i32 [ 0, %7 ], [ %18, %10 ] %21 = and i32 %2, 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %37, label %23 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = getelementptr inbounds %struct.inode.208037, %struct.inode.208037* %0, i64 0, i32 33, i32 0 %25 = load volatile i64, i64* %24, align 8 br label %26 %27 = phi i64 [ %25, %23 ], [ %33, %30 ] %28 = and i64 %27, 1 %29 = icmp eq i64 %28, 0 br i1 %29, label %37, label %30 %38 = phi i32 [ %20, %19 ], [ %36, %35 ], [ %20, %26 ] tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.208037*, i32)*)(%struct.inode.208037* %0, i32 %38) #84 ------------- Good: 98 Bad: 2 Ignored: 63 Check Use of Function:arch_uprobe_ignore Check Use of Function:ieee80211_recalc_min_chandef Check Use of Function:ww_mutex_lock_interruptible Use: =BAD PATH= Call Stack: 0 i915_gem_madvise_ioctl ------------- Path:  Function:i915_gem_madvise_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp ult i32 %6, 2 br i1 %7, label %8, label %177 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.436033* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = getelementptr inbounds i8, i8* %13, i64 248 %42 = bitcast i8* %41 to %struct.dma_resv** %43 = load %struct.dma_resv*, %struct.dma_resv** %42, align 8 %44 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %43, i64 0, i32 0 %45 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %44, %struct.ww_acquire_ctx* null) #83 ------------- Use: =BAD PATH= Call Stack: 0 __assign_mmap_offset_handle 1 i915_gem_mmap_offset_ioctl ------------- Path:  Function:i915_gem_mmap_offset_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 24 %5 = bitcast i8* %4 to %struct.i915_user_extension** %6 = load %struct.i915_user_extension*, %struct.i915_user_extension** %5, align 8 %7 = tail call i32 @i915_user_extensions(%struct.i915_user_extension* %6, i32 (%struct.i915_user_extension*, i8*)** null, i32 0, i8* null) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %35 %10 = getelementptr inbounds i8, i8* %1, i64 16 %11 = bitcast i8* %10 to i64* %12 = load i64, i64* %11, align 8 switch i64 %12, label %35 [ i64 0, label %13 i64 1, label %19 i64 2, label %28 i64 3, label %23 i64 4, label %27 ] %14 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 30, i32 16 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 43 %16 = bitcast %struct.list_head* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %35, label %28 %29 = phi i32 [ 4, %27 ], [ 0, %13 ], [ 1, %19 ], [ 2, %9 ], [ 3, %23 ] %30 = bitcast i8* %1 to i32* %31 = load i32, i32* %30, align 8 %32 = getelementptr inbounds i8, i8* %1, i64 8 %33 = bitcast i8* %32 to i64* %34 = tail call fastcc i32 @__assign_mmap_offset_handle(%struct.drm_file* %2, i32 %31, i32 %29, i64* %33) #84 Function:__assign_mmap_offset_handle tail call void @__rcu_read_lock() #83 %5 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %0, i64 0, i32 14 %6 = zext i32 %1 to i64 %7 = tail call i8* @idr_find(%struct.idr* %5, i64 %6) #83 %8 = bitcast i8* %7 to %struct.drm_i915_gem_object.436033* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = bitcast i8* %7 to %struct.seqcount_spinlock* %12 = bitcast i8* %7 to i32* %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %10 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %12, i32 %17, i32* nonnull %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %10 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %33, label %34 tail call void @__rcu_read_unlock() #83 %35 = getelementptr inbounds i8, i8* %7, i64 248 %36 = bitcast i8* %35 to %struct.dma_resv** %37 = load %struct.dma_resv*, %struct.dma_resv** %36, align 8 %38 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %37, i64 0, i32 0 %39 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %38, %struct.ww_acquire_ctx* null) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_caching_ioctl ------------- Path:  Function:i915_gem_set_caching_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.474981* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %6 = bitcast %struct.mutex* %5 to i24* %7 = load i24, i24* %6, align 8 %8 = and i24 %7, 8 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %131 %11 = getelementptr inbounds i8, i8* %1, i64 4 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 4 switch i32 %13, label %131 [ i32 0, label %22 i32 1, label %14 i32 2, label %17 ] %15 = and i24 %7, 1049600 %16 = icmp eq i24 %15, 0 br i1 %16, label %131, label %22 %23 = phi i32 [ %21, %17 ], [ %13, %10 ], [ 1, %14 ] %24 = bitcast i8* %1 to i32* %25 = load i32, i32* %24, align 4 tail call void @__rcu_read_lock() #83 %26 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %27 = zext i32 %25 to i64 %28 = tail call i8* @idr_find(%struct.idr* %26, i64 %27) #83 %29 = bitcast i8* %28 to %struct.drm_i915_gem_object.474999* %30 = icmp eq i8* %28, null br i1 %30, label %54, label %31 %32 = bitcast i8* %28 to %struct.seqcount_spinlock* %33 = bitcast i8* %28 to i32* %34 = load volatile i32, i32* %33, align 4 %35 = icmp eq i32 %34, 0 br i1 %35, label %46, label %36 %37 = phi i32 [ %44, %43 ], [ %34, %31 ] %38 = add i32 %37, 1 %39 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %33, i32 %38, i32* nonnull %33, i32 %37) #6, !srcloc !4 %40 = extractvalue { i8, i32 } %39, 0 %41 = and i8 %40, 1 %42 = icmp eq i8 %41, 0 br i1 %42, label %43, label %46, !prof !5, !misexpect !6 %44 = extractvalue { i8, i32 } %39, 1 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %36 %47 = phi i32 [ 0, %31 ], [ %37, %36 ], [ 0, %43 ] %48 = add i32 %47, 1 %49 = or i32 %48, %47 %50 = icmp sgt i32 %49, -1 br i1 %50, label %52, label %51, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %32, i32 0) #83 br label %52 %53 = icmp eq i32 %47, 0 br i1 %53, label %54, label %55 tail call void @__rcu_read_unlock() #83 %56 = getelementptr inbounds i8, i8* %28, i64 440 %57 = bitcast i8* %56 to %struct.drm_i915_gem_object_ops.474985** %58 = load %struct.drm_i915_gem_object_ops.474985*, %struct.drm_i915_gem_object_ops.474985** %57, align 8 %59 = getelementptr inbounds %struct.drm_i915_gem_object_ops.474985, %struct.drm_i915_gem_object_ops.474985* %58, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 4 %62 = icmp eq i32 %61, 0 br i1 %62, label %72, label %63 %73 = getelementptr inbounds i8, i8* %28, i64 248 %74 = bitcast i8* %73 to %struct.dma_resv** %75 = load %struct.dma_resv*, %struct.dma_resv** %74, align 8 %76 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %75, i64 0, i32 0 %77 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %76, %struct.ww_acquire_ctx* null) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_modeset_lock_single_interruptible 1 i915_fifo_underrun_reset_write ------------- Path:  Function:i915_fifo_underrun_reset_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_i915_private.428426** %8 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %7, align 8 %9 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i8, i8* %5, align 1, !range !4 %15 = icmp eq i8 %14, 0 br i1 %15, label %77, label %16 %17 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %8, i64 0, i32 0, i32 30, i32 20 %18 = bitcast %struct.list_head* %17 to i8** %19 = load i8*, i8** %18, align 8 %20 = bitcast i8* %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %72, label %22 %23 = icmp eq %struct.drm_i915_private.428426* %8, null %24 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %8, i64 0, i32 0, i32 2 br label %25 %26 = phi i8* [ %19, %22 ], [ %69, %67 ] %27 = getelementptr i8, i8* %26, i64 -16 %28 = bitcast i8* %27 to %struct.intel_crtc.428263* %29 = getelementptr i8, i8* %26, i64 24 %30 = bitcast i8* %29 to %struct.drm_modeset_lock* %31 = call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %30) #83 Function:drm_modeset_lock_single_interruptible %2 = getelementptr inbounds %struct.drm_modeset_lock, %struct.drm_modeset_lock* %0, i64 0, i32 0 %3 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %2, %struct.ww_acquire_ctx* null) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_modeset_lock_single_interruptible 1 crtc_crc_open ------------- Path:  Function:crtc_crc_open %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %5 = bitcast i8** %4 to %struct.drm_crtc.400184** %6 = load %struct.drm_crtc.400184*, %struct.drm_crtc.400184** %5, align 8 %7 = bitcast i64* %3 to i8* %8 = getelementptr inbounds %struct.drm_crtc.400184, %struct.drm_crtc.400184* %6, i64 0, i32 0 %9 = load %struct.drm_device.373290*, %struct.drm_device.373290** %8, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 4 %11 = load %struct.drm_driver*, %struct.drm_driver** %10, align 8 %12 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %11, i64 0, i32 24 %13 = load i32, i32* %12, align 8 %14 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 10 %15 = load i32, i32* %14, align 8 %16 = and i32 %13, 16 %17 = and i32 %16, %15 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %27 %20 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 30, i32 27 %21 = load %struct.drm_mode_config_funcs.373271*, %struct.drm_mode_config_funcs.373271** %20, align 8 %22 = icmp eq %struct.drm_mode_config_funcs.373271* %21, null br i1 %22, label %37, label %23 %24 = getelementptr inbounds %struct.drm_mode_config_funcs.373271, %struct.drm_mode_config_funcs.373271* %21, i64 0, i32 5 %25 = load i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)*, i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)** %24, align 8 %26 = icmp eq i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)* %25, null br i1 %26, label %37, label %27 %28 = getelementptr inbounds %struct.drm_crtc.400184, %struct.drm_crtc.400184* %6, i64 0, i32 4 %29 = tail call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %28) #83 Function:drm_modeset_lock_single_interruptible %2 = getelementptr inbounds %struct.drm_modeset_lock, %struct.drm_modeset_lock* %0, i64 0, i32 0 %3 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %2, %struct.ww_acquire_ctx* null) #83 ------------- Good: 233 Bad: 5 Ignored: 237 Check Use of Function:alloc_file_clone Check Use of Function:ieee80211_process_measurement_req Check Use of Function:tty_unlock Check Use of Function:__lookup_slow Check Use of Function:proc_lookupfd Check Use of Function:__hw_addr_init Check Use of Function:file_update_time Check Use of Function:thaw_super Check Use of Function:drm_mode_convert_to_umode Check Use of Function:__request_region Check Use of Function:e1000e_phc_enable Check Use of Function:mii_ethtool_sset Check Use of Function:e100_loopback_test Check Use of Function:dev_ethtool Check Use of Function:snd_ctl_ioctl Use: =BAD PATH= Call Stack: 0 snd_ctl_ioctl_compat ------------- Path:  Function:snd_ctl_ioctl_compat %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca %struct.snd_ctl_elem_list, align 8 %9 = and i64 %2, 4294967295 %10 = inttoptr i64 %9 to i8* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.snd_ctl_file** %13 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %12, align 8 %14 = icmp eq %struct.snd_ctl_file* %13, null br i1 %14, label %233, label %15, !prof !4 %16 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %13, i64 0, i32 1 %17 = load %struct.snd_card*, %struct.snd_card** %16, align 8 %18 = icmp eq %struct.snd_card* %17, null br i1 %18, label %233, label %19, !prof !4, !misexpect !5 switch i32 %1, label %212 [ i32 -2147199744, label %20 i32 -2122820351, label %20 i32 -1073457898, label %20 i32 -1073457712, label %20 i32 -2147199535, label %20 i32 1077957908, label %20 i32 1077957909, label %20 i32 -1069525735, label %20 i32 -1073195750, label %20 i32 -1073195749, label %20 i32 -1073195748, label %20 i32 -1069001456, label %22 i32 -1055894255, label %51 i32 -1027320558, label %154 i32 -1027320557, label %179 i32 -1055894249, label %204 i32 -1055894248, label %208 ] %21 = tail call i64 @snd_ctl_ioctl(%struct.file* %0, i32 %1, i64 %9) #83 ------------- Good: 0 Bad: 1 Ignored: 3 Check Use of Function:hung_up_tty_write Check Use of Function:phy_set_max_speed Check Use of Function:ieee80211_recalc_smps Check Use of Function:wiphy_all_share_dfs_chan_state Check Use of Function:qdisc_put Check Use of Function:cgroup_enter_frozen Check Use of Function:io_uring_add_tctx_node Check Use of Function:fd_install Check Use of Function:memcmp_pages Check Use of Function:__tcf_chain_put Check Use of Function:flush_workqueue Use: =BAD PATH= Call Stack: 0 md_open ------------- Path:  Function:md_open %3 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, -1048576 %6 = icmp eq i32 %5, 9437184 %7 = and i32 %4, -64 %8 = select i1 %6, i32 %4, i32 %7 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #83 %9 = load i8*, i8** bitcast (%struct.list_head* @all_mddevs to i8**), align 8 %10 = icmp eq i8* %9, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %10, label %24, label %11 %12 = phi i8* [ %19, %17 ], [ %9, %2 ] %13 = getelementptr i8, i8* %12, i64 -952 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, %8 br i1 %16, label %21, label %17 %22 = getelementptr i8, i8* %12, i64 -968 %23 = icmp eq i8* %22, null br i1 %23, label %24, label %25 %26 = getelementptr i8, i8* %12, i64 -448 %27 = bitcast i8* %26 to i32* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !4 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #83 %28 = getelementptr i8, i8* %12, i64 -896 %29 = bitcast i8* %28 to %struct.gendisk.687208** %30 = load %struct.gendisk.687208*, %struct.gendisk.687208** %29, align 8 %31 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 17 %32 = load %struct.gendisk.687208*, %struct.gendisk.687208** %31, align 8 %33 = icmp eq %struct.gendisk.687208* %30, %32 br i1 %33, label %90, label %34 %35 = bitcast i8* %26 to %struct.kuid_t* %36 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %35, %struct.spinlock* nonnull @all_mddevs_lock) #83 %37 = icmp eq i32 %36, 0 br i1 %37, label %82, label %38 %83 = getelementptr i8, i8* %12, i64 -336 %84 = bitcast i8* %83 to i64* %85 = load volatile i64, i64* %84, align 8 %86 = and i64 %85, 1 %87 = icmp eq i64 %86, 0 br i1 %87, label %162, label %88 %89 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %89) #83 ------------- Use: =BAD PATH= Call Stack: 0 md_ioctl 1 md_compat_ioctl ------------- Path:  Function:md_compat_ioctl switch i32 %2, label %5 [ i32 2338, label %7 i32 2344, label %7 i32 2345, label %7 i32 1074006315, label %7 ] %8 = phi i64 [ %6, %5 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ] %9 = tail call i32 @md_ioctl(%struct.block_device.687185* %0, i32 %1, i32 %2, i64 %8) #83 Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1042 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 17 %29 = load %struct.gendisk.687208*, %struct.gendisk.687208** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %375 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %328 i32 2344, label %328 i32 2338, label %345 ] tail call void @__rcu_read_lock() #83 %329 = getelementptr inbounds %struct.mddev, %struct.mddev* %32, i64 0, i32 4 br label %330 %331 = phi %struct.list_head* [ %329, %328 ], [ %333, %335 ] %332 = getelementptr %struct.list_head, %struct.list_head* %331, i64 0, i32 0 %333 = load volatile %struct.list_head*, %struct.list_head** %332, align 8 %334 = icmp eq %struct.list_head* %333, %329 br i1 %334, label %343, label %335 %336 = getelementptr inbounds %struct.list_head, %struct.list_head* %333, i64 17 %337 = bitcast %struct.list_head* %336 to i64* %338 = load volatile i64, i64* %337, align 8 %339 = and i64 %338, 1 %340 = icmp eq i64 %339, 0 br i1 %340, label %330, label %341 %342 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_rdev_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %342) #83 ------------- Use: =BAD PATH= Call Stack: 0 md_ioctl ------------- Path:  Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1042 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 17 %29 = load %struct.gendisk.687208*, %struct.gendisk.687208** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %375 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %328 i32 2344, label %328 i32 2338, label %345 ] tail call void @__rcu_read_lock() #83 %329 = getelementptr inbounds %struct.mddev, %struct.mddev* %32, i64 0, i32 4 br label %330 %331 = phi %struct.list_head* [ %329, %328 ], [ %333, %335 ] %332 = getelementptr %struct.list_head, %struct.list_head* %331, i64 0, i32 0 %333 = load volatile %struct.list_head*, %struct.list_head** %332, align 8 %334 = icmp eq %struct.list_head* %333, %329 br i1 %334, label %343, label %335 %336 = getelementptr inbounds %struct.list_head, %struct.list_head* %333, i64 17 %337 = bitcast %struct.list_head* %336 to i64* %338 = load volatile i64, i64* %337, align 8 %339 = and i64 %338, 1 %340 = icmp eq i64 %339, 0 br i1 %340, label %330, label %341 %342 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_rdev_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %342) #83 ------------- Good: 49 Bad: 3 Ignored: 21 Check Use of Function:change_mnt_propagation Check Use of Function:netdev_state_change Check Use of Function:vfat_rmdir Check Use of Function:x86_pmu_aux_output_match Check Use of Function:serial8250_pm Check Use of Function:nfs_unlink Check Use of Function:nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs4_do_setattr 1 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %65 = call i32 @nfs4_have_delegation(%struct.inode* nonnull %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_write_setup ------------- Path:  Function:nfs4_proc_write_setup %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %0, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.233131** %10 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %9, align 16 %11 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %0, i64 0, i32 26 %12 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %11, align 8 %13 = icmp eq %struct.nfs_client.233190* %12, null br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %0, i64 0, i32 13 %16 = load %struct.nfs_direct_req*, %struct.nfs_direct_req** %15, align 8 %17 = icmp eq %struct.nfs_direct_req* %16, null br i1 %17, label %18, label %21 %19 = tail call i32 @nfs4_have_delegation(%struct.inode* %5, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %16 = bitcast %struct.nfs_fh** %14 to %struct.list_head*** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %15, %struct.list_head*** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.233131* %62, %struct.nfs_server.233131** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #83 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #83 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %130 [label %110], !srcloc !4 %131 = load %struct.super_block*, %struct.super_block** %11, align 8 %132 = getelementptr inbounds %struct.super_block, %struct.super_block* %131, i64 0, i32 28 %133 = bitcast i8** %132 to %struct.nfs_server.233131** %134 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %133, align 16 %135 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %134, i32 %109, %struct.nfs4_exception* nonnull %8) #84 %136 = load i8, i8* %57, align 8 %137 = and i8 %136, 8 %138 = icmp eq i8 %137, 0 br i1 %138, label %139, label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %15, %struct.list_head*** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.233131* %62, %struct.nfs_server.233131** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_getattr ------------- Path:  Function:nfs4_proc_getattr %5 = alloca %struct.nfs4_call_sync_data, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs4_server_caps_arg, align 8 %9 = alloca %struct.nfs4_getattr_res, align 8 %10 = alloca %struct.rpc_message, align 8 %11 = alloca %struct.nfs4_exception, align 8 %12 = bitcast %struct.nfs4_exception* %11 to i8* %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 5 store i8 1, i8* %13, align 1 %14 = bitcast [3 x i32]* %7 to i8* %15 = bitcast %struct.nfs4_server_caps_arg* %8 to i8* %16 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %8, i64 0, i32 0 %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %8, i64 0, i32 1 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %8, i64 0, i32 2 %19 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 %20 = bitcast %struct.nfs4_getattr_res* %9 to i8* %21 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %9, i64 0, i32 0 %22 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %9, i64 0, i32 1 %23 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %9, i64 0, i32 2 %24 = bitcast %struct.rpc_message* %10 to i8* %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs4_server_caps_arg** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_getattr_res** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 3 %31 = icmp eq %struct.inode* %3, null %32 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 8 %33 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 35, i64 0 %34 = bitcast i32* %33 to i8* %35 = getelementptr %struct.inode, %struct.inode* %3, i64 -1, i32 24, i32 4 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 9, i32 1 %37 = bitcast %struct.list_head** %36 to i64* %38 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %39 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %8, i64 0, i32 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %8, i64 0, i32 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %9, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 3 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %45 = bitcast %struct.nfs4_call_sync_data* %5 to i8* %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 0 %47 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 1 %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 2 %49 = bitcast %struct.rpc_task_setup* %6 to i8* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 0 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %52 = bitcast %struct.rpc_clnt** %51 to i64* %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %55 = bitcast %struct.rpc_xprt** %53 to i8* %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %57 = bitcast %struct.rpc_call_ops** %56 to i64* %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %59 = bitcast i8** %58 to %struct.nfs4_call_sync_data** %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 7 %61 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 9 %63 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 4 br label %64 store %struct.nfs_fh* %1, %struct.nfs_fh** %17, align 8 store i32* %19, i32** %18, align 8 store %struct.nfs_server.233131* %0, %struct.nfs_server.233131** %22, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %23, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 18), %struct.rpc_procinfo** %25, align 8 store %struct.nfs4_server_caps_arg* %8, %struct.nfs4_server_caps_arg** %27, align 8 store %struct.nfs4_getattr_res* %9, %struct.nfs4_getattr_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 br i1 %31, label %65, label %66 %67 = load i32, i32* %32, align 8 %68 = lshr i32 %67, 11 %69 = trunc i32 %68 to i16 %70 = and i16 %69, 4096 %71 = call i32 @nfs4_have_delegation(%struct.inode* nonnull %3, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_setlease 1 nfs4_setlease ------------- Path:  Function:nfs4_setlease %5 = tail call i32 @nfs4_proc_setlease(%struct.file* %0, i64 %1, %struct.file_lock** %2, i8** %3) #83 Function:nfs4_proc_setlease switch i64 %1, label %22 [ i64 0, label %5 i64 1, label %5 i64 2, label %20 ] %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq i64 %1, 0 %9 = select i1 %8, i32 1, i32 2 %10 = tail call i32 @nfs4_have_delegation(%struct.inode* %7, i32 %9) #83 ------------- Good: 6 Bad: 5 Ignored: 2 Check Use of Function:atomic_dec_and_mutex_lock Check Use of Function:cfg80211_ref_bss Check Use of Function:acpi_install_table_handler Check Use of Function:io_queue_async_work Check Use of Function:init_utimes Check Use of Function:netlbl_skbuff_err Check Use of Function:unregister_netdevice_notifier Check Use of Function:pipe_ioctl Check Use of Function:drm_mode_object_put Check Use of Function:register_netdevice Check Use of Function:sta_info_free Check Use of Function:insert_pfn Check Use of Function:sysfs_remove_link Check Use of Function:dm_issue_global_event Check Use of Function:drm_mode_object_get Check Use of Function:nv_stop_rxtx Check Use of Function:cfg80211_sme_deauth Check Use of Function:truncate_setsize Check Use of Function:cpumask_weight.18138 Use: =BAD PATH= Call Stack: 0 ioctx_alloc 1 __ia32_compat_sys_io_setup ------------- Path:  Function:__ia32_compat_sys_io_setup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = inttoptr i64 %6 to i32* %10 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %8, i64 4, i64 %9) #6, !srcloc !4 %11 = extractvalue { i32*, i32, i64 } %10, 0 %12 = extractvalue { i32*, i32, i64 } %10, 2 %13 = ptrtoint i32* %11 to i64 %14 = shl i64 %13, 32 %15 = ashr exact i64 %14, 32 %16 = icmp eq i64 %14, 0 br i1 %16, label %17, label %65, !prof !5, !misexpect !6 %18 = extractvalue { i32*, i32, i64 } %10, 1 %19 = icmp ne i32 %18, 0 %20 = icmp eq i32 %7, 0 %21 = or i1 %20, %19 br i1 %21, label %65, label %22, !prof !7, !misexpect !6 %23 = tail call fastcc %struct.kioctx* @ioctx_alloc(i32 %7) #83 Function:ioctx_alloc %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 47 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 8 %6 = tail call fastcc i32 @cpumask_weight.18138() #83 ------------- Use: =BAD PATH= Call Stack: 0 ioctx_alloc 1 __se_sys_io_setup 2 __ia32_sys_io_setup ------------- Path:  Function:__ia32_sys_io_setup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_io_setup(i64 %4, i64 %7) #83 Function:__se_sys_io_setup %3 = trunc i64 %0 to i32 %4 = inttoptr i64 %1 to i64* %6 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 8, i64 %5) #6, !srcloc !4 %7 = extractvalue { i64*, i64, i64 } %6, 0 %8 = extractvalue { i64*, i64, i64 } %6, 2 %9 = ptrtoint i64* %7 to i64 %10 = shl i64 %9, 32 %11 = ashr exact i64 %10, 32 %12 = icmp eq i64 %10, 0 br i1 %12, label %13, label %60, !prof !5, !misexpect !6 %14 = extractvalue { i64*, i64, i64 } %6, 1 %15 = icmp ne i64 %14, 0 %16 = icmp eq i32 %3, 0 %17 = or i1 %16, %15 br i1 %17, label %60, label %18, !prof !7, !misexpect !6 %19 = tail call fastcc %struct.kioctx* @ioctx_alloc(i32 %3) #83 Function:ioctx_alloc %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 47 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 8 %6 = tail call fastcc i32 @cpumask_weight.18138() #83 ------------- Use: =BAD PATH= Call Stack: 0 ioctx_alloc 1 __se_sys_io_setup 2 __x64_sys_io_setup ------------- Path:  Function:__x64_sys_io_setup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_io_setup(i64 %3, i64 %5) #83 Function:__se_sys_io_setup %3 = trunc i64 %0 to i32 %4 = inttoptr i64 %1 to i64* %6 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 8, i64 %5) #6, !srcloc !4 %7 = extractvalue { i64*, i64, i64 } %6, 0 %8 = extractvalue { i64*, i64, i64 } %6, 2 %9 = ptrtoint i64* %7 to i64 %10 = shl i64 %9, 32 %11 = ashr exact i64 %10, 32 %12 = icmp eq i64 %10, 0 br i1 %12, label %13, label %60, !prof !5, !misexpect !6 %14 = extractvalue { i64*, i64, i64 } %6, 1 %15 = icmp ne i64 %14, 0 %16 = icmp eq i32 %3, 0 %17 = or i1 %16, %15 br i1 %17, label %60, label %18, !prof !7, !misexpect !6 %19 = tail call fastcc %struct.kioctx* @ioctx_alloc(i32 %3) #83 Function:ioctx_alloc %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 47 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 8 %6 = tail call fastcc i32 @cpumask_weight.18138() #83 ------------- Good: 1 Bad: 3 Ignored: 0 Check Use of Function:down_write_killable Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #83 Function:compat_ksys_ipc %7 = alloca %struct.static_call_site, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %101 = zext i32 %4 to i64 %102 = inttoptr i64 %101 to i8* %103 = tail call i64 @ksys_shmdt(i8* %102) #83 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 47 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 8 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %5, i64 0, i32 0, i32 17 %13 = tail call i32 @down_write_killable(%struct.rw_semaphore* %12) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 __ia32_sys_shmdt ------------- Path:  Function:__ia32_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = inttoptr i64 %4 to i8* %6 = tail call i64 @ksys_shmdt(i8* %5) #83 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 47 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 8 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %5, i64 0, i32 0, i32 17 %13 = tail call i32 @down_write_killable(%struct.rw_semaphore* %12) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 __x64_sys_shmdt ------------- Path:  Function:__x64_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = tail call i64 @ksys_shmdt(i8* %4) #83 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 47 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 8 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %5, i64 0, i32 0, i32 17 %13 = tail call i32 @down_write_killable(%struct.rw_semaphore* %12) #83 ------------- Use: =BAD PATH= Call Stack: 0 dump_vma_snapshot 1 elf_core_dump.18500 ------------- Path:  Function:elf_core_dump.18500 %2 = alloca %struct.perf_branch_entry, align 8 %3 = alloca i8*, align 8 %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.elf32_hdr, align 4 %7 = alloca %struct.elf_note_info.167938, align 8 %8 = alloca %struct.sched_info*, align 8 %9 = alloca %struct.efi_info, align 4 %10 = bitcast i32* %4 to i8* %11 = bitcast i64* %5 to i8* %12 = getelementptr inbounds %struct.elf32_hdr, %struct.elf32_hdr* %6, i64 0, i32 0, i64 0 %13 = bitcast %struct.elf_note_info.167938* %7 to i8* %14 = bitcast %struct.sched_info** %8 to i8* %15 = call i32 bitcast (i32 (%struct.coredump_params.169047*, i32*, %struct.sched_info**, i64*)* @dump_vma_snapshot to i32 (%struct.coredump_params*, i32*, %struct.sched_info**, i64*)*)(%struct.coredump_params* %0, i32* nonnull %4, %struct.sched_info** nonnull %8, i64* nonnull %5) #83 Function:dump_vma_snapshot %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.169153** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.169153**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.169153* %7 = getelementptr inbounds %struct.task_struct.169153, %struct.task_struct.169153* %6, i64 0, i32 47 %8 = load %struct.mm_struct.169058*, %struct.mm_struct.169058** %7, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@dump_vma_snapshot, %9)) #6 to label %10 [label %9], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.169058*, i1)*)(%struct.mm_struct.169058* %8, i1 zeroext true) #83 br label %10 %11 = getelementptr inbounds %struct.mm_struct.169058, %struct.mm_struct.169058* %8, i64 0, i32 0, i32 17 %12 = tail call i32 @down_write_killable(%struct.rw_semaphore* %11) #83 ------------- Use: =BAD PATH= Call Stack: 0 dump_vma_snapshot 1 elf_core_dump ------------- Path:  Function:elf_core_dump %2 = alloca %struct.perf_branch_entry, align 8 %3 = alloca i8*, align 8 %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.elf64_hdr, align 8 %7 = alloca %struct.elf_note_info, align 8 %8 = alloca %struct.sched_info*, align 8 %9 = alloca %struct.elf64_phdr, align 8 %10 = bitcast i32* %4 to i8* %11 = bitcast i64* %5 to i8* %12 = getelementptr inbounds %struct.elf64_hdr, %struct.elf64_hdr* %6, i64 0, i32 0, i64 0 %13 = bitcast %struct.elf_note_info* %7 to i8* %14 = bitcast %struct.sched_info** %8 to i8* %15 = call i32 bitcast (i32 (%struct.coredump_params.169047*, i32*, %struct.sched_info**, i64*)* @dump_vma_snapshot to i32 (%struct.coredump_params*, i32*, %struct.sched_info**, i64*)*)(%struct.coredump_params* %0, i32* nonnull %4, %struct.sched_info** nonnull %8, i64* nonnull %5) #83 Function:dump_vma_snapshot %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.169153** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.169153**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.169153* %7 = getelementptr inbounds %struct.task_struct.169153, %struct.task_struct.169153* %6, i64 0, i32 47 %8 = load %struct.mm_struct.169058*, %struct.mm_struct.169058** %7, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@dump_vma_snapshot, %9)) #6 to label %10 [label %9], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.169058*, i1)*)(%struct.mm_struct.169058* %8, i1 zeroext true) #83 br label %10 %11 = getelementptr inbounds %struct.mm_struct.169058, %struct.mm_struct.169058* %8, i64 0, i32 0, i32 17 %12 = tail call i32 @down_write_killable(%struct.rw_semaphore* %11) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #83 br label %32 %33 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %34 = tail call i32 @down_write_killable(%struct.rw_semaphore* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #83 br label %32 %33 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %34 = tail call i32 @down_write_killable(%struct.rw_semaphore* %33) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mremap 1 __ia32_sys_mremap ------------- Path:  Function:__ia32_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_mremap(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__do_sys_mremap %6 = alloca i8, align 1 %7 = alloca %struct.list_head, align 8 %8 = alloca %struct.list_head, align 8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131842** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131842**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.131842* %11 = getelementptr inbounds %struct.task_struct.131842, %struct.task_struct.131842* %10, i64 0, i32 47 %12 = load %struct.mm_struct.131735*, %struct.mm_struct.131735** %11, align 8 store i8 0, i8* %6, align 1 %13 = bitcast %struct.list_head* %7 to i8* %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store %struct.list_head* %7, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 1 store %struct.list_head* %7, %struct.list_head** %15, align 8 %16 = bitcast %struct.list_head* %8 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %18, align 8 %19 = icmp ult i64 %3, 8 br i1 %19, label %20, label %327 %21 = and i64 %3, 2 %22 = and i64 %3, 1 %23 = icmp eq i64 %22, 0 %24 = and i64 %3, 3 %25 = icmp eq i64 %24, 2 br i1 %25, label %327, label %26 %27 = and i64 %3, 4 %28 = icmp eq i64 %27, 0 br i1 %28, label %33, label %29 %30 = icmp ne i64 %22, 0 %31 = icmp eq i64 %1, %2 %32 = and i1 %31, %30 br i1 %32, label %33, label %327 %34 = and i64 %0, 4095 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %327 %37 = add i64 %1, 4095 %38 = and i64 %37, -4096 %39 = add i64 %2, 4095 %40 = and i64 %39, -4096 %41 = icmp eq i64 %40, 0 br i1 %41, label %327, label %42 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %43)) #6 to label %44 [label %43], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131735*, i1)*)(%struct.mm_struct.131735* %12, i1 zeroext true) #83 br label %44 %45 = getelementptr inbounds %struct.mm_struct.131735, %struct.mm_struct.131735* %12, i64 0, i32 0, i32 17 %46 = call i32 @down_write_killable(%struct.rw_semaphore* %45) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mremap 1 __x64_sys_mremap ------------- Path:  Function:__x64_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_mremap(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__do_sys_mremap %6 = alloca i8, align 1 %7 = alloca %struct.list_head, align 8 %8 = alloca %struct.list_head, align 8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131842** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131842**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.131842* %11 = getelementptr inbounds %struct.task_struct.131842, %struct.task_struct.131842* %10, i64 0, i32 47 %12 = load %struct.mm_struct.131735*, %struct.mm_struct.131735** %11, align 8 store i8 0, i8* %6, align 1 %13 = bitcast %struct.list_head* %7 to i8* %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store %struct.list_head* %7, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 1 store %struct.list_head* %7, %struct.list_head** %15, align 8 %16 = bitcast %struct.list_head* %8 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %18, align 8 %19 = icmp ult i64 %3, 8 br i1 %19, label %20, label %327 %21 = and i64 %3, 2 %22 = and i64 %3, 1 %23 = icmp eq i64 %22, 0 %24 = and i64 %3, 3 %25 = icmp eq i64 %24, 2 br i1 %25, label %327, label %26 %27 = and i64 %3, 4 %28 = icmp eq i64 %27, 0 br i1 %28, label %33, label %29 %30 = icmp ne i64 %22, 0 %31 = icmp eq i64 %1, %2 %32 = and i1 %31, %30 br i1 %32, label %33, label %327 %34 = and i64 %0, 4095 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %327 %37 = add i64 %1, 4095 %38 = and i64 %37, -4096 %39 = add i64 %2, 4095 %40 = and i64 %39, -4096 %41 = icmp eq i64 %40, 0 br i1 %41, label %327, label %42 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %43)) #6 to label %44 [label %43], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131735*, i1)*)(%struct.mm_struct.131735* %12, i1 zeroext true) #83 br label %44 %45 = getelementptr inbounds %struct.mm_struct.131735, %struct.mm_struct.131735* %12, i64 0, i32 0, i32 17 %46 = call i32 @down_write_killable(%struct.rw_semaphore* %45) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __ia32_sys_mprotect ------------- Path:  Function:__ia32_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 -1) #83 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131375*, align 8 %6 = bitcast %struct.vm_area_struct.131375** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 56 %10 = load i32, i32* %9, align 16 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %168 %23 = icmp eq i64 %1, 0 br i1 %23, label %168, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %168 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %168 %32 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %33 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %32, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %33, i1 zeroext true) #83 br label %35 %36 = getelementptr inbounds %struct.mm_struct.131386, %struct.mm_struct.131386* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __ia32_sys_pkey_mprotect ------------- Path:  Function:__ia32_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 %13) #83 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131375*, align 8 %6 = bitcast %struct.vm_area_struct.131375** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 56 %10 = load i32, i32* %9, align 16 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %168 %23 = icmp eq i64 %1, 0 br i1 %23, label %168, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %168 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %168 %32 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %33 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %32, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %33, i1 zeroext true) #83 br label %35 %36 = getelementptr inbounds %struct.mm_struct.131386, %struct.mm_struct.131386* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __x64_sys_mprotect ------------- Path:  Function:__x64_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 -1) #83 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131375*, align 8 %6 = bitcast %struct.vm_area_struct.131375** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 56 %10 = load i32, i32* %9, align 16 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %168 %23 = icmp eq i64 %1, 0 br i1 %23, label %168, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %168 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %168 %32 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %33 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %32, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %33, i1 zeroext true) #83 br label %35 %36 = getelementptr inbounds %struct.mm_struct.131386, %struct.mm_struct.131386* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __x64_sys_pkey_mprotect ------------- Path:  Function:__x64_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 %10) #83 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.131375*, align 8 %6 = bitcast %struct.vm_area_struct.131375** %5 to i8* %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131269** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131269**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.131269* %9 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 56 %10 = load i32, i32* %9, align 16 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %168 %23 = icmp eq i64 %1, 0 br i1 %23, label %168, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %168 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %168 %32 = getelementptr inbounds %struct.task_struct.131269, %struct.task_struct.131269* %8, i64 0, i32 47 %33 = load %struct.mm_struct.131386*, %struct.mm_struct.131386** %32, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131386*, i1)*)(%struct.mm_struct.131386* %33, i1 zeroext true) #83 br label %35 %36 = getelementptr inbounds %struct.mm_struct.131386, %struct.mm_struct.131386* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_brk 1 __ia32_sys_brk ------------- Path:  Function:__ia32_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__do_sys_brk(i64 %4) #83 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 47 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %6, i64 0, i32 0, i32 17 %13 = call i32 @down_write_killable(%struct.rw_semaphore* %12) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_brk 1 __x64_sys_brk ------------- Path:  Function:__x64_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__do_sys_brk(i64 %3) #83 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 47 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %6, i64 0, i32 0, i32 17 %13 = call i32 @down_write_killable(%struct.rw_semaphore* %12) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_remap_file_pages 1 __ia32_sys_remap_file_pages ------------- Path:  Function:__ia32_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 8 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #84 br label %31 %32 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %10, i64 0, i32 0, i32 17 %33 = tail call i32 @down_write_killable(%struct.rw_semaphore* %32) #84 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_remap_file_pages 1 __x64_sys_remap_file_pages ------------- Path:  Function:__x64_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 8 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #84 br label %31 %32 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %10, i64 0, i32 0, i32 17 %33 = tail call i32 @down_write_killable(%struct.rw_semaphore* %32) #84 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __ia32_sys_mlock ------------- Path:  Function:__ia32_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i32 @do_mlock(i64 %4, i64 %7, i64 8192) #83 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130092* %6 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 104 %7 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 %8 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %7, i64 0, i32 50, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #83 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 br label %15 %16 = phi %struct.signal_struct.130035* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %16, i64 0, i32 50, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 47 %26 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %25, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %26, i1 zeroext true) #83 br label %28 %29 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __ia32_sys_mlock2 ------------- Path:  Function:__ia32_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %17 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = icmp eq i32 %4, 0 %14 = select i1 %13, i64 8192, i64 532480 %15 = tail call fastcc i32 @do_mlock(i64 %12, i64 %9, i64 %14) #83 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130092* %6 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 104 %7 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 %8 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %7, i64 0, i32 50, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #83 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 br label %15 %16 = phi %struct.signal_struct.130035* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %16, i64 0, i32 50, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 47 %26 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %25, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %26, i1 zeroext true) #83 br label %28 %29 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __x64_sys_mlock ------------- Path:  Function:__x64_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i32 @do_mlock(i64 %3, i64 %5, i64 8192) #83 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130092* %6 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 104 %7 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 %8 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %7, i64 0, i32 50, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #83 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 br label %15 %16 = phi %struct.signal_struct.130035* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %16, i64 0, i32 50, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 47 %26 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %25, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %26, i1 zeroext true) #83 br label %28 %29 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __x64_sys_mlock2 ------------- Path:  Function:__x64_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %15 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = icmp eq i32 %4, 0 %12 = select i1 %11, i64 8192, i64 532480 %13 = tail call fastcc i32 @do_mlock(i64 %10, i64 %8, i64 %12) #83 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.130092* %6 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 104 %7 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 %8 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %7, i64 0, i32 50, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #83 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %6, align 8 br label %15 %16 = phi %struct.signal_struct.130035* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %16, i64 0, i32 50, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %5, i64 0, i32 47 %26 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %25, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %26, i1 zeroext true) #83 br label %28 %29 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mlockall 1 __ia32_sys_mlockall ------------- Path:  Function:__ia32_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #83 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.130092* %10 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %9, i64 0, i32 104 %11 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %10, align 8 %12 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %11, i64 0, i32 50, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #83 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %10, align 8 br label %19 %20 = phi %struct.signal_struct.130035* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %20, i64 0, i32 50, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %9, i64 0, i32 47 %25 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %24, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %25, i1 zeroext true) #83 br label %27 %28 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %25, i64 0, i32 0, i32 17 %29 = tail call i32 @down_write_killable(%struct.rw_semaphore* %28) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mlockall 1 __x64_sys_mlockall ------------- Path:  Function:__x64_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #83 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.130092* %10 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %9, i64 0, i32 104 %11 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %10, align 8 %12 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %11, i64 0, i32 50, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #83 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.130035*, %struct.signal_struct.130035** %10, align 8 br label %19 %20 = phi %struct.signal_struct.130035* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.130035, %struct.signal_struct.130035* %20, i64 0, i32 50, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %9, i64 0, i32 47 %25 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %24, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %25, i1 zeroext true) #83 br label %27 %28 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %25, i64 0, i32 0, i32 17 %29 = tail call i32 @down_write_killable(%struct.rw_semaphore* %28) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlock 1 __ia32_sys_munlock ------------- Path:  Function:__ia32_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__do_sys_munlock(i64 %4, i64 %7) #83 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130092* %5 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %4, i64 0, i32 47 %6 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %5, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %6, i1 zeroext true) #83 br label %8 %9 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %6, i64 0, i32 0, i32 17 %10 = tail call i32 @down_write_killable(%struct.rw_semaphore* %9) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlock 1 __x64_sys_munlock ------------- Path:  Function:__x64_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__do_sys_munlock(i64 %3, i64 %5) #83 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130092* %5 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %4, i64 0, i32 47 %6 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %5, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %6, i1 zeroext true) #83 br label %8 %9 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %6, i64 0, i32 0, i32 17 %10 = tail call i32 @down_write_killable(%struct.rw_semaphore* %9) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlockall ------------- Path:  Function:__do_sys_munlockall %2 = alloca %struct.vm_area_struct.129974*, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.130092** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.130092**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.130092* %5 = getelementptr inbounds %struct.task_struct.130092, %struct.task_struct.130092* %4, i64 0, i32 47 %6 = load %struct.mm_struct.129985*, %struct.mm_struct.129985** %5, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlockall, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.129985*, i1)*)(%struct.mm_struct.129985* %6, i1 zeroext true) #83 br label %8 %9 = getelementptr inbounds %struct.mm_struct.129985, %struct.mm_struct.129985* %6, i64 0, i32 0, i32 17 %10 = tail call i32 @down_write_killable(%struct.rw_semaphore* %9) #83 ------------- Use: =BAD PATH= Call Stack: 0 vm_mmap_pgoff 1 vm_mmap 2 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %153 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %11 = bitcast %struct.mutex* %10 to i8* %12 = load i8, i8* %11, align 8 %13 = icmp ugt i8 %12, 12 br i1 %13, label %153, label %14 %15 = getelementptr inbounds i8, i8* %1, i64 32 %16 = bitcast i8* %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ult i64 %17, 2 br i1 %18, label %19, label %153 %20 = icmp eq i64 %17, 0 br i1 %20, label %25, label %21 %22 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %23 = and i64 %22, 65536 %24 = icmp eq i64 %23, 0 br i1 %24, label %153, label %25 %26 = bitcast i8* %1 to i32* %27 = load i32, i32* %26, align 8 tail call void @__rcu_read_lock() #83 %28 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %29 = zext i32 %27 to i64 %30 = tail call i8* @idr_find(%struct.idr* %28, i64 %29) #83 %31 = icmp eq i8* %30, null br i1 %31, label %55, label %32 %33 = bitcast i8* %30 to %struct.seqcount_spinlock* %34 = bitcast i8* %30 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %34, i32 %39, i32* nonnull %34, i32 %38) #6, !srcloc !4 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %45 = extractvalue { i8, i32 } %40, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %37 %48 = phi i32 [ 0, %32 ], [ %38, %37 ], [ 0, %44 ] %49 = add i32 %48, 1 %50 = or i32 %49, %48 %51 = icmp sgt i32 %50, -1 br i1 %51, label %53, label %52, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %33, i32 0) #83 br label %53 %54 = icmp eq i32 %48, 0 br i1 %54, label %55, label %56 tail call void @__rcu_read_unlock() #83 %57 = getelementptr inbounds i8, i8* %30, i64 16 %58 = bitcast i8* %57 to %struct.file** %59 = load %struct.file*, %struct.file** %58, align 8 %60 = icmp eq %struct.file* %59, null br i1 %60, label %140, label %61 %62 = getelementptr inbounds i8, i8* %1, i64 8 %63 = bitcast i8* %62 to i64* %64 = load i64, i64* %63, align 8 %65 = getelementptr inbounds i8, i8* %1, i64 16 %66 = bitcast i8* %65 to i64* %67 = getelementptr inbounds i8, i8* %30, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %64 br i1 %70, label %71, label %140 %72 = load i64, i64* %66, align 8 %73 = sub i64 %69, %64 %74 = icmp ugt i64 %72, %73 br i1 %74, label %140, label %75 %76 = tail call i64 @vm_mmap(%struct.file* nonnull %59, i64 0, i64 %72, i64 3, i64 1, i64 %64) #83 Function:vm_mmap %7 = add i64 %2, 4095 %8 = and i64 %7, -4096 %9 = xor i64 %5, -1 %10 = icmp ule i64 %8, %9 %11 = and i64 %5, 4095 %12 = icmp eq i64 %11, 0 %13 = and i1 %10, %12 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %15 = lshr i64 %5, 12 %16 = tail call i64 @vm_mmap_pgoff(%struct.file* %0, i64 %1, i64 %2, i64 %3, i64 %4, i64 %15) #83 Function:vm_mmap_pgoff %7 = alloca i64, align 8 %8 = alloca %struct.list_head, align 8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = bitcast i64* %7 to i8* %14 = bitcast %struct.list_head* %8 to i8* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %16, align 8 %17 = call i32 @security_mmap_file(%struct.file* %0, i64 %3, i64 %4) #83 %18 = sext i32 %17 to i64 %19 = icmp eq i32 %17, 0 br i1 %19, label %20, label %37 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@vm_mmap_pgoff, %21)) #6 to label %22 [label %21], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %12, i1 zeroext true) #83 br label %22 %23 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %12, i64 0, i32 0, i32 17 %24 = call i32 @down_write_killable(%struct.rw_semaphore* %23) #83 ------------- Use: =BAD PATH= Call Stack: 0 write_ldt 1 __se_sys_modify_ldt 2 __ia32_sys_modify_ldt ------------- Path:  Function:__ia32_sys_modify_ldt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_modify_ldt(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_modify_ldt %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to i8* switch i32 %4, label %50 [ i32 0, label %6 i32 1, label %39 i32 2, label %41 i32 17, label %48 ] %49 = tail call fastcc i32 @write_ldt(i8* %5, i64 %2, i32 0) #83 Function:write_ldt %4 = alloca i64, align 8 %5 = alloca %struct.spinlock*, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.user_desc, align 4 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 47 %11 = load %struct.mm_struct*, %struct.mm_struct** %10, align 8 %12 = bitcast %struct.user_desc* %7 to i8* %13 = icmp eq i64 %1, 16 br i1 %13, label %14, label %267 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %0, i64 16) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %267 %18 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp ugt i32 %19, 8191 br i1 %20, label %267, label %21 %22 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 3 %23 = load i8, i8* %22, align 4 %24 = and i8 %23, 6 %25 = icmp eq i8 %24, 6 br i1 %25, label %26, label %31 %27 = icmp ne i32 %2, 0 %28 = and i8 %23, 32 %29 = icmp eq i8 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %267, label %41 %42 = phi i1 [ false, %37 ], [ false, %33 ], [ true, %31 ], [ true, %26 ] %43 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %44, 0 %46 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 2 %47 = load i32, i32* %46, align 4 br i1 %45, label %48, label %53 %49 = icmp eq i32 %47, 0 %50 = and i8 %23, 127 %51 = icmp eq i8 %50, 40 %52 = and i1 %51, %49 br i1 %52, label %97, label %53 %98 = phi i64 [ 0, %37 ], [ %92, %53 ], [ 0, %48 ] %99 = phi i64 [ 0, %37 ], [ %94, %53 ], [ 0, %48 ] %100 = phi i64 [ 0, %37 ], [ %96, %53 ], [ 0, %48 ] %101 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %11, i64 0, i32 0, i32 44, i32 2 %102 = call i32 @down_write_killable(%struct.rw_semaphore* %101) #83 ------------- Use: =BAD PATH= Call Stack: 0 write_ldt 1 __se_sys_modify_ldt 2 __x64_sys_modify_ldt ------------- Path:  Function:__x64_sys_modify_ldt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_modify_ldt(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_modify_ldt %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to i8* switch i32 %4, label %50 [ i32 0, label %6 i32 1, label %39 i32 2, label %41 i32 17, label %48 ] %49 = tail call fastcc i32 @write_ldt(i8* %5, i64 %2, i32 0) #83 Function:write_ldt %4 = alloca i64, align 8 %5 = alloca %struct.spinlock*, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.user_desc, align 4 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 47 %11 = load %struct.mm_struct*, %struct.mm_struct** %10, align 8 %12 = bitcast %struct.user_desc* %7 to i8* %13 = icmp eq i64 %1, 16 br i1 %13, label %14, label %267 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %0, i64 16) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %267 %18 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp ugt i32 %19, 8191 br i1 %20, label %267, label %21 %22 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 3 %23 = load i8, i8* %22, align 4 %24 = and i8 %23, 6 %25 = icmp eq i8 %24, 6 br i1 %25, label %26, label %31 %27 = icmp ne i32 %2, 0 %28 = and i8 %23, 32 %29 = icmp eq i8 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %267, label %41 %42 = phi i1 [ false, %37 ], [ false, %33 ], [ true, %31 ], [ true, %26 ] %43 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %44, 0 %46 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 2 %47 = load i32, i32* %46, align 4 br i1 %45, label %48, label %53 %49 = icmp eq i32 %47, 0 %50 = and i8 %23, 127 %51 = icmp eq i8 %50, 40 %52 = and i1 %51, %49 br i1 %52, label %97, label %53 %98 = phi i64 [ 0, %37 ], [ %92, %53 ], [ 0, %48 ] %99 = phi i64 [ 0, %37 ], [ %94, %53 ], [ 0, %48 ] %100 = phi i64 [ 0, %37 ], [ %96, %53 ], [ 0, %48 ] %101 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %11, i64 0, i32 0, i32 44, i32 2 %102 = call i32 @down_write_killable(%struct.rw_semaphore* %101) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #83 br label %188 %189 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %186, i64 0, i32 0, i32 17 %190 = tail call i32 @down_write_killable(%struct.rw_semaphore* %189) #83 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 47 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #83 br label %188 %189 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %186, i64 0, i32 0, i32 17 %190 = tail call i32 @down_write_killable(%struct.rw_semaphore* %189) #83 ------------- Good: 54 Bad: 31 Ignored: 82 Check Use of Function:tcf_proto_lookup_ops Check Use of Function:fs_context_for_reconfigure Check Use of Function:blk_rq_map_user_iov Check Use of Function:check_cgroupfs_options Check Use of Function:scsi_run_host_queues Check Use of Function:pipe_write Check Use of Function:drm_client_dev_restore Check Use of Function:rtnl_register Check Use of Function:rt6_lookup Check Use of Function:__cpuhp_remove_state Check Use of Function:vfs_link Check Use of Function:panic Use: =BAD PATH= Call Stack: 0 snd_disconnect_release ------------- Path:  Function:snd_disconnect_release tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @shutdown_lock, i64 0, i32 0, i32 0)) #83 %3 = load i8*, i8** bitcast (%struct.list_head* @shutdown_files to i8**), align 8 %4 = icmp eq i8* %3, bitcast (%struct.list_head* @shutdown_files to i8*) br i1 %4, label %5, label %6 %7 = phi i8* [ %14, %12 ], [ %3, %2 ] %8 = getelementptr i8, i8* %7, i64 -16 %9 = bitcast i8* %8 to %struct.file** %10 = load %struct.file*, %struct.file** %9, align 8 %11 = icmp eq %struct.file* %10, %1 br i1 %11, label %16, label %12 %13 = bitcast i8* %7 to i8** %14 = load i8*, i8** %13, align 8 %15 = icmp eq i8* %14, bitcast (%struct.list_head* @shutdown_files to i8*) br i1 %15, label %5, label %6 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @shutdown_lock, i64 0, i32 0, i32 0)) #83 br label %48 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.25.63114, i64 0, i64 0), i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_disconnect_release, i64 0, i64 0), %struct.inode* %0, %struct.file* %1) #84 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_end_delegation_return 3 nfs4_inode_return_delegation 4 nfs4_inode_make_writeable 5 _nfs4_do_setattr 6 nfs4_do_setattr 7 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.cred, %struct.cred* %195, i64 0, i32 0, i32 0 %199 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %198, i32* %198) #6, !srcloc !11 %200 = and i8 %199, 1 %201 = icmp eq i8 %200, 0 br i1 %201, label %203, label %202 tail call void @__put_cred(%struct.cred* nonnull %195) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_end_delegation_return 3 nfs4_inode_return_delegation 4 nfs4_inode_make_writeable 5 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.233146** %6 = load %struct.nfs_renameargs.233146*, %struct.nfs_renameargs.233146** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.233147** %9 = load %struct.nfs_renameres.233147*, %struct.nfs_renameres.233147** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.cred, %struct.cred* %195, i64 0, i32 0, i32 0 %199 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %198, i32* %198) #6, !srcloc !11 %200 = and i8 %199, 1 %201 = icmp eq i8 %200, 0 br i1 %201, label %203, label %202 tail call void @__put_cred(%struct.cred* nonnull %195) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_end_delegation_return 3 nfs4_inode_return_delegation 4 nfs4_inode_make_writeable 5 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.cred, %struct.cred* %195, i64 0, i32 0, i32 0 %199 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %198, i32* %198) #6, !srcloc !11 %200 = and i8 %199, 1 %201 = icmp eq i8 %200, 0 br i1 %201, label %203, label %202 tail call void @__put_cred(%struct.cred* nonnull %195) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_end_delegation_return 3 nfs4_inode_return_delegation 4 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.233142** %6 = load %struct.nfs_removeargs.233142*, %struct.nfs_removeargs.233142** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.233144** %9 = load %struct.nfs_removeres.233144*, %struct.nfs_removeres.233144** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.233131** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #83 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.cred, %struct.cred* %195, i64 0, i32 0, i32 0 %199 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %198, i32* %198) #6, !srcloc !11 %200 = and i8 %199, 1 %201 = icmp eq i8 %200, 0 br i1 %201, label %203, label %202 tail call void @__put_cred(%struct.cred* nonnull %195) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_complete_unlink 3 nfs_dentry_iput ------------- Path:  Function:nfs_dentry_iput %3 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 4096 %6 = icmp eq i32 %5, 0 br i1 %6, label %18, label %7 tail call void bitcast (void (%struct.dentry.220135*, %struct.inode.220132*)* @nfs_complete_unlink to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %0, %struct.inode* %1) #83 Function:nfs_complete_unlink %3 = alloca %struct.rpc_message.220176, align 8 %4 = alloca %struct.rpc_task_setup.220214, align 8 %5 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %0, i64 0, i32 7, i32 0 %6 = bitcast %struct.anon.1* %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #83 %7 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %0, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, -4097 store i32 %9, i32* %7, align 8 %10 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %0, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.nfs_unlinkdata.220198** %12 = load %struct.nfs_unlinkdata.220198*, %struct.nfs_unlinkdata.220198** %11, align 8 store i8* null, i8** %10, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %6) #83 %13 = getelementptr %struct.inode.220132, %struct.inode.220132* %1, i64 -1, i32 24, i32 4 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 9 %15 = bitcast %struct.list_head* %14 to i64* %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 2 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %115 %20 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %0, i64 0, i32 3 %21 = load %struct.dentry.220135*, %struct.dentry.220135** %20, align 8 %22 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %21, i64 0, i32 5 %23 = load %struct.inode.220132*, %struct.inode.220132** %22, align 8 %24 = getelementptr %struct.inode.220132, %struct.inode.220132* %23, i64 -1, i32 24, i32 4 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 15, i32 1 %26 = bitcast %struct.list_head** %25 to %struct.rw_semaphore* tail call void @down_read(%struct.rw_semaphore* %26) #83 %27 = load %struct.dentry.220135*, %struct.dentry.220135** %20, align 8 %28 = getelementptr inbounds %struct.nfs_unlinkdata.220198, %struct.nfs_unlinkdata.220198* %12, i64 0, i32 0, i32 2 %29 = getelementptr inbounds %struct.nfs_unlinkdata.220198, %struct.nfs_unlinkdata.220198* %12, i64 0, i32 3 %30 = tail call %struct.dentry.220135* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.220135* (%struct.dentry.220135*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.220135* %27, %struct.qstr* %28, %struct.wait_queue_head* %29) #83 %31 = icmp ugt %struct.dentry.220135* %30, inttoptr (i64 -4096 to %struct.dentry.220135*) br i1 %31, label %32, label %33 %34 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %30, i64 0, i32 0 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, 268435456 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %53 %39 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %30, i64 0, i32 7, i32 0 %40 = bitcast %struct.anon.1* %39 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %40) #83 %41 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %30, i64 0, i32 5 %42 = load %struct.inode.220132*, %struct.inode.220132** %41, align 8 %43 = icmp eq %struct.inode.220132* %42, null br i1 %43, label %113, label %44 %45 = load i32, i32* %34, align 8 %46 = and i32 %45, 4096 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %114 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %40) #83 tail call void bitcast (void (%struct.dentry.148048*)* @dput to void (%struct.dentry.220135*)*)(%struct.dentry.220135* %30) #83 tail call void @up_read(%struct.rw_semaphore* %26) #83 tail call void @kfree(i8* null) #83 br label %115 %116 = getelementptr inbounds %struct.nfs_unlinkdata.220198, %struct.nfs_unlinkdata.220198* %12, i64 0, i32 4 %117 = load %struct.cred*, %struct.cred** %116, align 8 %118 = icmp eq %struct.cred* %117, null br i1 %118, label %125, label %119 %120 = getelementptr inbounds %struct.cred, %struct.cred* %117, i64 0, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !4 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void @__put_cred(%struct.cred* nonnull %117) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __put_nfs_open_context 3 nfs_file_clear_open_context 4 nfs_file_release ------------- Path:  Function:nfs_file_release %3 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %0, i64 0, i32 8 %4 = load %struct.super_block.213267*, %struct.super_block.213267** %3, align 8 %5 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.213423** %7 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %7, i64 0, i32 6 %9 = load %struct.nfs_iostats*, %struct.nfs_iostats** %8, align 8 %10 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %9, i64 0, i32 1, i64 17 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %10, i64* %10) #6, !srcloc !4 tail call void bitcast (void (%struct.file.214359*)* @nfs_file_clear_open_context to void (%struct.file.213286*)*)(%struct.file.213286* %1) #83 Function:nfs_file_clear_open_context %2 = getelementptr inbounds %struct.file.214359, %struct.file.214359* %0, i64 0, i32 16 %3 = bitcast i8** %2 to %struct.nfs_open_context.214915** %4 = load %struct.nfs_open_context.214915*, %struct.nfs_open_context.214915** %3, align 8 %5 = icmp eq %struct.nfs_open_context.214915* %4, null br i1 %5, label %21, label %6 %7 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %4, i64 0, i32 2 %8 = load %struct.dentry.214823*, %struct.dentry.214823** %7, align 8 %9 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %8, i64 0, i32 5 %10 = load %struct.inode.214835*, %struct.inode.214835** %9, align 8 %11 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %4, i64 0, i32 7 %12 = bitcast i64* %11 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %12, i32 -17, i8* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %4, i64 0, i32 8 %14 = load i32, i32* %13, align 8 %15 = icmp slt i32 %14, 0 br i1 %15, label %16, label %20 %17 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %10, i64 0, i32 9 %18 = load %struct.address_space.214836*, %struct.address_space.214836** %17, align 8 %19 = tail call i32 bitcast (i32 (%struct.address_space.121998*)* @invalidate_inode_pages2 to i32 (%struct.address_space.214836*)*)(%struct.address_space.214836* %18) #83 br label %20 store i8* null, i8** %2, align 8 tail call fastcc void @__put_nfs_open_context(%struct.nfs_open_context.214915* nonnull %4, i32 1) #83 Function:__put_nfs_open_context %3 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 2 %4 = load %struct.dentry.214823*, %struct.dentry.214823** %3, align 8 %5 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %4, i64 0, i32 5 %6 = load %struct.inode.214835*, %struct.inode.214835** %5, align 8 %7 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %4, i64 0, i32 9 %8 = load %struct.super_block.214819*, %struct.super_block.214819** %7, align 8 %9 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0 %10 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 9 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %30, label %23 %31 = icmp eq %struct.inode.214835* %6, null br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 3 %46 = load %struct.cred*, %struct.cred** %45, align 8 %47 = icmp eq %struct.cred* %46, null br i1 %47, label %54, label %48 %49 = getelementptr inbounds %struct.cred, %struct.cred* %46, i64 0, i32 0, i32 0 %50 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %49, i32* %49) #6, !srcloc !8 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %54, label %53 tail call void @__put_cred(%struct.cred* nonnull %46) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 put_fs_context 3 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.156180*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #83 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 5 %3 = load %struct.dentry.156117*, %struct.dentry.156117** %2, align 8 %4 = icmp eq %struct.dentry.156117* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.155755*, %struct.fs_context_operations.155755** %15, align 8 %17 = icmp eq %struct.fs_context_operations.155755* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.155755, %struct.fs_context_operations.155755* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.156180*)*, void (%struct.fs_context.156180*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.156180*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #83 %25 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 %32 = add i32 %29, -1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !5, !misexpect !6 %38 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 8 %39 = load %struct.cred*, %struct.cred** %38, align 8 %40 = icmp eq %struct.cred* %39, null br i1 %40, label %47, label %41 %42 = getelementptr inbounds %struct.cred, %struct.cred* %39, i64 0, i32 0, i32 0 %43 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32* %42) #6, !srcloc !8 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %47, label %46 tail call void @__put_cred(%struct.cred* nonnull %39) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_keyctl 4 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %348 = phi %struct.cred.265010* [ %346, %344 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %349 = phi %struct.__key_reference_with_attributes* [ %345, %344 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %350 = icmp eq %struct.cred.265010* %348, null br i1 %350, label %357, label %351 %352 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %348, i64 0, i32 0, i32 0 %353 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %352, i32* %352) #6, !srcloc !11 %354 = and i8 %353, 1 %355 = icmp eq i8 %354, 0 br i1 %355, label %357, label %356 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %348) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_keyctl 4 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %348 = phi %struct.cred.265010* [ %346, %344 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %349 = phi %struct.__key_reference_with_attributes* [ %345, %344 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %350 = icmp eq %struct.cred.265010* %348, null br i1 %350, label %357, label %351 %352 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %348, i64 0, i32 0, i32 0 %353 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %352, i32* %352) #6, !srcloc !11 %354 = and i8 %353, 1 %355 = icmp eq i8 %354, 0 br i1 %355, label %357, label %356 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %348) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 keyctl_keyring_move 4 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %348 = phi %struct.cred.265010* [ %346, %344 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %349 = phi %struct.__key_reference_with_attributes* [ %345, %344 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %350 = icmp eq %struct.cred.265010* %348, null br i1 %350, label %357, label %351 %352 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %348, i64 0, i32 0, i32 0 %353 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %352, i32* %352) #6, !srcloc !11 %354 = and i8 %353, 1 %355 = icmp eq i8 %354, 0 br i1 %355, label %357, label %356 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %348) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_add_key 4 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %348 = phi %struct.cred.265010* [ %346, %344 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %349 = phi %struct.__key_reference_with_attributes* [ %345, %344 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %350 = icmp eq %struct.cred.265010* %348, null br i1 %350, label %357, label %351 %352 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %348, i64 0, i32 0, i32 0 %353 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %352, i32* %352) #6, !srcloc !11 %354 = and i8 %353, 1 %355 = icmp eq i8 %354, 0 br i1 %355, label %357, label %356 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %348) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_add_key 4 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %348 = phi %struct.cred.265010* [ %346, %344 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %349 = phi %struct.__key_reference_with_attributes* [ %345, %344 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %350 = icmp eq %struct.cred.265010* %348, null br i1 %350, label %357, label %351 %352 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %348, i64 0, i32 0, i32 0 %353 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %352, i32* %352) #6, !srcloc !11 %354 = and i8 %353, 1 %355 = icmp eq i8 %354, 0 br i1 %355, label %357, label %356 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %348) #83 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !8 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.cred*, %struct.cred** %9, align 8 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !9, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 93 %15 = load %struct.cred*, %struct.cred** %14, align 32 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !9, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.26* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.26, %union.anon.26* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #83 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6805, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #83 ------------- Good: 682 Bad: 36 Ignored: 379 Check Use of Function:scsi_autopm_get_host Check Use of Function:local_bh_enable.69575 Check Use of Function:drm_primary_helper_update Check Use of Function:proc_sys_read Check Use of Function:namespace_unlock Check Use of Function:pci_xr17v35x_setup Check Use of Function:_find_first_bit Use: =BAD PATH= Call Stack: 0 __caps_show 1 caps_show ------------- Path:  Function:caps_show %4 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %5 = bitcast %struct.kobject* %4 to %struct.intel_engine_cs.412371** %6 = load %struct.intel_engine_cs.412371*, %struct.intel_engine_cs.412371** %5, align 8 %7 = getelementptr inbounds %struct.intel_engine_cs.412371, %struct.intel_engine_cs.412371* %6, i64 0, i32 13 %8 = load i32, i32* %7, align 4 %9 = zext i32 %8 to i64 %10 = tail call fastcc i64 @__caps_show(%struct.intel_engine_cs.412371* %6, i64 %9, i8* %2, i1 zeroext true) #83 Function:__caps_show %5 = alloca i64, align 8 store i64 %1, i64* %5, align 8 %6 = getelementptr inbounds %struct.intel_engine_cs.412371, %struct.intel_engine_cs.412371* %0, i64 0, i32 9 %7 = load i8, i8* %6, align 4 switch i8 %7, label %9 [ i8 1, label %10 i8 2, label %8 ] %11 = phi i32 [ 0, %9 ], [ 2, %8 ], [ 2, %4 ] %12 = phi i8** [ null, %9 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vecs_caps, i64 0, i64 0), %8 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vcs_caps, i64 0, i64 0), %4 ] %13 = select i1 %3, i32 64, i32 %11 %14 = zext i32 %13 to i64 %15 = call i64 @_find_first_bit(i64* nonnull %5, i64 %14) #83 ------------- Use: =BAD PATH= Call Stack: 0 __caps_show 1 all_caps_show ------------- Path:  Function:all_caps_show %4 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %5 = bitcast %struct.kobject* %4 to %struct.intel_engine_cs.412371** %6 = load %struct.intel_engine_cs.412371*, %struct.intel_engine_cs.412371** %5, align 8 %7 = tail call fastcc i64 @__caps_show(%struct.intel_engine_cs.412371* %6, i64 -1, i8* %2, i1 zeroext false) #83 Function:__caps_show %5 = alloca i64, align 8 store i64 %1, i64* %5, align 8 %6 = getelementptr inbounds %struct.intel_engine_cs.412371, %struct.intel_engine_cs.412371* %0, i64 0, i32 9 %7 = load i8, i8* %6, align 4 switch i8 %7, label %9 [ i8 1, label %10 i8 2, label %8 ] %11 = phi i32 [ 0, %9 ], [ 2, %8 ], [ 2, %4 ] %12 = phi i8** [ null, %9 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vecs_caps, i64 0, i64 0), %8 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vcs_caps, i64 0, i64 0), %4 ] %13 = select i1 %3, i32 64, i32 %11 %14 = zext i32 %13 to i64 %15 = call i64 @_find_first_bit(i64* nonnull %5, i64 %14) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 94 %18 = load %struct.cred*, %struct.cred** %17, align 8 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 94 %19 = load %struct.cred*, %struct.cred** %18, align 8 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 94 %18 = load %struct.cred*, %struct.cred** %17, align 8 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 94 %19 = load %struct.cred*, %struct.cred** %18, align 8 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 94 %18 = load %struct.cred*, %struct.cred** %17, align 8 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %106 = inttoptr i64 %95 to %struct.ebitmap_node* %107 = trunc i64 %98 to i32 %108 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %106, i64 0, i32 2 %109 = load i32, i32* %108, align 8 %110 = add i32 %109, %107 %111 = load i32, i32* %84, align 8 %112 = icmp ult i32 %110, %111 br i1 %112, label %113, label %198 %114 = trunc i32 %90 to i16 %115 = add i16 %114, 1 br label %116 %117 = phi i32 [ %110, %113 ], [ %195, %193 ] %118 = phi i64 [ %95, %113 ], [ %194, %193 ] store i16 %115, i16* %85, align 2 %119 = trunc i32 %117 to i16 %120 = add i16 %119, 1 store i16 %120, i16* %86, align 2 %121 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %87, %struct.winsize* nonnull %14) #83 %122 = icmp eq %struct.avtab_node* %121, null br i1 %122, label %155, label %123 %124 = phi %struct.avtab_node* [ %153, %150 ], [ %121, %116 ] %125 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %124, i64 0, i32 0, i32 3 %126 = load i16, i16* %125, align 2 switch i16 %126, label %145 [ i16 1, label %127 i16 2, label %133 i16 4, label %139 ] %146 = and i16 %126, 1792 %147 = icmp eq i16 %146, 0 %148 = or i1 %19, %147 br i1 %148, label %150, label %149 %151 = load i16, i16* %45, align 2 %152 = zext i16 %151 to i32 %153 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %124, i32 %152) #83 %154 = icmp eq %struct.avtab_node* %153, null br i1 %154, label %155, label %123 call void @cond_compute_av(%struct.avtab* %88, %struct.winsize* nonnull %14, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #83 %156 = inttoptr i64 %118 to %struct.ebitmap_node* %157 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 1, i64 0 %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 2 %159 = load i32, i32* %158, align 8 %160 = add i32 %117, 1 %161 = sub i32 %160, %159 %162 = zext i32 %161 to i64 %163 = call i64 @_find_next_bit(i64* %157, i64* null, i64 384, i64 %162, i64 0, i64 0) #83 %164 = and i64 %163, 4294967168 %165 = icmp ult i64 %164, 384 br i1 %165, label %166, label %170 %171 = inttoptr i64 %118 to i64* %172 = load i64, i64* %171, align 8 %173 = icmp eq i64 %172, 0 br i1 %173, label %191, label %174 %175 = phi i64 [ %189, %187 ], [ %172, %170 ] %176 = inttoptr i64 %175 to %struct.ebitmap_node* %177 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %176, i64 0, i32 1, i64 0 %178 = call i64 @_find_first_bit(i64* %177, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %106 = inttoptr i64 %95 to %struct.ebitmap_node* %107 = trunc i64 %98 to i32 %108 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %106, i64 0, i32 2 %109 = load i32, i32* %108, align 8 %110 = add i32 %109, %107 %111 = load i32, i32* %84, align 8 %112 = icmp ult i32 %110, %111 br i1 %112, label %113, label %198 %114 = trunc i32 %90 to i16 %115 = add i16 %114, 1 br label %116 %117 = phi i32 [ %110, %113 ], [ %195, %193 ] %118 = phi i64 [ %95, %113 ], [ %194, %193 ] store i16 %115, i16* %85, align 2 %119 = trunc i32 %117 to i16 %120 = add i16 %119, 1 store i16 %120, i16* %86, align 2 %121 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %87, %struct.winsize* nonnull %14) #83 %122 = icmp eq %struct.avtab_node* %121, null br i1 %122, label %155, label %123 %124 = phi %struct.avtab_node* [ %153, %150 ], [ %121, %116 ] %125 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %124, i64 0, i32 0, i32 3 %126 = load i16, i16* %125, align 2 switch i16 %126, label %145 [ i16 1, label %127 i16 2, label %133 i16 4, label %139 ] %146 = and i16 %126, 1792 %147 = icmp eq i16 %146, 0 %148 = or i1 %19, %147 br i1 %148, label %150, label %149 %151 = load i16, i16* %45, align 2 %152 = zext i16 %151 to i32 %153 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %124, i32 %152) #83 %154 = icmp eq %struct.avtab_node* %153, null br i1 %154, label %155, label %123 call void @cond_compute_av(%struct.avtab* %88, %struct.winsize* nonnull %14, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #83 %156 = inttoptr i64 %118 to %struct.ebitmap_node* %157 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 1, i64 0 %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 2 %159 = load i32, i32* %158, align 8 %160 = add i32 %117, 1 %161 = sub i32 %160, %159 %162 = zext i32 %161 to i64 %163 = call i64 @_find_next_bit(i64* %157, i64* null, i64 384, i64 %162, i64 0, i64 0) #83 %164 = and i64 %163, 4294967168 %165 = icmp ult i64 %164, 384 br i1 %165, label %166, label %170 %171 = inttoptr i64 %118 to i64* %172 = load i64, i64* %171, align 8 %173 = icmp eq i64 %172, 0 br i1 %173, label %191, label %174 %175 = phi i64 [ %189, %187 ], [ %172, %170 ] %176 = inttoptr i64 %175 to %struct.ebitmap_node* %177 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %176, i64 0, i32 1, i64 0 %178 = call i64 @_find_first_bit(i64* %177, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %106 = inttoptr i64 %95 to %struct.ebitmap_node* %107 = trunc i64 %98 to i32 %108 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %106, i64 0, i32 2 %109 = load i32, i32* %108, align 8 %110 = add i32 %109, %107 %111 = load i32, i32* %84, align 8 %112 = icmp ult i32 %110, %111 br i1 %112, label %113, label %198 %114 = trunc i32 %90 to i16 %115 = add i16 %114, 1 br label %116 %117 = phi i32 [ %110, %113 ], [ %195, %193 ] %118 = phi i64 [ %95, %113 ], [ %194, %193 ] store i16 %115, i16* %85, align 2 %119 = trunc i32 %117 to i16 %120 = add i16 %119, 1 store i16 %120, i16* %86, align 2 %121 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %87, %struct.winsize* nonnull %14) #83 %122 = icmp eq %struct.avtab_node* %121, null br i1 %122, label %155, label %123 %124 = phi %struct.avtab_node* [ %153, %150 ], [ %121, %116 ] %125 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %124, i64 0, i32 0, i32 3 %126 = load i16, i16* %125, align 2 switch i16 %126, label %145 [ i16 1, label %127 i16 2, label %133 i16 4, label %139 ] %146 = and i16 %126, 1792 %147 = icmp eq i16 %146, 0 %148 = or i1 %19, %147 br i1 %148, label %150, label %149 %151 = load i16, i16* %45, align 2 %152 = zext i16 %151 to i32 %153 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %124, i32 %152) #83 %154 = icmp eq %struct.avtab_node* %153, null br i1 %154, label %155, label %123 call void @cond_compute_av(%struct.avtab* %88, %struct.winsize* nonnull %14, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #83 %156 = inttoptr i64 %118 to %struct.ebitmap_node* %157 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 1, i64 0 %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 2 %159 = load i32, i32* %158, align 8 %160 = add i32 %117, 1 %161 = sub i32 %160, %159 %162 = zext i32 %161 to i64 %163 = call i64 @_find_next_bit(i64* %157, i64* null, i64 384, i64 %162, i64 0, i64 0) #83 %164 = and i64 %163, 4294967168 %165 = icmp ult i64 %164, 384 br i1 %165, label %166, label %170 %171 = inttoptr i64 %118 to i64* %172 = load i64, i64* %171, align 8 %173 = icmp eq i64 %172, 0 br i1 %173, label %191, label %174 %175 = phi i64 [ %189, %187 ], [ %172, %170 ] %176 = inttoptr i64 %175 to %struct.ebitmap_node* %177 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %176, i64 0, i32 1, i64 0 %178 = call i64 @_find_first_bit(i64* %177, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 94 %19 = load %struct.cred*, %struct.cred** %18, align 8 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %106 = inttoptr i64 %95 to %struct.ebitmap_node* %107 = trunc i64 %98 to i32 %108 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %106, i64 0, i32 2 %109 = load i32, i32* %108, align 8 %110 = add i32 %109, %107 %111 = load i32, i32* %84, align 8 %112 = icmp ult i32 %110, %111 br i1 %112, label %113, label %198 %114 = trunc i32 %90 to i16 %115 = add i16 %114, 1 br label %116 %117 = phi i32 [ %110, %113 ], [ %195, %193 ] %118 = phi i64 [ %95, %113 ], [ %194, %193 ] store i16 %115, i16* %85, align 2 %119 = trunc i32 %117 to i16 %120 = add i16 %119, 1 store i16 %120, i16* %86, align 2 %121 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %87, %struct.winsize* nonnull %14) #83 %122 = icmp eq %struct.avtab_node* %121, null br i1 %122, label %155, label %123 %124 = phi %struct.avtab_node* [ %153, %150 ], [ %121, %116 ] %125 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %124, i64 0, i32 0, i32 3 %126 = load i16, i16* %125, align 2 switch i16 %126, label %145 [ i16 1, label %127 i16 2, label %133 i16 4, label %139 ] %146 = and i16 %126, 1792 %147 = icmp eq i16 %146, 0 %148 = or i1 %19, %147 br i1 %148, label %150, label %149 %151 = load i16, i16* %45, align 2 %152 = zext i16 %151 to i32 %153 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %124, i32 %152) #83 %154 = icmp eq %struct.avtab_node* %153, null br i1 %154, label %155, label %123 call void @cond_compute_av(%struct.avtab* %88, %struct.winsize* nonnull %14, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #83 %156 = inttoptr i64 %118 to %struct.ebitmap_node* %157 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 1, i64 0 %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 2 %159 = load i32, i32* %158, align 8 %160 = add i32 %117, 1 %161 = sub i32 %160, %159 %162 = zext i32 %161 to i64 %163 = call i64 @_find_next_bit(i64* %157, i64* null, i64 384, i64 %162, i64 0, i64 0) #83 %164 = and i64 %163, 4294967168 %165 = icmp ult i64 %164, 384 br i1 %165, label %166, label %170 %171 = inttoptr i64 %118 to i64* %172 = load i64, i64* %171, align 8 %173 = icmp eq i64 %172, 0 br i1 %173, label %191, label %174 %175 = phi i64 [ %189, %187 ], [ %172, %170 ] %176 = inttoptr i64 %175 to %struct.ebitmap_node* %177 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %176, i64 0, i32 1, i64 0 %178 = call i64 @_find_first_bit(i64* %177, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 94 %18 = load %struct.cred*, %struct.cred** %17, align 8 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %102 = inttoptr i64 %95 to i64* %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %198, label %94 %199 = inttoptr i64 %91 to %struct.ebitmap_node* %200 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 1, i64 0 %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 2 %202 = load i32, i32* %201, align 8 %203 = add i32 %90, 1 %204 = sub i32 %203, %202 %205 = zext i32 %204 to i64 %206 = call i64 @_find_next_bit(i64* %200, i64* null, i64 384, i64 %205, i64 0, i64 0) #83 %207 = and i64 %206, 4294967168 %208 = icmp ult i64 %207, 384 br i1 %208, label %209, label %213 %214 = inttoptr i64 %91 to i64* %215 = load i64, i64* %214, align 8 %216 = icmp eq i64 %215, 0 br i1 %216, label %234, label %217 %218 = phi i64 [ %232, %230 ], [ %215, %213 ] %219 = inttoptr i64 %218 to %struct.ebitmap_node* %220 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %219, i64 0, i32 1, i64 0 %221 = call i64 @_find_first_bit(i64* %220, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %102 = inttoptr i64 %95 to i64* %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %198, label %94 %199 = inttoptr i64 %91 to %struct.ebitmap_node* %200 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 1, i64 0 %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 2 %202 = load i32, i32* %201, align 8 %203 = add i32 %90, 1 %204 = sub i32 %203, %202 %205 = zext i32 %204 to i64 %206 = call i64 @_find_next_bit(i64* %200, i64* null, i64 384, i64 %205, i64 0, i64 0) #83 %207 = and i64 %206, 4294967168 %208 = icmp ult i64 %207, 384 br i1 %208, label %209, label %213 %214 = inttoptr i64 %91 to i64* %215 = load i64, i64* %214, align 8 %216 = icmp eq i64 %215, 0 br i1 %216, label %234, label %217 %218 = phi i64 [ %232, %230 ], [ %215, %213 ] %219 = inttoptr i64 %218 to %struct.ebitmap_node* %220 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %219, i64 0, i32 1, i64 0 %221 = call i64 @_find_first_bit(i64* %220, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %102 = inttoptr i64 %95 to i64* %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %198, label %94 %199 = inttoptr i64 %91 to %struct.ebitmap_node* %200 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 1, i64 0 %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 2 %202 = load i32, i32* %201, align 8 %203 = add i32 %90, 1 %204 = sub i32 %203, %202 %205 = zext i32 %204 to i64 %206 = call i64 @_find_next_bit(i64* %200, i64* null, i64 384, i64 %205, i64 0, i64 0) #83 %207 = and i64 %206, 4294967168 %208 = icmp ult i64 %207, 384 br i1 %208, label %209, label %213 %214 = inttoptr i64 %91 to i64* %215 = load i64, i64* %214, align 8 %216 = icmp eq i64 %215, 0 br i1 %216, label %234, label %217 %218 = phi i64 [ %232, %230 ], [ %215, %213 ] %219 = inttoptr i64 %218 to %struct.ebitmap_node* %220 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %219, i64 0, i32 1, i64 0 %221 = call i64 @_find_first_bit(i64* %220, i64 384) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 94 %19 = load %struct.cred*, %struct.cred** %18, align 8 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %102 = inttoptr i64 %95 to i64* %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %198, label %94 %199 = inttoptr i64 %91 to %struct.ebitmap_node* %200 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 1, i64 0 %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 2 %202 = load i32, i32* %201, align 8 %203 = add i32 %90, 1 %204 = sub i32 %203, %202 %205 = zext i32 %204 to i64 %206 = call i64 @_find_next_bit(i64* %200, i64* null, i64 384, i64 %205, i64 0, i64 0) #83 %207 = and i64 %206, 4294967168 %208 = icmp ult i64 %207, 384 br i1 %208, label %209, label %213 %214 = inttoptr i64 %91 to i64* %215 = load i64, i64* %214, align 8 %216 = icmp eq i64 %215, 0 br i1 %216, label %234, label %217 %218 = phi i64 [ %232, %230 ], [ %215, %213 ] %219 = inttoptr i64 %218 to %struct.ebitmap_node* %220 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %219, i64 0, i32 1, i64 0 %221 = call i64 @_find_first_bit(i64* %220, i64 384) #83 ------------- Good: 472 Bad: 18 Ignored: 509 Check Use of Function:ihold Check Use of Function:i915_ttm_adjust_lru Check Use of Function:nfs_create Check Use of Function:round_jiffies Check Use of Function:register_pernet_subsys Check Use of Function:attach_recursive_mnt Check Use of Function:__io_free_req Check Use of Function:init_link Check Use of Function:lru_cache_add_inactive_or_unevictable Check Use of Function:qdisc_put_unlocked Check Use of Function:parse_monolithic_mount_data Check Use of Function:_dev_warn Use: =BAD PATH= Call Stack: 0 cur_state_store ------------- Path:  Function:cur_state_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 36 %7 = bitcast %struct.dev_iommu** %6 to %struct.thermal_cooling_device* %8 = bitcast i64* %5 to i8* %9 = load i1, i1* @cur_state_store.__print_once, align 1 br i1 %9, label %13, label %10 store i1 true, i1* @cur_state_store.__print_once, align 1 %11 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %6, i64 2 %12 = bitcast %struct.dev_iommu** %11 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %12, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.31.59516, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 pcmcia_replace_cis 1 pccard_store_cis ------------- Path:  Function:pccard_store_cis %7 = tail call i32 @security_locked_down(i32 10) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -9, i32 1, i32 1 %13 = bitcast %struct.list_head** %12 to %struct.pcmcia_socket.645769* %14 = icmp ne i64 %4, 0 %15 = icmp ugt i64 %5, 511 %16 = or i1 %14, %15 br i1 %16, label %26, label %17 %18 = getelementptr inbounds %struct.pcmcia_socket.645769, %struct.pcmcia_socket.645769* %13, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %23 = tail call i32 @pcmcia_replace_cis(%struct.pcmcia_socket.645769* %13, i8* %3, i64 %5) #84 Function:pcmcia_replace_cis %4 = icmp ugt i64 %2, 512 br i1 %4, label %5, label %7 %6 = getelementptr inbounds %struct.pcmcia_socket.645769, %struct.pcmcia_socket.645769* %0, i64 0, i32 42 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %6, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.1.54804, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 stable_pages_required_show ------------- Path:  Function:stable_pages_required_show %4 = load i1, i1* @stable_pages_required_show.__print_once, align 1 br i1 %4, label %6, label %5 store i1 true, i1* @stable_pages_required_show.__print_once, align 1 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %0, i8* getelementptr inbounds ([102 x i8], [102 x i8]* @.str.7.14003, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.313800* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.13.30582, i64 0, i64 0)) #83 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 253 %14 = bitcast %struct.irq_domain** %13 to i8* store i8 0, i8* %14, align 8 %15 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 25 %16 = bitcast %struct.irq_domain** %15 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %16, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.79.30583, i64 0, i64 0)) #84 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_read 2 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_write 2 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_write %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 ------------- Good: 1435 Bad: 6 Ignored: 563 Check Use of Function:remove_proc_entry Check Use of Function:cpus_read_lock Use: =BAD PATH= Call Stack: 0 __kmem_cache_shrink 1 kmem_cache_shrink 2 shrink_store ------------- Path:  Function:shrink_store %4 = load i8, i8* %1, align 1 %5 = icmp eq i8 %4, 49 br i1 %5, label %6, label %8 %7 = tail call i32 @kmem_cache_shrink(%struct.kmem_cache* %0) #83 Function:kmem_cache_shrink %2 = tail call i32 @__kmem_cache_shrink(%struct.kmem_cache* %0) #83 Function:__kmem_cache_shrink %2 = alloca %struct.list_head, align 8 %3 = alloca [32 x %struct.list_head], align 16 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 cpu_partial_store ------------- Path:  Function:cpu_partial_store %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* %6 = call i32 @kstrtouint(i8* %1, i32 10, i32* nonnull %4) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %10, label %8 %11 = load i32, i32* %4, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %19, label %13 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@cpu_partial_store, %14)) #6 to label %19 [label %14], !srcloc !4 %20 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 7 store i32 %11, i32* %20, align 4 %21 = shl i32 %11, 1 %22 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 9, i32 0 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 65535 %25 = add i32 %21, -1 %26 = add i32 %25, %24 %27 = udiv i32 %26, %24 %28 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8 store i32 %27, i32* %28, align 8 call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %114, !prof !6, !misexpect !5 switch i32 %5, label %114 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %68 i32 8, label %78 i32 16, label %81 i32 32, label %91 i32 64, label %94 i32 256, label %104 ] %92 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #83 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 47 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 8 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %98, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 %59 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %59, align 8 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %114, !prof !6, !misexpect !5 switch i32 %5, label %114 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %68 i32 8, label %78 i32 16, label %81 i32 32, label %91 i32 64, label %94 i32 256, label %104 ] %92 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #83 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 47 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 8 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %98, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 %59 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %59, align 8 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %114, !prof !6, !misexpect !5 switch i32 %5, label %114 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %68 i32 8, label %78 i32 16, label %81 i32 32, label %91 i32 64, label %94 i32 256, label %104 ] %92 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #83 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 47 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 8 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %98, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %114, !prof !6, !misexpect !5 switch i32 %5, label %114 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %68 i32 8, label %78 i32 16, label %81 i32 32, label %91 i32 64, label %94 i32 256, label %104 ] %92 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #83 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 47 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 8 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %98, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_membarrier 1 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %114, !prof !6, !misexpect !5 switch i32 %5, label %114 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %68 i32 8, label %78 i32 16, label %81 i32 32, label %91 i32 64, label %94 i32 256, label %104 ] %25 = bitcast [1 x %struct.cpumask]* %4 to i8* %26 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %27 = icmp eq i32 %26, 1 br i1 %27, label %67, label %28 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %29, align 8 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_membarrier 1 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %114, !prof !6, !misexpect !5 switch i32 %5, label %114 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %68 i32 8, label %78 i32 16, label %81 i32 32, label %91 i32 64, label %94 i32 256, label %104 ] %25 = bitcast [1 x %struct.cpumask]* %4 to i8* %26 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %27 = icmp eq i32 %26, 1 br i1 %27, label %67, label %28 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %29, align 8 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 wq_pool_ids_show ------------- Path:  Function:wq_pool_ids_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %5 = bitcast i32* %4 to %struct.workqueue_struct** %6 = load %struct.workqueue_struct*, %struct.workqueue_struct** %5, align 8 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 wq_nice_store ------------- Path:  Function:wq_nice_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %6 = bitcast i32* %5 to %struct.workqueue_struct** %7 = load %struct.workqueue_struct*, %struct.workqueue_struct** %6, align 8 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 wq_cpumask_store ------------- Path:  Function:wq_cpumask_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %6 = bitcast i32* %5 to %struct.workqueue_struct** %7 = load %struct.workqueue_struct*, %struct.workqueue_struct** %6, align 8 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 wq_numa_store ------------- Path:  Function:wq_numa_store %5 = alloca i32, align 4 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %7 = bitcast i32* %6 to %struct.workqueue_struct** %8 = load %struct.workqueue_struct*, %struct.workqueue_struct** %7, align 8 %9 = bitcast i32* %5 to i8* tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 workqueue_set_unbound_cpumask 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #83 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %13 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0 %12 = call i32 @workqueue_set_unbound_cpumask(%struct.cpumask* nonnull %11) #84 Function:workqueue_set_unbound_cpumask %2 = alloca %struct.list_head, align 8 %3 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %4 = load i64, i64* %3, align 8 %5 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %6 = and i64 %5, %4 store i64 %6, i64* %3, align 8 %7 = icmp eq i64 %6, 0 br i1 %7, label %69, label %8 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 set_sysctl_tfa ------------- Path:  Function:set_sysctl_tfa %5 = alloca i8, align 1 %6 = call i32 @kstrtobool(i8* %2, i8* nonnull %5) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %10, label %8 %11 = load i8, i8* %5, align 1, !range !4 %12 = load i8, i8* @allow_tsx_force_abort, align 1, !range !4 %13 = icmp eq i8 %11, %12 br i1 %13, label %15, label %14 store i8 %11, i8* @allow_tsx_force_abort, align 1 call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_write ------------- Path:  Function:mtrr_write %5 = alloca i8*, align 8 %6 = alloca [80 x i8], align 16 %7 = bitcast i8** %5 to i8* %8 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %9 = icmp ult i64 %2, 79 %10 = select i1 %9, i64 %2, i64 79 %11 = call i64 @strncpy_from_user(i8* nonnull %8, i8* %1, i64 %10) #83 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %14, label %17 %18 = call i64 @strlen(i8* nonnull %8) #84 %19 = getelementptr [80 x i8], [80 x i8]* %6, i64 0, i64 %18 %20 = getelementptr i8, i8* %19, i64 -1 store i8* %20, i8** %5, align 8 %21 = icmp eq i64 %18, 0 br i1 %21, label %26, label %22 %27 = bitcast [80 x i8]* %6 to i64* %28 = load i64, i64* %27, align 16 %29 = icmp eq i64 %28, 4424061378758928740 br i1 %29, label %30, label %38 %31 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 8 %32 = call i64 @simple_strtoul(i8* %31, i8** nonnull %5, i32 0) #83 %33 = trunc i64 %32 to i32 %34 = call i32 @mtrr_del_page(i32 %33, i64 0, i64 0) #83 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* switch i32 %1, label %302 [ i32 1074810112, label %14 i32 1074810113, label %14 i32 1074810114, label %14 i32 1074810116, label %14 i32 1074810117, label %14 i32 1074810118, label %14 i32 1074810119, label %14 i32 1074810121, label %14 i32 -1072149245, label %17 i32 -1072149240, label %17 i32 1074547968, label %20 i32 1074547969, label %20 i32 1074547970, label %20 i32 1074547972, label %20 i32 1074547973, label %20 i32 1074547974, label %20 i32 1074547975, label %20 i32 1074547977, label %20 i32 -1072673533, label %53 i32 -1072673528, label %53 ] %15 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %95, label %302 switch i32 %1, label %302 [ i32 1074810112, label %96 i32 1074547968, label %96 i32 1074810113, label %105 i32 1074547969, label %105 i32 1074810114, label %114 i32 1074547970, label %114 i32 1074810116, label %143 i32 1074547972, label %143 i32 -1072149245, label %150 i32 -1072673533, label %150 i32 1074810117, label %178 i32 1074547973, label %178 i32 1074810118, label %187 i32 1074547974, label %187 i32 1074810119, label %196 i32 1074547975, label %196 i32 1074810121, label %219 i32 1074547977, label %219 i32 -1072149240, label %226 i32 -1072673528, label %226 ] %220 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %221 = load i64, i64* %220, align 8 %222 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %223 = load i32, i32* %222, align 8 %224 = zext i32 %223 to i64 %225 = call i32 @mtrr_del_page(i32 -1, i64 %221, i64 %224) #83 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* switch i32 %1, label %302 [ i32 1074810112, label %14 i32 1074810113, label %14 i32 1074810114, label %14 i32 1074810116, label %14 i32 1074810117, label %14 i32 1074810118, label %14 i32 1074810119, label %14 i32 1074810121, label %14 i32 -1072149245, label %17 i32 -1072149240, label %17 i32 1074547968, label %20 i32 1074547969, label %20 i32 1074547970, label %20 i32 1074547972, label %20 i32 1074547973, label %20 i32 1074547974, label %20 i32 1074547975, label %20 i32 1074547977, label %20 i32 -1072673533, label %53 i32 -1072673528, label %53 ] %15 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %95, label %302 switch i32 %1, label %302 [ i32 1074810112, label %96 i32 1074547968, label %96 i32 1074810113, label %105 i32 1074547969, label %105 i32 1074810114, label %114 i32 1074547970, label %114 i32 1074810116, label %143 i32 1074547972, label %143 i32 -1072149245, label %150 i32 -1072673533, label %150 i32 1074810117, label %178 i32 1074547973, label %178 i32 1074810118, label %187 i32 1074547974, label %187 i32 1074810119, label %196 i32 1074547975, label %196 i32 1074810121, label %219 i32 1074547977, label %219 i32 -1072149240, label %226 i32 -1072673528, label %226 ] %220 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %221 = load i64, i64* %220, align 8 %222 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %223 = load i32, i32* %222, align 8 %224 = zext i32 %223 to i64 %225 = call i32 @mtrr_del_page(i32 -1, i64 %221, i64 %224) #83 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_del 2 mtrr_close ------------- Path:  Function:mtrr_close %3 = getelementptr inbounds %struct.file.29905, %struct.file.29905* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.29906** %5 = load %struct.seq_file.29906*, %struct.seq_file.29906** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.29906, %struct.seq_file.29906* %5, i64 0, i32 11 %7 = load i8*, i8** %6, align 8 %8 = bitcast i8* %7 to i32* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = load i32, i32* @num_var_ranges, align 4 %12 = icmp sgt i32 %11, 0 br i1 %12, label %13, label %30 %14 = zext i32 %11 to i64 br label %15 %16 = phi i64 [ 0, %13 ], [ %28, %27 ] %17 = getelementptr i32, i32* %8, i64 %16 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %27, label %20 %21 = trunc i64 %16 to i32 br label %22 %23 = tail call i32 @mtrr_del(i32 %21, i64 0, i64 0) #83 Function:mtrr_del %4 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %5 = icmp eq i8 %4, 0 br i1 %5, label %16, label %6 %7 = or i64 %2, %1 %8 = and i64 %7, 4095 %9 = icmp eq i64 %8, 0 br i1 %9, label %12, label %10 %13 = lshr i64 %1, 12 %14 = lshr i64 %2, 12 %15 = tail call i32 @mtrr_del_page(i32 %0, i64 %13, i64 %14) #84 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_add_page 1 mtrr_write ------------- Path:  Function:mtrr_write %5 = alloca i8*, align 8 %6 = alloca [80 x i8], align 16 %7 = bitcast i8** %5 to i8* %8 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %9 = icmp ult i64 %2, 79 %10 = select i1 %9, i64 %2, i64 79 %11 = call i64 @strncpy_from_user(i8* nonnull %8, i8* %1, i64 %10) #83 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %14, label %17 %18 = call i64 @strlen(i8* nonnull %8) #84 %19 = getelementptr [80 x i8], [80 x i8]* %6, i64 0, i64 %18 %20 = getelementptr i8, i8* %19, i64 -1 store i8* %20, i8** %5, align 8 %21 = icmp eq i64 %18, 0 br i1 %21, label %26, label %22 %27 = bitcast [80 x i8]* %6 to i64* %28 = load i64, i64* %27, align 16 %29 = icmp eq i64 %28, 4424061378758928740 br i1 %29, label %30, label %38 %39 = call i32 @bcmp(i8* nonnull dereferenceable(5) %8, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.9.3197, i64 0, i64 0), i64 5) %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %73 %42 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 5 %43 = call i64 @simple_strtoull(i8* %42, i8** nonnull %5, i32 0) #83 %44 = load i8*, i8** %5, align 8 %45 = call i8* @skip_spaces(i8* %44) #83 store i8* %45, i8** %5, align 8 %46 = call i32 @strncmp(i8* %45, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.10.3198, i64 0, i64 0), i64 5) #84 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %73 %49 = getelementptr i8, i8* %45, i64 5 %50 = call i64 @simple_strtoull(i8* %49, i8** nonnull %5, i32 0) #83 %51 = or i64 %50, %43 %52 = and i64 %51, 4095 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %73 %55 = load i8*, i8** %5, align 8 %56 = call i8* @skip_spaces(i8* %55) #83 store i8* %56, i8** %5, align 8 %57 = call i32 @strncmp(i8* %56, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.11.3199, i64 0, i64 0), i64 5) #84 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %73 %60 = getelementptr i8, i8* %56, i64 5 %61 = call i8* @skip_spaces(i8* %60) #83 store i8* %61, i8** %5, align 8 %62 = call i32 @match_string(i8** getelementptr inbounds ([7 x i8*], [7 x i8*]* @mtrr_strings, i64 0, i64 0), i64 7, i8* %61) #83 %63 = icmp slt i32 %62, 0 br i1 %63, label %64, label %66 %67 = lshr i64 %43, 12 %68 = lshr i64 %50, 12 %69 = call i32 @mtrr_add_page(i64 %67, i64 %68, i32 %62, i1 zeroext true) #83 Function:mtrr_add_page %5 = alloca %struct.set_mtrr_data, align 8 %6 = alloca %struct.set_mtrr_data, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i8, align 1 %10 = bitcast i64* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %13 = icmp eq i8 %12, 0 br i1 %13, label %195, label %14 %15 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %16 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %15, i64 0, i32 6 %17 = load i32 (i64, i64, i32)*, i32 (i64, i64, i32)** %16, align 8 %18 = tail call i32 %17(i64 %0, i64 %1, i32 %2) #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %195 %21 = icmp ugt i32 %2, 6 br i1 %21, label %22, label %24 %25 = icmp eq i32 %2, 1 br i1 %25, label %26, label %59 %27 = tail call %struct.pci_dev* bitcast (%struct.pci_dev.313800* (i32, %struct.pci_dev.313800*)* @pci_get_class to %struct.pci_dev* (i32, %struct.pci_dev*)*)(i32 393216, %struct.pci_dev* null) #83 %28 = icmp eq %struct.pci_dev* %27, null br i1 %28, label %49, label %29 %30 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 7 %31 = load i16, i16* %30, align 4 switch i16 %31, label %48 [ i16 4454, label %32 i16 -32634, label %42 ] %43 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 8 %44 = load i16, i16* %43, align 2 %45 = icmp eq i16 %44, -31542 br i1 %45, label %46, label %48 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev*)*)(%struct.pci_dev* nonnull %27) #83 br label %49 %50 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %51 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %50, i64 0, i32 7 %52 = load i32 ()*, i32 ()** %51, align 8 %53 = icmp eq i32 ()* %52, null br i1 %53, label %57, label %54 %55 = tail call i32 %52() #83 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i64 %1, 0 br i1 %60, label %61, label %63 %64 = add i64 %0, -1 %65 = add i64 %64, %1 %66 = or i64 %65, %0 %67 = load i8, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 7), align 1 %68 = zext i8 %67 to i64 %69 = add nuw nsw i64 %68, 4294967284 %70 = and i64 %69, 4294967295 %71 = lshr i64 %66, %70 %72 = icmp eq i64 %71, 0 br i1 %72, label %75, label %73 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_add_page 1 mtrr_file_add 2 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* switch i32 %1, label %302 [ i32 1074810112, label %14 i32 1074810113, label %14 i32 1074810114, label %14 i32 1074810116, label %14 i32 1074810117, label %14 i32 1074810118, label %14 i32 1074810119, label %14 i32 1074810121, label %14 i32 -1072149245, label %17 i32 -1072149240, label %17 i32 1074547968, label %20 i32 1074547969, label %20 i32 1074547970, label %20 i32 1074547972, label %20 i32 1074547973, label %20 i32 1074547974, label %20 i32 1074547975, label %20 i32 1074547977, label %20 i32 -1072673533, label %53 i32 -1072673528, label %53 ] %15 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %95, label %302 switch i32 %1, label %302 [ i32 1074810112, label %96 i32 1074547968, label %96 i32 1074810113, label %105 i32 1074547969, label %105 i32 1074810114, label %114 i32 1074547970, label %114 i32 1074810116, label %143 i32 1074547972, label %143 i32 -1072149245, label %150 i32 -1072673533, label %150 i32 1074810117, label %178 i32 1074547973, label %178 i32 1074810118, label %187 i32 1074547974, label %187 i32 1074810119, label %196 i32 1074547975, label %196 i32 1074810121, label %219 i32 1074547977, label %219 i32 -1072149240, label %226 i32 -1072673528, label %226 ] %179 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %180 = load i64, i64* %179, align 8 %181 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %182 = load i32, i32* %181, align 8 %183 = zext i32 %182 to i64 %184 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 2 %185 = load i32, i32* %184, align 4 %186 = call fastcc i32 @mtrr_file_add(i64 %180, i64 %183, i32 %185, %struct.file.29905* %0, i32 1) #84 Function:mtrr_file_add %6 = getelementptr inbounds %struct.file.29905, %struct.file.29905* %3, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.29906** %8 = load %struct.seq_file.29906*, %struct.seq_file.29906** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.29906, %struct.seq_file.29906* %8, i64 0, i32 11 %10 = bitcast i8** %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = icmp eq i32* %11, null br i1 %12, label %13, label %26 %14 = load i32, i32* @num_var_ranges, align 4 %15 = sext i32 %14 to i64 %17 = extractvalue { i64, i1 } %16, 1 br i1 %17, label %46, label %18, !prof !4, !misexpect !5 %19 = extractvalue { i64, i1 } %16, 0 %20 = tail call noalias align 8 i8* @__kmalloc(i64 %19, i32 3520) #83 %21 = icmp eq i8* %20, null br i1 %21, label %46, label %22 %23 = load %struct.seq_file.29906*, %struct.seq_file.29906** %7, align 8 %24 = bitcast i8* %20 to i32* %25 = getelementptr inbounds %struct.seq_file.29906, %struct.seq_file.29906* %23, i64 0, i32 11 store i8* %20, i8** %25, align 8 br label %26 %27 = phi i32* [ %24, %22 ], [ %11, %5 ] %28 = icmp eq i32 %4, 0 br i1 %28, label %29, label %36 %37 = phi i64 [ %1, %26 ], [ %35, %33 ] %38 = phi i64 [ %0, %26 ], [ %34, %33 ] %39 = tail call i32 @mtrr_add_page(i64 %38, i64 %37, i32 %2, i1 zeroext true) #84 Function:mtrr_add_page %5 = alloca %struct.set_mtrr_data, align 8 %6 = alloca %struct.set_mtrr_data, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i8, align 1 %10 = bitcast i64* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %13 = icmp eq i8 %12, 0 br i1 %13, label %195, label %14 %15 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %16 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %15, i64 0, i32 6 %17 = load i32 (i64, i64, i32)*, i32 (i64, i64, i32)** %16, align 8 %18 = tail call i32 %17(i64 %0, i64 %1, i32 %2) #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %195 %21 = icmp ugt i32 %2, 6 br i1 %21, label %22, label %24 %25 = icmp eq i32 %2, 1 br i1 %25, label %26, label %59 %27 = tail call %struct.pci_dev* bitcast (%struct.pci_dev.313800* (i32, %struct.pci_dev.313800*)* @pci_get_class to %struct.pci_dev* (i32, %struct.pci_dev*)*)(i32 393216, %struct.pci_dev* null) #83 %28 = icmp eq %struct.pci_dev* %27, null br i1 %28, label %49, label %29 %30 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 7 %31 = load i16, i16* %30, align 4 switch i16 %31, label %48 [ i16 4454, label %32 i16 -32634, label %42 ] %43 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 8 %44 = load i16, i16* %43, align 2 %45 = icmp eq i16 %44, -31542 br i1 %45, label %46, label %48 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev*)*)(%struct.pci_dev* nonnull %27) #83 br label %49 %50 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %51 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %50, i64 0, i32 7 %52 = load i32 ()*, i32 ()** %51, align 8 %53 = icmp eq i32 ()* %52, null br i1 %53, label %57, label %54 %55 = tail call i32 %52() #83 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i64 %1, 0 br i1 %60, label %61, label %63 %64 = add i64 %0, -1 %65 = add i64 %64, %1 %66 = or i64 %65, %0 %67 = load i8, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 7), align 1 %68 = zext i8 %67 to i64 %69 = add nuw nsw i64 %68, 4294967284 %70 = and i64 %69, 4294967295 %71 = lshr i64 %66, %70 %72 = icmp eq i64 %71, 0 br i1 %72, label %75, label %73 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_add_page 1 mtrr_file_add 2 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* switch i32 %1, label %302 [ i32 1074810112, label %14 i32 1074810113, label %14 i32 1074810114, label %14 i32 1074810116, label %14 i32 1074810117, label %14 i32 1074810118, label %14 i32 1074810119, label %14 i32 1074810121, label %14 i32 -1072149245, label %17 i32 -1072149240, label %17 i32 1074547968, label %20 i32 1074547969, label %20 i32 1074547970, label %20 i32 1074547972, label %20 i32 1074547973, label %20 i32 1074547974, label %20 i32 1074547975, label %20 i32 1074547977, label %20 i32 -1072673533, label %53 i32 -1072673528, label %53 ] %15 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #83 %16 = icmp eq i64 %15, 0 br i1 %16, label %95, label %302 switch i32 %1, label %302 [ i32 1074810112, label %96 i32 1074547968, label %96 i32 1074810113, label %105 i32 1074547969, label %105 i32 1074810114, label %114 i32 1074547970, label %114 i32 1074810116, label %143 i32 1074547972, label %143 i32 -1072149245, label %150 i32 -1072673533, label %150 i32 1074810117, label %178 i32 1074547973, label %178 i32 1074810118, label %187 i32 1074547974, label %187 i32 1074810119, label %196 i32 1074547975, label %196 i32 1074810121, label %219 i32 1074547977, label %219 i32 -1072149240, label %226 i32 -1072673528, label %226 ] %179 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %180 = load i64, i64* %179, align 8 %181 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %182 = load i32, i32* %181, align 8 %183 = zext i32 %182 to i64 %184 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 2 %185 = load i32, i32* %184, align 4 %186 = call fastcc i32 @mtrr_file_add(i64 %180, i64 %183, i32 %185, %struct.file.29905* %0, i32 1) #84 Function:mtrr_file_add %6 = getelementptr inbounds %struct.file.29905, %struct.file.29905* %3, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.29906** %8 = load %struct.seq_file.29906*, %struct.seq_file.29906** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.29906, %struct.seq_file.29906* %8, i64 0, i32 11 %10 = bitcast i8** %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = icmp eq i32* %11, null br i1 %12, label %13, label %26 %14 = load i32, i32* @num_var_ranges, align 4 %15 = sext i32 %14 to i64 %17 = extractvalue { i64, i1 } %16, 1 br i1 %17, label %46, label %18, !prof !4, !misexpect !5 %19 = extractvalue { i64, i1 } %16, 0 %20 = tail call noalias align 8 i8* @__kmalloc(i64 %19, i32 3520) #83 %21 = icmp eq i8* %20, null br i1 %21, label %46, label %22 %23 = load %struct.seq_file.29906*, %struct.seq_file.29906** %7, align 8 %24 = bitcast i8* %20 to i32* %25 = getelementptr inbounds %struct.seq_file.29906, %struct.seq_file.29906* %23, i64 0, i32 11 store i8* %20, i8** %25, align 8 br label %26 %27 = phi i32* [ %24, %22 ], [ %11, %5 ] %28 = icmp eq i32 %4, 0 br i1 %28, label %29, label %36 %37 = phi i64 [ %1, %26 ], [ %35, %33 ] %38 = phi i64 [ %0, %26 ], [ %34, %33 ] %39 = tail call i32 @mtrr_add_page(i64 %38, i64 %37, i32 %2, i1 zeroext true) #84 Function:mtrr_add_page %5 = alloca %struct.set_mtrr_data, align 8 %6 = alloca %struct.set_mtrr_data, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i8, align 1 %10 = bitcast i64* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %13 = icmp eq i8 %12, 0 br i1 %13, label %195, label %14 %15 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %16 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %15, i64 0, i32 6 %17 = load i32 (i64, i64, i32)*, i32 (i64, i64, i32)** %16, align 8 %18 = tail call i32 %17(i64 %0, i64 %1, i32 %2) #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %195 %21 = icmp ugt i32 %2, 6 br i1 %21, label %22, label %24 %25 = icmp eq i32 %2, 1 br i1 %25, label %26, label %59 %27 = tail call %struct.pci_dev* bitcast (%struct.pci_dev.313800* (i32, %struct.pci_dev.313800*)* @pci_get_class to %struct.pci_dev* (i32, %struct.pci_dev*)*)(i32 393216, %struct.pci_dev* null) #83 %28 = icmp eq %struct.pci_dev* %27, null br i1 %28, label %49, label %29 %30 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 7 %31 = load i16, i16* %30, align 4 switch i16 %31, label %48 [ i16 4454, label %32 i16 -32634, label %42 ] %43 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 8 %44 = load i16, i16* %43, align 2 %45 = icmp eq i16 %44, -31542 br i1 %45, label %46, label %48 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev*)*)(%struct.pci_dev* nonnull %27) #83 br label %49 %50 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %51 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %50, i64 0, i32 7 %52 = load i32 ()*, i32 ()** %51, align 8 %53 = icmp eq i32 ()* %52, null br i1 %53, label %57, label %54 %55 = tail call i32 %52() #83 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i64 %1, 0 br i1 %60, label %61, label %63 %64 = add i64 %0, -1 %65 = add i64 %64, %1 %66 = or i64 %65, %0 %67 = load i8, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 7), align 1 %68 = zext i8 %67 to i64 %69 = add nuw nsw i64 %68, 4294967284 %70 = and i64 %69, 4294967295 %71 = lshr i64 %66, %70 %72 = icmp eq i64 %71, 0 br i1 %72, label %75, label %73 tail call void @cpus_read_lock() #83 ------------- Use: =BAD PATH= Call Stack: 0 reload_store ------------- Path:  Function:reload_store %5 = alloca i64, align 8 %6 = load i16, i16* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 32), align 4 %7 = zext i16 %6 to i32 %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i64, i64* %5, align 8 %15 = icmp eq i64 %14, 1 br i1 %15, label %16, label %52 call void @cpus_read_lock() #83 ------------- Good: 495 Bad: 22 Ignored: 285 Check Use of Function:nfs_lookup_revalidate Check Use of Function:drm_managed_release Use: =BAD PATH= Call Stack: 0 drm_dev_put 1 singleton_release ------------- Path:  Function:singleton_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_i915_private.436298** %5 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %5, i64 0, i32 109, i32 1 %7 = bitcast %struct.file** %6 to i64* %8 = tail call %struct.file* asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, %struct.file* null, %struct.file* %1, i64* %7) #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %5, i64 0, i32 0 tail call void @drm_dev_put(%struct.drm_device.373290* %9) #83 Function:drm_dev_put %2 = icmp eq %struct.drm_device.373290* %0, null br i1 %2, label %28, label %3 %4 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -1 %16 = bitcast %struct.qspinlock* %15 to %struct.drm_device.373290* %17 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 11 %18 = bitcast %struct.qspinlock* %17 to %struct.drm_driver** %19 = load %struct.drm_driver*, %struct.drm_driver** %18, align 8 %20 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %19, i64 0, i32 5 %21 = load void (%struct.drm_device.373290*)*, void (%struct.drm_device.373290*)** %20, align 8 %22 = icmp eq void (%struct.drm_device.373290*)* %21, null br i1 %22, label %24, label %23 tail call void %21(%struct.drm_device.373290* %16) #83 br label %24 tail call void bitcast (void (%struct.drm_device.397450*)* @drm_managed_release to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %16) #83 ------------- Good: 14 Bad: 1 Ignored: 7 Check Use of Function:nfs_umount_begin Check Use of Function:security_sb_umount Check Use of Function:ieee80211_reconfig Check Use of Function:cfg80211_sta_opmode_change_notify Check Use of Function:drm_property_change_valid_get Check Use of Function:ieee80211_roc_purge Check Use of Function:bitmap_free Use: =BAD PATH= Call Stack: 0 proc_do_large_bitmap ------------- Path:  Function:proc_do_large_bitmap %6 = alloca [22 x i8], align 16 %7 = alloca i64, align 8 %8 = alloca [3 x i8], align 1 %9 = alloca [3 x i8], align 1 %10 = alloca i8, align 1 %11 = alloca i8*, align 8 %12 = alloca i64, align 8 %13 = alloca i64, align 8 %14 = alloca i8, align 1 %15 = ptrtoint i8* %2 to i64 %16 = bitcast i64* %7 to i8* %17 = load i64, i64* %3, align 8 store i64 %17, i64* %7, align 8 %18 = getelementptr inbounds %struct.ctl_table.50160, %struct.ctl_table.50160* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = sext i32 %19 to i64 %21 = getelementptr inbounds %struct.ctl_table.50160, %struct.ctl_table.50160* %0, i64 0, i32 1 %22 = bitcast i8** %21 to i64*** %23 = load i64**, i64*** %22, align 8 %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds [3 x i8], [3 x i8]* %8, i64 0, i64 0 %26 = getelementptr inbounds [3 x i8], [3 x i8]* %9, i64 0, i64 0 %27 = icmp ne i64* %24, null %28 = icmp ne i32 %19, 0 %29 = and i1 %28, %27 %30 = icmp ne i64 %17, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %37 %33 = load i64, i64* %4, align 8 %34 = icmp eq i64 %33, 0 %35 = icmp ne i32 %1, 0 %36 = or i1 %35, %34 br i1 %36, label %38, label %37 br i1 %35, label %41, label %39 %42 = bitcast i8** %11 to i8* %43 = bitcast i8** %11 to i64* store i64 %15, i64* %43, align 8 %44 = icmp ugt i64 %17, 4095 br i1 %44, label %45, label %47 store i64 4095, i64* %7, align 8 %46 = add i64 %17, -4095 br label %47 %48 = phi i64 [ 4095, %45 ], [ %17, %41 ] %49 = phi i64 [ %46, %45 ], [ 0, %41 ] %50 = tail call i64* @bitmap_zalloc(i32 %19, i32 3264) #83 %51 = icmp eq i64* %50, null br i1 %51, label %140, label %52 %53 = getelementptr i8, i8* %2, i64 %48 br label %54 %55 = phi i8* [ %61, %59 ], [ %2, %52 ] %56 = phi i64 [ %60, %59 ], [ %48, %52 ] %57 = load i8, i8* %55, align 1 %58 = icmp eq i8 %57, 10 br i1 %58, label %59, label %64 store i8* %55, i8** %11, align 8 %65 = bitcast i64* %12 to i8* %66 = bitcast i64* %13 to i8* %67 = icmp ne i64 %49, 0 br label %69 %70 = phi i64 [ %56, %64 ], [ %138, %137 ] %71 = call fastcc i32 @proc_get_long(i8** nonnull %11, i64* nonnull %7, i64* nonnull %12, i8* nonnull %14, i8* nonnull %25, i8* nonnull %10) #84 %72 = load i64, i64* %7, align 8 %73 = icmp ult i64 %72, 2 %74 = and i1 %67, %73 br i1 %74, label %75, label %76 %77 = icmp eq i32 %71, 0 br i1 %77, label %78, label %201 %202 = phi i64 [ %70, %75 ], [ %70, %98 ], [ %95, %101 ], [ %95, %99 ], [ %72, %78 ], [ %72, %76 ] %203 = phi i32 [ %71, %75 ], [ %94, %98 ], [ -22, %101 ], [ %94, %99 ], [ -22, %78 ], [ %71, %76 ] %204 = add i64 %202, %49 store i64 %204, i64* %7, align 8 %205 = icmp eq i32 %203, 0 br i1 %205, label %206, label %225 %226 = phi i32 [ %203, %201 ], [ 0, %219 ] %227 = phi i64* [ %50, %201 ], [ %207, %219 ] call void @bitmap_free(i64* %227) #83 ------------- Good: 55 Bad: 1 Ignored: 5 Check Use of Function:ieee80211_led_exit Check Use of Function:rfkill_set_block Check Use of Function:acpi_get_handle Use: =BAD PATH= Call Stack: 0 acpi_has_method 1 pci_dev_acpi_reset 2 pci_init_reset_methods 3 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.313800* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.13.30582, i64 0, i64 0)) #83 br i1 %11, label %12, label %17 %18 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.80.30584, i64 0, i64 0)) #83 br i1 %18, label %19, label %20 tail call void @pci_init_reset_methods(%struct.pci_dev.313800* %8) #85 Function:pci_init_reset_methods %2 = alloca i16, align 2 %3 = alloca i8, align 1 %4 = tail call i32 @__SCT__might_resched() #83 %5 = tail call i32 bitcast (i32 (%struct.pci_dev.314158*, i1)* @pci_dev_specific_reset to i32 (%struct.pci_dev.313800*, i1)*)(%struct.pci_dev.313800* %0, i1 zeroext true) #83 switch i32 %5, label %11 [ i32 0, label %6 i32 -25, label %8 ] %9 = phi i32 [ 1, %6 ], [ 0, %1 ] %10 = tail call i32 bitcast (i32 (%struct.pci_dev.322956*, i1)* @pci_dev_acpi_reset to i32 (%struct.pci_dev.313800*, i1)*)(%struct.pci_dev.313800* %0, i1 zeroext true) #83 Function:pci_dev_acpi_reset %3 = getelementptr inbounds %struct.pci_dev.322956, %struct.pci_dev.322956* %0, i64 0, i32 46 %4 = getelementptr inbounds %struct.pci_dev.322956, %struct.pci_dev.322956* %0, i64 0, i32 46, i32 26 %5 = load %struct.fwnode_handle*, %struct.fwnode_handle** %4, align 8 %6 = tail call zeroext i1 @is_acpi_device_node(%struct.fwnode_handle* %5) #83 %7 = getelementptr %struct.fwnode_handle, %struct.fwnode_handle* %5, i64 -1, i32 4, i32 1 %8 = icmp eq %struct.list_head** %7, null %9 = xor i1 %6, true %10 = or i1 %8, %9 br i1 %10, label %25, label %11 %12 = getelementptr inbounds %struct.list_head*, %struct.list_head** %7, i64 1 %13 = bitcast %struct.list_head** %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = icmp eq i8* %14, null br i1 %15, label %25, label %16 %17 = tail call zeroext i1 @acpi_has_method(i8* nonnull %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.1.31133, i64 0, i64 0)) #83 Function:acpi_has_method %3 = alloca i8*, align 8 %4 = bitcast i8** %3 to i8* %5 = call i32 @acpi_get_handle(i8* %0, i8* %1, i8** nonnull %3) #83 ------------- Good: 163 Bad: 1 Ignored: 155 Check Use of Function:rt_cache_flush Check Use of Function:set_fs_root Check Use of Function:iommu_set_root_entry Check Use of Function:__folio_lock Check Use of Function:set_fs_pwd Check Use of Function:neigh_del Check Use of Function:put_mnt_ns Use: =BAD PATH= Call Stack: 0 mntns_put ------------- Path:  Function:mntns_put %2 = bitcast %struct.ns_common* %0 to %struct.mnt_namespace* tail call void @put_mnt_ns(%struct.mnt_namespace* %2) #83 ------------- Good: 12 Bad: 1 Ignored: 3 Check Use of Function:debug_smp_processor_id Use: =BAD PATH= Call Stack: 0 dst_cache_get_ip4 1 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %490, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.841818*, i32)*)(%struct.sk_buff.841818* %0, i32 %33) #83 %35 = icmp eq i8* %34, null br i1 %35, label %490, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %490 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2361 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2366 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2376 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2388 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 15 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %131, label %86 %87 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.841612* %91 = icmp eq i64 %89, 0 br i1 %91, label %484, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.841612, %struct.dst_entry.841612* %90, i64 0, i32 1 %95 = load %struct.dst_ops.841594*, %struct.dst_ops.841594** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.841594, %struct.dst_ops.841594* %95, i64 0, i32 14 %97 = load %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)*, %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.841593* %97(%struct.dst_entry.841612* nonnull %90, %struct.sk_buff.841818* null, i8* %93) #83 %99 = icmp ugt %struct.neighbour.841593* %98, inttoptr (i64 -4096 to %struct.neighbour.841593*) %100 = icmp eq %struct.neighbour.841593* %98, null %101 = or i1 %99, %100 br i1 %101, label %484, label %102 %103 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %98, i64 0, i32 27 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #83 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %98, i64 0, i32 6 %121 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %120, i64 0, i32 0, i32 0 %122 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %121, i32 -1, i32* %121) #6, !srcloc !7 %123 = icmp eq i32 %122, 1 br i1 %123, label %129, label %124 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.841593*)*)(%struct.neighbour.841593* nonnull %98) #83 br label %130 br i1 %119, label %484, label %131 %132 = phi i32 [ %68, %80 ], [ %118, %130 ] %133 = icmp eq i32 %132, 0 br i1 %133, label %134, label %196 %135 = getelementptr inbounds i8, i8* %59, i64 24 %136 = bitcast i8* %135 to i16* %137 = load i16, i16* %136, align 4 %138 = icmp eq i16 %137, 544 br i1 %138, label %139, label %144 %140 = getelementptr i8, i8* %135, i64 2 %141 = bitcast i8* %140 to i32* %142 = load i32, i32* %141, align 2 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %196 %145 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 4, i32 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = and i64 %146, -2 %148 = inttoptr i64 %147 to %struct.dst_entry.841612* %149 = icmp eq i64 %147, 0 br i1 %149, label %484, label %150 %151 = getelementptr inbounds %struct.dst_entry.841612, %struct.dst_entry.841612* %148, i64 0, i32 1 %152 = load %struct.dst_ops.841594*, %struct.dst_ops.841594** %151, align 8 %153 = getelementptr inbounds %struct.dst_ops.841594, %struct.dst_ops.841594* %152, i64 0, i32 14 %154 = load %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)*, %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)** %153, align 8 %155 = tail call %struct.neighbour.841593* %154(%struct.dst_entry.841612* nonnull %148, %struct.sk_buff.841818* null, i8* %135) #83 %156 = icmp ugt %struct.neighbour.841593* %155, inttoptr (i64 -4096 to %struct.neighbour.841593*) %157 = icmp eq %struct.neighbour.841593* %155, null %158 = or i1 %156, %157 br i1 %158, label %484, label %159 %160 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %155, i64 0, i32 27 %161 = bitcast [0 x i8]* %160 to %struct.in6_addr* %162 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %161) #83 %163 = and i32 %162, 65535 %164 = icmp eq i32 %163, 0 br i1 %164, label %165, label %174 %166 = load i8*, i8** %11, align 8 %167 = load i16, i16* %13, align 4 %168 = zext i16 %167 to i64 %169 = getelementptr i8, i8* %166, i64 %168 %170 = getelementptr inbounds i8, i8* %169, i64 24 %171 = bitcast i8* %170 to %struct.in6_addr* %172 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %171) #83 %173 = and i32 %172, 65535 br label %174 %175 = phi %struct.in6_addr* [ %171, %165 ], [ %161, %159 ] %176 = phi i32 [ %173, %165 ], [ %163, %159 ] %177 = trunc i32 %176 to i8 %178 = icmp sgt i8 %177, -1 br i1 %178, label %182, label %179 %180 = getelementptr %struct.in6_addr, %struct.in6_addr* %175, i64 0, i32 0, i32 0, i64 3 %181 = load i32, i32* %180, align 4 br label %182 %183 = phi i32 [ %181, %179 ], [ 0, %174 ] %184 = phi i1 [ false, %179 ], [ true, %174 ] %185 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %155, i64 0, i32 6 %186 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %185, i64 0, i32 0, i32 0 %187 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %186, i32 -1, i32* %186) #6, !srcloc !7 %188 = icmp eq i32 %187, 1 br i1 %188, label %194, label %189 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.841593*)*)(%struct.neighbour.841593* nonnull %155) #83 br label %195 br i1 %184, label %484, label %196 %197 = phi i32 [ %142, %139 ], [ %183, %195 ], [ %132, %131 ] %198 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2344 %199 = bitcast i8* %198 to i32* %200 = load i32, i32* %199, align 8 %201 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2424 %202 = bitcast i8* %201 to i32* %203 = load i32, i32* %202, align 8 %204 = and i8 %81, 30 %205 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2372 %206 = bitcast i8* %205 to i32* %207 = load i32, i32* %206, align 4 %208 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2272 %209 = bitcast i8* %208 to %struct.net.841722** %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %200, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %211, align 4 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %203, i32* %212, align 8 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %204, i8* %213, align 4 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %214, align 1 %215 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %215, align 2 %216 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 %217 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %197, i32* %217, align 4 %218 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %207, i32* %218, align 8 %219 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %220 = bitcast %struct.kuid_t* %219 to %struct.raw_hdlc_proto* %221 = bitcast %struct.kuid_t* %219 to i16* store i16 0, i16* %221, align 8 %222 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %220, i64 0, i32 1 store i16 0, i16* %222, align 2 %223 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 10 store i32 0, i32* %223, align 8 %224 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2312 %225 = bitcast i8* %224 to %struct.dst_cache* %226 = call %struct.rtable.841674* bitcast (%struct.rtable* (%struct.dst_cache*, i32*)* @dst_cache_get_ip4 to %struct.rtable.841674* (%struct.dst_cache*, i32*)*)(%struct.dst_cache* %225, i32* %218) #83 Function:dst_cache_get_ip4 %3 = getelementptr inbounds %struct.dst_cache, %struct.dst_cache* %0, i64 0, i32 0 %4 = load %struct.dst_cache_pcpu*, %struct.dst_cache_pcpu** %3, align 8 %5 = icmp eq %struct.dst_cache_pcpu* %4, null br i1 %5, label %20, label %6 %7 = ptrtoint %struct.dst_cache_pcpu* %4 to i64 %8 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_yield 1 __do_sys_sched_yield ------------- Path:  Function:__do_sys_sched_yield tail call fastcc void @do_sched_yield() #83 Function:do_sched_yield tail call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 napi_busy_loop 2 tcp_recvmsg 3 inet6_recvmsg 4 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket** %8 = load %struct.socket*, %struct.socket** %7, align 8 %9 = bitcast %struct.msghdr* %3 to i8* %10 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %3, i64 0, i32 0 store i8* null, i8** %10, align 8 %11 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %3, i64 0, i32 1 store i32 0, i32* %11, align 8 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %3, i64 0, i32 2, i32 0 %13 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %14 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %3, i64 0, i32 3 %15 = bitcast %union.anon.32* %14 to i64* store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %3, i64 0, i32 4 store i8 0, i8* %16, align 8 %17 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %3, i64 0, i32 5 store i64 0, i64* %17, align 8 %18 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %3, i64 0, i32 6 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %3, i64 0, i32 7 store %struct.kiocb* %0, %struct.kiocb** %19, align 8 %20 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = and i32 %21, 2048 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 8 %28 = icmp eq i32 %27, 0 br i1 %28, label %30, label %29 %31 = phi i32 [ 0, %24 ], [ 64, %29 ] %32 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %64 %36 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %3, i64 0, i32 2, i32 4 %41 = load i64, i64* %40, align 8 %42 = trunc i64 %41 to i32 %43 = call i32 @security_socket_recvmsg(%struct.socket* %8, %struct.msghdr* nonnull %3, i32 %42, i32 %31) #83 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %61 %46 = getelementptr inbounds %struct.socket, %struct.socket* %8, i64 0, i32 5 %47 = load %struct.proto_ops*, %struct.proto_ops** %46, align 32 %48 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %47, i64 0, i32 18 %49 = load i32 (%struct.socket*, %struct.msghdr*, i64, i32)*, i32 (%struct.socket*, %struct.msghdr*, i64, i32)** %48, align 8 %50 = icmp eq i32 (%struct.socket*, %struct.msghdr*, i64, i32)* %49, bitcast (i32 (%struct.socket.869176*, %struct.msghdr.868895*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket*, %struct.msghdr*, i64, i32)*) br i1 %50, label %51, label %54, !prof !4, !misexpect !5 %52 = load i64, i64* %40, align 8 %53 = call i32 bitcast (i32 (%struct.socket.869176*, %struct.msghdr.868895*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket*, %struct.msghdr*, i64, i32)*)(%struct.socket* %8, %struct.msghdr* nonnull %3, i64 %52, i32 %31) #83 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.869176, %struct.socket.869176* %0, i64 0, i32 4 %7 = load %struct.sock.869179*, %struct.sock.869179** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.869179, %struct.sock.869179* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.869179, %struct.sock.869179* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void @__rcu_read_lock() #83 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void @__rcu_read_unlock() #83 br label %38 %39 = getelementptr inbounds %struct.sock.869179, %struct.sock.869179* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.869158*, %struct.proto.869158** %39, align 8 %41 = getelementptr inbounds %struct.proto.869158, %struct.proto.869158* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.869179*, %struct.msghdr.868895*, i64, i32, i32, i32*)*, i32 (%struct.sock.869179*, %struct.msghdr.868895*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.869179*, %struct.msghdr.868895*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.821074*, %struct.msghdr.820577*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.869179*, %struct.msghdr.868895*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.821074*, %struct.msghdr.820577*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.869179*, %struct.msghdr.868895*, i64, i32, i32, i32*)*)(%struct.sock.869179* %7, %struct.msghdr.868895* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #83 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.821074, %struct.sock.821074* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.821063** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.821063**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.821063* %25 = getelementptr inbounds %struct.task_struct.821063, %struct.task_struct.821063* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.821074, %struct.sock.821074* %0, i64 0, i32 5 %35 = getelementptr inbounds %struct.sk_buff_head.820681, %struct.sk_buff_head.820681* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.820910*, %struct.sk_buff.820910** %35, align 8 %37 = bitcast %struct.sk_buff_head.820681* %34 to %struct.sk_buff.820910* %38 = icmp eq %struct.sk_buff.820910* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.821074, %struct.sock.821074* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.821074, %struct.sock.821074* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 4 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.821074* %0 to i8* %51 = getelementptr inbounds %struct.sock.821074, %struct.sock.821074* %0, i64 0, i32 57 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.821074, %struct.sock.821074* %0, i64 0, i32 58 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #83 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %8 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %9 = tail call i64 @sched_clock_cpu(i32 %8) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 napi_busy_loop 2 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket** %5 = load %struct.socket*, %struct.socket** %4, align 8 %6 = icmp eq %struct.poll_table_struct* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket, %struct.socket* %5, i64 0, i32 5 %14 = load %struct.proto_ops*, %struct.proto_ops** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %14, i64 0, i32 8 %16 = load i32 (%struct.file*, %struct.socket*, %struct.poll_table_struct*)*, i32 (%struct.file*, %struct.socket*, %struct.poll_table_struct*)** %15, align 8 %17 = icmp eq i32 (%struct.file*, %struct.socket*, %struct.poll_table_struct*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket, %struct.socket* %5, i64 0, i32 4 %20 = load %struct.sock*, %struct.sock** %19, align 8 %21 = getelementptr inbounds %struct.sock, %struct.sock* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct* %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock, %struct.sock* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock* %20 to i8* %43 = getelementptr inbounds %struct.sock, %struct.sock* %20, i64 0, i32 57 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock, %struct.sock* %20, i64 0, i32 58 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #83 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %8 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %9 = tail call i64 @sched_clock_cpu(i32 %8) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 do_sys_poll 2 __se_sys_poll 3 __ia32_sys_poll ------------- Path:  Function:__ia32_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_poll(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.anon.159* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.cpu_itimer* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %4) #83 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #83 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.cpu_itimer* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.anon.159* %5, i32 %6, %struct.cpu_itimer* %28) #83 Function:do_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = alloca [32 x i64], align 16 %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = bitcast [32 x i64]* %8 to i8* %11 = bitcast [32 x i64]* %8 to %struct.poll_list* %12 = getelementptr inbounds [32 x i64], [32 x i64]* %8, i64 0, i64 1 %13 = bitcast i64* %12 to i32* %14 = bitcast [32 x i64]* %8 to %struct.poll_list** %15 = zext i32 %1 to i64 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 104 %19 = load %struct.signal_struct*, %struct.signal_struct** %18, align 8 %20 = getelementptr %struct.signal_struct, %struct.signal_struct* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %15 br i1 %22, label %339, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.anon.159, %struct.anon.159* %0, i64 %15 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %15, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %11, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %14, %23 ] %32 = phi i32* [ %63, %54 ], [ %13, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.anon.159, %struct.anon.159* %25, i64 %42 %44 = bitcast %struct.anon.159* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.anon.159* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #83 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %328 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %76 = bitcast i64* %6 to i8* %77 = load i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.cpu_itimer* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.cpu_itimer* %5 to i8* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 14 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #83 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.cpu_itimer* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %104, i64 %105) #83 %106 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 15 %113 = load i32, i32* %112, align 16 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 170 %132 = load i64, i64* %131, align 64 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %144 %145 = phi i32 [ 0, %254 ], [ %138, %137 ] %146 = phi i32 [ %244, %254 ], [ 0, %137 ] %147 = phi i32 [ %226, %254 ], [ %79, %137 ] %148 = phi i64 [ %257, %254 ], [ 0, %137 ] %149 = phi i64* [ %155, %254 ], [ null, %137 ] %150 = icmp eq i64 %148, 0 br label %151 %152 = phi i32 [ %145, %144 ], [ %286, %285 ] %153 = phi i32 [ %146, %144 ], [ %244, %285 ] %154 = phi i32 [ %147, %144 ], [ 0, %285 ] %155 = phi i64* [ %149, %144 ], [ %279, %285 ] br label %156 %157 = phi i32 [ 0, %261 ], [ %152, %151 ] %158 = phi i32 [ %244, %261 ], [ %153, %151 ] %159 = phi i32 [ %226, %261 ], [ %154, %151 ] br label %160 %161 = phi %struct.poll_list* [ %228, %223 ], [ %11, %156 ] %162 = phi i32 [ %226, %223 ], [ %159, %156 ] %163 = phi i32 [ %225, %223 ], [ %158, %156 ] %164 = phi i8 [ %224, %223 ], [ 0, %156 ] %165 = phi i32* [ %229, %223 ], [ %13, %156 ] %166 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %161, i64 0, i32 2, i64 0 %167 = load i32, i32* %165, align 8 %168 = sext i32 %167 to i64 %169 = getelementptr %struct.poll_list, %struct.poll_list* %161, i64 0, i32 2, i64 %168 %170 = icmp eq %struct.anon.159* %166, %169 br i1 %170, label %223, label %171 %172 = phi %struct.anon.159* [ %221, %217 ], [ %166, %160 ] %173 = phi i32 [ %220, %217 ], [ %162, %160 ] %174 = phi i32 [ %219, %217 ], [ %163, %160 ] %175 = phi i8 [ %218, %217 ], [ %164, %160 ] %176 = getelementptr inbounds %struct.anon.159, %struct.anon.159* %172, i64 0, i32 0 %177 = load i32, i32* %176, align 4 %178 = icmp slt i32 %177, 0 br i1 %178, label %179, label %181 %182 = call i64 @__fdget(i32 %177) #83 %183 = and i64 %182, -4 %184 = inttoptr i64 %183 to %struct.file* %185 = icmp eq i64 %183, 0 br i1 %185, label %186, label %188 %189 = getelementptr inbounds %struct.anon.159, %struct.anon.159* %172, i64 0, i32 1 %190 = load i16, i16* %189, align 4 %191 = and i16 %190, 10215 %192 = or i16 %191, 24 %193 = zext i16 %192 to i32 %194 = or i32 %173, %193 store i32 %194, i32* %69, align 8 %195 = getelementptr inbounds %struct.file, %struct.file* %184, i64 0, i32 3 %196 = load %struct.file_operations*, %struct.file_operations** %195, align 8 %197 = getelementptr inbounds %struct.file_operations, %struct.file_operations* %196, i64 0, i32 9 %198 = load i32 (%struct.file*, %struct.poll_table_struct*)*, i32 (%struct.file*, %struct.poll_table_struct*)** %197, align 8 %199 = icmp eq i32 (%struct.file*, %struct.poll_table_struct*)* %198, null br i1 %199, label %202, label %200, !prof !5, !misexpect !6 %201 = call i32 %198(%struct.file* nonnull %184, %struct.poll_table_struct* nonnull %75) #83 br label %202 %203 = phi i32 [ %201, %200 ], [ 325, %188 ] %204 = and i32 %203, %173 %205 = icmp eq i32 %204, 0 %206 = select i1 %205, i8 %175, i8 1 %207 = and i32 %203, %193 %208 = and i64 %182, 1 %209 = icmp eq i64 %208, 0 br i1 %209, label %211, label %210 call void bitcast (void (%struct.file.143296*)* @fput to void (%struct.file*)*)(%struct.file* nonnull %184) #83 br label %211 %212 = trunc i32 %207 to i16 %213 = getelementptr inbounds %struct.anon.159, %struct.anon.159* %172, i64 0, i32 2 store i16 %212, i16* %213, align 2 %214 = icmp eq i32 %207, 0 br i1 %214, label %217, label %215 %216 = add i32 %174, 1 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 br label %217 %218 = phi i8 [ %206, %211 ], [ 0, %215 ], [ %175, %179 ] %219 = phi i32 [ %174, %211 ], [ %216, %215 ], [ %174, %179 ] %220 = phi i32 [ %173, %211 ], [ 0, %215 ], [ %173, %179 ] %221 = getelementptr %struct.anon.159, %struct.anon.159* %172, i64 1 %222 = icmp eq %struct.anon.159* %221, %169 br i1 %222, label %223, label %171 %224 = phi i8 [ %164, %160 ], [ %218, %217 ] %225 = phi i32 [ %163, %160 ], [ %219, %217 ] %226 = phi i32 [ %162, %160 ], [ %220, %217 ] %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %161, i64 0, i32 0 %228 = load %struct.poll_list*, %struct.poll_list** %227, align 8 %229 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %228, i64 0, i32 1 %230 = icmp eq %struct.poll_list* %228, null br i1 %230, label %231, label %160 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 %232 = icmp eq i32 %225, 0 br i1 %232, label %233, label %243 %234 = load i32, i32* %72, align 4 %235 = load volatile i64, i64* %142, align 8 %236 = and i64 %235, 131072 %237 = icmp eq i64 %236, 0 br i1 %237, label %238, label %243, !prof !9, !misexpect !6 %239 = load volatile i64, i64* %142, align 8 %240 = and i64 %239, 4 %241 = icmp eq i64 %240, 0 %242 = select i1 %241, i32 %234, i32 -514 br label %243 %244 = phi i32 [ %225, %231 ], [ -514, %233 ], [ %242, %238 ] %245 = or i32 %244, %157 %246 = icmp eq i32 %245, 0 br i1 %246, label %247, label %292 %248 = icmp eq i8 %224, 0 br i1 %248, label %268, label %249 %250 = load volatile i64, i64* %142, align 8 %251 = and i64 %250, 8 %252 = icmp eq i64 %251, 0 br i1 %252, label %253, label %268 br i1 %150, label %254, label %258 %259 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %260 = icmp eq i32 %259, 0 br i1 %260, label %268, label %261 %262 = zext i32 %259 to i64 %263 = add nuw nsw i64 %148, %262 %264 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !10 %265 = call i64 @sched_clock_cpu(i32 %264) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 do_sys_poll 2 __se_sys_poll 3 __x64_sys_poll ------------- Path:  Function:__x64_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_poll(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.anon.159* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.cpu_itimer* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %4) #83 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #83 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.cpu_itimer* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.anon.159* %5, i32 %6, %struct.cpu_itimer* %28) #83 Function:do_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = alloca [32 x i64], align 16 %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = bitcast [32 x i64]* %8 to i8* %11 = bitcast [32 x i64]* %8 to %struct.poll_list* %12 = getelementptr inbounds [32 x i64], [32 x i64]* %8, i64 0, i64 1 %13 = bitcast i64* %12 to i32* %14 = bitcast [32 x i64]* %8 to %struct.poll_list** %15 = zext i32 %1 to i64 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 104 %19 = load %struct.signal_struct*, %struct.signal_struct** %18, align 8 %20 = getelementptr %struct.signal_struct, %struct.signal_struct* %19, i64 0, i32 50, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %15 br i1 %22, label %339, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.anon.159, %struct.anon.159* %0, i64 %15 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %15, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %11, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %14, %23 ] %32 = phi i32* [ %63, %54 ], [ %13, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.anon.159, %struct.anon.159* %25, i64 %42 %44 = bitcast %struct.anon.159* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.anon.159* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #83 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %328 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %76 = bitcast i64* %6 to i8* %77 = load i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.cpu_itimer* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.cpu_itimer* %5 to i8* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 14 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %5) #83 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.cpu_itimer* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %104, i64 %105) #83 %106 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 15 %113 = load i32, i32* %112, align 16 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 170 %132 = load i64, i64* %131, align 64 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %144 %145 = phi i32 [ 0, %254 ], [ %138, %137 ] %146 = phi i32 [ %244, %254 ], [ 0, %137 ] %147 = phi i32 [ %226, %254 ], [ %79, %137 ] %148 = phi i64 [ %257, %254 ], [ 0, %137 ] %149 = phi i64* [ %155, %254 ], [ null, %137 ] %150 = icmp eq i64 %148, 0 br label %151 %152 = phi i32 [ %145, %144 ], [ %286, %285 ] %153 = phi i32 [ %146, %144 ], [ %244, %285 ] %154 = phi i32 [ %147, %144 ], [ 0, %285 ] %155 = phi i64* [ %149, %144 ], [ %279, %285 ] br label %156 %157 = phi i32 [ 0, %261 ], [ %152, %151 ] %158 = phi i32 [ %244, %261 ], [ %153, %151 ] %159 = phi i32 [ %226, %261 ], [ %154, %151 ] br label %160 %161 = phi %struct.poll_list* [ %228, %223 ], [ %11, %156 ] %162 = phi i32 [ %226, %223 ], [ %159, %156 ] %163 = phi i32 [ %225, %223 ], [ %158, %156 ] %164 = phi i8 [ %224, %223 ], [ 0, %156 ] %165 = phi i32* [ %229, %223 ], [ %13, %156 ] %166 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %161, i64 0, i32 2, i64 0 %167 = load i32, i32* %165, align 8 %168 = sext i32 %167 to i64 %169 = getelementptr %struct.poll_list, %struct.poll_list* %161, i64 0, i32 2, i64 %168 %170 = icmp eq %struct.anon.159* %166, %169 br i1 %170, label %223, label %171 %172 = phi %struct.anon.159* [ %221, %217 ], [ %166, %160 ] %173 = phi i32 [ %220, %217 ], [ %162, %160 ] %174 = phi i32 [ %219, %217 ], [ %163, %160 ] %175 = phi i8 [ %218, %217 ], [ %164, %160 ] %176 = getelementptr inbounds %struct.anon.159, %struct.anon.159* %172, i64 0, i32 0 %177 = load i32, i32* %176, align 4 %178 = icmp slt i32 %177, 0 br i1 %178, label %179, label %181 %182 = call i64 @__fdget(i32 %177) #83 %183 = and i64 %182, -4 %184 = inttoptr i64 %183 to %struct.file* %185 = icmp eq i64 %183, 0 br i1 %185, label %186, label %188 %189 = getelementptr inbounds %struct.anon.159, %struct.anon.159* %172, i64 0, i32 1 %190 = load i16, i16* %189, align 4 %191 = and i16 %190, 10215 %192 = or i16 %191, 24 %193 = zext i16 %192 to i32 %194 = or i32 %173, %193 store i32 %194, i32* %69, align 8 %195 = getelementptr inbounds %struct.file, %struct.file* %184, i64 0, i32 3 %196 = load %struct.file_operations*, %struct.file_operations** %195, align 8 %197 = getelementptr inbounds %struct.file_operations, %struct.file_operations* %196, i64 0, i32 9 %198 = load i32 (%struct.file*, %struct.poll_table_struct*)*, i32 (%struct.file*, %struct.poll_table_struct*)** %197, align 8 %199 = icmp eq i32 (%struct.file*, %struct.poll_table_struct*)* %198, null br i1 %199, label %202, label %200, !prof !5, !misexpect !6 %201 = call i32 %198(%struct.file* nonnull %184, %struct.poll_table_struct* nonnull %75) #83 br label %202 %203 = phi i32 [ %201, %200 ], [ 325, %188 ] %204 = and i32 %203, %173 %205 = icmp eq i32 %204, 0 %206 = select i1 %205, i8 %175, i8 1 %207 = and i32 %203, %193 %208 = and i64 %182, 1 %209 = icmp eq i64 %208, 0 br i1 %209, label %211, label %210 call void bitcast (void (%struct.file.143296*)* @fput to void (%struct.file*)*)(%struct.file* nonnull %184) #83 br label %211 %212 = trunc i32 %207 to i16 %213 = getelementptr inbounds %struct.anon.159, %struct.anon.159* %172, i64 0, i32 2 store i16 %212, i16* %213, align 2 %214 = icmp eq i32 %207, 0 br i1 %214, label %217, label %215 %216 = add i32 %174, 1 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 br label %217 %218 = phi i8 [ %206, %211 ], [ 0, %215 ], [ %175, %179 ] %219 = phi i32 [ %174, %211 ], [ %216, %215 ], [ %174, %179 ] %220 = phi i32 [ %173, %211 ], [ 0, %215 ], [ %173, %179 ] %221 = getelementptr %struct.anon.159, %struct.anon.159* %172, i64 1 %222 = icmp eq %struct.anon.159* %221, %169 br i1 %222, label %223, label %171 %224 = phi i8 [ %164, %160 ], [ %218, %217 ] %225 = phi i32 [ %163, %160 ], [ %219, %217 ] %226 = phi i32 [ %162, %160 ], [ %220, %217 ] %227 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %161, i64 0, i32 0 %228 = load %struct.poll_list*, %struct.poll_list** %227, align 8 %229 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %228, i64 0, i32 1 %230 = icmp eq %struct.poll_list* %228, null br i1 %230, label %231, label %160 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %68, align 8 %232 = icmp eq i32 %225, 0 br i1 %232, label %233, label %243 %234 = load i32, i32* %72, align 4 %235 = load volatile i64, i64* %142, align 8 %236 = and i64 %235, 131072 %237 = icmp eq i64 %236, 0 br i1 %237, label %238, label %243, !prof !9, !misexpect !6 %239 = load volatile i64, i64* %142, align 8 %240 = and i64 %239, 4 %241 = icmp eq i64 %240, 0 %242 = select i1 %241, i32 %234, i32 -514 br label %243 %244 = phi i32 [ %225, %231 ], [ -514, %233 ], [ %242, %238 ] %245 = or i32 %244, %157 %246 = icmp eq i32 %245, 0 br i1 %246, label %247, label %292 %248 = icmp eq i8 %224, 0 br i1 %248, label %268, label %249 %250 = load volatile i64, i64* %142, align 8 %251 = and i64 %250, 8 %252 = icmp eq i64 %251, 0 br i1 %252, label %253, label %268 br i1 %150, label %254, label %258 %259 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %260 = icmp eq i32 %259, 0 br i1 %260, label %268, label %261 %262 = zext i32 %259 to i64 %263 = add nuw nsw i64 %148, %262 %264 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !10 %265 = call i64 @sched_clock_cpu(i32 %264) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 do_select 2 compat_core_sys_select 3 do_compat_select 4 __ia32_compat_sys_old_select ------------- Path:  Function:__ia32_compat_sys_old_select %2 = alloca %struct.gnet_stats_queue, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.gnet_stats_queue* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 20) #83 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %31 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 1 %14 = load i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = inttoptr i64 %15 to i32* %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = inttoptr i64 %19 to i32* %21 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 3 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = inttoptr i64 %23 to i32* %25 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %2, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = inttoptr i64 %27 to %struct.static_call_site* %29 = call fastcc i32 @do_compat_select(i32 %12, i32* %16, i32* %20, i32* %24, %struct.static_call_site* %28) #83 Function:do_compat_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.static_call_site, align 4 %8 = bitcast %struct.cpu_itimer* %6 to i8* %9 = bitcast %struct.static_call_site* %7 to i8* %10 = icmp eq %struct.static_call_site* %4, null %11 = bitcast %struct.static_call_site* %4 to i8* br i1 %10, label %41, label %12 %42 = phi %struct.cpu_itimer* [ %6, %32 ], [ %6, %33 ], [ null, %5 ] %43 = call fastcc i32 @compat_core_sys_select(i32 %0, i32* %1, i32* %2, i32* %3, %struct.cpu_itimer* %42) #84 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void @__rcu_read_lock() #83 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 101 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 16 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void @__rcu_read_unlock() #83 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !5, !misexpect !6 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #84 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #83 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #85 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void @__rcu_read_lock() #83 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 101 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 16 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %100, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %100, label %63 tail call void @__rcu_read_unlock() #83 %101 = icmp slt i32 %51, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %117 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %118 = load i64, i64* %117, align 8 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %121 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 br label %168 %169 = phi i32 [ 0, %166 ], [ 1, %120 ], [ 0, %102 ] %170 = phi i64 [ %167, %166 ], [ 0, %120 ], [ 0, %102 ] %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %172 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %173 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %178 = icmp sgt i32 %51, 0 %179 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %180 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %182 %183 = phi i64 [ %366, %363 ], [ 0, %168 ] %184 = phi i32 [ %340, %363 ], [ %12, %168 ] %185 = phi i32 [ 0, %363 ], [ %169, %168 ] %186 = phi i64* [ %191, %363 ], [ null, %168 ] %187 = icmp eq i64 %183, 0 br label %188 %189 = phi i32 [ %184, %182 ], [ 0, %394 ] %190 = phi i32 [ %185, %182 ], [ %395, %394 ] %191 = phi i64* [ %186, %182 ], [ %388, %394 ] br label %192 %193 = phi i32 [ %340, %370 ], [ %189, %188 ] %194 = phi i32 [ 0, %370 ], [ %190, %188 ] br i1 %178, label %195, label %338 %196 = load i64*, i64** %177, align 8 %197 = load i64*, i64** %176, align 8 %198 = load i64*, i64** %175, align 8 %199 = load i64*, i64** %174, align 8 %200 = load i64*, i64** %173, align 8 %201 = load i64*, i64** %172, align 8 br label %202 %203 = phi i32 [ %333, %329 ], [ 0, %195 ] %204 = phi i32 [ %332, %329 ], [ 0, %195 ] %205 = phi i32 [ %331, %329 ], [ %193, %195 ] %206 = phi i64* [ %334, %329 ], [ %198, %195 ] %207 = phi i64* [ %335, %329 ], [ %197, %195 ] %208 = phi i8 [ %330, %329 ], [ 0, %195 ] %209 = phi i64* [ %217, %329 ], [ %199, %195 ] %210 = phi i64* [ %215, %329 ], [ %200, %195 ] %211 = phi i64* [ %213, %329 ], [ %201, %195 ] %212 = phi i64* [ %336, %329 ], [ %196, %195 ] %213 = getelementptr i64, i64* %211, i64 1 %214 = load i64, i64* %211, align 8 %215 = getelementptr i64, i64* %210, i64 1 %216 = load i64, i64* %210, align 8 %217 = getelementptr i64, i64* %209, i64 1 %218 = load i64, i64* %209, align 8 %219 = or i64 %216, %214 %220 = or i64 %219, %218 %221 = icmp eq i64 %220, 0 br i1 %221, label %224, label %222 %223 = icmp slt i32 %204, %51 br i1 %223, label %226, label %323 %324 = phi i32 [ %307, %320 ], [ %307, %322 ], [ %203, %222 ] %325 = phi i32 [ %309, %320 ], [ %309, %322 ], [ %204, %222 ] %326 = phi i32 [ %306, %320 ], [ %306, %322 ], [ %205, %222 ] %327 = phi i8 [ %302, %320 ], [ %302, %322 ], [ %208, %222 ] %328 = call i32 @__SCT__cond_resched() #83 br label %329 %330 = phi i8 [ %208, %224 ], [ %327, %323 ] %331 = phi i32 [ %205, %224 ], [ %326, %323 ] %332 = phi i32 [ %225, %224 ], [ %325, %323 ] %333 = phi i32 [ %203, %224 ], [ %324, %323 ] %334 = getelementptr i64, i64* %206, i64 1 %335 = getelementptr i64, i64* %207, i64 1 %336 = getelementptr i64, i64* %212, i64 1 %337 = icmp slt i32 %332, %51 br i1 %337, label %202, label %338 %339 = phi i8 [ 0, %192 ], [ %330, %329 ] %340 = phi i32 [ %193, %192 ], [ %331, %329 ] %341 = phi i32 [ 0, %192 ], [ %333, %329 ] store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %342 = or i32 %341, %194 %343 = icmp eq i32 %342, 0 br i1 %343, label %344, label %401 %345 = load volatile i64, i64* %171, align 8 %346 = and i64 %345, 131072 %347 = icmp eq i64 %346, 0 br i1 %347, label %348, label %401, !prof !7, !misexpect !6 %349 = load volatile i64, i64* %171, align 8 %350 = and i64 %349, 4 %351 = icmp eq i64 %350, 0 br i1 %351, label %352, label %401 %353 = load i32, i32* %107, align 4 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %401 %356 = and i8 %339, 1 %357 = icmp eq i8 %356, 0 br i1 %357, label %377, label %358 %359 = load volatile i64, i64* %171, align 8 %360 = and i64 %359, 8 %361 = icmp eq i64 %360, 0 br i1 %361, label %362, label %377 br i1 %187, label %363, label %367 %368 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %369 = icmp eq i32 %368, 0 br i1 %369, label %377, label %370 %371 = zext i32 %368 to i64 %372 = add nuw nsw i64 %183, %371 %373 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %374 = call i64 @sched_clock_cpu(i32 %373) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 do_select 2 compat_core_sys_select 3 do_compat_select 4 __ia32_compat_sys_select ------------- Path:  Function:__ia32_compat_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = inttoptr i64 %6 to i32* %18 = inttoptr i64 %9 to i32* %19 = inttoptr i64 %12 to i32* %20 = inttoptr i64 %15 to %struct.static_call_site* %21 = tail call fastcc i32 @do_compat_select(i32 %16, i32* %17, i32* %18, i32* %19, %struct.static_call_site* %20) #83 Function:do_compat_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.static_call_site, align 4 %8 = bitcast %struct.cpu_itimer* %6 to i8* %9 = bitcast %struct.static_call_site* %7 to i8* %10 = icmp eq %struct.static_call_site* %4, null %11 = bitcast %struct.static_call_site* %4 to i8* br i1 %10, label %41, label %12 %42 = phi %struct.cpu_itimer* [ %6, %32 ], [ %6, %33 ], [ null, %5 ] %43 = call fastcc i32 @compat_core_sys_select(i32 %0, i32* %1, i32* %2, i32* %3, %struct.cpu_itimer* %42) #84 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void @__rcu_read_lock() #83 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 101 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 16 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void @__rcu_read_unlock() #83 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !5, !misexpect !6 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #84 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #83 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #85 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void @__rcu_read_lock() #83 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 101 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 16 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %100, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %100, label %63 tail call void @__rcu_read_unlock() #83 %101 = icmp slt i32 %51, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %117 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %118 = load i64, i64* %117, align 8 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %121 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 br label %168 %169 = phi i32 [ 0, %166 ], [ 1, %120 ], [ 0, %102 ] %170 = phi i64 [ %167, %166 ], [ 0, %120 ], [ 0, %102 ] %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %172 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %173 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %178 = icmp sgt i32 %51, 0 %179 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %180 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %182 %183 = phi i64 [ %366, %363 ], [ 0, %168 ] %184 = phi i32 [ %340, %363 ], [ %12, %168 ] %185 = phi i32 [ 0, %363 ], [ %169, %168 ] %186 = phi i64* [ %191, %363 ], [ null, %168 ] %187 = icmp eq i64 %183, 0 br label %188 %189 = phi i32 [ %184, %182 ], [ 0, %394 ] %190 = phi i32 [ %185, %182 ], [ %395, %394 ] %191 = phi i64* [ %186, %182 ], [ %388, %394 ] br label %192 %193 = phi i32 [ %340, %370 ], [ %189, %188 ] %194 = phi i32 [ 0, %370 ], [ %190, %188 ] br i1 %178, label %195, label %338 %196 = load i64*, i64** %177, align 8 %197 = load i64*, i64** %176, align 8 %198 = load i64*, i64** %175, align 8 %199 = load i64*, i64** %174, align 8 %200 = load i64*, i64** %173, align 8 %201 = load i64*, i64** %172, align 8 br label %202 %203 = phi i32 [ %333, %329 ], [ 0, %195 ] %204 = phi i32 [ %332, %329 ], [ 0, %195 ] %205 = phi i32 [ %331, %329 ], [ %193, %195 ] %206 = phi i64* [ %334, %329 ], [ %198, %195 ] %207 = phi i64* [ %335, %329 ], [ %197, %195 ] %208 = phi i8 [ %330, %329 ], [ 0, %195 ] %209 = phi i64* [ %217, %329 ], [ %199, %195 ] %210 = phi i64* [ %215, %329 ], [ %200, %195 ] %211 = phi i64* [ %213, %329 ], [ %201, %195 ] %212 = phi i64* [ %336, %329 ], [ %196, %195 ] %213 = getelementptr i64, i64* %211, i64 1 %214 = load i64, i64* %211, align 8 %215 = getelementptr i64, i64* %210, i64 1 %216 = load i64, i64* %210, align 8 %217 = getelementptr i64, i64* %209, i64 1 %218 = load i64, i64* %209, align 8 %219 = or i64 %216, %214 %220 = or i64 %219, %218 %221 = icmp eq i64 %220, 0 br i1 %221, label %224, label %222 %223 = icmp slt i32 %204, %51 br i1 %223, label %226, label %323 %324 = phi i32 [ %307, %320 ], [ %307, %322 ], [ %203, %222 ] %325 = phi i32 [ %309, %320 ], [ %309, %322 ], [ %204, %222 ] %326 = phi i32 [ %306, %320 ], [ %306, %322 ], [ %205, %222 ] %327 = phi i8 [ %302, %320 ], [ %302, %322 ], [ %208, %222 ] %328 = call i32 @__SCT__cond_resched() #83 br label %329 %330 = phi i8 [ %208, %224 ], [ %327, %323 ] %331 = phi i32 [ %205, %224 ], [ %326, %323 ] %332 = phi i32 [ %225, %224 ], [ %325, %323 ] %333 = phi i32 [ %203, %224 ], [ %324, %323 ] %334 = getelementptr i64, i64* %206, i64 1 %335 = getelementptr i64, i64* %207, i64 1 %336 = getelementptr i64, i64* %212, i64 1 %337 = icmp slt i32 %332, %51 br i1 %337, label %202, label %338 %339 = phi i8 [ 0, %192 ], [ %330, %329 ] %340 = phi i32 [ %193, %192 ], [ %331, %329 ] %341 = phi i32 [ 0, %192 ], [ %333, %329 ] store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %342 = or i32 %341, %194 %343 = icmp eq i32 %342, 0 br i1 %343, label %344, label %401 %345 = load volatile i64, i64* %171, align 8 %346 = and i64 %345, 131072 %347 = icmp eq i64 %346, 0 br i1 %347, label %348, label %401, !prof !7, !misexpect !6 %349 = load volatile i64, i64* %171, align 8 %350 = and i64 %349, 4 %351 = icmp eq i64 %350, 0 br i1 %351, label %352, label %401 %353 = load i32, i32* %107, align 4 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %401 %356 = and i8 %339, 1 %357 = icmp eq i8 %356, 0 br i1 %357, label %377, label %358 %359 = load volatile i64, i64* %171, align 8 %360 = and i64 %359, 8 %361 = icmp eq i64 %360, 0 br i1 %361, label %362, label %377 br i1 %187, label %363, label %367 %368 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %369 = icmp eq i32 %368, 0 br i1 %369, label %377, label %370 %371 = zext i32 %368 to i64 %372 = add nuw nsw i64 %183, %371 %373 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %374 = call i64 @sched_clock_cpu(i32 %373) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 do_select 2 core_sys_select 3 __se_sys_select 4 __ia32_sys_select ------------- Path:  Function:__ia32_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_select(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #83 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #83 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #83 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void @__rcu_read_lock() #83 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 101 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 16 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void @__rcu_read_unlock() #83 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call noalias i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #84 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #83 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !5, !misexpect !6 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #83 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !5, !misexpect !6 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #83 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #85 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void @__rcu_read_lock() #83 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 101 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 16 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %100, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %100, label %63 tail call void @__rcu_read_unlock() #83 %101 = icmp slt i32 %51, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %117 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %118 = load i64, i64* %117, align 8 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %121 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 br label %168 %169 = phi i32 [ 0, %166 ], [ 1, %120 ], [ 0, %102 ] %170 = phi i64 [ %167, %166 ], [ 0, %120 ], [ 0, %102 ] %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %172 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %173 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %178 = icmp sgt i32 %51, 0 %179 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %180 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %182 %183 = phi i64 [ %366, %363 ], [ 0, %168 ] %184 = phi i32 [ %340, %363 ], [ %12, %168 ] %185 = phi i32 [ 0, %363 ], [ %169, %168 ] %186 = phi i64* [ %191, %363 ], [ null, %168 ] %187 = icmp eq i64 %183, 0 br label %188 %189 = phi i32 [ %184, %182 ], [ 0, %394 ] %190 = phi i32 [ %185, %182 ], [ %395, %394 ] %191 = phi i64* [ %186, %182 ], [ %388, %394 ] br label %192 %193 = phi i32 [ %340, %370 ], [ %189, %188 ] %194 = phi i32 [ 0, %370 ], [ %190, %188 ] br i1 %178, label %195, label %338 %196 = load i64*, i64** %177, align 8 %197 = load i64*, i64** %176, align 8 %198 = load i64*, i64** %175, align 8 %199 = load i64*, i64** %174, align 8 %200 = load i64*, i64** %173, align 8 %201 = load i64*, i64** %172, align 8 br label %202 %203 = phi i32 [ %333, %329 ], [ 0, %195 ] %204 = phi i32 [ %332, %329 ], [ 0, %195 ] %205 = phi i32 [ %331, %329 ], [ %193, %195 ] %206 = phi i64* [ %334, %329 ], [ %198, %195 ] %207 = phi i64* [ %335, %329 ], [ %197, %195 ] %208 = phi i8 [ %330, %329 ], [ 0, %195 ] %209 = phi i64* [ %217, %329 ], [ %199, %195 ] %210 = phi i64* [ %215, %329 ], [ %200, %195 ] %211 = phi i64* [ %213, %329 ], [ %201, %195 ] %212 = phi i64* [ %336, %329 ], [ %196, %195 ] %213 = getelementptr i64, i64* %211, i64 1 %214 = load i64, i64* %211, align 8 %215 = getelementptr i64, i64* %210, i64 1 %216 = load i64, i64* %210, align 8 %217 = getelementptr i64, i64* %209, i64 1 %218 = load i64, i64* %209, align 8 %219 = or i64 %216, %214 %220 = or i64 %219, %218 %221 = icmp eq i64 %220, 0 br i1 %221, label %224, label %222 %223 = icmp slt i32 %204, %51 br i1 %223, label %226, label %323 %324 = phi i32 [ %307, %320 ], [ %307, %322 ], [ %203, %222 ] %325 = phi i32 [ %309, %320 ], [ %309, %322 ], [ %204, %222 ] %326 = phi i32 [ %306, %320 ], [ %306, %322 ], [ %205, %222 ] %327 = phi i8 [ %302, %320 ], [ %302, %322 ], [ %208, %222 ] %328 = call i32 @__SCT__cond_resched() #83 br label %329 %330 = phi i8 [ %208, %224 ], [ %327, %323 ] %331 = phi i32 [ %205, %224 ], [ %326, %323 ] %332 = phi i32 [ %225, %224 ], [ %325, %323 ] %333 = phi i32 [ %203, %224 ], [ %324, %323 ] %334 = getelementptr i64, i64* %206, i64 1 %335 = getelementptr i64, i64* %207, i64 1 %336 = getelementptr i64, i64* %212, i64 1 %337 = icmp slt i32 %332, %51 br i1 %337, label %202, label %338 %339 = phi i8 [ 0, %192 ], [ %330, %329 ] %340 = phi i32 [ %193, %192 ], [ %331, %329 ] %341 = phi i32 [ 0, %192 ], [ %333, %329 ] store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %342 = or i32 %341, %194 %343 = icmp eq i32 %342, 0 br i1 %343, label %344, label %401 %345 = load volatile i64, i64* %171, align 8 %346 = and i64 %345, 131072 %347 = icmp eq i64 %346, 0 br i1 %347, label %348, label %401, !prof !7, !misexpect !6 %349 = load volatile i64, i64* %171, align 8 %350 = and i64 %349, 4 %351 = icmp eq i64 %350, 0 br i1 %351, label %352, label %401 %353 = load i32, i32* %107, align 4 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %401 %356 = and i8 %339, 1 %357 = icmp eq i8 %356, 0 br i1 %357, label %377, label %358 %359 = load volatile i64, i64* %171, align 8 %360 = and i64 %359, 8 %361 = icmp eq i64 %360, 0 br i1 %361, label %362, label %377 br i1 %187, label %363, label %367 %368 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %369 = icmp eq i32 %368, 0 br i1 %369, label %377, label %370 %371 = zext i32 %368 to i64 %372 = add nuw nsw i64 %183, %371 %373 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %374 = call i64 @sched_clock_cpu(i32 %373) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 do_select 2 core_sys_select 3 __se_sys_select 4 __x64_sys_select ------------- Path:  Function:__x64_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_select(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #83 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #83 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #83 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void @__rcu_read_lock() #83 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 101 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 16 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void @__rcu_read_unlock() #83 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call noalias i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #84 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #83 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !5, !misexpect !6 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #83 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !5, !misexpect !6 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #83 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #85 Function:do_select %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.poll_wqueues, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast %struct.poll_wqueues* %7 to i8* %10 = load i32, i32* @sysctl_net_busy_poll, align 4 %11 = icmp eq i32 %10, 0 %12 = select i1 %11, i32 0, i32 32768 tail call void @__rcu_read_lock() #83 %13 = sext i32 %0 to i64 %14 = and i64 %13, 63 %15 = lshr i64 %13, 6 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 101 %19 = load %struct.files_struct*, %struct.files_struct** %18, align 16 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %19, i64 0, i32 3 %21 = load volatile %struct.fdtable*, %struct.fdtable** %20, align 32 %22 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %21, i64 0, i32 3 %23 = load i64*, i64** %22, align 8 %24 = getelementptr i64, i64* %23, i64 %15 %25 = icmp eq i64 %14, 0 br i1 %25, label %50, label %26 %51 = phi i32 [ %98, %95 ], [ 0, %26 ], [ 0, %3 ] %52 = phi i64* [ %87, %95 ], [ %24, %26 ], [ %24, %3 ] %53 = phi i64 [ %88, %95 ], [ %15, %26 ], [ %15, %3 ] %54 = icmp eq i64 %53, 0 br i1 %54, label %100, label %55 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %61 = load i64*, i64** %60, align 8 %62 = icmp eq i32 %51, 0 br label %63 %64 = phi i64 [ %53, %55 ], [ %67, %77 ] %65 = phi i64* [ %52, %55 ], [ %66, %77 ] %66 = getelementptr i64, i64* %65, i64 -1 %67 = add i64 %64, -1 %68 = getelementptr i64, i64* %57, i64 %67 %69 = load i64, i64* %68, align 8 %70 = getelementptr i64, i64* %59, i64 %67 %71 = load i64, i64* %70, align 8 %72 = or i64 %71, %69 %73 = getelementptr i64, i64* %61, i64 %67 %74 = load i64, i64* %73, align 8 %75 = or i64 %72, %74 %76 = icmp eq i64 %75, 0 br i1 %76, label %77, label %79 %80 = load i64, i64* %66, align 8 %81 = xor i64 %80, -1 %82 = and i64 %75, %81 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %99 br i1 %62, label %85, label %77 %78 = icmp eq i64 %67, 0 br i1 %78, label %100, label %63 tail call void @__rcu_read_unlock() #83 %101 = icmp slt i32 %51, 0 br i1 %101, label %403, label %102 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0, i32 1 store i32 -1, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 2 store %struct.task_struct* %17, %struct.task_struct** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 3 store i32 0, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 4 store i32 0, i32* %107, align 4 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 5 store i32 0, i32* %109, align 8 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %7, i64 0, i32 0 %111 = icmp eq %struct.cpu_itimer* %2, null br i1 %111, label %168, label %112 %113 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %114 = load i64, i64* %113, align 8 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %121 %117 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %118 = load i64, i64* %117, align 8 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %121 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 br label %168 %169 = phi i32 [ 0, %166 ], [ 1, %120 ], [ 0, %102 ] %170 = phi i64 [ %167, %166 ], [ 0, %120 ], [ 0, %102 ] %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 0, i32 0 %172 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %173 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %178 = icmp sgt i32 %51, 0 %179 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %180 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 1 br label %182 %183 = phi i64 [ %366, %363 ], [ 0, %168 ] %184 = phi i32 [ %340, %363 ], [ %12, %168 ] %185 = phi i32 [ 0, %363 ], [ %169, %168 ] %186 = phi i64* [ %191, %363 ], [ null, %168 ] %187 = icmp eq i64 %183, 0 br label %188 %189 = phi i32 [ %184, %182 ], [ 0, %394 ] %190 = phi i32 [ %185, %182 ], [ %395, %394 ] %191 = phi i64* [ %186, %182 ], [ %388, %394 ] br label %192 %193 = phi i32 [ %340, %370 ], [ %189, %188 ] %194 = phi i32 [ 0, %370 ], [ %190, %188 ] br i1 %178, label %195, label %338 %196 = load i64*, i64** %177, align 8 %197 = load i64*, i64** %176, align 8 %198 = load i64*, i64** %175, align 8 %199 = load i64*, i64** %174, align 8 %200 = load i64*, i64** %173, align 8 %201 = load i64*, i64** %172, align 8 br label %202 %203 = phi i32 [ %333, %329 ], [ 0, %195 ] %204 = phi i32 [ %332, %329 ], [ 0, %195 ] %205 = phi i32 [ %331, %329 ], [ %193, %195 ] %206 = phi i64* [ %334, %329 ], [ %198, %195 ] %207 = phi i64* [ %335, %329 ], [ %197, %195 ] %208 = phi i8 [ %330, %329 ], [ 0, %195 ] %209 = phi i64* [ %217, %329 ], [ %199, %195 ] %210 = phi i64* [ %215, %329 ], [ %200, %195 ] %211 = phi i64* [ %213, %329 ], [ %201, %195 ] %212 = phi i64* [ %336, %329 ], [ %196, %195 ] %213 = getelementptr i64, i64* %211, i64 1 %214 = load i64, i64* %211, align 8 %215 = getelementptr i64, i64* %210, i64 1 %216 = load i64, i64* %210, align 8 %217 = getelementptr i64, i64* %209, i64 1 %218 = load i64, i64* %209, align 8 %219 = or i64 %216, %214 %220 = or i64 %219, %218 %221 = icmp eq i64 %220, 0 br i1 %221, label %224, label %222 %223 = icmp slt i32 %204, %51 br i1 %223, label %226, label %323 %324 = phi i32 [ %307, %320 ], [ %307, %322 ], [ %203, %222 ] %325 = phi i32 [ %309, %320 ], [ %309, %322 ], [ %204, %222 ] %326 = phi i32 [ %306, %320 ], [ %306, %322 ], [ %205, %222 ] %327 = phi i8 [ %302, %320 ], [ %302, %322 ], [ %208, %222 ] %328 = call i32 @__SCT__cond_resched() #83 br label %329 %330 = phi i8 [ %208, %224 ], [ %327, %323 ] %331 = phi i32 [ %205, %224 ], [ %326, %323 ] %332 = phi i32 [ %225, %224 ], [ %325, %323 ] %333 = phi i32 [ %203, %224 ], [ %324, %323 ] %334 = getelementptr i64, i64* %206, i64 1 %335 = getelementptr i64, i64* %207, i64 1 %336 = getelementptr i64, i64* %212, i64 1 %337 = icmp slt i32 %332, %51 br i1 %337, label %202, label %338 %339 = phi i8 [ 0, %192 ], [ %330, %329 ] %340 = phi i32 [ %193, %192 ], [ %331, %329 ] %341 = phi i32 [ 0, %192 ], [ %333, %329 ] store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %103, align 8 %342 = or i32 %341, %194 %343 = icmp eq i32 %342, 0 br i1 %343, label %344, label %401 %345 = load volatile i64, i64* %171, align 8 %346 = and i64 %345, 131072 %347 = icmp eq i64 %346, 0 br i1 %347, label %348, label %401, !prof !7, !misexpect !6 %349 = load volatile i64, i64* %171, align 8 %350 = and i64 %349, 4 %351 = icmp eq i64 %350, 0 br i1 %351, label %352, label %401 %353 = load i32, i32* %107, align 4 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %401 %356 = and i8 %339, 1 %357 = icmp eq i8 %356, 0 br i1 %357, label %377, label %358 %359 = load volatile i64, i64* %171, align 8 %360 = and i64 %359, 8 %361 = icmp eq i64 %360, 0 br i1 %361, label %362, label %377 br i1 %187, label %363, label %367 %368 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %369 = icmp eq i32 %368, 0 br i1 %369, label %377, label %370 %371 = zext i32 %368 to i64 %372 = add nuw nsw i64 %183, %371 %373 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %374 = call i64 @sched_clock_cpu(i32 %373) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 cpu_clock_event_add ------------- Path:  Function:cpu_clock_event_add %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %28, label %5 %6 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = tail call i64 @sched_clock_cpu(i32 %6) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 cpu_clock_event_del ------------- Path:  Function:cpu_clock_event_del %3 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 22, i32 3, i32 0 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %12, label %6 %13 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %14 = tail call i64 @sched_clock_cpu(i32 %13) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 cpu_clock_event_start ------------- Path:  Function:cpu_clock_event_start %3 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %4 = tail call i64 @sched_clock_cpu(i32 %3) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 cpu_clock_event_stop ------------- Path:  Function:cpu_clock_event_stop %3 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 22, i32 3, i32 0 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %12, label %6 %13 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %14 = tail call i64 @sched_clock_cpu(i32 %13) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 cpu_clock_event_read ------------- Path:  Function:cpu_clock_event_read %2 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %3 = tail call i64 @sched_clock_cpu(i32 %2) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 task_clock_event_read ------------- Path:  Function:task_clock_event_read %2 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %3 = tail call i64 @sched_clock_cpu(i32 %2) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 perf_event_update_userpage 2 task_clock_event_add ------------- Path:  Function:task_clock_event_add %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %30, label %5 %6 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 27 %7 = load %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %6, align 8 %8 = getelementptr inbounds %struct.perf_event_context.115041, %struct.perf_event_context.115041* %7, i64 0, i32 18 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 26, i32 5, i32 0, i32 0, i32 0 store volatile i64 %9, i64* %10, align 8 %11 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 22, i32 3, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %30, label %14 %15 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 26, i32 7, i32 0, i32 1, i32 0, i32 0, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %21, label %18 %22 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 26, i32 6 %23 = load i64, i64* %22, align 8 %24 = icmp ugt i64 %23, 10000 %25 = select i1 %24, i64 %23, i64 10000 br label %26 %27 = phi i64 [ %20, %18 ], [ %25, %21 ] %28 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 26, i32 0 %29 = bitcast %union.anon.66.296* %28 to %struct.hrtimer* tail call void @hrtimer_start_range_ns(%struct.hrtimer* %29, i64 %27, i64 0, i32 11) #83 br label %30 tail call void @perf_event_update_userpage(%struct.perf_event.115065* %0) #84 Function:perf_event_update_userpage tail call void @__rcu_read_lock() #83 %2 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %0, i64 0, i32 40 %3 = load volatile %struct.perf_buffer*, %struct.perf_buffer** %2, align 8 %4 = icmp eq %struct.perf_buffer* %3, null br i1 %4, label %83, label %5 %6 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %7 = tail call i64 @sched_clock_cpu(i32 %6) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_printk 7 pnp_disable_dev 8 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.343946* %11 = getelementptr inbounds %struct.pnp_dev.343946, %struct.pnp_dev.343946* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #84 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.35209, i64 0, i64 0), i64 7) #85 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.344092*)* @pnp_disable_dev to i32 (%struct.pnp_dev.343946*)*)(%struct.pnp_dev.343946* %10) #84 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.344082*, %struct.pnp_protocol.344082** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.344082, %struct.pnp_protocol.344082* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.344092*)*, i32 (%struct.pnp_dev.344092*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.344092*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %23 = load i32, i32* @pnp_debug, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %51, label %25 %26 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.35105, i64 0, i64 0), %struct.device* %26, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.7.35106, i64 0, i64 0)) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_printk 7 drm_dev_dbg 8 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %70, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %70 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #84 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %70 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.41039, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_printk 7 drm_dev_dbg 8 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %66, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %66 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #84 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %66 %38 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.41033, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.41034, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.41035, i64 0, i64 0), i8* %46) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_printk 7 drm_dev_dbg 8 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.426591** %7 = load %struct.i915_gpu_coredump.426591*, %struct.i915_gpu_coredump.426591** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.426591* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %10, align 8 %12 = icmp eq %struct.drm_i915_private.426623* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.40.40785, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_printk 7 drm_dev_dbg 8 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = icmp eq %struct.drm_i915_private.412466* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.40123, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_warn 7 cur_state_store ------------- Path:  Function:cur_state_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 36 %7 = bitcast %struct.dev_iommu** %6 to %struct.thermal_cooling_device* %8 = bitcast i64* %5 to i8* %9 = load i1, i1* @cur_state_store.__print_once, align 1 br i1 %9, label %13, label %10 store i1 true, i1* @cur_state_store.__print_once, align 1 %11 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %6, i64 2 %12 = bitcast %struct.dev_iommu** %11 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %12, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.31.59516, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_warn 7 stable_pages_required_show ------------- Path:  Function:stable_pages_required_show %4 = load i1, i1* @stable_pages_required_show.__print_once, align 1 br i1 %4, label %6, label %5 store i1 true, i1* @stable_pages_required_show.__print_once, align 1 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %0, i8* getelementptr inbounds ([102 x i8], [102 x i8]* @.str.7.14003, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_warn 7 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.313800* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.13.30582, i64 0, i64 0)) #83 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 253 %14 = bitcast %struct.irq_domain** %13 to i8* store i8 0, i8* %14, align 8 %15 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 25 %16 = bitcast %struct.irq_domain** %15 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %16, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.79.30583, i64 0, i64 0)) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_warn 7 pci_vpd_available 8 pci_vpd_read 9 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_warn 7 pci_vpd_available 8 pci_vpd_write 9 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_write %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %22 = bitcast %struct.list_head** %21 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %23 = bitcast %struct.list_head** %22 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 sched_clock_cpu 1 vprintk_store 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* %21, i8* nonnull %6) #83 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.62.58645, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.58648, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 Function:vprintk_store %6 = alloca i64, align 8 %7 = alloca %struct.prb_reserved_entry, align 8 %8 = alloca %struct.printk_record, align 8 %9 = alloca [8 x i8], align 1 %10 = alloca [1 x %struct.__va_list_tag], align 16 %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %12 = and i32 %11, 16711936 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %19 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 62 %18 = load i32, i32* %17, align 32 br label %22 %23 = phi i32 [ %18, %14 ], [ %21, %19 ] %24 = bitcast %struct.prb_reserved_entry* %7 to i8* %25 = bitcast %struct.printk_record* %8 to i8* %26 = getelementptr inbounds [8 x i8], [8 x i8]* %9, i64 0, i64 0 %27 = bitcast [1 x %struct.__va_list_tag]* %10 to i8* %28 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %29 = tail call i64 @sched_clock_cpu(i32 %28) #83 Function:sched_clock_cpu callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__sched_clock_stable to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %6)) #6 to label %2 [label %6], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @sched_clock_running to %struct.static_key*), i1 true, i8* blockaddress(@sched_clock_cpu, %7)) #6 to label %9 [label %7], !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 1, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = sext i32 %0 to i64 %11 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %10 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, ptrtoint (%struct.perf_branch_entry* @sched_clock_data to i64) %14 = inttoptr i64 %13 to %struct.perf_branch_entry* %15 = tail call i32 @debug_smp_processor_id() #84 ------------- Use: =BAD PATH= Call Stack: 0 queued_spin_lock_slowpath 1 tracing_saved_cmdlines_size_read ------------- Path:  Function:tracing_saved_cmdlines_size_read %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %7 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.qspinlock, %struct.qspinlock* @trace_cmdline_lock, i64 0, i32 0, i32 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.qspinlock, %struct.qspinlock* @trace_cmdline_lock, i64 0, i32 0, i32 0, i32 0), i32 0) #6, !srcloc !4 %8 = extractvalue { i8, i32 } %7, 0 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %13, !prof !5, !misexpect !6 %12 = extractvalue { i8, i32 } %7, 1 tail call void @queued_spin_lock_slowpath(%struct.qspinlock* nonnull @trace_cmdline_lock, i32 %12) #83 Function:queued_spin_lock_slowpath %3 = icmp eq i32 %1, 256 br i1 %3, label %4, label %15 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 256 br i1 %7, label %8, label %15 %9 = phi i32 [ %10, %8 ], [ 512, %4 ] %10 = add nsw i32 %9, -1 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i32, i32* %5, align 4 %12 = icmp ne i32 %11, 256 %13 = icmp eq i32 %10, 0 %14 = or i1 %13, %12 br i1 %14, label %15, label %8 %16 = phi i32 [ %1, %2 ], [ %6, %4 ], [ %11, %8 ] %17 = icmp ult i32 %16, 256 br i1 %17, label %18, label %46 %19 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 %20 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsl $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},I,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 8, i32* %19) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = zext i8 %21 to i32 %23 = shl nuw nsw i32 %22, 8 %24 = load volatile i32, i32* %19, align 4 %25 = and i32 %24, -65281 %26 = or i32 %23, %25 %27 = icmp ugt i32 %26, 255 br i1 %27, label %28, label %33, !prof !6, !misexpect !7 %29 = icmp eq i8 %21, 0 br i1 %29, label %30, label %46 %47 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 queued_spin_lock_slowpath 1 ring_buffer_alloc_read_page 2 tracing_buffers_read ------------- Path:  Function:tracing_buffers_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.ftrace_buffer_info** %7 = load %struct.ftrace_buffer_info*, %struct.ftrace_buffer_info** %6, align 8 %8 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0 %9 = icmp eq i64 %2, 0 br i1 %9, label %114, label %10 %11 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null br i1 %13, label %14, label %29 %15 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 2 %16 = load %struct.array_buffer*, %struct.array_buffer** %15, align 8 %17 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %16, i64 0, i32 1 %18 = load %struct.trace_buffer*, %struct.trace_buffer** %17, align 8 %19 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = tail call i8* @ring_buffer_alloc_read_page(%struct.trace_buffer* %18, i32 %20) #83 Function:ring_buffer_alloc_read_page %3 = alloca i64, align 8 %4 = zext i32 %1 to i64 %5 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 3, i64 0, i32 0, i64 0 %6 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4) #6, !srcloc !4 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %61, label %9 %10 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 6 %11 = load %struct.ring_buffer_per_cpu**, %struct.ring_buffer_per_cpu*** %10, align 8 %12 = sext i32 %1 to i64 %13 = getelementptr %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %11, i64 %12 %14 = load %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %13, align 8 %15 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !5 %16 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %14, i64 0, i32 5 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %17, i64 0, i32 0, i32 0, i32 0 %19 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18, i32 0) #6, !srcloc !7 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %25, !prof !8, !misexpect !9 %24 = extractvalue { i8, i32 } %19, 1 call void @queued_spin_lock_slowpath(%struct.qspinlock* %17, i32 %24) #83 Function:queued_spin_lock_slowpath %3 = icmp eq i32 %1, 256 br i1 %3, label %4, label %15 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 256 br i1 %7, label %8, label %15 %9 = phi i32 [ %10, %8 ], [ 512, %4 ] %10 = add nsw i32 %9, -1 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i32, i32* %5, align 4 %12 = icmp ne i32 %11, 256 %13 = icmp eq i32 %10, 0 %14 = or i1 %13, %12 br i1 %14, label %15, label %8 %16 = phi i32 [ %1, %2 ], [ %6, %4 ], [ %11, %8 ] %17 = icmp ult i32 %16, 256 br i1 %17, label %18, label %46 %19 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 %20 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsl $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},I,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 8, i32* %19) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = zext i8 %21 to i32 %23 = shl nuw nsw i32 %22, 8 %24 = load volatile i32, i32* %19, align 4 %25 = and i32 %24, -65281 %26 = or i32 %23, %25 %27 = icmp ugt i32 %26, 255 br i1 %27, label %28, label %33, !prof !6, !misexpect !7 %29 = icmp eq i8 %21, 0 br i1 %29, label %30, label %46 %47 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 queued_spin_lock_slowpath 1 tracing_saved_cmdlines_size_read ------------- Path:  Function:tracing_saved_cmdlines_size_read %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %7 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.qspinlock, %struct.qspinlock* @trace_cmdline_lock, i64 0, i32 0, i32 0, i32 0), i32 1, i32* getelementptr inbounds (%struct.qspinlock, %struct.qspinlock* @trace_cmdline_lock, i64 0, i32 0, i32 0, i32 0), i32 0) #6, !srcloc !4 %8 = extractvalue { i8, i32 } %7, 0 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %13, !prof !5, !misexpect !6 %12 = extractvalue { i8, i32 } %7, 1 tail call void @queued_spin_lock_slowpath(%struct.qspinlock* nonnull @trace_cmdline_lock, i32 %12) #83 Function:queued_spin_lock_slowpath %3 = icmp eq i32 %1, 256 br i1 %3, label %4, label %15 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 256 br i1 %7, label %8, label %15 %9 = phi i32 [ %10, %8 ], [ 512, %4 ] %10 = add nsw i32 %9, -1 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i32, i32* %5, align 4 %12 = icmp ne i32 %11, 256 %13 = icmp eq i32 %10, 0 %14 = or i1 %13, %12 br i1 %14, label %15, label %8 %16 = phi i32 [ %1, %2 ], [ %6, %4 ], [ %11, %8 ] %17 = icmp ult i32 %16, 256 br i1 %17, label %18, label %46 %19 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 %20 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsl $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},I,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 8, i32* %19) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = zext i8 %21 to i32 %23 = shl nuw nsw i32 %22, 8 %24 = load volatile i32, i32* %19, align 4 %25 = and i32 %24, -65281 %26 = or i32 %23, %25 %27 = icmp ugt i32 %26, 255 br i1 %27, label %28, label %33, !prof !6, !misexpect !7 %29 = icmp eq i8 %21, 0 br i1 %29, label %30, label %46 %47 = tail call i32 @debug_smp_processor_id() #83 %48 = zext i32 %47 to i64 %49 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %48 %50 = load i64, i64* %49, align 8 %51 = add i64 %50, ptrtoint ([4 x %struct.qnode]* @qnodes to i64) %52 = inttoptr i64 %51 to %struct.mcs_spinlock* %53 = getelementptr inbounds %struct.mcs_spinlock, %struct.mcs_spinlock* %52, i64 0, i32 2 %54 = load i32, i32* %53, align 4 %55 = add i32 %54, 1 store i32 %55, i32* %53, align 4 %56 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 queued_spin_lock_slowpath 1 ring_buffer_alloc_read_page 2 tracing_buffers_read ------------- Path:  Function:tracing_buffers_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.ftrace_buffer_info** %7 = load %struct.ftrace_buffer_info*, %struct.ftrace_buffer_info** %6, align 8 %8 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0 %9 = icmp eq i64 %2, 0 br i1 %9, label %114, label %10 %11 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null br i1 %13, label %14, label %29 %15 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 2 %16 = load %struct.array_buffer*, %struct.array_buffer** %15, align 8 %17 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %16, i64 0, i32 1 %18 = load %struct.trace_buffer*, %struct.trace_buffer** %17, align 8 %19 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = tail call i8* @ring_buffer_alloc_read_page(%struct.trace_buffer* %18, i32 %20) #83 Function:ring_buffer_alloc_read_page %3 = alloca i64, align 8 %4 = zext i32 %1 to i64 %5 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 3, i64 0, i32 0, i64 0 %6 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4) #6, !srcloc !4 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %61, label %9 %10 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 6 %11 = load %struct.ring_buffer_per_cpu**, %struct.ring_buffer_per_cpu*** %10, align 8 %12 = sext i32 %1 to i64 %13 = getelementptr %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %11, i64 %12 %14 = load %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %13, align 8 %15 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !5 %16 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %14, i64 0, i32 5 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %17, i64 0, i32 0, i32 0, i32 0 %19 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18, i32 0) #6, !srcloc !7 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %25, !prof !8, !misexpect !9 %24 = extractvalue { i8, i32 } %19, 1 call void @queued_spin_lock_slowpath(%struct.qspinlock* %17, i32 %24) #83 Function:queued_spin_lock_slowpath %3 = icmp eq i32 %1, 256 br i1 %3, label %4, label %15 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 256 br i1 %7, label %8, label %15 %9 = phi i32 [ %10, %8 ], [ 512, %4 ] %10 = add nsw i32 %9, -1 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i32, i32* %5, align 4 %12 = icmp ne i32 %11, 256 %13 = icmp eq i32 %10, 0 %14 = or i1 %13, %12 br i1 %14, label %15, label %8 %16 = phi i32 [ %1, %2 ], [ %6, %4 ], [ %11, %8 ] %17 = icmp ult i32 %16, 256 br i1 %17, label %18, label %46 %19 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %0, i64 0, i32 0, i32 0, i32 0 %20 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsl $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},I,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 8, i32* %19) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = zext i8 %21 to i32 %23 = shl nuw nsw i32 %22, 8 %24 = load volatile i32, i32* %19, align 4 %25 = and i32 %24, -65281 %26 = or i32 %23, %25 %27 = icmp ugt i32 %26, 255 br i1 %27, label %28, label %33, !prof !6, !misexpect !7 %29 = icmp eq i8 %21, 0 br i1 %29, label %30, label %46 %47 = tail call i32 @debug_smp_processor_id() #83 %48 = zext i32 %47 to i64 %49 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %48 %50 = load i64, i64* %49, align 8 %51 = add i64 %50, ptrtoint ([4 x %struct.qnode]* @qnodes to i64) %52 = inttoptr i64 %51 to %struct.mcs_spinlock* %53 = getelementptr inbounds %struct.mcs_spinlock, %struct.mcs_spinlock* %52, i64 0, i32 2 %54 = load i32, i32* %53, align 4 %55 = add i32 %54, 1 store i32 %55, i32* %53, align 4 %56 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_printk 5 pnp_disable_dev 6 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.343946* %11 = getelementptr inbounds %struct.pnp_dev.343946, %struct.pnp_dev.343946* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #84 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.35209, i64 0, i64 0), i64 7) #85 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.344092*)* @pnp_disable_dev to i32 (%struct.pnp_dev.343946*)*)(%struct.pnp_dev.343946* %10) #84 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.344082*, %struct.pnp_protocol.344082** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.344082, %struct.pnp_protocol.344082* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.344092*)*, i32 (%struct.pnp_dev.344092*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.344092*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %23 = load i32, i32* @pnp_debug, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %51, label %25 %26 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.35105, i64 0, i64 0), %struct.device* %26, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.7.35106, i64 0, i64 0)) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_printk 5 drm_dev_dbg 6 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.373290* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.45512, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_printk 5 drm_dev_dbg 6 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %70, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %70 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #84 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %70 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.41039, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_printk 5 drm_dev_dbg 6 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %66, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %66 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #84 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %66 %38 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.41033, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.41034, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.41035, i64 0, i64 0), i8* %46) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_printk 5 drm_dev_dbg 6 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.426591** %7 = load %struct.i915_gpu_coredump.426591*, %struct.i915_gpu_coredump.426591** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.426591* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %10, align 8 %12 = icmp eq %struct.drm_i915_private.426623* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.40.40785, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_printk 5 drm_dev_dbg 6 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = icmp eq %struct.drm_i915_private.412466* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.40123, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_warn 5 cur_state_store ------------- Path:  Function:cur_state_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 36 %7 = bitcast %struct.dev_iommu** %6 to %struct.thermal_cooling_device* %8 = bitcast i64* %5 to i8* %9 = load i1, i1* @cur_state_store.__print_once, align 1 br i1 %9, label %13, label %10 store i1 true, i1* @cur_state_store.__print_once, align 1 %11 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %6, i64 2 %12 = bitcast %struct.dev_iommu** %11 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %12, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.31.59516, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_warn 5 stable_pages_required_show ------------- Path:  Function:stable_pages_required_show %4 = load i1, i1* @stable_pages_required_show.__print_once, align 1 br i1 %4, label %6, label %5 store i1 true, i1* @stable_pages_required_show.__print_once, align 1 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %0, i8* getelementptr inbounds ([102 x i8], [102 x i8]* @.str.7.14003, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_warn 5 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.313800* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.13.30582, i64 0, i64 0)) #83 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 253 %14 = bitcast %struct.irq_domain** %13 to i8* store i8 0, i8* %14, align 8 %15 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 25 %16 = bitcast %struct.irq_domain** %15 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %16, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.79.30583, i64 0, i64 0)) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_warn 5 pci_vpd_available 6 pci_vpd_read 7 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_warn 5 pci_vpd_available 6 pci_vpd_write 7 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_write %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_err 5 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_err 5 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %22 = bitcast %struct.list_head** %21 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_err 5 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_err 5 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %23 = bitcast %struct.list_head** %22 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_err 5 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_err 5 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 vprintk_emit 1 dev_vprintk_emit 2 dev_printk_emit 3 __dev_printk 4 _dev_err 5 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* %21, i8* nonnull %6) #83 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.62.58645, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.58648, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 pnp_disable_dev 7 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.343946* %11 = getelementptr inbounds %struct.pnp_dev.343946, %struct.pnp_dev.343946* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #84 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.35209, i64 0, i64 0), i64 7) #85 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.344092*)* @pnp_disable_dev to i32 (%struct.pnp_dev.343946*)*)(%struct.pnp_dev.343946* %10) #84 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.344082*, %struct.pnp_protocol.344082** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.344082, %struct.pnp_protocol.344082* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.344092*)*, i32 (%struct.pnp_dev.344092*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.344092*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %23 = load i32, i32* @pnp_debug, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %51, label %25 %26 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.35105, i64 0, i64 0), %struct.device* %26, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.7.35106, i64 0, i64 0)) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.373290* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.45512, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %70, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %70 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #84 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %70 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.41039, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %66, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %66 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #84 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %66 %38 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.41033, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.41034, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.41035, i64 0, i64 0), i8* %46) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.426591** %7 = load %struct.i915_gpu_coredump.426591*, %struct.i915_gpu_coredump.426591** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.426591* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %10, align 8 %12 = icmp eq %struct.drm_i915_private.426623* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.40.40785, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = icmp eq %struct.drm_i915_private.412466* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.40123, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 cur_state_store ------------- Path:  Function:cur_state_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 36 %7 = bitcast %struct.dev_iommu** %6 to %struct.thermal_cooling_device* %8 = bitcast i64* %5 to i8* %9 = load i1, i1* @cur_state_store.__print_once, align 1 br i1 %9, label %13, label %10 store i1 true, i1* @cur_state_store.__print_once, align 1 %11 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %6, i64 2 %12 = bitcast %struct.dev_iommu** %11 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %12, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.31.59516, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 stable_pages_required_show ------------- Path:  Function:stable_pages_required_show %4 = load i1, i1* @stable_pages_required_show.__print_once, align 1 br i1 %4, label %6, label %5 store i1 true, i1* @stable_pages_required_show.__print_once, align 1 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %0, i8* getelementptr inbounds ([102 x i8], [102 x i8]* @.str.7.14003, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.313800* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.13.30582, i64 0, i64 0)) #83 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 253 %14 = bitcast %struct.irq_domain** %13 to i8* store i8 0, i8* %14, align 8 %15 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 25 %16 = bitcast %struct.irq_domain** %15 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %16, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.79.30583, i64 0, i64 0)) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 pci_vpd_available 7 pci_vpd_read 8 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 pci_vpd_available 7 pci_vpd_write 8 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_write %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %22 = bitcast %struct.list_head** %21 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %23 = bitcast %struct.list_head** %22 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 console_unlock 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* %21, i8* nonnull %6) #83 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.62.58645, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.58648, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 call void @console_unlock() #84 Function:console_unlock %1 = alloca i64, align 8 %2 = alloca i64, align 8 %3 = alloca [20 x i8], align 16 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = bitcast %struct.printk_info* %6 to i8* %9 = bitcast %struct.printk_record* %7 to i8* %10 = load i1, i1* @console_suspended, align 4 br i1 %10, label %11, label %17 %18 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 0 store %struct.printk_info* %6, %struct.printk_info** %18, align 8 %19 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 1 store i8* getelementptr inbounds ([1024 x i8], [1024 x i8]* @console_unlock.text, i64 0, i64 0), i8** %19, align 8 %20 = getelementptr inbounds %struct.printk_record, %struct.printk_record* %7, i64 0, i32 2 store i32 1024, i32* %20, align 8 %21 = load i1, i1* @console_may_schedule, align 4 %22 = getelementptr inbounds [20 x i8], [20 x i8]* %3, i64 0, i64 0 %23 = bitcast i64* %2 to i8* %24 = xor i1 %21, true %25 = bitcast i64* %1 to i8* br label %26 store i1 false, i1* @console_may_schedule, align 4 %27 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !7 %28 = zext i32 %27 to i64 %29 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %28) #6, !srcloc !8 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %33, label %32 %34 = load %struct.console*, %struct.console** @console_drivers, align 8 %35 = icmp eq %struct.console* %34, null br i1 %35, label %46, label %40 %41 = phi %struct.console* [ %38, %36 ], [ %34, %33 ] %42 = getelementptr inbounds %struct.console, %struct.console* %41, i64 0, i32 8 %43 = load i16, i16* %42, align 8 %44 = and i16 %43, 20 %45 = icmp eq i16 %44, 20 br i1 %45, label %32, label %36 br label %52 %53 = load %struct.printk_ringbuffer*, %struct.printk_ringbuffer** @prb, align 8 %54 = load i64, i64* @console_seq, align 8 %55 = call zeroext i1 @prb_read_valid(%struct.printk_ringbuffer* %53, i64 %54, %struct.printk_record* nonnull %7) #83 %56 = load i64, i64* @console_seq, align 8 br i1 %55, label %57, label %205 %58 = phi i64 [ %84, %80 ], [ %56, %52 ] %59 = load %struct.printk_info*, %struct.printk_info** %18, align 8 %60 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 0 %61 = load i64, i64* %60, align 8 %62 = icmp eq i64 %61, %58 br i1 %62, label %68, label %63 %69 = phi i64 [ %58, %57 ], [ %67, %63 ] %70 = getelementptr inbounds %struct.printk_info, %struct.printk_info* %59, i64 0, i32 4 %71 = load i8, i8* %70, align 1 %72 = lshr i8 %71, 5 %73 = zext i8 %72 to i32 %74 = load i32, i32* getelementptr inbounds ([4 x i32], [4 x i32]* @console_printk, i64 0, i64 0), align 16 %75 = icmp sle i32 %74, %73 %76 = load i8, i8* @ignore_loglevel, align 1 %77 = and i8 %76, 1 %78 = icmp eq i8 %77, 0 %79 = and i1 %75, %78 br i1 %79, label %80, label %85 %86 = load %struct.console*, %struct.console** @exclusive_console, align 8 %87 = icmp ne %struct.console* %86, null %88 = load i64, i64* @exclusive_console_stop_seq, align 8 %89 = icmp uge i64 %69, %88 %90 = and i1 %87, %89 br i1 %90, label %91, label %92, !prof !9, !misexpect !10 store %struct.console* null, %struct.console** @exclusive_console, align 8 br label %92 %93 = load i32, i32* @nr_ext_console_drivers, align 4 %94 = icmp eq i32 %93, 0 br i1 %94, label %120, label %95 %121 = phi i64 [ %119, %95 ], [ 0, %92 ] %122 = load i1, i1* @console_msg_format, align 4 %123 = load i8, i8* @printk_time, align 1, !range !11 %124 = icmp ne i8 %123, 0 %125 = call fastcc i64 @record_print_text(%struct.printk_record* nonnull %7, i1 zeroext %122, i1 zeroext %124) #84 %126 = load i64, i64* @console_seq, align 8 %127 = add i64 %126, 1 store i64 %127, i64* @console_seq, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %128 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %129 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !12 %130 = inttoptr i64 %129 to %struct.task_struct* store %struct.task_struct* %130, %struct.task_struct** @console_owner, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call fastcc void @trace_console_rcuidle(i64 %125) #83 %131 = load %struct.console*, %struct.console** @console_drivers, align 8 %132 = icmp eq %struct.console* %131, null br i1 %132, label %188, label %133 %134 = load i64, i64* @console_dropped, align 8 %135 = icmp eq i64 %134, 0 br i1 %135, label %141, label %136 %137 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* getelementptr inbounds ([64 x i8], [64 x i8]* @call_console_drivers.dropped_text, i64 0, i64 0), i64 64, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.95.8102, i64 0, i64 0), i64 %134) #83 %138 = sext i32 %137 to i64 store i64 0, i64* @console_dropped, align 8 %139 = load %struct.console*, %struct.console** @console_drivers, align 8 %140 = icmp eq %struct.console* %139, null br i1 %140, label %188, label %141 %142 = phi i64 [ %138, %136 ], [ 0, %133 ] %143 = phi %struct.console* [ %139, %136 ], [ %131, %133 ] %144 = trunc i64 %121 to i32 %145 = icmp eq i64 %142, 0 %146 = trunc i64 %142 to i32 %147 = trunc i64 %125 to i32 br label %148 %149 = phi %struct.console* [ %143, %141 ], [ %186, %184 ] %150 = load %struct.console*, %struct.console** @exclusive_console, align 8 %151 = icmp eq %struct.console* %150, null %152 = icmp eq %struct.console* %149, %150 %153 = or i1 %151, %152 br i1 %153, label %154, label %184 %155 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 8 %156 = load i16, i16* %155, align 8 %157 = and i16 %156, 4 %158 = icmp eq i16 %157, 0 br i1 %158, label %184, label %159 %160 = getelementptr inbounds %struct.console, %struct.console* %149, i64 0, i32 1 %161 = load void (%struct.console*, i8*, i32)*, void (%struct.console*, i8*, i32)** %160, align 8 %162 = icmp eq void (%struct.console*, i8*, i32)* %161, null br i1 %162, label %184, label %163 %164 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 dma_fence_release 2 sync_file_release ------------- Path:  Function:sync_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 80 %6 = bitcast i8* %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 1 %9 = icmp eq i64 %8, 0 br i1 %9, label %17, label %10 %18 = getelementptr inbounds i8, i8* %4, i64 88 %19 = bitcast i8* %18 to %struct.dma_fence** %20 = load %struct.dma_fence*, %struct.dma_fence** %19, align 8 %21 = icmp eq %struct.dma_fence* %20, null br i1 %21, label %34, label %22 %23 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %20, i64 0, i32 6 %24 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %23, i64 0, i32 0 %25 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %23, i64 0, i32 0, i32 0, i32 0 %26 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 -1, i32* %25) #6, !srcloc !4 %27 = icmp eq i32 %26, 1 br i1 %27, label %33, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @dma_fence_release(%struct.qspinlock* %23) #83 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 dma_fence_release 2 dma_resv_iter_walk_unlocked 3 dma_resv_iter_first_unlocked 4 dma_resv_wait_timeout 5 dma_buf_ioctl ------------- Path:  Function:dma_buf_ioctl %4 = alloca %struct.anon.1, align 8 %5 = bitcast %struct.anon.1* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.dma_buf** %8 = load %struct.dma_buf*, %struct.dma_buf** %7, align 8 switch i32 %1, label %82 [ i32 1074291200, label %9 i32 1074029057, label %58 i32 1074291201, label %58 ] %10 = inttoptr i64 %2 to i8* %11 = call i64 @_copy_from_user(i8* nonnull %5, i8* %10, i64 8) #83 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %82 %14 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %4, i64 0, i32 0 %15 = load i64, i64* %14, align 8 %16 = icmp ult i64 %15, 8 br i1 %16, label %17, label %82 %18 = and i64 %15, 3 switch i64 %18, label %82 [ i64 1, label %21 i64 2, label %19 i64 3, label %20 ] %22 = phi i1 [ false, %17 ], [ true, %20 ], [ true, %19 ] %23 = phi i32 [ 2, %17 ], [ 0, %20 ], [ 1, %19 ] %24 = and i64 %15, 4 %25 = icmp eq i64 %24, 0 %26 = icmp eq %struct.dma_buf* %8, null br i1 %25, label %37, label %27 br i1 %26, label %38, label %39, !prof !4, !misexpect !5 %40 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %8, i64 0, i32 3 %41 = load %struct.dma_buf_ops*, %struct.dma_buf_ops** %40, align 8 %42 = getelementptr inbounds %struct.dma_buf_ops, %struct.dma_buf_ops* %41, i64 0, i32 8 %43 = load i32 (%struct.dma_buf*, i32)*, i32 (%struct.dma_buf*, i32)** %42, align 8 %44 = icmp eq i32 (%struct.dma_buf*, i32)* %43, null br i1 %44, label %48, label %45 %46 = call i32 %43(%struct.dma_buf* nonnull %8, i32 %23) #83 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %55 %49 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %8, i64 0, i32 13 %50 = load %struct.dma_resv*, %struct.dma_resv** %49, align 8 %51 = call i64 @dma_resv_wait_timeout(%struct.dma_resv* %50, i1 zeroext %22, i1 zeroext true, i64 9223372036854775807) #83 Function:dma_resv_wait_timeout %5 = alloca %struct.dma_resv_iter, align 8 %6 = icmp eq i64 %3, 0 %7 = select i1 %6, i64 1, i64 %3 %8 = bitcast %struct.dma_resv_iter* %5 to i8* %9 = zext i1 %1 to i8 %10 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 0 store %struct.dma_resv* %0, %struct.dma_resv** %10, align 8 %11 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 1 store i8 %9, i8* %11, align 8 %12 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %5, i64 0, i32 2 store %struct.dma_fence* null, %struct.dma_fence** %12, align 8 %13 = call %struct.dma_fence* @dma_resv_iter_first_unlocked(%struct.dma_resv_iter* nonnull %5) #83 Function:dma_resv_iter_first_unlocked tail call void @__rcu_read_lock() #83 %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 3 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 1 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %8 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 7 br label %9 %10 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %11 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %10, i64 0, i32 1, i32 0, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %17 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %16, i64 0, i32 1, i32 0, i32 0 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 1 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %15 %22 = phi i32 [ %12, %9 ], [ %18, %15 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store i32 %22, i32* %3, align 8 store i32 -1, i32* %4, align 4 store i32 0, i32* %5, align 8 %23 = load i8, i8* %6, align 8, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %27 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %26, i64 0, i32 3 %28 = load volatile %struct.dma_resv_list*, %struct.dma_resv_list** %27, align 8 store %struct.dma_resv_list* %28, %struct.dma_resv_list** %7, align 8 %29 = icmp eq %struct.dma_resv_list* %28, null br i1 %29, label %34, label %30 store i8 1, i8* %8, align 4 tail call fastcc void @dma_resv_iter_walk_unlocked(%struct.dma_resv_iter* %0) #84 Function:dma_resv_iter_walk_unlocked %2 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 0 %3 = load %struct.dma_resv*, %struct.dma_resv** %2, align 8 %4 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 4 %6 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.dma_resv_iter, %struct.dma_resv_iter* %0, i64 0, i32 6 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %3, i64 0, i32 2 br label %9 %10 = load %struct.dma_fence*, %struct.dma_fence** %4, align 8 %11 = icmp eq %struct.dma_fence* %10, null br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %10, i64 0, i32 6 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0 %15 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %13, i64 0, i32 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 -1, i32* %15) #6, !srcloc !4 %17 = icmp eq i32 %16, 1 br i1 %17, label %23, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @dma_fence_release(%struct.qspinlock* %13) #83 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 dma_fence_release 2 dma_fence_chain_find_seqno 3 syncobj_wait_syncobj_func 4 drm_syncobj_replace_fence 5 drm_syncobj_file_release ------------- Path:  Function:drm_syncobj_file_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_syncobj** %5 = load %struct.drm_syncobj*, %struct.drm_syncobj** %4, align 8 %6 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0 %7 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 -1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %16 = bitcast %struct.drm_syncobj* %5 to i8* tail call void @drm_syncobj_replace_fence(%struct.drm_syncobj* %5, %struct.dma_fence* null) #83 Function:drm_syncobj_replace_fence %3 = icmp eq %struct.dma_fence* %1, null br i1 %3, label %16, label %4 %5 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %1, i64 0, i32 6 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0 %7 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %5, i64 0, i32 0, i32 0, i32 0 %8 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 1, i32* %7) #6, !srcloc !4 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11, !prof !5, !misexpect !6 %12 = add i32 %8, 1 %13 = or i32 %12, %8 %14 = icmp sgt i32 %13, -1 br i1 %14, label %16, label %15, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %6, i32 1) #83 br label %16 %17 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %17) #83 %18 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %19 = load %struct.dma_fence*, %struct.dma_fence** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile %struct.dma_fence* %1, %struct.dma_fence** %18, align 8 %20 = icmp eq %struct.dma_fence* %19, %1 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 2 %23 = bitcast %struct.list_head* %22 to %struct.syncobj_wait_entry** %24 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %23, align 8 %25 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %24, i64 0, i32 0 %26 = icmp eq %struct.list_head* %25, %22 br i1 %26, label %33, label %27 %28 = phi %struct.syncobj_wait_entry* [ %30, %27 ], [ %24, %21 ] %29 = bitcast %struct.syncobj_wait_entry* %28 to %struct.syncobj_wait_entry** %30 = load %struct.syncobj_wait_entry*, %struct.syncobj_wait_entry** %29, align 8 tail call fastcc void @syncobj_wait_syncobj_func(%struct.drm_syncobj* %0, %struct.syncobj_wait_entry* %28) #84 Function:syncobj_wait_syncobj_func %3 = alloca %struct.dma_fence*, align 8 %4 = bitcast %struct.dma_fence** %3 to i8* %5 = getelementptr inbounds %struct.drm_syncobj, %struct.drm_syncobj* %0, i64 0, i32 1 %6 = load %struct.dma_fence*, %struct.dma_fence** %5, align 8 store %struct.dma_fence* %6, %struct.dma_fence** %3, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %56, label %8 %9 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %6, i64 0, i32 6 %10 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %9, i64 0, i32 0, i32 0, i32 0 %12 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %11, i32 1, i32* %11) #6, !srcloc !4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !5, !misexpect !6 %15 = add i32 %12, 1 %16 = or i32 %15, %12 %17 = icmp sgt i32 %16, -1 br i1 %17, label %20, label %18, !prof !7, !misexpect !6 %19 = phi i32 [ 2, %8 ], [ 1, %14 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %10, i32 %19) #83 br label %20 %21 = getelementptr inbounds %struct.syncobj_wait_entry, %struct.syncobj_wait_entry* %1, i64 0, i32 4 %22 = load i64, i64* %21, align 8 %23 = call i32 @dma_fence_chain_find_seqno(%struct.dma_fence** nonnull %3, i64 %22) #83 Function:dma_fence_chain_find_seqno %3 = icmp eq i64 %1, 0 br i1 %3, label %56, label %4 %5 = load %struct.dma_fence*, %struct.dma_fence** %0, align 8 %6 = icmp eq %struct.dma_fence* %5, null br i1 %6, label %56, label %7 %8 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 1 %9 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %8, align 8 %10 = icmp eq %struct.dma_fence_ops* %9, @dma_fence_chain_ops br i1 %10, label %11, label %56 %12 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = icmp ult i64 %13, %1 br i1 %14, label %56, label %15 %16 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 6 %17 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %16, i64 0, i32 0 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %16, i64 0, i32 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !5, !misexpect !6 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !7, !misexpect !6 %26 = phi i32 [ 2, %15 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %26) #83 br label %27 store %struct.dma_fence* %5, %struct.dma_fence** %0, align 8 %28 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %5, i64 0, i32 3 br label %29 %30 = phi %struct.dma_fence* [ %5, %27 ], [ %45, %44 ] %31 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %30, i64 0, i32 3 %32 = load i64, i64* %31, align 8 %33 = load i64, i64* %28, align 8 %34 = icmp eq i64 %32, %33 br i1 %34, label %35, label %47 %48 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 -1, i32* %18) #6, !srcloc !8 %49 = icmp eq i32 %48, 1 br i1 %49, label %55, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @dma_fence_release(%struct.qspinlock* %16) #83 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 dma_fence_release 2 dma_resv_get_excl_unlocked 3 i915_gem_object_wait 4 i915_gem_wait_ioctl ------------- Path:  Function:i915_gem_wait_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %85 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 8 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file.490674, %struct.drm_file.490674* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.490854* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = tail call i64 @ktime_get() #83 %42 = getelementptr inbounds i8, i8* %1, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %53, label %46 %54 = phi i64 [ %52, %48 ], [ 9223372036854775807, %40 ], [ 0, %46 ] %55 = tail call i32 @i915_gem_object_wait(%struct.drm_i915_gem_object.490854* nonnull %14, i32 7, i64 %54) #84 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %45, label %33 %34 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %35 = icmp eq %struct.dma_fence* %9, %34 br i1 %35, label %48, label %36 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !8 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @dma_fence_release(%struct.qspinlock* %10) #83, !callees !10 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 dma_fence_release 2 dma_resv_get_excl_unlocked 3 i915_gem_object_wait 4 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %396, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %396, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %396, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %385 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %385, label %75 %76 = getelementptr inbounds i8, i8* %36, i64 584 %77 = bitcast i8* %76 to i64* %78 = load i64, i64* %77, align 8 %79 = and i64 %78, 64 %80 = icmp eq i64 %79, 0 br i1 %80, label %81, label %385 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pwrite to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pwrite_ioctl, %82)) #6 to label %102 [label %82], !srcloc !10 %103 = getelementptr inbounds i8, i8* %36, i64 440 %104 = bitcast i8* %103 to %struct.drm_i915_gem_object_ops.436016** %105 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %104, align 8 %106 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %105, i64 0, i32 6 %107 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %106, align 8 %108 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %107, null br i1 %108, label %112, label %109 %113 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 5, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %45, label %33 %34 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %35 = icmp eq %struct.dma_fence* %9, %34 br i1 %35, label %48, label %36 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !8 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @dma_fence_release(%struct.qspinlock* %10) #83, !callees !10 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 dma_fence_release 2 dma_resv_get_excl_unlocked 3 i915_gem_object_wait 4 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.fpu_state_config* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %331, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %331, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %331, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #83 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.436033* %38 = icmp eq i8* %36, null br i1 %38, label %62, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !7 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !8 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #83 br label %60 %61 = icmp eq i32 %55, 0 br i1 %61, label %62, label %63 tail call void @__rcu_read_unlock() #83 %64 = getelementptr inbounds i8, i8* %1, i64 8 %65 = bitcast i8* %64 to i64* %66 = load i64, i64* %65, align 8 %67 = getelementptr inbounds i8, i8* %36, i64 216 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = icmp ugt i64 %69, %66 br i1 %70, label %71, label %320 %72 = load i64, i64* %19, align 8 %73 = sub i64 %69, %66 %74 = icmp ugt i64 %72, %73 br i1 %74, label %320, label %75 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pread to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pread_ioctl, %76)) #6 to label %96 [label %76], !srcloc !10 %97 = getelementptr inbounds i8, i8* %36, i64 440 %98 = bitcast i8* %97 to %struct.drm_i915_gem_object_ops.436016** %99 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %98, align 8 %100 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %99, i64 0, i32 5 %101 = load i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)*, i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)** %100, align 8 %102 = icmp eq i32 (%struct.drm_i915_gem_object.436033*, %struct.fpu_state_config*)* %101, null br i1 %102, label %106, label %103 %107 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.490854*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.436033*, i32, i64)*)(%struct.drm_i915_gem_object.436033* nonnull %37, i32 1, i64 9223372036854775807) #83 Function:i915_gem_object_wait %4 = alloca %struct.dma_fence*, align 8 %5 = alloca %struct.dma_fence**, align 8 %6 = alloca i32, align 4 %7 = tail call i32 @__SCT__might_resched() #83 %8 = getelementptr inbounds %struct.drm_i915_gem_object.490854, %struct.drm_i915_gem_object.490854* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = bitcast %struct.dma_fence** %4 to i8* %11 = and i32 %1, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %117, label %13 %118 = tail call fastcc %struct.dma_fence* @dma_resv_get_excl_unlocked(%struct.dma_resv* %9) #83 Function:dma_resv_get_excl_unlocked %2 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %0, i64 0, i32 2 %3 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %4 = icmp eq %struct.dma_fence* %3, null br i1 %4, label %50, label %5 tail call void @__rcu_read_lock() #83 %6 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %7 = icmp eq %struct.dma_fence* %6, null br i1 %7, label %48, label %8 %9 = phi %struct.dma_fence* [ %46, %45 ], [ %6, %5 ] %10 = getelementptr inbounds %struct.dma_fence, %struct.dma_fence* %9, i64 0, i32 6 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %10, i64 0, i32 0, i32 0, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %8 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 %17, i32* %12, i32 %16) #6, !srcloc !4 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !5, !misexpect !6 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %8 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 0) #83 br label %31 %32 = icmp eq i32 %26, 0 br i1 %32, label %45, label %33 %34 = load volatile %struct.dma_fence*, %struct.dma_fence** %2, align 8 %35 = icmp eq %struct.dma_fence* %9, %34 br i1 %35, label %48, label %36 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !8 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @dma_fence_release(%struct.qspinlock* %10) #83, !callees !10 Function:dma_fence_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -14 %3 = bitcast %struct.qspinlock* %2 to %struct.dma_fence* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_dma_fence_destroy, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@dma_fence_release, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -10 %26 = bitcast %struct.qspinlock* %25 to %struct.list_head* %27 = bitcast %struct.qspinlock* %25 to %struct.list_head** %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %62, label %30 %31 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %32 = bitcast %struct.qspinlock* %31 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %62, !prof !14, !misexpect !12 %63 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -12 %64 = bitcast %struct.qspinlock* %63 to %struct.dma_fence_ops** %65 = load %struct.dma_fence_ops*, %struct.dma_fence_ops** %64, align 8 %66 = getelementptr inbounds %struct.dma_fence_ops, %struct.dma_fence_ops* %65, i64 0, i32 6 %67 = load void (%struct.dma_fence*)*, void (%struct.dma_fence*)** %66, align 8 %68 = icmp eq void (%struct.dma_fence*)* %67, null br i1 %68, label %70, label %69 %71 = icmp eq %struct.qspinlock* %2, null br i1 %71, label %74, label %72 %73 = bitcast %struct.qspinlock* %25 to %struct.callback_head* tail call void @kvfree_call_rcu(%struct.callback_head* %73, void (%struct.callback_head*)* nonnull inttoptr (i64 16 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_inode_make_writeable 4 _nfs4_do_setattr 5 nfs4_do_setattr 6 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 store %struct.cred* null, %struct.cred** %194, align 8 %204 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 10 tail call void @kvfree_call_rcu(%struct.callback_head* %204, void (%struct.callback_head*)* nonnull inttoptr (i64 88 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_inode_make_writeable 4 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.233146** %6 = load %struct.nfs_renameargs.233146*, %struct.nfs_renameargs.233146** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.233147** %9 = load %struct.nfs_renameres.233147*, %struct.nfs_renameres.233147** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 store %struct.cred* null, %struct.cred** %194, align 8 %204 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 10 tail call void @kvfree_call_rcu(%struct.callback_head* %204, void (%struct.callback_head*)* nonnull inttoptr (i64 88 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_inode_make_writeable 4 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 store %struct.cred* null, %struct.cred** %194, align 8 %204 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 10 tail call void @kvfree_call_rcu(%struct.callback_head* %204, void (%struct.callback_head*)* nonnull inttoptr (i64 88 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.233142** %6 = load %struct.nfs_removeargs.233142*, %struct.nfs_removeargs.233142** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.233144** %9 = load %struct.nfs_removeres.233144*, %struct.nfs_removeres.233144** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.233131** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #83 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 store %struct.cred* null, %struct.cred** %194, align 8 %204 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 10 tail call void @kvfree_call_rcu(%struct.callback_head* %204, void (%struct.callback_head*)* nonnull inttoptr (i64 88 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs3_set_acl ------------- Path:  Function:nfs3_set_acl %5 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %1, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, -4096 %8 = icmp eq i16 %7, 16384 br i1 %8, label %9, label %16 switch i32 %3, label %16 [ i32 32768, label %10 i32 16384, label %13 ] %14 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.232196*, i32)*)(%struct.inode.232196* %1, i32 32768) #83 %15 = icmp ugt %struct.posix_acl* %14, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %15, label %63, label %16 %17 = phi %struct.posix_acl* [ %2, %9 ], [ %2, %4 ], [ %2, %10 ], [ %14, %13 ] %18 = phi %struct.posix_acl* [ null, %9 ], [ null, %4 ], [ %11, %10 ], [ %2, %13 ] %19 = icmp eq %struct.posix_acl* %17, null br i1 %19, label %20, label %24 %21 = load i16, i16* %5, align 8 %22 = tail call %struct.posix_acl* @posix_acl_from_mode(i16 zeroext %21, i32 3264) #83 %23 = icmp ugt %struct.posix_acl* %22, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %23, label %63, label %24 %64 = phi %struct.posix_acl* [ null, %20 ], [ %2, %13 ], [ %2, %10 ] %65 = phi %struct.posix_acl* [ %18, %20 ], [ null, %13 ], [ null, %10 ] %66 = phi %struct.posix_acl* [ %22, %20 ], [ %14, %13 ], [ %11, %10 ] %67 = ptrtoint %struct.posix_acl* %66 to i64 %68 = trunc i64 %67 to i32 br label %27 %28 = phi %struct.posix_acl* [ %64, %63 ], [ %25, %24 ] %29 = phi %struct.posix_acl* [ %65, %63 ], [ %18, %24 ] %30 = phi i32 [ %68, %63 ], [ %26, %24 ] %31 = icmp eq %struct.posix_acl* %28, %2 %32 = icmp eq %struct.posix_acl* %28, null %33 = or i1 %31, %32 br i1 %33, label %46, label %34 %35 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 0 %36 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 0, i32 0, i32 0 %37 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 -1, i32* %36) #6, !srcloc !4 %38 = icmp eq i32 %37, 1 br i1 %38, label %44, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %45 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %28, i64 0, i32 1 tail call void @kvfree_call_rcu(%struct.callback_head* %45, void (%struct.callback_head*)* nonnull inttoptr (i64 8 to void (%struct.callback_head*)*)) #83 br label %46 %47 = icmp eq %struct.posix_acl* %29, %2 %48 = icmp eq %struct.posix_acl* %29, null %49 = or i1 %47, %48 br i1 %49, label %62, label %50 %51 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %29, i64 0, i32 0 %52 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %29, i64 0, i32 0, i32 0, i32 0 %53 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %52, i32 -1, i32* %52) #6, !srcloc !4 %54 = icmp eq i32 %53, 1 br i1 %54, label %60, label %55 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %61 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %29, i64 0, i32 1 tail call void @kvfree_call_rcu(%struct.callback_head* %61, void (%struct.callback_head*)* nonnull inttoptr (i64 8 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_access_zap_cache 2 nfs_access_get_cached 3 nfs_do_access 4 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_access_zap_cache 2 nfs_access_get_cached 3 nfs_do_access 4 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_access_zap_cache 2 nfs_access_get_cached 3 nfs_do_access 4 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_access_zap_cache 2 nfs_access_get_cached 3 nfs_do_access 4 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_access_zap_cache 2 nfs_access_get_cached 3 nfs_do_access 4 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 nfs_access_zap_cache 2 nfs_access_get_cached 3 nfs_do_access 4 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 br label %73 %74 = icmp eq %struct.list_head** %56, null br i1 %74, label %78, label %75 %76 = getelementptr %struct.list_head, %struct.list_head* %55, i64 2 %77 = bitcast %struct.list_head* %76 to %struct.callback_head* call void @kvfree_call_rcu(%struct.callback_head* %77, void (%struct.callback_head*)* nonnull inttoptr (i64 56 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 timerfd_release ------------- Path:  Function:timerfd_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.timerfd_ctx** %5 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 10, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #83 %7 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 11 %8 = load i8, i8* %7, align 4, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %17, label %10 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %6) #83 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 5 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, -2 %21 = icmp eq i32 %20, 8 br i1 %21, label %22, label %25 %23 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 0, i32 0 %24 = tail call i32 @alarm_cancel(%struct.alarm* %23) #83 br label %28 %29 = icmp eq %struct.timerfd_ctx* %5, null br i1 %29, label %32, label %30 %31 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 8 tail call void @kvfree_call_rcu(%struct.callback_head* %31, void (%struct.callback_head*)* nonnull inttoptr (i64 176 to void (%struct.callback_head*)*)) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 __d_move 2 d_move 3 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #83 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.148048* %0, %struct.dentry.148048* %1, i1 zeroext false) #84 Function:__d_move %4 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 5 %5 = load %struct.inode.148060*, %struct.inode.148060** %4, align 8 %6 = icmp eq %struct.inode.148060* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16761, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "345:\0A\09.pushsection .discard.reachable\0A\09.long 345b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.148048* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.148048* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %12, i64 0, i32 3 %14 = load %struct.dentry.148048*, %struct.dentry.148048** %13, align 8 %15 = icmp eq %struct.dentry.148048* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %23 = load %struct.dentry.148048*, %struct.dentry.148048** %22, align 8 br label %24 %25 = phi %struct.dentry.148048* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %25, i64 0, i32 3 %27 = load %struct.dentry.148048*, %struct.dentry.148048** %26, align 8 %28 = icmp eq %struct.dentry.148048* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.148048* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.148048* %23, %0 %34 = icmp eq %struct.dentry.148048* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %43 = load %struct.dentry.148048*, %struct.dentry.148048** %42, align 8 %44 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #83 br label %56 %57 = phi %struct.dentry.148048* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #83 br label %60 %61 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #83 %63 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #83 %65 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %88 = phi i32 [ %86, %85 ], [ undef, %60 ] %89 = phi %struct.inode.148060* [ %73, %85 ], [ null, %60 ] %90 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 1, i32 0, i32 0 %91 = load i32, i32* %90, align 4 %92 = add i32 %91, 1 store i32 %92, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %93 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 1, i32 0, i32 0 %94 = load i32, i32* %93, align 4 %95 = add i32 %94, 1 store i32 %95, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %96 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 2, i32 1 %97 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %96, align 8 %98 = icmp eq %struct.hlist_bl_node** %97, null br i1 %98, label %155, label %99 %156 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 2, i32 1 %157 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %156, align 8 %158 = icmp eq %struct.hlist_bl_node** %157, null br i1 %158, label %216, label %159 %217 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %218 = bitcast %struct.dentry.148048** %217 to i64* %219 = load i64, i64* %218, align 8 %220 = bitcast %struct.dentry.148048** %22 to i64* store i64 %219, i64* %220, align 8 br i1 %2, label %274, label %221 %222 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 1 %223 = load i8*, i8** %222, align 8 %224 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 6, i64 0 %225 = icmp eq i8* %223, %224 %226 = getelementptr i8, i8* %223, i64 -16 %227 = bitcast i8* %226 to %struct.external_name* %228 = select i1 %225, %struct.external_name* null, %struct.external_name* %227, !prof !10 %229 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 1 %230 = load i8*, i8** %229, align 8 %231 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 6, i64 0 %232 = icmp eq i8* %230, %231 br i1 %232, label %240, label %233, !prof !10, !misexpect !5 %241 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 0 %242 = bitcast %struct.anon.1* %241 to %struct.static_call_site* %243 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %242, i64 0, i32 1 %244 = load i32, i32* %243, align 4 %245 = add i32 %244, 1 %246 = zext i32 %245 to i64 store i8* %224, i8** %222, align 8 %247 = getelementptr %struct.anon.1, %struct.anon.1* %241, i64 0, i32 0 %248 = load i64, i64* %247, align 8 %249 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 0, i32 0 store i64 %248, i64* %249, align 8 br label %250 %251 = icmp eq %struct.external_name* %228, null br i1 %251, label %259, label %252 %253 = bitcast %struct.external_name* %228 to i32* %254 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %253, i32* nonnull %253) #6, !srcloc !30 %255 = and i8 %254, 1 %256 = icmp eq i8 %255, 0 br i1 %256, label %259, label %257, !prof !4, !misexpect !31 %258 = getelementptr inbounds %struct.external_name, %struct.external_name* %228, i64 0, i32 0, i32 0 tail call void @kvfree_call_rcu(%struct.callback_head* %258, void (%struct.callback_head*)* null) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 __d_move 2 d_move 3 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #83 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.148048* %0, %struct.dentry.148048* %1, i1 zeroext false) #84 Function:__d_move %4 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 5 %5 = load %struct.inode.148060*, %struct.inode.148060** %4, align 8 %6 = icmp eq %struct.inode.148060* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16761, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "345:\0A\09.pushsection .discard.reachable\0A\09.long 345b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.148048* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.148048* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %12, i64 0, i32 3 %14 = load %struct.dentry.148048*, %struct.dentry.148048** %13, align 8 %15 = icmp eq %struct.dentry.148048* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %23 = load %struct.dentry.148048*, %struct.dentry.148048** %22, align 8 br label %24 %25 = phi %struct.dentry.148048* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %25, i64 0, i32 3 %27 = load %struct.dentry.148048*, %struct.dentry.148048** %26, align 8 %28 = icmp eq %struct.dentry.148048* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.148048* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.148048* %23, %0 %34 = icmp eq %struct.dentry.148048* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %43 = load %struct.dentry.148048*, %struct.dentry.148048** %42, align 8 %44 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #83 br label %56 %57 = phi %struct.dentry.148048* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #83 br label %60 %61 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #83 %63 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #83 %65 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %88 = phi i32 [ %86, %85 ], [ undef, %60 ] %89 = phi %struct.inode.148060* [ %73, %85 ], [ null, %60 ] %90 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 1, i32 0, i32 0 %91 = load i32, i32* %90, align 4 %92 = add i32 %91, 1 store i32 %92, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %93 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 1, i32 0, i32 0 %94 = load i32, i32* %93, align 4 %95 = add i32 %94, 1 store i32 %95, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %96 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 2, i32 1 %97 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %96, align 8 %98 = icmp eq %struct.hlist_bl_node** %97, null br i1 %98, label %155, label %99 %156 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 2, i32 1 %157 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %156, align 8 %158 = icmp eq %struct.hlist_bl_node** %157, null br i1 %158, label %216, label %159 %217 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %218 = bitcast %struct.dentry.148048** %217 to i64* %219 = load i64, i64* %218, align 8 %220 = bitcast %struct.dentry.148048** %22 to i64* store i64 %219, i64* %220, align 8 br i1 %2, label %274, label %221 %222 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 1 %223 = load i8*, i8** %222, align 8 %224 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 6, i64 0 %225 = icmp eq i8* %223, %224 %226 = getelementptr i8, i8* %223, i64 -16 %227 = bitcast i8* %226 to %struct.external_name* %228 = select i1 %225, %struct.external_name* null, %struct.external_name* %227, !prof !10 %229 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 1 %230 = load i8*, i8** %229, align 8 %231 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 6, i64 0 %232 = icmp eq i8* %230, %231 br i1 %232, label %240, label %233, !prof !10, !misexpect !5 %241 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 0 %242 = bitcast %struct.anon.1* %241 to %struct.static_call_site* %243 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %242, i64 0, i32 1 %244 = load i32, i32* %243, align 4 %245 = add i32 %244, 1 %246 = zext i32 %245 to i64 store i8* %224, i8** %222, align 8 %247 = getelementptr %struct.anon.1, %struct.anon.1* %241, i64 0, i32 0 %248 = load i64, i64* %247, align 8 %249 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 0, i32 0 store i64 %248, i64* %249, align 8 br label %250 %251 = icmp eq %struct.external_name* %228, null br i1 %251, label %259, label %252 %253 = bitcast %struct.external_name* %228 to i32* %254 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %253, i32* nonnull %253) #6, !srcloc !30 %255 = and i8 %254, 1 %256 = icmp eq i8 %255, 0 br i1 %256, label %259, label %257, !prof !4, !misexpect !31 %258 = getelementptr inbounds %struct.external_name, %struct.external_name* %228, i64 0, i32 0, i32 0 tail call void @kvfree_call_rcu(%struct.callback_head* %258, void (%struct.callback_head*)* null) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_call_rcu 1 __d_move 2 d_move 3 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #83 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.148048* %0, %struct.dentry.148048* %1, i1 zeroext false) #84 Function:__d_move %4 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 5 %5 = load %struct.inode.148060*, %struct.inode.148060** %4, align 8 %6 = icmp eq %struct.inode.148060* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16761, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "345:\0A\09.pushsection .discard.reachable\0A\09.long 345b - .\0A\09.popsection\0A\09", "~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.148048* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.148048* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %12, i64 0, i32 3 %14 = load %struct.dentry.148048*, %struct.dentry.148048** %13, align 8 %15 = icmp eq %struct.dentry.148048* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 3 %23 = load %struct.dentry.148048*, %struct.dentry.148048** %22, align 8 br label %24 %25 = phi %struct.dentry.148048* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %25, i64 0, i32 3 %27 = load %struct.dentry.148048*, %struct.dentry.148048** %26, align 8 %28 = icmp eq %struct.dentry.148048* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.148048* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.148048* %23, %0 %34 = icmp eq %struct.dentry.148048* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %43 = load %struct.dentry.148048*, %struct.dentry.148048** %42, align 8 %44 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #83 br label %56 %57 = phi %struct.dentry.148048* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #83 br label %60 %61 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #83 %63 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #83 %65 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %88 = phi i32 [ %86, %85 ], [ undef, %60 ] %89 = phi %struct.inode.148060* [ %73, %85 ], [ null, %60 ] %90 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 1, i32 0, i32 0 %91 = load i32, i32* %90, align 4 %92 = add i32 %91, 1 store i32 %92, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %93 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 1, i32 0, i32 0 %94 = load i32, i32* %93, align 4 %95 = add i32 %94, 1 store i32 %95, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %96 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 2, i32 1 %97 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %96, align 8 %98 = icmp eq %struct.hlist_bl_node** %97, null br i1 %98, label %155, label %99 %156 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 2, i32 1 %157 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %156, align 8 %158 = icmp eq %struct.hlist_bl_node** %157, null br i1 %158, label %216, label %159 %217 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 3 %218 = bitcast %struct.dentry.148048** %217 to i64* %219 = load i64, i64* %218, align 8 %220 = bitcast %struct.dentry.148048** %22 to i64* store i64 %219, i64* %220, align 8 br i1 %2, label %274, label %221 %222 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 1 %223 = load i8*, i8** %222, align 8 %224 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 6, i64 0 %225 = icmp eq i8* %223, %224 %226 = getelementptr i8, i8* %223, i64 -16 %227 = bitcast i8* %226 to %struct.external_name* %228 = select i1 %225, %struct.external_name* null, %struct.external_name* %227, !prof !10 %229 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 1 %230 = load i8*, i8** %229, align 8 %231 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 6, i64 0 %232 = icmp eq i8* %230, %231 br i1 %232, label %240, label %233, !prof !10, !misexpect !5 %241 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %1, i64 0, i32 4, i32 0 %242 = bitcast %struct.anon.1* %241 to %struct.static_call_site* %243 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %242, i64 0, i32 1 %244 = load i32, i32* %243, align 4 %245 = add i32 %244, 1 %246 = zext i32 %245 to i64 store i8* %224, i8** %222, align 8 %247 = getelementptr %struct.anon.1, %struct.anon.1* %241, i64 0, i32 0 %248 = load i64, i64* %247, align 8 %249 = getelementptr inbounds %struct.dentry.148048, %struct.dentry.148048* %0, i64 0, i32 4, i32 0, i32 0 store i64 %248, i64* %249, align 8 br label %250 %251 = icmp eq %struct.external_name* %228, null br i1 %251, label %259, label %252 %253 = bitcast %struct.external_name* %228 to i32* %254 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %253, i32* nonnull %253) #6, !srcloc !30 %255 = and i8 %254, 1 %256 = icmp eq i8 %255, 0 br i1 %256, label %259, label %257, !prof !4, !misexpect !31 %258 = getelementptr inbounds %struct.external_name, %struct.external_name* %228, i64 0, i32 0, i32 0 tail call void @kvfree_call_rcu(%struct.callback_head* %258, void (%struct.callback_head*)* null) #83 Function:kvfree_call_rcu %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca [1 x void (%struct.callback_head*, void (%struct.callback_head*)*)*], align 8 %6 = alloca [1 x %struct.rcu_synchronize], align 16 %7 = icmp eq %struct.callback_head* %0, null br i1 %7, label %13, label %8 %14 = tail call i32 @__SCT__might_resched() #83 %15 = bitcast void (%struct.callback_head*)* %1 to i8* br label %16 %17 = phi i8* [ %12, %8 ], [ %15, %13 ] %18 = bitcast i64* %4 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !4 %19 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_printk 7 pnp_disable_dev 8 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.343946* %11 = getelementptr inbounds %struct.pnp_dev.343946, %struct.pnp_dev.343946* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #84 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.35209, i64 0, i64 0), i64 7) #85 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.344092*)* @pnp_disable_dev to i32 (%struct.pnp_dev.343946*)*)(%struct.pnp_dev.343946* %10) #84 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.344082*, %struct.pnp_protocol.344082** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.344082, %struct.pnp_protocol.344082* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.344092*)*, i32 (%struct.pnp_dev.344092*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.344092*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %23 = load i32, i32* @pnp_debug, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %51, label %25 %26 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.35105, i64 0, i64 0), %struct.device* %26, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.7.35106, i64 0, i64 0)) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_printk 7 drm_dev_dbg 8 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.373290* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.45512, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_printk 7 drm_dev_dbg 8 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %70, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %70 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #84 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %70 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.41039, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_printk 7 drm_dev_dbg 8 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %66, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %66 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #84 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %66 %38 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.41033, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.41034, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.41035, i64 0, i64 0), i8* %46) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_printk 7 drm_dev_dbg 8 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.426591** %7 = load %struct.i915_gpu_coredump.426591*, %struct.i915_gpu_coredump.426591** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.426591* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %10, align 8 %12 = icmp eq %struct.drm_i915_private.426623* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.40.40785, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_printk 7 drm_dev_dbg 8 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = icmp eq %struct.drm_i915_private.412466* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.40123, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_warn 7 cur_state_store ------------- Path:  Function:cur_state_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 36 %7 = bitcast %struct.dev_iommu** %6 to %struct.thermal_cooling_device* %8 = bitcast i64* %5 to i8* %9 = load i1, i1* @cur_state_store.__print_once, align 1 br i1 %9, label %13, label %10 store i1 true, i1* @cur_state_store.__print_once, align 1 %11 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %6, i64 2 %12 = bitcast %struct.dev_iommu** %11 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %12, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.31.59516, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_warn 7 stable_pages_required_show ------------- Path:  Function:stable_pages_required_show %4 = load i1, i1* @stable_pages_required_show.__print_once, align 1 br i1 %4, label %6, label %5 store i1 true, i1* @stable_pages_required_show.__print_once, align 1 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %0, i8* getelementptr inbounds ([102 x i8], [102 x i8]* @.str.7.14003, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_warn 7 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.313800* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.13.30582, i64 0, i64 0)) #83 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 253 %14 = bitcast %struct.irq_domain** %13 to i8* store i8 0, i8* %14, align 8 %15 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 25 %16 = bitcast %struct.irq_domain** %15 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %16, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.79.30583, i64 0, i64 0)) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_warn 7 pci_vpd_available 8 pci_vpd_read 9 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_warn 7 pci_vpd_available 8 pci_vpd_write 9 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_write %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %22 = bitcast %struct.list_head** %21 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %23 = bitcast %struct.list_head** %22 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 tick_nohz_tick_stopped 1 irq_work_queue 2 vprintk_emit 3 dev_vprintk_emit 4 dev_printk_emit 5 __dev_printk 6 _dev_err 7 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* %21, i8* nonnull %6) #83 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.62.58645, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.58648, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 %28 = zext i32 %27 to i64 %29 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %28 %30 = load i64, i64* %29, align 8 %31 = select i1 %26, i64 ptrtoint (%struct.llist_node* @raised_list to i64), i64 ptrtoint (%struct.llist_node* @lazy_list to i64) %32 = add i64 %31, %30 %33 = inttoptr i64 %32 to %struct.llist_node* %34 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 0 %35 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %34, %struct.llist_node* %34, %struct.llist_node* %33) #83 br i1 %35, label %36, label %40 br i1 %26, label %39, label %37 %38 = tail call zeroext i1 @tick_nohz_tick_stopped() #83 Function:tick_nohz_tick_stopped %1 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 perf_trace_add ------------- Path:  Function:perf_trace_add %3 = getelementptr inbounds %struct.perf_event.109179, %struct.perf_event.109179* %0, i64 0, i32 63 %4 = load %struct.trace_event_call.109180*, %struct.trace_event_call.109180** %3, align 8 %5 = and i32 %1, 1 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %9 %10 = getelementptr inbounds %struct.trace_event_call.109180, %struct.trace_event_call.109180* %4, i64 0, i32 1 %11 = load %struct.trace_event_class.109091*, %struct.trace_event_class.109091** %10, align 8 %12 = getelementptr inbounds %struct.trace_event_class.109091, %struct.trace_event_class.109091* %11, i64 0, i32 3 %13 = load i32 (%struct.trace_event_call.109180*, i32, i8*)*, i32 (%struct.trace_event_call.109180*, i32, i8*)** %12, align 8 %14 = bitcast %struct.perf_event.109179* %0 to i8* %15 = tail call i32 %13(%struct.trace_event_call.109180* %4, i32 6, i8* %14) #83 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %38 %18 = getelementptr inbounds %struct.trace_event_call.109180, %struct.trace_event_call.109180* %4, i64 0, i32 10 %19 = load %struct.hlist_head*, %struct.hlist_head** %18, align 8 %20 = icmp eq %struct.hlist_head* %19, null br i1 %20, label %21, label %22, !prof !4, !misexpect !5 %23 = ptrtoint %struct.hlist_head* %19 to i64 %24 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 pnp_disable_dev 7 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.343946* %11 = getelementptr inbounds %struct.pnp_dev.343946, %struct.pnp_dev.343946* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #84 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.35209, i64 0, i64 0), i64 7) #85 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.344092*)* @pnp_disable_dev to i32 (%struct.pnp_dev.343946*)*)(%struct.pnp_dev.343946* %10) #84 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.344082*, %struct.pnp_protocol.344082** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.344082, %struct.pnp_protocol.344082* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.344092*)*, i32 (%struct.pnp_dev.344092*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.344092*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %23 = load i32, i32* @pnp_debug, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %51, label %25 %26 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.35105, i64 0, i64 0), %struct.device* %26, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.7.35106, i64 0, i64 0)) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.373290* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.45512, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %70, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %70 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #84 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %70 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.41039, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %66, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %66 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #84 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %66 %38 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.41033, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.41034, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.41035, i64 0, i64 0), i8* %46) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.426591** %7 = load %struct.i915_gpu_coredump.426591*, %struct.i915_gpu_coredump.426591** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.426591* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %10, align 8 %12 = icmp eq %struct.drm_i915_private.426623* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.40.40785, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_printk 6 drm_dev_dbg 7 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = icmp eq %struct.drm_i915_private.412466* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.40123, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 cur_state_store ------------- Path:  Function:cur_state_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 36 %7 = bitcast %struct.dev_iommu** %6 to %struct.thermal_cooling_device* %8 = bitcast i64* %5 to i8* %9 = load i1, i1* @cur_state_store.__print_once, align 1 br i1 %9, label %13, label %10 store i1 true, i1* @cur_state_store.__print_once, align 1 %11 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %6, i64 2 %12 = bitcast %struct.dev_iommu** %11 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %12, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.31.59516, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 stable_pages_required_show ------------- Path:  Function:stable_pages_required_show %4 = load i1, i1* @stable_pages_required_show.__print_once, align 1 br i1 %4, label %6, label %5 store i1 true, i1* @stable_pages_required_show.__print_once, align 1 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %0, i8* getelementptr inbounds ([102 x i8], [102 x i8]* @.str.7.14003, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.313800* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.13.30582, i64 0, i64 0)) #83 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 253 %14 = bitcast %struct.irq_domain** %13 to i8* store i8 0, i8* %14, align 8 %15 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 25 %16 = bitcast %struct.irq_domain** %15 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %16, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.79.30583, i64 0, i64 0)) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 pci_vpd_available 7 pci_vpd_read 8 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_warn 6 pci_vpd_available 7 pci_vpd_write 8 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_write %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %22 = bitcast %struct.list_head** %21 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %23 = bitcast %struct.list_head** %22 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_emit 2 dev_vprintk_emit 3 dev_printk_emit 4 __dev_printk 5 _dev_err 6 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* %21, i8* nonnull %6) #83 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.62.58645, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.58648, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %53 = call i32 @vprintk_emit(i32 0, i32 %0, %struct.dev_printk_info* nonnull %5, i8* %2, %struct.__va_list_tag* %3) #83 Function:vprintk_emit %6 = alloca i64, align 8 %7 = load i32, i32* @suppress_printk, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %10 = icmp eq i32 %1, -2 %11 = select i1 %10, i32 -1, i32 %1 %12 = load i32, i32* @printk_delay_msec, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = phi i32 [ %16, %14 ], [ %12, %9 ] %16 = add i32 %15, -1 tail call void @__const_udelay(i64 4295000) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %14 %19 = tail call i32 @vprintk_store(i32 %0, i32 %11, %struct.dev_printk_info* %2, i8* %3, %struct.__va_list_tag* %4) #84 br i1 %10, label %56, label %20 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = tail call i32 @console_trylock() #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %49 %24 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !7 %25 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @__printk_safe_enter() #83 call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 %26 = load volatile %struct.task_struct*, %struct.task_struct** @console_owner, align 8 %27 = load volatile i8, i8* @console_waiter, align 1, !range !9 %28 = icmp eq i8 %27, 0 %29 = icmp ne %struct.task_struct* %26, null %30 = and i1 %29, %28 br i1 %30, label %31, label %38 %32 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %33 = inttoptr i64 %32 to %struct.task_struct* %34 = icmp eq %struct.task_struct* %26, %33 br i1 %34, label %38, label %35 call void @_raw_spin_unlock(%struct.raw_spinlock* nonnull @console_owner_lock) #83 call void @__printk_safe_exit() #83 %39 = and i64 %25, 512 %40 = icmp eq i64 %39, 0 br i1 %40, label %50, label %41 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %50 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @preempt_count_sub(i32 1) #83 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !14 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %56, !prof !15, !misexpect !5 %57 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %57, label %58, label %75 call void @preempt_count_add(i32 1) #83 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %59 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1, i32 0), align 8 %60 = icmp eq %struct.list_head* %59, getelementptr inbounds (%struct.wait_queue_head, %struct.wait_queue_head* @log_wait, i64 0, i32 1) br i1 %60, label %69, label %61 call void asm sideeffect "orl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 1, i32* nonnull @printk_pending) #6, !srcloc !18 %62 = call i32 @debug_smp_processor_id() #83 %63 = zext i32 %62 to i64 %64 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %63 %65 = load i64, i64* %64, align 8 %66 = add i64 %65, ptrtoint (%struct.irq_work* @wake_up_klogd_work to i64) %67 = inttoptr i64 %66 to %struct.irq_work* %68 = call zeroext i1 @irq_work_queue(%struct.irq_work* %67) #83 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0, i32 1, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = or i32 %3, 35 %5 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %4, i32* %2, i32 %3) #6, !srcloc !4 %6 = extractvalue { i8, i32 } %5, 0 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %9, label %19, !prof !5, !misexpect !6 %10 = phi { i8, i32 } [ %13, %9 ], [ %5, %1 ] %11 = extractvalue { i8, i32 } %10, 1 %12 = or i32 %11, 35 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32 %12, i32* %2, i32 %11) #6, !srcloc !4 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %9, label %17, !prof !5, !misexpect !6 %18 = extractvalue { i8, i32 } %10, 1 br label %19 %20 = phi i32 [ %3, %1 ], [ %18, %17 ] %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %46 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %24 = load volatile i32, i32* %2, align 4 %25 = and i32 %24, 4 %26 = icmp eq i32 %25, 0 %27 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 perf_swevent_add ------------- Path:  Function:perf_swevent_add %3 = tail call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 rmqueue_pcplist 1 rmqueue 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 nfs4_proc_set_acl 6 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #83 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %18 = bitcast %struct.nfs_fh** %16 to %struct.list_head*** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %12, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %17, %struct.list_head*** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %165, label %63 %64 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %62, i64 0, i32 10 %65 = load i32, i32* %64, align 8 %66 = and i32 %65, 8 %67 = icmp eq i32 %66, 0 %68 = or i1 %67, %33 %69 = select i1 %67, i32 -95, i32 -34 br i1 %68, label %165, label %70 %71 = phi i32 [ %94, %83 ], [ 0, %63 ] %72 = phi %struct.page** [ %93, %83 ], [ %21, %63 ] %73 = phi i64 [ %92, %83 ], [ %2, %63 ] %74 = phi i8* [ %91, %83 ], [ %1, %63 ] %75 = icmp ult i64 %73, 4096 %76 = select i1 %75, i64 %73, i64 4096 %77 = call %struct.page* @alloc_pages(i32 3264, i32 0) #83 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 %253 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %254 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %253, i64 0, i32 0 %255 = load %struct.zone.134881*, %struct.zone.134881** %254, align 8 %256 = load i32, i32* %18, align 8 %257 = tail call fastcc %struct.page.135016* @rmqueue(%struct.zone.134881* %255, %struct.zone.134881* nonnull %47, i32 %1, i32 %0, i32 %22, i32 %256) #84 Function:rmqueue %7 = alloca i32, align 4 %8 = icmp ult i32 %2, 4 br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %10 = tail call fastcc %struct.page.135016* @rmqueue_pcplist(%struct.zone.134881* %0, %struct.zone.134881* %1, i32 %2, i32 %5, i32 %4) #83 Function:rmqueue_pcplist %6 = alloca i64, align 8 %7 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %8 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 rmqueue_pcplist 1 rmqueue 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 nfs_symlink ------------- Path:  Function:nfs_symlink %5 = alloca %struct.iattr, align 8 %6 = bitcast %struct.iattr* %5 to i8* %7 = tail call i64 @strlen(i8* %3) #83 %8 = trunc i64 %7 to i32 %9 = and i64 %7, 4294967295 %10 = icmp ugt i64 %9, 4096 br i1 %10, label %148, label %11 %12 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 1 store i16 -24065, i16* %12, align 4 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 0 store i32 1, i32* %13, align 8 %14 = tail call %struct.page* @alloc_pages(i32 1051840, i32 0) #84 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 %253 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %254 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %253, i64 0, i32 0 %255 = load %struct.zone.134881*, %struct.zone.134881** %254, align 8 %256 = load i32, i32* %18, align 8 %257 = tail call fastcc %struct.page.135016* @rmqueue(%struct.zone.134881* %255, %struct.zone.134881* nonnull %47, i32 %1, i32 %0, i32 %22, i32 %256) #84 Function:rmqueue %7 = alloca i32, align 4 %8 = icmp ult i32 %2, 4 br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %10 = tail call fastcc %struct.page.135016* @rmqueue_pcplist(%struct.zone.134881* %0, %struct.zone.134881* %1, i32 %2, i32 %5, i32 %4) #83 Function:rmqueue_pcplist %6 = alloca i64, align 8 %7 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %8 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 rmqueue_pcplist 1 rmqueue 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 nfs_symlink ------------- Path:  Function:nfs_symlink %5 = alloca %struct.iattr, align 8 %6 = bitcast %struct.iattr* %5 to i8* %7 = tail call i64 @strlen(i8* %3) #83 %8 = trunc i64 %7 to i32 %9 = and i64 %7, 4294967295 %10 = icmp ugt i64 %9, 4096 br i1 %10, label %148, label %11 %12 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 1 store i16 -24065, i16* %12, align 4 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 0 store i32 1, i32* %13, align 8 %14 = tail call %struct.page* @alloc_pages(i32 1051840, i32 0) #84 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 %253 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %254 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %253, i64 0, i32 0 %255 = load %struct.zone.134881*, %struct.zone.134881** %254, align 8 %256 = load i32, i32* %18, align 8 %257 = tail call fastcc %struct.page.135016* @rmqueue(%struct.zone.134881* %255, %struct.zone.134881* nonnull %47, i32 %1, i32 %0, i32 %22, i32 %256) #84 Function:rmqueue %7 = alloca i32, align 4 %8 = icmp ult i32 %2, 4 br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %10 = tail call fastcc %struct.page.135016* @rmqueue_pcplist(%struct.zone.134881* %0, %struct.zone.134881* %1, i32 %2, i32 %5, i32 %4) #83 Function:rmqueue_pcplist %6 = alloca i64, align 8 %7 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %8 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 rmqueue_pcplist 1 rmqueue 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 nfs_symlink ------------- Path:  Function:nfs_symlink %5 = alloca %struct.iattr, align 8 %6 = bitcast %struct.iattr* %5 to i8* %7 = tail call i64 @strlen(i8* %3) #83 %8 = trunc i64 %7 to i32 %9 = and i64 %7, 4294967295 %10 = icmp ugt i64 %9, 4096 br i1 %10, label %148, label %11 %12 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 1 store i16 -24065, i16* %12, align 4 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %5, i64 0, i32 0 store i32 1, i32* %13, align 8 %14 = tail call %struct.page* @alloc_pages(i32 1051840, i32 0) #84 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 %253 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %254 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %253, i64 0, i32 0 %255 = load %struct.zone.134881*, %struct.zone.134881** %254, align 8 %256 = load i32, i32* %18, align 8 %257 = tail call fastcc %struct.page.135016* @rmqueue(%struct.zone.134881* %255, %struct.zone.134881* nonnull %47, i32 %1, i32 %0, i32 %22, i32 %256) #84 Function:rmqueue %7 = alloca i32, align 4 %8 = icmp ult i32 %2, 4 br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %10 = tail call fastcc %struct.page.135016* @rmqueue_pcplist(%struct.zone.134881* %0, %struct.zone.134881* %1, i32 %2, i32 %5, i32 %4) #83 Function:rmqueue_pcplist %6 = alloca i64, align 8 %7 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %8 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 rmqueue_pcplist 1 rmqueue 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 get_zeroed_page 6 simple_transaction_get 7 selinux_transaction_write ------------- Path:  Function:selinux_transaction_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = icmp ugt i64 %8, 14 br i1 %9, label %25, label %10 %11 = getelementptr [15 x i64 (%struct.file*, i8*, i64)*], [15 x i64 (%struct.file*, i8*, i64)*]* @write_op, i64 0, i64 %8 %12 = lshr i64 15391, %8 %13 = and i64 %12, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %25 %16 = tail call i8* bitcast (i8* (%struct.file.151769*, i8*, i64)* @simple_transaction_get to i8* (%struct.file*, i8*, i64)*)(%struct.file* %0, i8* %1, i64 %2) #83 Function:simple_transaction_get %4 = icmp ugt i64 %2, 4087 br i1 %4, label %20, label %5 %6 = tail call i64 @get_zeroed_page(i32 3264) #83 Function:get_zeroed_page %2 = and i32 %0, -259 %3 = or i32 %2, 256 %4 = tail call %struct.page.135016* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.135016* (i32, i32)*)(i32 %3, i32 0) #83 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 %253 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %254 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %253, i64 0, i32 0 %255 = load %struct.zone.134881*, %struct.zone.134881** %254, align 8 %256 = load i32, i32* %18, align 8 %257 = tail call fastcc %struct.page.135016* @rmqueue(%struct.zone.134881* %255, %struct.zone.134881* nonnull %47, i32 %1, i32 %0, i32 %22, i32 %256) #84 Function:rmqueue %7 = alloca i32, align 4 %8 = icmp ult i32 %2, 4 br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %10 = tail call fastcc %struct.page.135016* @rmqueue_pcplist(%struct.zone.134881* %0, %struct.zone.134881* %1, i32 %2, i32 %5, i32 %4) #83 Function:rmqueue_pcplist %6 = alloca i64, align 8 %7 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %8 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 rmqueue_pcplist 1 rmqueue 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 isofs_lookup ------------- Path:  Function:isofs_lookup %4 = alloca %struct.qstr, align 8 %5 = tail call %struct.page.209199* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.209199* (i32, i32)*)(i32 1051840, i32 0) #83 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 %253 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %254 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %253, i64 0, i32 0 %255 = load %struct.zone.134881*, %struct.zone.134881** %254, align 8 %256 = load i32, i32* %18, align 8 %257 = tail call fastcc %struct.page.135016* @rmqueue(%struct.zone.134881* %255, %struct.zone.134881* nonnull %47, i32 %1, i32 %0, i32 %22, i32 %256) #84 Function:rmqueue %7 = alloca i32, align 4 %8 = icmp ult i32 %2, 4 br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %10 = tail call fastcc %struct.page.135016* @rmqueue_pcplist(%struct.zone.134881* %0, %struct.zone.134881* %1, i32 %2, i32 %5, i32 %4) #83 Function:rmqueue_pcplist %6 = alloca i64, align 8 %7 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %8 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 rmqueue_pcplist 1 rmqueue 2 get_page_from_freelist 3 __alloc_pages 4 alloc_pages 5 __nfs3_proc_setacls 6 nfs3_set_acl ------------- Path:  Function:nfs3_set_acl %5 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %1, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, -4096 %8 = icmp eq i16 %7, 16384 br i1 %8, label %9, label %16 switch i32 %3, label %16 [ i32 32768, label %10 i32 16384, label %13 ] %14 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.232196*, i32)*)(%struct.inode.232196* %1, i32 32768) #83 %15 = icmp ugt %struct.posix_acl* %14, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %15, label %63, label %16 %17 = phi %struct.posix_acl* [ %2, %9 ], [ %2, %4 ], [ %2, %10 ], [ %14, %13 ] %18 = phi %struct.posix_acl* [ null, %9 ], [ null, %4 ], [ %11, %10 ], [ %2, %13 ] %19 = icmp eq %struct.posix_acl* %17, null br i1 %19, label %20, label %24 %21 = load i16, i16* %5, align 8 %22 = tail call %struct.posix_acl* @posix_acl_from_mode(i16 zeroext %21, i32 3264) #83 %23 = icmp ugt %struct.posix_acl* %22, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %23, label %63, label %24 %25 = phi %struct.posix_acl* [ %17, %16 ], [ %22, %20 ] %26 = tail call fastcc i32 @__nfs3_proc_setacls(%struct.inode.232196* %1, %struct.posix_acl* %25, %struct.posix_acl* %18) #84 Function:__nfs3_proc_setacls %4 = alloca %struct.nfs_fattr*, align 8 %5 = alloca [7 x %struct.page.232204*], align 16 %6 = alloca %struct.nfs3_setaclargs, align 8 %7 = alloca %struct.rpc_message.232335, align 8 %8 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %0, i64 0, i32 8 %9 = load %struct.super_block.232179*, %struct.super_block.232179** %8, align 8 %10 = getelementptr inbounds %struct.super_block.232179, %struct.super_block.232179* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.232431** %12 = load %struct.nfs_server.232431*, %struct.nfs_server.232431** %11, align 16 %13 = bitcast %struct.nfs_fattr** %4 to i8* %14 = bitcast [7 x %struct.page.232204*]* %5 to i8* %15 = bitcast %struct.nfs3_setaclargs* %6 to i8* %16 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 0 store %struct.inode.232196* %0, %struct.inode.232196** %16, align 8 %17 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 1 store i32 1, i32* %17, align 8 %18 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 2 store %struct.posix_acl* %1, %struct.posix_acl** %18, align 8 %19 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 4 %21 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 5 %22 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 6 %23 = getelementptr inbounds [7 x %struct.page.232204*], [7 x %struct.page.232204*]* %5, i64 0, i64 0 %24 = bitcast %struct.posix_acl** %19 to i8* store %struct.page.232204** %23, %struct.page.232204*** %22, align 8 %25 = bitcast %struct.rpc_message.232335* %7 to i8* %26 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 0 store %struct.rpc_procinfo.232334* null, %struct.rpc_procinfo.232334** %26, align 8 %27 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 1 %28 = bitcast i8** %27 to %struct.nfs3_setaclargs** store %struct.nfs3_setaclargs* %6, %struct.nfs3_setaclargs** %28, align 8 %29 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 2 %30 = bitcast i8** %29 to %struct.nfs_fattr*** store %struct.nfs_fattr** %4, %struct.nfs_fattr*** %30, align 8 %31 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 3 store %struct.cred* null, %struct.cred** %31, align 8 %32 = icmp eq %struct.posix_acl* %1, null br i1 %32, label %33, label %45 %46 = getelementptr inbounds %struct.nfs_server.232431, %struct.nfs_server.232431* %12, i64 0, i32 10 %47 = load i32, i32* %46, align 8 %48 = and i32 %47, 8 %49 = icmp eq i32 %48, 0 br i1 %49, label %153, label %50 %51 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %1, i64 0, i32 2 %52 = load i32, i32* %51, align 8 %53 = icmp ugt i32 %52, 1024 br i1 %53, label %153, label %54 %55 = icmp eq %struct.posix_acl* %2, null br i1 %55, label %65, label %56 %66 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %0, i64 0, i32 0 %67 = load i16, i16* %66, align 8 %68 = and i16 %67, -4096 %69 = icmp eq i16 %68, 16384 br i1 %69, label %70, label %84 %85 = phi i32 [ %52, %70 ], [ %58, %71 ], [ %58, %72 ], [ %82, %80 ], [ %52, %65 ] %86 = phi i32 [ 16, %70 ], [ 64, %71 ], [ %78, %72 ], [ 16, %80 ], [ 16, %65 ] %87 = icmp sgt i32 %85, 4 %88 = select i1 %87, i32 %85, i32 4 %89 = mul i32 %88, 12 %90 = add i32 %89, %86 %91 = zext i32 %90 to i64 store i64 %91, i64* %20, align 8 %92 = icmp ugt i32 %90, 136 br i1 %92, label %93, label %113 %94 = add nuw nsw i64 %91, 17592186044415 %95 = lshr i64 %94, 12 %96 = trunc i64 %95 to i32 %97 = add nsw i32 %96, 1 br label %98 %99 = call %struct.page.232204* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.232204* (i32, i32)*)(i32 3264, i32 0) #83 %111 = add i32 %105, 1 store i32 %111, i32* %21, align 8 %112 = icmp ult i32 %111, %97 br i1 %112, label %98, label %113 %99 = call %struct.page.232204* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.232204* (i32, i32)*)(i32 3264, i32 0) #83 Function:alloc_pages %3 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %4 = and i32 %3, 16776960 %5 = and i32 %0, 2097152 %6 = or i32 %4, %5 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %24 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 156 %12 = load %struct.mempolicy*, %struct.mempolicy** %11, align 8 %13 = icmp eq %struct.mempolicy* %12, null br i1 %13, label %14, label %24 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %16 = icmp eq i32 %15, -1 br i1 %16, label %24, label %17 %18 = sext i32 %15 to i64 %19 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18, i32 1 %20 = load i16, i16* %19, align 4 %21 = icmp eq i16 %20, 0 %22 = getelementptr [64 x %struct.mempolicy], [64 x %struct.mempolicy]* @preferred_node_policy, i64 0, i64 %18 %23 = select i1 %21, %struct.mempolicy* @default_policy, %struct.mempolicy* %22 br label %24 %25 = phi %struct.mempolicy* [ @default_policy, %2 ], [ %23, %17 ], [ %12, %8 ], [ @default_policy, %14 ] %26 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 1 %27 = load i16, i16* %26, align 4 switch i16 %27, label %51 [ i16 3, label %28 i16 5, label %41 ] %52 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !6 %53 = icmp eq i16 %27, 1 br i1 %53, label %54, label %63 %55 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %25, i64 0, i32 3, i32 0, i64 0 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %56, 0 br i1 %57, label %94, label %58 %95 = phi i32 [ %52, %92 ], [ %52, %87 ], [ %52, %69 ], [ %52, %91 ], [ 64, %54 ], [ %62, %58 ] %96 = phi %struct.cpumask* [ %93, %92 ], [ %88, %87 ], [ null, %69 ], [ null, %91 ], [ null, %54 ], [ null, %58 ] %97 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %0, i32 %1, i32 %95, %struct.cpumask* %96) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 %253 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %254 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %253, i64 0, i32 0 %255 = load %struct.zone.134881*, %struct.zone.134881** %254, align 8 %256 = load i32, i32* %18, align 8 %257 = tail call fastcc %struct.page.135016* @rmqueue(%struct.zone.134881* %255, %struct.zone.134881* nonnull %47, i32 %1, i32 %0, i32 %22, i32 %256) #84 Function:rmqueue %7 = alloca i32, align 4 %8 = icmp ult i32 %2, 4 br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %10 = tail call fastcc %struct.page.135016* @rmqueue_pcplist(%struct.zone.134881* %0, %struct.zone.134881* %1, i32 %2, i32 %5, i32 %4) #83 Function:rmqueue_pcplist %6 = alloca i64, align 8 %7 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %8 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 rmqueue_pcplist 1 rmqueue 2 get_page_from_freelist 3 __alloc_pages 4 ring_buffer_alloc_read_page 5 tracing_buffers_read ------------- Path:  Function:tracing_buffers_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.ftrace_buffer_info** %7 = load %struct.ftrace_buffer_info*, %struct.ftrace_buffer_info** %6, align 8 %8 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0 %9 = icmp eq i64 %2, 0 br i1 %9, label %114, label %10 %11 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null br i1 %13, label %14, label %29 %15 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 2 %16 = load %struct.array_buffer*, %struct.array_buffer** %15, align 8 %17 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %16, i64 0, i32 1 %18 = load %struct.trace_buffer*, %struct.trace_buffer** %17, align 8 %19 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = tail call i8* @ring_buffer_alloc_read_page(%struct.trace_buffer* %18, i32 %20) #83 Function:ring_buffer_alloc_read_page %3 = alloca i64, align 8 %4 = zext i32 %1 to i64 %5 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 3, i64 0, i32 0, i64 0 %6 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4) #6, !srcloc !4 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %61, label %9 %10 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 6 %11 = load %struct.ring_buffer_per_cpu**, %struct.ring_buffer_per_cpu*** %10, align 8 %12 = sext i32 %1 to i64 %13 = getelementptr %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %11, i64 %12 %14 = load %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %13, align 8 %15 = bitcast i64* %3 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !5 %16 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %14, i64 0, i32 5 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %17, i64 0, i32 0, i32 0, i32 0 %19 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18, i32 0) #6, !srcloc !7 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %25, !prof !8, !misexpect !9 %26 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %14, i64 0, i32 7 %27 = load %struct.buffer_data_page*, %struct.buffer_data_page** %26, align 8 %28 = icmp eq %struct.buffer_data_page* %27, null br i1 %28, label %30, label %29 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = bitcast %struct.qspinlock* %17 to i8* store volatile i8 0, i8* %31, align 4 %32 = and i64 %16, 512 %33 = icmp eq i64 %32, 0 br i1 %33, label %35, label %34 br i1 %28, label %36, label %57 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (i32* @numa_node to i64) %40 = inttoptr i64 %39 to i32* %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, -1 br i1 %42, label %43, label %45 %46 = phi i32 [ %44, %43 ], [ %41, %36 ] %47 = call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 68800, i32 0, i32 %46, %struct.cpumask* null) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 %253 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %254 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %253, i64 0, i32 0 %255 = load %struct.zone.134881*, %struct.zone.134881** %254, align 8 %256 = load i32, i32* %18, align 8 %257 = tail call fastcc %struct.page.135016* @rmqueue(%struct.zone.134881* %255, %struct.zone.134881* nonnull %47, i32 %1, i32 %0, i32 %22, i32 %256) #84 Function:rmqueue %7 = alloca i32, align 4 %8 = icmp ult i32 %2, 4 br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %10 = tail call fastcc %struct.page.135016* @rmqueue_pcplist(%struct.zone.134881* %0, %struct.zone.134881* %1, i32 %2, i32 %5, i32 %4) #83 Function:rmqueue_pcplist %6 = alloca i64, align 8 %7 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %8 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = call i32 @debug_smp_processor_id() #83 ------------- Use: =BAD PATH= Call Stack: 0 rmqueue_pcplist 1 rmqueue 2 get_page_from_freelist 3 __alloc_pages 4 kmalloc_large_node 5 __kmalloc_node 6 rb_alloc_aux 7 perf_mmap ------------- Path:  Function:perf_mmap %3 = getelementptr inbounds %struct.file.114997, %struct.file.114997* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.perf_event.115065** %5 = load %struct.perf_event.115065*, %struct.perf_event.115065** %4, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.115211** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.115211**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.115211* %8 = getelementptr inbounds %struct.task_struct.115211, %struct.task_struct.115211* %7, i64 0, i32 94 %9 = load %struct.cred.114987*, %struct.cred.114987** %8, align 8 %10 = getelementptr inbounds %struct.cred.114987, %struct.cred.114987* %9, i64 0, i32 21 %11 = load %struct.user_struct*, %struct.user_struct** %10, align 8 %12 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 35 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, -1 br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 22, i32 6 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 2 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %324 %21 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 8 %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %324, label %25 %26 = tail call i32 bitcast (i32 (%struct.perf_event*)* @security_perf_event_read to i32 (%struct.perf_event.115065*)*)(%struct.perf_event.115065* %5) #83 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %324 %29 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = sub i64 %30, %32 %34 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 13 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %47 %38 = lshr i64 %33, 12 %39 = add nsw i64 %38, -1 %40 = icmp eq i64 %39, 0 %42 = icmp eq i64 %41, 1 %43 = or i1 %40, %42 %44 = and i64 %33, -4096 %45 = icmp eq i64 %33, %44 %46 = and i1 %45, %43 br i1 %46, label %117, label %324 %118 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 27 %119 = load %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %118, align 8 %120 = getelementptr inbounds %struct.perf_event_context.115041, %struct.perf_event_context.115041* %119, i64 0, i32 20 %121 = load %struct.perf_event_context.115041*, %struct.perf_event_context.115041** %120, align 8 %122 = icmp eq %struct.perf_event_context.115041* %121, null br i1 %122, label %124, label %123, !prof !10, !misexpect !7 %125 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 38 tail call void @mutex_lock(%struct.mutex* %125) #83 %126 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 40 %127 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %128 = icmp eq %struct.perf_buffer* %127, null br i1 %128, label %152, label %129 %130 = phi %struct.perf_buffer* [ %150, %149 ], [ %127, %124 ] %131 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 8 %133 = sext i32 %132 to i64 %134 = icmp eq i64 %39, %133 br i1 %134, label %135, label %310 %136 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 15, i32 0 %137 = load volatile i32, i32* %136, align 4 %138 = icmp eq i32 %137, 0 br i1 %138, label %149, label %139, !prof !6, !misexpect !7 %140 = phi i32 [ %147, %146 ], [ %137, %135 ] %141 = add i32 %140, 1 %142 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %136, i32 %141, i32* %136, i32 %140) #6, !srcloc !8 %143 = extractvalue { i8, i32 } %142, 0 %144 = and i8 %143, 1 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %296, !prof !6, !misexpect !7 %147 = extractvalue { i8, i32 } %142, 1 %148 = icmp eq i32 %147, 0 br i1 %148, label %149, label %139, !prof !6, !misexpect !7 tail call void @mutex_unlock(%struct.mutex* %125) #83 tail call void @mutex_lock(%struct.mutex* %125) #83 %150 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %151 = icmp eq %struct.perf_buffer* %150, null br i1 %151, label %152, label %129 %153 = phi i1 [ false, %115 ], [ true, %124 ], [ true, %149 ] %154 = phi i32 [ -22, %115 ], [ 0, %124 ], [ 0, %149 ] %155 = phi i64 [ %52, %115 ], [ %38, %124 ], [ %38, %149 ] %156 = phi i64 [ %52, %115 ], [ %39, %124 ], [ %39, %149 ] %157 = phi %struct.perf_buffer* [ %54, %115 ], [ null, %124 ], [ null, %149 ] %158 = load i32, i32* @sysctl_perf_event_mlock, align 4 %159 = ashr i32 %158, 2 %160 = sext i32 %159 to i64 %161 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %162 = zext i32 %161 to i64 %163 = mul nsw i64 %160, %162 %164 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %11, i64 0, i32 6, i32 0 %165 = load volatile i64, i64* %164, align 8 %166 = icmp ugt i64 %165, %163 %167 = select i1 %166, i64 %163, i64 %165 %168 = add i64 %167, %155 %170 = sub i64 %155, %169 %171 = getelementptr inbounds %struct.task_struct.115211, %struct.task_struct.115211* %7, i64 0, i32 104 %172 = load %struct.signal_struct.115167*, %struct.signal_struct.115167** %171, align 8 %173 = getelementptr %struct.signal_struct.115167, %struct.signal_struct.115167* %172, i64 0, i32 50, i64 8, i32 0 %174 = load volatile i64, i64* %173, align 8 %175 = lshr i64 %174, 12 %176 = getelementptr inbounds %struct.vm_area_struct.115131, %struct.vm_area_struct.115131* %1, i64 0, i32 6 %177 = load %struct.mm_struct.115142*, %struct.mm_struct.115142** %176, align 8 %178 = getelementptr inbounds %struct.mm_struct.115142, %struct.mm_struct.115142* %177, i64 0, i32 0, i32 23, i32 0 %179 = load volatile i64, i64* %178, align 8 %180 = add i64 %169, %179 %181 = icmp ule i64 %180, %175 %182 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %183 = icmp slt i32 %182, 0 %184 = or i1 %183, %181 br i1 %184, label %187, label %185 %188 = icmp eq %struct.perf_buffer* %157, null br i1 %188, label %189, label %281 %282 = load i64, i64* %21, align 8 %283 = lshr i64 %282, 1 %284 = trunc i64 %283 to i32 %285 = and i32 %284, 1 %286 = load i64, i64* %34, align 8 %287 = trunc i64 %156 to i32 %288 = getelementptr inbounds %struct.perf_event.115065, %struct.perf_event.115065* %5, i64 0, i32 22, i32 16 %289 = load i32, i32* %288, align 8 %290 = zext i32 %289 to i64 %291 = tail call i32 bitcast (i32 (%struct.perf_buffer*, %struct.perf_event*, i64, i32, i64, i32)* @rb_alloc_aux to i32 (%struct.perf_buffer*, %struct.perf_event.115065*, i64, i32, i64, i32)*)(%struct.perf_buffer* nonnull %157, %struct.perf_event.115065* %5, i64 %286, i32 %287, i64 %290, i32 %285) #83 Function:rb_alloc_aux %7 = and i32 %5, 1 %8 = icmp eq i32 %7, 0 %9 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 35 %10 = load i32, i32* %9, align 4 %11 = icmp eq i32 %10, -1 br i1 %11, label %19, label %12 %20 = phi i32 [ %18, %12 ], [ -1, %6 ] %21 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 12 %22 = load %struct.pmu*, %struct.pmu** %21, align 8 %23 = getelementptr inbounds %struct.pmu, %struct.pmu* %22, i64 0, i32 31 %24 = load i8* (%struct.perf_event*, i8**, i32, i1)*, i8* (%struct.perf_event*, i8**, i32, i1)** %23, align 8 %25 = icmp eq i8* (%struct.perf_event*, i8**, i32, i1)* %24, null br i1 %25, label %162, label %26 br i1 %8, label %36, label %27 %28 = icmp eq i64 %4, 0 %29 = shl i32 %3, 11 %30 = sext i32 %29 to i64 %31 = select i1 %28, i64 %30, i64 %4 %32 = add i64 %31, -1 %33 = lshr i64 %32, 12 %34 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %33, i32 -1) #4, !srcloc !4 %35 = add i32 %34, 1 br label %38 %39 = phi i32 [ %37, %36 ], [ %35, %27 ] %40 = phi i64 [ 0, %36 ], [ %31, %27 ] %41 = sext i32 %3 to i64 %43 = extractvalue { i64, i1 } %42, 1 br i1 %43, label %44, label %47, !prof !6, !misexpect !7 %48 = extractvalue { i64, i1 } %42, 0 %49 = tail call noalias align 8 i8* @__kmalloc_node(i64 %48, i32 3520, i32 %20) #83 Function:__kmalloc_node %4 = icmp ugt i64 %0, 8192 br i1 %4, label %5, label %35, !prof !4, !misexpect !5 %6 = tail call fastcc i8* @kmalloc_large_node(i64 %0, i32 %1, i32 %2) #83 Function:kmalloc_large_node %4 = add i64 %0, -1 %5 = lshr i64 %4, 12 %6 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %5, i32 -1) #4, !srcloc !4 %7 = add i32 %6, 1 %8 = or i32 %1, 262144 %9 = icmp eq i32 %2, -1 br i1 %9, label %10, label %12 %13 = phi i32 [ %11, %10 ], [ %2, %3 ] %14 = tail call %struct.page* bitcast (%struct.page.135016* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %8, i32 %7, i32 %13, %struct.cpumask* null) #83 Function:__alloc_pages %5 = alloca %struct.alloc_context.135031, align 8 %6 = bitcast %struct.alloc_context.135031* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.134913** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.134913**)) #11, !srcloc !8 %16 = inttoptr i64 %15 to %struct.task_struct.134913* %17 = getelementptr inbounds %struct.task_struct.134913, %struct.task_struct.134913* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !9, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.134877*], [0 x %struct.pglist_data.134877*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.134877*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.134877*, %struct.pglist_data.134877** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 0 store %struct.zonelist.134873* %50, %struct.zonelist.134873** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !9 %58 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !10 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__SCT__might_resched() #83 br label %76 %77 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.134873, %struct.zonelist.134873* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !9 %84 = getelementptr %struct.pglist_data.134877, %struct.pglist_data.134877* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !12 %90 = phi %struct.zoneref.134872* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %5, i64 0, i32 2 store %struct.zoneref.134872* %90, %struct.zoneref.134872** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %90, i64 0, i32 0 %93 = load %struct.zone.134881*, %struct.zone.134881** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.134881* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.135016* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.135031* nonnull %5) #84 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.135031, %struct.alloc_context.135031* %3, i64 0, i32 1 br label %20 %21 = phi %struct.pglist_data.134877* [ null, %4 ], [ %537, %536 ] %22 = phi i32 [ %2, %4 ], [ %538, %536 ] %23 = and i32 %22, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %25, i64 0, i32 0 %27 = load %struct.zone.134881*, %struct.zone.134881** %26, align 8 %28 = icmp eq %struct.zone.134881* %27, null br i1 %28, label %534, label %29 %30 = and i32 %22, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %22, 3 %33 = zext i32 %32 to i64 %34 = and i32 %22, 24 %35 = and i32 %22, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %22, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %22, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %22, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %22, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.134881* [ %532, %529 ], [ %27, %29 ] %48 = phi %struct.zoneref.134872* [ %530, %529 ], [ %25, %29 ] %49 = phi %struct.pglist_data.134877* [ %518, %529 ], [ %21, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %74, i64 0, i32 0 %76 = load %struct.zone.134881*, %struct.zone.134881** %75, align 8 %77 = icmp eq %struct.zone.134881* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %107 %108 = phi i32 [ %35, %99 ], [ %34, %84 ] %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %114, !prof !6, !misexpect !7 %111 = getelementptr inbounds %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 2 %112 = load i64, i64* %111, align 32 %113 = add i64 %112, %11 br label %114 %115 = phi i64 [ %113, %110 ], [ %11, %107 ] %116 = sub i64 %94, %115 br i1 %38, label %120, label %117 %118 = sdiv i64 %89, -2 %119 = add i64 %118, %89 br label %120 %121 = phi i64 [ %119, %117 ], [ %89, %114 ] br i1 %109, label %129, label %122, !prof !6, !misexpect !8 br i1 %40, label %126, label %123 %127 = sdiv i64 %121, -4 %128 = add i64 %127, %121 br label %129 %130 = phi i64 [ %125, %123 ], [ %128, %126 ], [ %121, %120 ] %131 = sext i32 %90 to i64 %132 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 3, i64 %131 %133 = load i64, i64* %132, align 8 %134 = add i64 %133, %130 %135 = icmp sgt i64 %116, %134 br i1 %135, label %136, label %167 br i1 %8, label %252, label %137 br i1 %12, label %138, label %228 %139 = phi i64 [ %159, %158 ], [ %13, %137 ] %140 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 1 %141 = load i64, i64* %140, align 8 %142 = icmp eq i64 %141, 0 br i1 %142, label %158, label %143 %144 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 0 %145 = getelementptr inbounds %struct.list_head, %struct.list_head* %144, i64 0, i32 0 %146 = load volatile %struct.list_head*, %struct.list_head** %145, align 8 %147 = icmp eq %struct.list_head* %146, %144 br i1 %147, label %148, label %252 %149 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 1 %150 = getelementptr inbounds %struct.list_head, %struct.list_head* %149, i64 0, i32 0 %151 = load volatile %struct.list_head*, %struct.list_head** %150, align 8 %152 = icmp eq %struct.list_head* %151, %149 br i1 %152, label %161, label %252 %162 = getelementptr %struct.zone.134881, %struct.zone.134881* %47, i64 0, i32 18, i64 %139, i32 0, i64 2 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load volatile %struct.list_head*, %struct.list_head** %163, align 8 %165 = icmp eq %struct.list_head* %164, %162 br i1 %165, label %166, label %252 %253 = load %struct.zoneref.134872*, %struct.zoneref.134872** %5, align 8 %254 = getelementptr inbounds %struct.zoneref.134872, %struct.zoneref.134872* %253, i64 0, i32 0 %255 = load %struct.zone.134881*, %struct.zone.134881** %254, align 8 %256 = load i32, i32* %18, align 8 %257 = tail call fastcc %struct.page.135016* @rmqueue(%struct.zone.134881* %255, %struct.zone.134881* nonnull %47, i32 %1, i32 %0, i32 %22, i32 %256) #84 Function:rmqueue %7 = alloca i32, align 4 %8 = icmp ult i32 %2, 4 br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %10 = tail call fastcc %struct.page.135016* @rmqueue_pcplist(%struct.zone.134881* %0, %struct.zone.134881* %1, i32 %2, i32 %5, i32 %4) #83 Function:rmqueue_pcplist %6 = alloca i64, align 8 %7 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %8 = load i64, i64* %6, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = call i32 @debug_smp_processor_id() #83 ------------- Good: 36891 Bad: 142 Ignored: 23684 Check Use of Function:link_path_walk Check Use of Function:perf_event_set_output Check Use of Function:lo_compat_ioctl Check Use of Function:dquot_add_space Check Use of Function:dev_set_mtu Check Use of Function:sr_reset Check Use of Function:nfs4_xattr_get_nfs4_acl Check Use of Function:bad_area Check Use of Function:fs_context_for_mount Check Use of Function:io_sq_offload_create Check Use of Function:ieee80211_offchannel_return Check Use of Function:ieee80211_stop_device Check Use of Function:cpus_read_unlock Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %114, !prof !6, !misexpect !5 switch i32 %5, label %114 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %68 i32 8, label %78 i32 16, label %81 i32 32, label %91 i32 64, label %94 i32 256, label %104 ] %92 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #83 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 47 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 8 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %98, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 tail call void @cpus_read_lock() #83 %38 = load i32, i32* @nr_cpu_ids, align 4 %39 = icmp ugt i32 %38, %1 br i1 %39, label %40, label %97 %41 = zext i32 %1 to i64 %42 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %41) #6, !srcloc !9 %43 = and i8 %42, 1 %44 = icmp eq i8 %43, 0 br i1 %44, label %97, label %45 call void @cpus_read_unlock() #83 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %114, !prof !6, !misexpect !5 switch i32 %5, label %114 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %68 i32 8, label %78 i32 16, label %81 i32 32, label %91 i32 64, label %94 i32 256, label %104 ] %92 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #83 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 47 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 8 switch i32 %0, label %19 [ i32 1, label %9 i32 2, label %14 i32 0, label %20 ], !prof !5 %10 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %8, i64 0, i32 0, i32 11, i32 0 %11 = load volatile i32, i32* %10, align 4 %12 = and i32 %11, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %98, label %33 %34 = phi i1 [ false, %30 ], [ true, %9 ] %35 = phi void (i8*)* [ %26, %30 ], [ @ipi_sync_core, %9 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %36 = icmp slt i32 %1, 0 br i1 %36, label %58, label %37 tail call void @cpus_read_lock() #83 %38 = load i32, i32* @nr_cpu_ids, align 4 %39 = icmp ugt i32 %38, %1 br i1 %39, label %40, label %97 %41 = zext i32 %1 to i64 %42 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %41) #6, !srcloc !9 %43 = and i8 %42, 1 %44 = icmp eq i8 %43, 0 br i1 %44, label %97, label %45 call void @cpus_read_unlock() #83 ------------- Good: 87 Bad: 2 Ignored: 0 Check Use of Function:debugfs_remove Check Use of Function:ieee80211_ibss_add_sta Check Use of Function:drm_ioctl Use: =BAD PATH= Call Stack: 0 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.static_call_site, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %35 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.425584*, i32, i64)*)(%struct.file.425584* %0, i32 %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_compat_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.static_call_site, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %10 = tail call i64 bitcast (i64 (%struct.file.398249*, i32, i64)* @drm_compat_ioctl to i64 (%struct.file.425584*, i32, i64)*)(%struct.file.425584* %0, i32 %1, i64 %2) #83 Function:drm_compat_ioctl %4 = and i32 %1, 255 %5 = getelementptr inbounds %struct.file.398249, %struct.file.398249* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.drm_file.398296** %7 = load %struct.drm_file.398296*, %struct.drm_file.398296** %6, align 8 %8 = icmp ugt i32 %4, 184 br i1 %8, label %9, label %11 %10 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.398249*, i32, i64)*)(%struct.file.398249* %0, i32 %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_compat_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.static_call_site, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %10 = tail call i64 bitcast (i64 (%struct.file.398249*, i32, i64)* @drm_compat_ioctl to i64 (%struct.file.425584*, i32, i64)*)(%struct.file.425584* %0, i32 %1, i64 %2) #83 Function:drm_compat_ioctl %4 = and i32 %1, 255 %5 = getelementptr inbounds %struct.file.398249, %struct.file.398249* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.drm_file.398296** %7 = load %struct.drm_file.398296*, %struct.drm_file.398296** %6, align 8 %8 = icmp ugt i32 %4, 184 br i1 %8, label %9, label %11 %12 = zext i32 %4 to i64 %13 = getelementptr [185 x %struct.anon.83.398250], [185 x %struct.anon.83.398250]* @drm_compat_ioctls, i64 0, i64 %12, i32 0 %14 = load i32 (%struct.file.398249*, i32, i64)*, i32 (%struct.file.398249*, i32, i64)** %13, align 16 %15 = icmp eq i32 (%struct.file.398249*, i32, i64)* %14, null br i1 %15, label %16, label %18 %17 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.398249*, i32, i64)*)(%struct.file.398249* %0, i32 %1, i64 %2) #83 ------------- Good: 0 Bad: 3 Ignored: 6 Check Use of Function:disable_swap_slots_cache_lock Check Use of Function:_find_next_bit Use: =BAD PATH= Call Stack: 0 __caps_show 1 caps_show ------------- Path:  Function:caps_show %4 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %5 = bitcast %struct.kobject* %4 to %struct.intel_engine_cs.412371** %6 = load %struct.intel_engine_cs.412371*, %struct.intel_engine_cs.412371** %5, align 8 %7 = getelementptr inbounds %struct.intel_engine_cs.412371, %struct.intel_engine_cs.412371* %6, i64 0, i32 13 %8 = load i32, i32* %7, align 4 %9 = zext i32 %8 to i64 %10 = tail call fastcc i64 @__caps_show(%struct.intel_engine_cs.412371* %6, i64 %9, i8* %2, i1 zeroext true) #83 Function:__caps_show %5 = alloca i64, align 8 store i64 %1, i64* %5, align 8 %6 = getelementptr inbounds %struct.intel_engine_cs.412371, %struct.intel_engine_cs.412371* %0, i64 0, i32 9 %7 = load i8, i8* %6, align 4 switch i8 %7, label %9 [ i8 1, label %10 i8 2, label %8 ] %11 = phi i32 [ 0, %9 ], [ 2, %8 ], [ 2, %4 ] %12 = phi i8** [ null, %9 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vecs_caps, i64 0, i64 0), %8 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vcs_caps, i64 0, i64 0), %4 ] %13 = select i1 %3, i32 64, i32 %11 %14 = zext i32 %13 to i64 %15 = call i64 @_find_first_bit(i64* nonnull %5, i64 %14) #83 %16 = trunc i64 %15 to i32 %17 = icmp sgt i32 %13, %16 br i1 %17, label %18, label %59 %19 = phi i32 [ %49, %43 ], [ %16, %10 ] %20 = phi i64 [ %44, %43 ], [ 0, %10 ] %21 = phi i64 [ %48, %43 ], [ %15, %10 ] %22 = icmp sgt i32 %11, %19 br i1 %22, label %23, label %29 %24 = shl i64 %21, 32 %25 = ashr exact i64 %24, 32 %26 = getelementptr i8*, i8** %12, i64 %25 %27 = load i8*, i8** %26, align 8 %28 = icmp eq i8* %27, null br i1 %28, label %29, label %34 br i1 %3, label %30, label %43, !prof !4, !misexpect !5 %31 = getelementptr i8, i8* %2, i64 %20 %32 = sub nuw nsw i64 4096, %20 %33 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* %31, i64 %32, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.10.42171, i64 0, i64 0), i32 %19) #84 br label %38 %39 = phi i32 [ %33, %30 ], [ %37, %34 ] %40 = sext i32 %39 to i64 %41 = add nsw i64 %20, %40 %42 = icmp ugt i64 %41, 4095 br i1 %42, label %55, label %43, !prof !4, !misexpect !5 %44 = phi i64 [ %41, %38 ], [ %20, %29 ] %45 = shl i64 %21, 32 %46 = add i64 %45, 4294967296 %47 = ashr exact i64 %46, 32 %48 = call i64 @_find_next_bit(i64* nonnull %5, i64* null, i64 %14, i64 %47, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __caps_show 1 all_caps_show ------------- Path:  Function:all_caps_show %4 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %5 = bitcast %struct.kobject* %4 to %struct.intel_engine_cs.412371** %6 = load %struct.intel_engine_cs.412371*, %struct.intel_engine_cs.412371** %5, align 8 %7 = tail call fastcc i64 @__caps_show(%struct.intel_engine_cs.412371* %6, i64 -1, i8* %2, i1 zeroext false) #83 Function:__caps_show %5 = alloca i64, align 8 store i64 %1, i64* %5, align 8 %6 = getelementptr inbounds %struct.intel_engine_cs.412371, %struct.intel_engine_cs.412371* %0, i64 0, i32 9 %7 = load i8, i8* %6, align 4 switch i8 %7, label %9 [ i8 1, label %10 i8 2, label %8 ] %11 = phi i32 [ 0, %9 ], [ 2, %8 ], [ 2, %4 ] %12 = phi i8** [ null, %9 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vecs_caps, i64 0, i64 0), %8 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vcs_caps, i64 0, i64 0), %4 ] %13 = select i1 %3, i32 64, i32 %11 %14 = zext i32 %13 to i64 %15 = call i64 @_find_first_bit(i64* nonnull %5, i64 %14) #83 %16 = trunc i64 %15 to i32 %17 = icmp sgt i32 %13, %16 br i1 %17, label %18, label %59 %19 = phi i32 [ %49, %43 ], [ %16, %10 ] %20 = phi i64 [ %44, %43 ], [ 0, %10 ] %21 = phi i64 [ %48, %43 ], [ %15, %10 ] %22 = icmp sgt i32 %11, %19 br i1 %22, label %23, label %29 %24 = shl i64 %21, 32 %25 = ashr exact i64 %24, 32 %26 = getelementptr i8*, i8** %12, i64 %25 %27 = load i8*, i8** %26, align 8 %28 = icmp eq i8* %27, null br i1 %28, label %29, label %34 br i1 %3, label %30, label %43, !prof !4, !misexpect !5 %31 = getelementptr i8, i8* %2, i64 %20 %32 = sub nuw nsw i64 4096, %20 %33 = call i32 (i8*, i64, i8*, ...) @snprintf(i8* %31, i64 %32, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.10.42171, i64 0, i64 0), i32 %19) #84 br label %38 %39 = phi i32 [ %33, %30 ], [ %37, %34 ] %40 = sext i32 %39 to i64 %41 = add nsw i64 %20, %40 %42 = icmp ugt i64 %41, 4095 br i1 %42, label %55, label %43, !prof !4, !misexpect !5 %44 = phi i64 [ %41, %38 ], [ %20, %29 ] %45 = shl i64 %21, 32 %46 = add i64 %45, 4294967296 %47 = ashr exact i64 %46, 32 %48 = call i64 @_find_next_bit(i64* nonnull %5, i64* null, i64 %14, i64 %47, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 xas_store 1 xa_erase 2 i915_gem_vm_destroy_ioctl ------------- Path:  Function:i915_gem_vm_destroy_ioctl %4 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 19 %5 = bitcast i8** %4 to %struct.drm_i915_file_private.436064** %6 = load %struct.drm_i915_file_private.436064*, %struct.drm_i915_file_private.436064** %5, align 8 %7 = getelementptr inbounds i8, i8* %1, i64 8 %8 = bitcast i8* %7 to i32* %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %35 %12 = bitcast i8* %1 to i64* %13 = load i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %35 %16 = getelementptr inbounds %struct.drm_i915_file_private.436064, %struct.drm_i915_file_private.436064* %6, i64 0, i32 5 %17 = getelementptr inbounds i8, i8* %1, i64 12 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = tail call i8* @xa_erase(%struct.xarray* %16, i64 %20) #83 Function:xa_erase %3 = alloca %struct.xa_state, align 8 %4 = getelementptr inbounds %struct.xarray, %struct.xarray* %0, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #83 %5 = bitcast %struct.xa_state* %3 to i8* %6 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 store %struct.xarray* %0, %struct.xarray** %6, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %10 = bitcast i8* %8 to i32* store i32 0, i32* %10, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %9, align 8 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %12 = bitcast %struct.xa_node** %11 to i8* %13 = call i8* @xas_store(%struct.xa_state* nonnull %3, i8* null) #83 Function:xas_store %3 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 0 %4 = load %struct.xarray*, %struct.xarray** %3, align 8 %5 = getelementptr inbounds %struct.xarray, %struct.xarray* %4, i64 0, i32 2 %6 = ptrtoint i8* %1 to i64 %7 = icmp eq i8* %1, null br i1 %7, label %16, label %8 %17 = tail call i8* @xas_load(%struct.xa_state* %0) #83 br label %18 %19 = phi i8* [ %15, %8 ], [ %17, %16 ] %20 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 6 %21 = bitcast %struct.xa_node** %20 to i64* %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 3 %24 = icmp eq i64 %23, 0 %25 = inttoptr i64 %22 to %struct.xa_node* br i1 %24, label %26, label %312 %27 = icmp eq i64 %22, 0 br i1 %27, label %36, label %28 %37 = icmp eq i8* %19, %1 %38 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 3 %39 = load i8, i8* %38, align 1 %40 = icmp eq i8 %39, 0 %41 = and i1 %37, %40 br i1 %41, label %312, label %42 %43 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 4 %44 = load i8, i8* %43, align 2 %45 = zext i8 %44 to i32 %46 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 3 %47 = zext i8 %39 to i32 %48 = add nuw nsw i32 %47, %45 br i1 %27, label %78, label %49 %50 = zext i8 %44 to i64 %51 = getelementptr %struct.xa_node, %struct.xa_node* %25, i64 0, i32 7, i64 %50 %52 = icmp eq i8 %39, 0 br i1 %52, label %78, label %53 %54 = zext i8 %39 to i64 %55 = add nuw nsw i64 %54, %50 %56 = add nuw nsw i64 %55, 1 %57 = getelementptr %struct.xa_node, %struct.xa_node* %25, i64 0, i32 8, i32 0, i64 0, i64 0 %58 = zext i8 %44 to i64 %59 = add nuw nsw i64 %58, 1 %60 = tail call i64 @_find_next_bit(i64* %57, i64* null, i64 %56, i64 %59, i64 0, i64 0) #84 %61 = icmp eq i64 %60, %56 br i1 %61, label %70, label %62 %71 = load i8, i8* %43, align 2 %72 = load %struct.xa_node*, %struct.xa_node** %20, align 8 %73 = getelementptr %struct.xa_node, %struct.xa_node* %72, i64 0, i32 8, i32 0, i64 1, i64 0 %74 = zext i8 %71 to i64 %75 = add nuw nsw i64 %74, 1 %76 = tail call i64 @_find_next_bit(i64* %73, i64* null, i64 %56, i64 %75, i64 0, i64 0) #84 %77 = icmp eq i64 %76, %56 br i1 %77, label %322, label %314 %323 = load i8, i8* %43, align 2 %324 = load %struct.xa_node*, %struct.xa_node** %20, align 8 %325 = getelementptr %struct.xa_node, %struct.xa_node* %324, i64 0, i32 8, i32 0, i64 2, i64 0 %326 = zext i8 %323 to i64 %327 = add nuw nsw i64 %326, 1 %328 = tail call i64 @_find_next_bit(i64* %325, i64* null, i64 %56, i64 %327, i64 0, i64 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 xas_store 1 xa_erase 2 i915_gem_vm_destroy_ioctl ------------- Path:  Function:i915_gem_vm_destroy_ioctl %4 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 19 %5 = bitcast i8** %4 to %struct.drm_i915_file_private.436064** %6 = load %struct.drm_i915_file_private.436064*, %struct.drm_i915_file_private.436064** %5, align 8 %7 = getelementptr inbounds i8, i8* %1, i64 8 %8 = bitcast i8* %7 to i32* %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %35 %12 = bitcast i8* %1 to i64* %13 = load i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %35 %16 = getelementptr inbounds %struct.drm_i915_file_private.436064, %struct.drm_i915_file_private.436064* %6, i64 0, i32 5 %17 = getelementptr inbounds i8, i8* %1, i64 12 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = tail call i8* @xa_erase(%struct.xarray* %16, i64 %20) #83 Function:xa_erase %3 = alloca %struct.xa_state, align 8 %4 = getelementptr inbounds %struct.xarray, %struct.xarray* %0, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #83 %5 = bitcast %struct.xa_state* %3 to i8* %6 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 store %struct.xarray* %0, %struct.xarray** %6, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %10 = bitcast i8* %8 to i32* store i32 0, i32* %10, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %9, align 8 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %12 = bitcast %struct.xa_node** %11 to i8* %13 = call i8* @xas_store(%struct.xa_state* nonnull %3, i8* null) #83 Function:xas_store %3 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 0 %4 = load %struct.xarray*, %struct.xarray** %3, align 8 %5 = getelementptr inbounds %struct.xarray, %struct.xarray* %4, i64 0, i32 2 %6 = ptrtoint i8* %1 to i64 %7 = icmp eq i8* %1, null br i1 %7, label %16, label %8 %17 = tail call i8* @xas_load(%struct.xa_state* %0) #83 br label %18 %19 = phi i8* [ %15, %8 ], [ %17, %16 ] %20 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 6 %21 = bitcast %struct.xa_node** %20 to i64* %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 3 %24 = icmp eq i64 %23, 0 %25 = inttoptr i64 %22 to %struct.xa_node* br i1 %24, label %26, label %312 %27 = icmp eq i64 %22, 0 br i1 %27, label %36, label %28 %37 = icmp eq i8* %19, %1 %38 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 3 %39 = load i8, i8* %38, align 1 %40 = icmp eq i8 %39, 0 %41 = and i1 %37, %40 br i1 %41, label %312, label %42 %43 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 4 %44 = load i8, i8* %43, align 2 %45 = zext i8 %44 to i32 %46 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 3 %47 = zext i8 %39 to i32 %48 = add nuw nsw i32 %47, %45 br i1 %27, label %78, label %49 %50 = zext i8 %44 to i64 %51 = getelementptr %struct.xa_node, %struct.xa_node* %25, i64 0, i32 7, i64 %50 %52 = icmp eq i8 %39, 0 br i1 %52, label %78, label %53 %54 = zext i8 %39 to i64 %55 = add nuw nsw i64 %54, %50 %56 = add nuw nsw i64 %55, 1 %57 = getelementptr %struct.xa_node, %struct.xa_node* %25, i64 0, i32 8, i32 0, i64 0, i64 0 %58 = zext i8 %44 to i64 %59 = add nuw nsw i64 %58, 1 %60 = tail call i64 @_find_next_bit(i64* %57, i64* null, i64 %56, i64 %59, i64 0, i64 0) #84 %61 = icmp eq i64 %60, %56 br i1 %61, label %70, label %62 %71 = load i8, i8* %43, align 2 %72 = load %struct.xa_node*, %struct.xa_node** %20, align 8 %73 = getelementptr %struct.xa_node, %struct.xa_node* %72, i64 0, i32 8, i32 0, i64 1, i64 0 %74 = zext i8 %71 to i64 %75 = add nuw nsw i64 %74, 1 %76 = tail call i64 @_find_next_bit(i64* %73, i64* null, i64 %56, i64 %75, i64 0, i64 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 xas_store 1 xa_erase 2 i915_gem_vm_destroy_ioctl ------------- Path:  Function:i915_gem_vm_destroy_ioctl %4 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 19 %5 = bitcast i8** %4 to %struct.drm_i915_file_private.436064** %6 = load %struct.drm_i915_file_private.436064*, %struct.drm_i915_file_private.436064** %5, align 8 %7 = getelementptr inbounds i8, i8* %1, i64 8 %8 = bitcast i8* %7 to i32* %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %35 %12 = bitcast i8* %1 to i64* %13 = load i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %35 %16 = getelementptr inbounds %struct.drm_i915_file_private.436064, %struct.drm_i915_file_private.436064* %6, i64 0, i32 5 %17 = getelementptr inbounds i8, i8* %1, i64 12 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = zext i32 %19 to i64 %21 = tail call i8* @xa_erase(%struct.xarray* %16, i64 %20) #83 Function:xa_erase %3 = alloca %struct.xa_state, align 8 %4 = getelementptr inbounds %struct.xarray, %struct.xarray* %0, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #83 %5 = bitcast %struct.xa_state* %3 to i8* %6 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 store %struct.xarray* %0, %struct.xarray** %6, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %10 = bitcast i8* %8 to i32* store i32 0, i32* %10, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %9, align 8 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %12 = bitcast %struct.xa_node** %11 to i8* %13 = call i8* @xas_store(%struct.xa_state* nonnull %3, i8* null) #83 Function:xas_store %3 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 0 %4 = load %struct.xarray*, %struct.xarray** %3, align 8 %5 = getelementptr inbounds %struct.xarray, %struct.xarray* %4, i64 0, i32 2 %6 = ptrtoint i8* %1 to i64 %7 = icmp eq i8* %1, null br i1 %7, label %16, label %8 %17 = tail call i8* @xas_load(%struct.xa_state* %0) #83 br label %18 %19 = phi i8* [ %15, %8 ], [ %17, %16 ] %20 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 6 %21 = bitcast %struct.xa_node** %20 to i64* %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 3 %24 = icmp eq i64 %23, 0 %25 = inttoptr i64 %22 to %struct.xa_node* br i1 %24, label %26, label %312 %27 = icmp eq i64 %22, 0 br i1 %27, label %36, label %28 %37 = icmp eq i8* %19, %1 %38 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 3 %39 = load i8, i8* %38, align 1 %40 = icmp eq i8 %39, 0 %41 = and i1 %37, %40 br i1 %41, label %312, label %42 %43 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 4 %44 = load i8, i8* %43, align 2 %45 = zext i8 %44 to i32 %46 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %0, i64 0, i32 3 %47 = zext i8 %39 to i32 %48 = add nuw nsw i32 %47, %45 br i1 %27, label %78, label %49 %50 = zext i8 %44 to i64 %51 = getelementptr %struct.xa_node, %struct.xa_node* %25, i64 0, i32 7, i64 %50 %52 = icmp eq i8 %39, 0 br i1 %52, label %78, label %53 %54 = zext i8 %39 to i64 %55 = add nuw nsw i64 %54, %50 %56 = add nuw nsw i64 %55, 1 %57 = getelementptr %struct.xa_node, %struct.xa_node* %25, i64 0, i32 8, i32 0, i64 0, i64 0 %58 = zext i8 %44 to i64 %59 = add nuw nsw i64 %58, 1 %60 = tail call i64 @_find_next_bit(i64* %57, i64* null, i64 %56, i64 %59, i64 0, i64 0) #84 ------------- Use: =BAD PATH= Call Stack: 0 sbitmap_get 1 __sbitmap_queue_get 2 __blk_mq_get_driver_tag 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_directly 5 blk_mq_submit_bio 6 __submit_bio 7 submit_bio_noacct 8 __blk_queue_split 9 blk_queue_split 10 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.688709*, align 8 store %struct.bio.688709* %0, %struct.bio.688709** %2, align 8 %3 = getelementptr inbounds %struct.bio.688709, %struct.bio.688709* %0, i64 0, i32 1 %4 = load %struct.block_device.688705*, %struct.block_device.688705** %3, align 8 %5 = getelementptr inbounds %struct.block_device.688705, %struct.block_device.688705* %4, i64 0, i32 17 %6 = load %struct.gendisk.688433*, %struct.gendisk.688433** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.688433, %struct.gendisk.688433* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 38 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #83 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = icmp eq i8* %13, null br i1 %15, label %16, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 1 %28 = icmp eq i64 %27, 0 %29 = getelementptr inbounds %struct.bio.688709, %struct.bio.688709* %0, i64 0, i32 2 %30 = load i32, i32* %29, align 8 br i1 %28, label %59, label %31, !prof !6, !misexpect !5 %60 = trunc i32 %30 to i8 switch i8 %60, label %63 [ i8 3, label %61 i8 5, label %61 i8 7, label %61 i8 9, label %61 ] call void bitcast (void (%struct.bio.289986**)* @blk_queue_split to void (%struct.bio.688709**)*)(%struct.bio.688709** nonnull %2) #83 Function:blk_queue_split %2 = alloca i32, align 4 %3 = load %struct.bio.289986*, %struct.bio.289986** %0, align 8 %4 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 1 %5 = load %struct.block_device.289982*, %struct.block_device.289982** %4, align 8 %6 = getelementptr inbounds %struct.block_device.289982, %struct.block_device.289982* %5, i64 0, i32 18 %7 = load %struct.request_queue.289873*, %struct.request_queue.289873** %6, align 8 %8 = bitcast i32* %2 to i8* %9 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i8 switch i8 %11, label %12 [ i8 3, label %29 i8 5, label %29 i8 9, label %29 i8 7, label %29 ] %13 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %7, i64 0, i32 32, i32 5 %14 = load i32, i32* %13, align 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %29 call void @__blk_queue_split(%struct.request_queue.289873* %7, %struct.bio.289986** %0, i32* nonnull %2) #83 Function:__blk_queue_split %4 = alloca %struct.bio_vec.289985, align 8 %5 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %6 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 2 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i8 switch i8 %8, label %80 [ i8 3, label %9 i8 5, label %9 i8 9, label %56 i8 7, label %68 ] %69 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 52 store i32 1, i32* %2, align 4 %70 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 32, i32 15 %71 = load i32, i32* %70, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %324, label %73 %74 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 8, i32 1 %75 = load i32, i32* %74, align 8 %76 = lshr i32 %75, 9 %77 = icmp ugt i32 %76, %71 br i1 %77, label %78, label %324 %79 = tail call %struct.bio.289986* @bio_split(%struct.bio.289986* %5, i32 %71, i32 3072, %struct.bio_set.289990* %69) #83 br label %290 %291 = phi %struct.bio.289986* [ %289, %288 ], [ %55, %38 ], [ %67, %66 ], [ %79, %78 ] %292 = icmp eq %struct.bio.289986* %291, null br i1 %292, label %324, label %293 %294 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %291, i64 0, i32 2 %295 = load i32, i32* %294, align 8 %296 = or i32 %295, 16384 store i32 %296, i32* %294, align 8 %297 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void @bio_chain(%struct.bio.289986* nonnull %291, %struct.bio.289986* %297) #83 %298 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %299 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %298, i64 0, i32 8, i32 0 %300 = load i64, i64* %299, align 8 %301 = trunc i64 %300 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %302)) #6 to label %322 [label %302], !srcloc !9 %323 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void bitcast (void (%struct.bio.290594*)* @submit_bio_noacct to void (%struct.bio.289986*)*)(%struct.bio.289986* %323) #83 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.290592], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.290793* %5 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %4, i64 0, i32 128 %6 = load %struct.bio_list.290592*, %struct.bio_list.290592** %5, align 16 %7 = icmp eq %struct.bio_list.290592* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %18 = load %struct.block_device.290586*, %struct.block_device.290586** %17, align 8 %19 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %18, i64 0, i32 17 %20 = load %struct.gendisk.290584*, %struct.gendisk.290584** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %22, i64 0, i32 0 %24 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %23, align 8 %25 = icmp eq void (%struct.bio.290594*)* %24, null %26 = bitcast [2 x %struct.bio_list.290592]* %2 to i8* br i1 %25, label %27, label %44 %45 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 0 %46 = load %struct.bio.290594*, %struct.bio.290594** %45, align 8 %47 = icmp eq %struct.bio.290594* %46, null br i1 %47, label %49, label %48, !prof !5, !misexpect !6 %50 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0 store %struct.bio_list.290592* %50, %struct.bio_list.290592** %5, align 16 %51 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1 %52 = bitcast %struct.bio_list.290592* %51 to i8* %53 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 0 %54 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 1 %55 = bitcast %struct.bio.290594** %54 to i64* %56 = getelementptr inbounds %struct.bio_list.290592, %struct.bio_list.290592* %51, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1, i32 1 %58 = bitcast %struct.bio.290594** %57 to i64* br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 %68 = phi %struct.bio.290594* [ %104, %99 ], [ %65, %59 ] %69 = phi i64 [ %103, %99 ], [ 0, %59 ] %70 = phi %struct.bio.290594* [ %102, %99 ], [ null, %59 ] %71 = phi i64 [ %101, %99 ], [ 0, %59 ] %72 = phi %struct.bio.290594* [ %100, %99 ], [ null, %59 ] %73 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 0 %74 = load %struct.bio.290594*, %struct.bio.290594** %73, align 8 store %struct.bio.290594* %74, %struct.bio.290594** %53, align 16 %75 = icmp eq %struct.bio.290594* %74, null br i1 %75, label %76, label %77 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %77 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 %78 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 1 %79 = load %struct.block_device.290586*, %struct.block_device.290586** %78, align 8 %80 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %79, i64 0, i32 18 %81 = load %struct.request_queue.290802*, %struct.request_queue.290802** %80, align 8 %82 = icmp eq %struct.request_queue.290802* %64, %81 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 br i1 %82, label %83, label %91 %92 = icmp eq i64 %71, 0 br i1 %92, label %96, label %93 %94 = inttoptr i64 %71 to %struct.bio.290594* %95 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %94, i64 0, i32 0 store %struct.bio.290594* %68, %struct.bio.290594** %95, align 8 br label %96 %97 = phi %struct.bio.290594* [ %72, %93 ], [ %68, %91 ] %98 = ptrtoint %struct.bio.290594* %68 to i64 br label %99 %100 = phi %struct.bio.290594* [ %72, %88 ], [ %97, %96 ] %101 = phi i64 [ %71, %88 ], [ %98, %96 ] %102 = phi %struct.bio.290594* [ %89, %88 ], [ %70, %96 ] %103 = phi i64 [ %90, %88 ], [ %69, %96 ] %104 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %105 = icmp eq %struct.bio.290594* %104, null br i1 %105, label %106, label %67 %107 = icmp eq %struct.bio.290594* %100, null br i1 %107, label %115, label %108 %109 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %110 = icmp eq %struct.bio.290594* %109, null br i1 %110, label %113, label %111 store %struct.bio.290594* %100, %struct.bio.290594** %53, align 16 br label %114 store i64 %101, i64* %55, align 8 br label %115 %116 = icmp eq %struct.bio.290594* %102, null br i1 %116, label %124, label %117 %118 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %119 = icmp eq %struct.bio.290594* %118, null br i1 %119, label %122, label %120 store %struct.bio.290594* %102, %struct.bio.290594** %53, align 16 br label %123 store i64 %103, i64* %55, align 8 br label %124 %125 = load %struct.bio.290594*, %struct.bio.290594** %56, align 16 %126 = icmp eq %struct.bio.290594* %125, null br i1 %126, label %135, label %127 %128 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %129 = icmp eq %struct.bio.290594* %128, null br i1 %129, label %132, label %130 store %struct.bio.290594* %125, %struct.bio.290594** %53, align 16 br label %133 %134 = load i64, i64* %58, align 8 store i64 %134, i64* %55, align 8 br label %135 %136 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %137 = icmp eq %struct.bio.290594* %136, null br i1 %137, label %144, label %138 %139 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %136, i64 0, i32 0 %140 = load %struct.bio.290594*, %struct.bio.290594** %139, align 8 store %struct.bio.290594* %140, %struct.bio.290594** %53, align 16 %141 = icmp eq %struct.bio.290594* %140, null br i1 %141, label %142, label %143 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %143 store %struct.bio.290594* null, %struct.bio.290594** %139, align 8 br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 Function:__submit_bio %2 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %3 = load %struct.block_device.290586*, %struct.block_device.290586** %2, align 8 %4 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 17 %5 = load %struct.gendisk.290584*, %struct.gendisk.290584** %4, align 8 %6 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %5, i64 0, i32 8 %7 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %6, align 8 %8 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %7, i64 0, i32 0 %9 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %8, align 8 %10 = icmp eq void (%struct.bio.290594*)* %9, null br i1 %10, label %11, label %12 tail call void bitcast (void (%struct.bio.294796*)* @blk_mq_submit_bio to void (%struct.bio.290594*)*)(%struct.bio.290594* %0) #83 Function:blk_mq_submit_bio %2 = alloca %struct.blk_mq_alloc_data.294797, align 8 %3 = alloca %struct.bio.294796*, align 8 %4 = alloca i8, align 1 %5 = alloca i32, align 4 store %struct.bio.294796* %0, %struct.bio.294796** %3, align 8 %6 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %0, i64 0, i32 1 %7 = load %struct.block_device.294788*, %struct.block_device.294788** %6, align 8 %8 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %7, i64 0, i32 18 %9 = load %struct.request_queue.294830*, %struct.request_queue.294830** %8, align 8 %10 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %0, i64 0, i32 2 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 255 %13 = icmp eq i32 %12, 0 %14 = and i32 %11, 395264 %15 = icmp ne i32 %14, 0 %16 = or i1 %13, %15 store i8 0, i8* %4, align 1 %17 = bitcast i32* %5 to i8* store i32 1, i32* %5, align 4 %18 = trunc i32 %11 to i8 switch i8 %18, label %19 [ i8 3, label %36 i8 5, label %36 i8 9, label %36 i8 7, label %36 ] %20 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 32, i32 5 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 call void bitcast (void (%struct.request_queue.289873*, %struct.bio.289986**, i32*)* @__blk_queue_split to void (%struct.request_queue.294830*, %struct.bio.294796**, i32*)*)(%struct.request_queue.294830* %9, %struct.bio.294796** nonnull %3, i32* nonnull %5) #83 %37 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 %38 = load i32, i32* %5, align 4 br label %39 %40 = phi i32 [ %38, %36 ], [ 1, %27 ] %41 = phi %struct.bio.294796* [ %37, %36 ], [ %0, %27 ] %42 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295073** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295073**)) #11, !srcloc !4 %43 = inttoptr i64 %42 to %struct.task_struct.295073* %44 = getelementptr inbounds %struct.task_struct.295073, %struct.task_struct.295073* %43, i64 0, i32 129 %45 = load %struct.blk_plug.295036*, %struct.blk_plug.295036** %44, align 8 %46 = icmp eq %struct.blk_plug.295036* %45, null br i1 %46, label %110, label %47 %48 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 1 %49 = load %struct.request.294838*, %struct.request.294838** %48, align 8 %50 = icmp eq %struct.request.294838* %49, null br i1 %50, label %110, label %51 %52 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 0 %53 = load %struct.request_queue.294830*, %struct.request_queue.294830** %52, align 8 %54 = icmp eq %struct.request_queue.294830* %53, %9 br i1 %54, label %55, label %110 %56 = call zeroext i1 bitcast (i1 (%struct.bio.290594*)* @submit_bio_checks to i1 (%struct.bio.294796*)*)(%struct.bio.294796* %41) #83 br i1 %56, label %57, label %541, !prof !5, !misexpect !6 %58 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 11 %59 = load volatile i64, i64* %58, align 8 %60 = and i64 %59, 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %71 %63 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %64 = load i32, i32* %63, align 8 %65 = and i32 %64, 409600 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %71 %68 = call zeroext i1 bitcast (i1 (%struct.request_queue.289873*, %struct.bio.289986*, i32, i8*)* @blk_attempt_plug_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32, i8*)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40, i8* nonnull %4) #83 br i1 %68, label %541, label %69 %70 = call zeroext i1 bitcast (i1 (%struct.request_queue.296452*, %struct.bio.296418*, i32)* @blk_mq_sched_bio_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40) #83 br i1 %70, label %541, label %71 %72 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %73 = load i32, i32* %72, align 8 %74 = and i32 %73, 16777216 %75 = icmp eq i32 %74, 0 %76 = and i32 %73, 255 %77 = icmp eq i32 %76, 0 %78 = zext i1 %77 to i32 %79 = select i1 %75, i32 %78, i32 2 %80 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 2 %81 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %80, align 8 %82 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 13 %83 = load i16, i16* %82, align 4 %84 = zext i16 %83 to i32 %85 = icmp eq i32 %79, %84 br i1 %85, label %86, label %110 %87 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 3 %88 = load i32, i32* %87, align 8 %89 = and i32 %88, 393216 %90 = icmp eq i32 %89, 0 %91 = and i32 %73, 393216 %92 = icmp ne i32 %91, 0 %93 = xor i1 %92, %90 br i1 %93, label %94, label %110 %111 = phi i1 [ true, %86 ], [ false, %51 ], [ false, %47 ], [ false, %39 ], [ true, %71 ] %112 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 1 %113 = load %struct.block_device.294788*, %struct.block_device.294788** %112, align 8 %114 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %113, i64 0, i32 18 %115 = load %struct.request_queue.294830*, %struct.request_queue.294830** %114, align 8 call void @__rcu_read_lock() #83 %116 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %115, i64 0, i32 2, i32 0 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 3 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %122, !prof !5, !misexpect !6 %123 = and i64 %117, 2 %124 = icmp eq i64 %123, 0 br i1 %124, label %125, label %147 %126 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %115, i64 0, i32 2, i32 1 %127 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %126, align 8 %128 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %127, i64 0, i32 0, i32 0 %129 = load volatile i64, i64* %128, align 8 %130 = icmp eq i64 %129, 0 br i1 %130, label %147, label %131, !prof !8, !misexpect !6 %132 = phi i64 [ %139, %138 ], [ %129, %125 ] %133 = add i64 %132, 1 %134 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %128, i64 %133, i64* %128, i64 %132) #6, !srcloc !9 %135 = extractvalue { i8, i64 } %134, 0 %136 = and i8 %135, 1 %137 = icmp eq i8 %136, 0 br i1 %137, label %138, label %141, !prof !8, !misexpect !6 %139 = extractvalue { i8, i64 } %134, 1 %140 = icmp eq i64 %139, 0 br i1 %140, label %147, label %131, !prof !8, !misexpect !6 call void @__rcu_read_unlock() #83 %148 = call i32 bitcast (i32 (%struct.request_queue.290802*, %struct.bio.290594*)* @__bio_queue_enter to i32 (%struct.request_queue.294830*, %struct.bio.294796*)*)(%struct.request_queue.294830* %115, %struct.bio.294796* %41) #83 %149 = icmp eq i32 %148, 0 br i1 %149, label %150, label %541, !prof !5, !misexpect !6 br i1 %111, label %153, label %151 %152 = call zeroext i1 bitcast (i1 (%struct.bio.290594*)* @submit_bio_checks to i1 (%struct.bio.294796*)*)(%struct.bio.294796* %41) #83 br i1 %152, label %153, label %209, !prof !5, !misexpect !6 %154 = bitcast %struct.blk_mq_alloc_data.294797* %2 to i8* %155 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 0 store %struct.request_queue.294830* %9, %struct.request_queue.294830** %155, align 8 %156 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 1 store i32 0, i32* %156, align 8 %157 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 2 store i32 0, i32* %157, align 4 %158 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 3 %159 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %160 = load i32, i32* %159, align 8 store i32 %160, i32* %158, align 8 %161 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 4 store i32 0, i32* %161, align 4 %162 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 5 store i32 1, i32* %162, align 8 %163 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 6 %164 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 11 %165 = bitcast %struct.request.294838*** %163 to i8* %166 = load volatile i64, i64* %164, align 8 %167 = and i64 %166, 8 %168 = icmp eq i64 %167, 0 %169 = and i32 %160, 409600 %170 = icmp eq i32 %169, 0 %171 = and i1 %170, %168 br i1 %171, label %172, label %176 %173 = call zeroext i1 bitcast (i1 (%struct.request_queue.289873*, %struct.bio.289986*, i32, i8*)* @blk_attempt_plug_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32, i8*)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40, i8* nonnull %4) #83 br i1 %173, label %207, label %174 %175 = call zeroext i1 bitcast (i1 (%struct.request_queue.296452*, %struct.bio.296418*, i32)* @blk_mq_sched_bio_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40) #83 br i1 %175, label %207, label %176 %177 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 4 %178 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %177, align 8 %179 = icmp eq %struct.rq_qos.294814* %178, null br i1 %179, label %185, label %180 %181 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 3 %182 = load i16, i16* %181, align 4 %183 = or i16 %182, 1024 store i16 %183, i16* %181, align 4 %184 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %177, align 8 call void bitcast (void (%struct.rq_qos.299433*, %struct.bio.299428*)* @__rq_qos_throttle to void (%struct.rq_qos.294814*, %struct.bio.294796*)*)(%struct.rq_qos.294814* %184, %struct.bio.294796* %41) #83 br label %185 br i1 %46, label %191, label %186 %187 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 2 %188 = load i16, i16* %187, align 8 %189 = zext i16 %188 to i32 store i32 %189, i32* %162, align 8 store i16 1, i16* %187, align 8 %190 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 1 store %struct.request.294838** %190, %struct.request.294838*** %163, align 8 br label %191 %192 = call fastcc %struct.request.294838* @__blk_mq_alloc_requests(%struct.blk_mq_alloc_data.294797* nonnull %2) #83 %193 = icmp eq %struct.request.294838* %192, null br i1 %193, label %194, label %208 br label %210 %211 = phi %struct.request.294838* [ %192, %208 ], [ %49, %94 ], [ %49, %105 ] %212 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_getrq to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_submit_bio, %213)) #6 to label %233 [label %213], !srcloc !10 %234 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 4 %235 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %234, align 8 %236 = icmp eq %struct.rq_qos.294814* %235, null br i1 %236, label %239, label %237 %240 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 %241 = load i32, i32* %5, align 4 %242 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 2 %243 = load i32, i32* %242, align 8 %244 = and i32 %243, 524288 %245 = icmp eq i32 %244, 0 br i1 %245, label %250, label %246 %247 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 3 %248 = load i32, i32* %247, align 8 %249 = or i32 %248, 1792 store i32 %249, i32* %247, align 8 br label %250 %251 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 8, i32 0 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 9 store i64 %252, i64* %253, align 8 %254 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 5 %255 = load i16, i16* %254, align 8 %256 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 19 store i16 %255, i16* %256, align 4 %257 = trunc i32 %241 to i16 %258 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 18 store i16 %257, i16* %258, align 2 %259 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 8, i32 1 %260 = load i32, i32* %259, align 8 %261 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 8 store i32 %260, i32* %261, align 4 %262 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 11 store %struct.bio.294796* %240, %struct.bio.294796** %262, align 8 %263 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 10 store %struct.bio.294796* %240, %struct.bio.294796** %263, align 8 %264 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 4 %265 = load i16, i16* %264, align 2 %266 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 20 store i16 %265, i16* %266, align 2 %267 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 1 %268 = load %struct.block_device.294788*, %struct.block_device.294788** %267, align 8 %269 = icmp eq %struct.block_device.294788* %268, null br i1 %269, label %276, label %270 %271 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %268, i64 0, i32 17 %272 = bitcast %struct.gendisk.294786** %271 to i64* %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 13 %275 = bitcast %struct.gendisk.294786** %274 to i64* store i64 %273, i64* %275, align 8 br label %276 %277 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 4 %278 = load i32, i32* %277, align 4 %279 = and i32 %278, 8192 %280 = icmp eq i32 %279, 0 br i1 %280, label %287, label %281 %288 = phi %struct.bio.294796* [ %240, %276 ], [ %240, %281 ], [ %286, %285 ] %289 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %288, i64 0, i32 2 %290 = load i32, i32* %289, align 8 %291 = and i32 %290, 393216 %292 = icmp eq i32 %291, 0 br i1 %292, label %294, label %293 br i1 %46, label %416, label %295 %417 = load i32, i32* %277, align 4 %418 = and i32 %417, 4194304 %419 = icmp eq i32 %418, 0 br i1 %419, label %420, label %427 %421 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 9 %422 = load i32, i32* %421, align 8 br label %529 %530 = phi i32 [ %422, %420 ], [ %297, %428 ] %531 = icmp ugt i32 %530, 1 %532 = and i1 %16, %531 %533 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 2 %534 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %533, align 8 br i1 %532, label %539, label %535 call fastcc void @blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.294739* %534, %struct.request.294838* nonnull %211) #84 Function:blk_mq_try_issue_directly %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %10, label %7 %11 = phi i64 [ %4, %2 ], [ %9, %7 ] %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15 tail call void @__rcu_read_lock() #83 br label %18 %19 = phi i32 [ 0, %14 ], [ %17, %15 ] %20 = tail call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.294739* %0, %struct.request.294838* %1, i1 zeroext false, i1 zeroext true) #84 Function:__blk_mq_try_issue_directly %5 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 0 %6 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %7 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %71 %12 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 16777216 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %71 %17 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4194304 %20 = icmp eq i32 %19, 0 %21 = or i1 %20, %2 br i1 %21, label %22, label %70 %23 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 5 %24 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %23, align 8 %25 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %24, i64 0, i32 2 %26 = load i32 (%struct.request_queue.294830*)*, i32 (%struct.request_queue.294830*)** %25, align 8 %27 = icmp eq i32 (%struct.request_queue.294830*)* %26, null br i1 %27, label %35, label %28 %29 = tail call i32 %26(%struct.request_queue.294830* %6) #83 %30 = icmp slt i32 %29, 0 br i1 %30, label %70, label %31 %32 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %33 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %32, i64 0, i32 5 %34 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %33, align 8 br label %35 %36 = phi %struct.blk_mq_ops.294818* [ %34, %31 ], [ %24, %22 ] %37 = phi i32 [ %29, %31 ], [ 0, %22 ] %38 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %36, i64 0, i32 4 %39 = load void (%struct.request.294838*, i32)*, void (%struct.request.294838*, i32)** %38, align 8 %40 = icmp eq void (%struct.request.294838*, i32)* %39, null br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %44 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %43, align 8 %45 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, -1 br i1 %47, label %60, label %48 %61 = tail call zeroext i1 @__blk_mq_get_driver_tag(%struct.blk_mq_hw_ctx.294739* %44, %struct.request.294838* %1) #83 Function:__blk_mq_get_driver_tag %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, -1 br i1 %5, label %6, label %89 %7 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %8 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 19 %10 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %9, align 64 %11 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 3 %12 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 5 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 2 %17 = icmp eq i64 %16, 0 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 bitcast (i1 (%struct.blk_mq_hw_ctx.295159*)* @__blk_mq_tag_busy to i1 (%struct.blk_mq_hw_ctx.294739*)*)(%struct.blk_mq_hw_ctx.294739* %8) #83 %20 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 br label %21 %22 = phi %struct.blk_mq_hw_ctx.294739* [ %8, %6 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 20 %24 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %23, align 8 %25 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 6 %26 = load i32, i32* %25, align 4 %27 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %24, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, %26 br i1 %29, label %30, label %34 %35 = icmp eq %struct.blk_mq_hw_ctx.294739* %22, null br i1 %35, label %82, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = and i64 %38, 2 %40 = icmp eq i64 %39, 0 br i1 %40, label %82, label %41 %42 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %11, i64 0, i32 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %82, label %45 %46 = and i64 %38, 8 %47 = icmp eq i64 %46, 0 br i1 %47, label %55, label %48 %56 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 0, i32 2 %57 = load volatile i64, i64* %56, align 8 %58 = and i64 %57, 2 %59 = icmp eq i64 %58, 0 br i1 %59, label %82, label %60 %61 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 19 %62 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %61, align 64 %63 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %62, i64 0, i32 2, i32 0 %64 = load volatile i32, i32* %63, align 4 %65 = icmp eq i32 %64, 0 br i1 %65, label %82, label %66 %67 = add i32 %43, -1 %68 = add i32 %67, %64 %69 = udiv i32 %68, %64 %70 = icmp ugt i32 %69, 4 %71 = select i1 %70, i32 %69, i32 4 br i1 %47, label %76, label %72 %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 25, i32 0 br label %78 %79 = phi i32* [ %75, %72 ], [ %77, %76 ] %80 = load volatile i32, i32* %79, align 4 %81 = icmp ult i32 %80, %71 br i1 %81, label %82, label %118 %83 = phi %struct.sbitmap_queue* [ %33, %30 ], [ %11, %78 ], [ %11, %48 ], [ %11, %36 ], [ %11, %34 ], [ %11, %41 ], [ %11, %55 ], [ %11, %60 ] %84 = phi i32 [ 0, %30 ], [ %13, %78 ], [ %13, %48 ], [ %13, %36 ], [ %13, %34 ], [ %13, %41 ], [ %13, %55 ], [ %13, %60 ] %85 = tail call i32 @__sbitmap_queue_get(%struct.sbitmap_queue* %83) #83 Function:__sbitmap_queue_get %2 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %0, i64 0, i32 0 %3 = tail call i32 @sbitmap_get(%struct.sbitmap* %2) #83 Function:sbitmap_get %2 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 5 %3 = load i32*, i32** %2, align 8 %4 = icmp eq i32* %3, null br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 0 %8 = load volatile i32, i32* %7, align 8 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %3) #6, !srcloc !8 %10 = icmp ult i32 %9, %8 br i1 %10, label %19, label %11, !prof !9, !misexpect !5 %20 = phi i32 [ %17, %16 ], [ %9, %6 ] %21 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 3 %24 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %96, label %27 %28 = load i8, i8* %23, align 4, !range !11 %29 = icmp eq i8 %28, 0 %30 = shl nsw i32 -1, %22 %31 = xor i32 %30, -1 %32 = and i32 %20, %31 %33 = select i1 %29, i32 0, i32 %32 %34 = lshr i32 %20, %22 %35 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 4 br label %36 %37 = phi i32 [ %34, %27 ], [ %87, %83 ] %38 = phi i32 [ 0, %27 ], [ %88, %83 ] %39 = phi i32 [ %33, %27 ], [ 0, %83 ] %40 = load %struct.sbitmap_word*, %struct.sbitmap_word** %35, align 8 %41 = sext i32 %37 to i64 %42 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 2 %43 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 0 %44 = icmp eq i32 %39, 0 %45 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 4 br label %46 %47 = load i64, i64* %43, align 64 %48 = load i8, i8* %23, align 4, !range !11 %49 = icmp ne i8 %48, 0 %50 = add i64 %47, -1 %51 = or i1 %44, %49 br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 %64 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %42, i64 %58, i64* %42) #6, !srcloc !12 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %74, label %67 %68 = add i32 %56, 1 %69 = zext i32 %68 to i64 %70 = icmp ugt i64 %50, %69 %71 = select i1 %70, i32 %68, i32 0 br label %72 %73 = phi i32 [ %71, %67 ], [ 0, %60 ] br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sbitmap_get 1 __sbitmap_queue_get 2 __blk_mq_get_driver_tag 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_directly 5 blk_mq_submit_bio 6 __submit_bio 7 submit_bio_noacct 8 __blk_queue_split 9 blk_queue_split 10 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.687194*, align 8 store %struct.bio.687194* %0, %struct.bio.687194** %2, align 8 %3 = getelementptr inbounds %struct.bio.687194, %struct.bio.687194* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.687194, %struct.bio.687194* %0, i64 0, i32 1 %8 = load %struct.block_device.687185*, %struct.block_device.687185** %7, align 8 %9 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %8, i64 0, i32 17 %10 = load %struct.gendisk.687208*, %struct.gendisk.687208** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.289986**)* @blk_queue_split to void (%struct.bio.687194**)*)(%struct.bio.687194** nonnull %2) #83 Function:blk_queue_split %2 = alloca i32, align 4 %3 = load %struct.bio.289986*, %struct.bio.289986** %0, align 8 %4 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 1 %5 = load %struct.block_device.289982*, %struct.block_device.289982** %4, align 8 %6 = getelementptr inbounds %struct.block_device.289982, %struct.block_device.289982* %5, i64 0, i32 18 %7 = load %struct.request_queue.289873*, %struct.request_queue.289873** %6, align 8 %8 = bitcast i32* %2 to i8* %9 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i8 switch i8 %11, label %12 [ i8 3, label %29 i8 5, label %29 i8 9, label %29 i8 7, label %29 ] %13 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %7, i64 0, i32 32, i32 5 %14 = load i32, i32* %13, align 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %29 call void @__blk_queue_split(%struct.request_queue.289873* %7, %struct.bio.289986** %0, i32* nonnull %2) #83 Function:__blk_queue_split %4 = alloca %struct.bio_vec.289985, align 8 %5 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %6 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 2 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i8 switch i8 %8, label %80 [ i8 3, label %9 i8 5, label %9 i8 9, label %56 i8 7, label %68 ] %69 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 52 store i32 1, i32* %2, align 4 %70 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 32, i32 15 %71 = load i32, i32* %70, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %324, label %73 %74 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 8, i32 1 %75 = load i32, i32* %74, align 8 %76 = lshr i32 %75, 9 %77 = icmp ugt i32 %76, %71 br i1 %77, label %78, label %324 %79 = tail call %struct.bio.289986* @bio_split(%struct.bio.289986* %5, i32 %71, i32 3072, %struct.bio_set.289990* %69) #83 br label %290 %291 = phi %struct.bio.289986* [ %289, %288 ], [ %55, %38 ], [ %67, %66 ], [ %79, %78 ] %292 = icmp eq %struct.bio.289986* %291, null br i1 %292, label %324, label %293 %294 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %291, i64 0, i32 2 %295 = load i32, i32* %294, align 8 %296 = or i32 %295, 16384 store i32 %296, i32* %294, align 8 %297 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void @bio_chain(%struct.bio.289986* nonnull %291, %struct.bio.289986* %297) #83 %298 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %299 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %298, i64 0, i32 8, i32 0 %300 = load i64, i64* %299, align 8 %301 = trunc i64 %300 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %302)) #6 to label %322 [label %302], !srcloc !9 %323 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void bitcast (void (%struct.bio.290594*)* @submit_bio_noacct to void (%struct.bio.289986*)*)(%struct.bio.289986* %323) #83 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.290592], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.290793* %5 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %4, i64 0, i32 128 %6 = load %struct.bio_list.290592*, %struct.bio_list.290592** %5, align 16 %7 = icmp eq %struct.bio_list.290592* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %18 = load %struct.block_device.290586*, %struct.block_device.290586** %17, align 8 %19 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %18, i64 0, i32 17 %20 = load %struct.gendisk.290584*, %struct.gendisk.290584** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %22, i64 0, i32 0 %24 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %23, align 8 %25 = icmp eq void (%struct.bio.290594*)* %24, null %26 = bitcast [2 x %struct.bio_list.290592]* %2 to i8* br i1 %25, label %27, label %44 %45 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 0 %46 = load %struct.bio.290594*, %struct.bio.290594** %45, align 8 %47 = icmp eq %struct.bio.290594* %46, null br i1 %47, label %49, label %48, !prof !5, !misexpect !6 %50 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0 store %struct.bio_list.290592* %50, %struct.bio_list.290592** %5, align 16 %51 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1 %52 = bitcast %struct.bio_list.290592* %51 to i8* %53 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 0 %54 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 1 %55 = bitcast %struct.bio.290594** %54 to i64* %56 = getelementptr inbounds %struct.bio_list.290592, %struct.bio_list.290592* %51, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1, i32 1 %58 = bitcast %struct.bio.290594** %57 to i64* br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 %68 = phi %struct.bio.290594* [ %104, %99 ], [ %65, %59 ] %69 = phi i64 [ %103, %99 ], [ 0, %59 ] %70 = phi %struct.bio.290594* [ %102, %99 ], [ null, %59 ] %71 = phi i64 [ %101, %99 ], [ 0, %59 ] %72 = phi %struct.bio.290594* [ %100, %99 ], [ null, %59 ] %73 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 0 %74 = load %struct.bio.290594*, %struct.bio.290594** %73, align 8 store %struct.bio.290594* %74, %struct.bio.290594** %53, align 16 %75 = icmp eq %struct.bio.290594* %74, null br i1 %75, label %76, label %77 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %77 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 %78 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 1 %79 = load %struct.block_device.290586*, %struct.block_device.290586** %78, align 8 %80 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %79, i64 0, i32 18 %81 = load %struct.request_queue.290802*, %struct.request_queue.290802** %80, align 8 %82 = icmp eq %struct.request_queue.290802* %64, %81 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 br i1 %82, label %83, label %91 %92 = icmp eq i64 %71, 0 br i1 %92, label %96, label %93 %94 = inttoptr i64 %71 to %struct.bio.290594* %95 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %94, i64 0, i32 0 store %struct.bio.290594* %68, %struct.bio.290594** %95, align 8 br label %96 %97 = phi %struct.bio.290594* [ %72, %93 ], [ %68, %91 ] %98 = ptrtoint %struct.bio.290594* %68 to i64 br label %99 %100 = phi %struct.bio.290594* [ %72, %88 ], [ %97, %96 ] %101 = phi i64 [ %71, %88 ], [ %98, %96 ] %102 = phi %struct.bio.290594* [ %89, %88 ], [ %70, %96 ] %103 = phi i64 [ %90, %88 ], [ %69, %96 ] %104 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %105 = icmp eq %struct.bio.290594* %104, null br i1 %105, label %106, label %67 %107 = icmp eq %struct.bio.290594* %100, null br i1 %107, label %115, label %108 %109 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %110 = icmp eq %struct.bio.290594* %109, null br i1 %110, label %113, label %111 store %struct.bio.290594* %100, %struct.bio.290594** %53, align 16 br label %114 store i64 %101, i64* %55, align 8 br label %115 %116 = icmp eq %struct.bio.290594* %102, null br i1 %116, label %124, label %117 %118 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %119 = icmp eq %struct.bio.290594* %118, null br i1 %119, label %122, label %120 store %struct.bio.290594* %102, %struct.bio.290594** %53, align 16 br label %123 store i64 %103, i64* %55, align 8 br label %124 %125 = load %struct.bio.290594*, %struct.bio.290594** %56, align 16 %126 = icmp eq %struct.bio.290594* %125, null br i1 %126, label %135, label %127 %128 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %129 = icmp eq %struct.bio.290594* %128, null br i1 %129, label %132, label %130 store %struct.bio.290594* %125, %struct.bio.290594** %53, align 16 br label %133 %134 = load i64, i64* %58, align 8 store i64 %134, i64* %55, align 8 br label %135 %136 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %137 = icmp eq %struct.bio.290594* %136, null br i1 %137, label %144, label %138 %139 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %136, i64 0, i32 0 %140 = load %struct.bio.290594*, %struct.bio.290594** %139, align 8 store %struct.bio.290594* %140, %struct.bio.290594** %53, align 16 %141 = icmp eq %struct.bio.290594* %140, null br i1 %141, label %142, label %143 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %143 store %struct.bio.290594* null, %struct.bio.290594** %139, align 8 br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 Function:__submit_bio %2 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %3 = load %struct.block_device.290586*, %struct.block_device.290586** %2, align 8 %4 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 17 %5 = load %struct.gendisk.290584*, %struct.gendisk.290584** %4, align 8 %6 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %5, i64 0, i32 8 %7 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %6, align 8 %8 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %7, i64 0, i32 0 %9 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %8, align 8 %10 = icmp eq void (%struct.bio.290594*)* %9, null br i1 %10, label %11, label %12 tail call void bitcast (void (%struct.bio.294796*)* @blk_mq_submit_bio to void (%struct.bio.290594*)*)(%struct.bio.290594* %0) #83 Function:blk_mq_submit_bio %2 = alloca %struct.blk_mq_alloc_data.294797, align 8 %3 = alloca %struct.bio.294796*, align 8 %4 = alloca i8, align 1 %5 = alloca i32, align 4 store %struct.bio.294796* %0, %struct.bio.294796** %3, align 8 %6 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %0, i64 0, i32 1 %7 = load %struct.block_device.294788*, %struct.block_device.294788** %6, align 8 %8 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %7, i64 0, i32 18 %9 = load %struct.request_queue.294830*, %struct.request_queue.294830** %8, align 8 %10 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %0, i64 0, i32 2 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 255 %13 = icmp eq i32 %12, 0 %14 = and i32 %11, 395264 %15 = icmp ne i32 %14, 0 %16 = or i1 %13, %15 store i8 0, i8* %4, align 1 %17 = bitcast i32* %5 to i8* store i32 1, i32* %5, align 4 %18 = trunc i32 %11 to i8 switch i8 %18, label %19 [ i8 3, label %36 i8 5, label %36 i8 9, label %36 i8 7, label %36 ] %20 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 32, i32 5 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 call void bitcast (void (%struct.request_queue.289873*, %struct.bio.289986**, i32*)* @__blk_queue_split to void (%struct.request_queue.294830*, %struct.bio.294796**, i32*)*)(%struct.request_queue.294830* %9, %struct.bio.294796** nonnull %3, i32* nonnull %5) #83 %37 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 %38 = load i32, i32* %5, align 4 br label %39 %40 = phi i32 [ %38, %36 ], [ 1, %27 ] %41 = phi %struct.bio.294796* [ %37, %36 ], [ %0, %27 ] %42 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295073** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295073**)) #11, !srcloc !4 %43 = inttoptr i64 %42 to %struct.task_struct.295073* %44 = getelementptr inbounds %struct.task_struct.295073, %struct.task_struct.295073* %43, i64 0, i32 129 %45 = load %struct.blk_plug.295036*, %struct.blk_plug.295036** %44, align 8 %46 = icmp eq %struct.blk_plug.295036* %45, null br i1 %46, label %110, label %47 %48 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 1 %49 = load %struct.request.294838*, %struct.request.294838** %48, align 8 %50 = icmp eq %struct.request.294838* %49, null br i1 %50, label %110, label %51 %52 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 0 %53 = load %struct.request_queue.294830*, %struct.request_queue.294830** %52, align 8 %54 = icmp eq %struct.request_queue.294830* %53, %9 br i1 %54, label %55, label %110 %56 = call zeroext i1 bitcast (i1 (%struct.bio.290594*)* @submit_bio_checks to i1 (%struct.bio.294796*)*)(%struct.bio.294796* %41) #83 br i1 %56, label %57, label %541, !prof !5, !misexpect !6 %58 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 11 %59 = load volatile i64, i64* %58, align 8 %60 = and i64 %59, 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %71 %63 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %64 = load i32, i32* %63, align 8 %65 = and i32 %64, 409600 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %71 %68 = call zeroext i1 bitcast (i1 (%struct.request_queue.289873*, %struct.bio.289986*, i32, i8*)* @blk_attempt_plug_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32, i8*)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40, i8* nonnull %4) #83 br i1 %68, label %541, label %69 %70 = call zeroext i1 bitcast (i1 (%struct.request_queue.296452*, %struct.bio.296418*, i32)* @blk_mq_sched_bio_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40) #83 br i1 %70, label %541, label %71 %72 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %73 = load i32, i32* %72, align 8 %74 = and i32 %73, 16777216 %75 = icmp eq i32 %74, 0 %76 = and i32 %73, 255 %77 = icmp eq i32 %76, 0 %78 = zext i1 %77 to i32 %79 = select i1 %75, i32 %78, i32 2 %80 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 2 %81 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %80, align 8 %82 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 13 %83 = load i16, i16* %82, align 4 %84 = zext i16 %83 to i32 %85 = icmp eq i32 %79, %84 br i1 %85, label %86, label %110 %87 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 3 %88 = load i32, i32* %87, align 8 %89 = and i32 %88, 393216 %90 = icmp eq i32 %89, 0 %91 = and i32 %73, 393216 %92 = icmp ne i32 %91, 0 %93 = xor i1 %92, %90 br i1 %93, label %94, label %110 %111 = phi i1 [ true, %86 ], [ false, %51 ], [ false, %47 ], [ false, %39 ], [ true, %71 ] %112 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 1 %113 = load %struct.block_device.294788*, %struct.block_device.294788** %112, align 8 %114 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %113, i64 0, i32 18 %115 = load %struct.request_queue.294830*, %struct.request_queue.294830** %114, align 8 call void @__rcu_read_lock() #83 %116 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %115, i64 0, i32 2, i32 0 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 3 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %122, !prof !5, !misexpect !6 %123 = and i64 %117, 2 %124 = icmp eq i64 %123, 0 br i1 %124, label %125, label %147 %126 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %115, i64 0, i32 2, i32 1 %127 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %126, align 8 %128 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %127, i64 0, i32 0, i32 0 %129 = load volatile i64, i64* %128, align 8 %130 = icmp eq i64 %129, 0 br i1 %130, label %147, label %131, !prof !8, !misexpect !6 %132 = phi i64 [ %139, %138 ], [ %129, %125 ] %133 = add i64 %132, 1 %134 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %128, i64 %133, i64* %128, i64 %132) #6, !srcloc !9 %135 = extractvalue { i8, i64 } %134, 0 %136 = and i8 %135, 1 %137 = icmp eq i8 %136, 0 br i1 %137, label %138, label %141, !prof !8, !misexpect !6 %139 = extractvalue { i8, i64 } %134, 1 %140 = icmp eq i64 %139, 0 br i1 %140, label %147, label %131, !prof !8, !misexpect !6 call void @__rcu_read_unlock() #83 %148 = call i32 bitcast (i32 (%struct.request_queue.290802*, %struct.bio.290594*)* @__bio_queue_enter to i32 (%struct.request_queue.294830*, %struct.bio.294796*)*)(%struct.request_queue.294830* %115, %struct.bio.294796* %41) #83 %149 = icmp eq i32 %148, 0 br i1 %149, label %150, label %541, !prof !5, !misexpect !6 br i1 %111, label %153, label %151 %152 = call zeroext i1 bitcast (i1 (%struct.bio.290594*)* @submit_bio_checks to i1 (%struct.bio.294796*)*)(%struct.bio.294796* %41) #83 br i1 %152, label %153, label %209, !prof !5, !misexpect !6 %154 = bitcast %struct.blk_mq_alloc_data.294797* %2 to i8* %155 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 0 store %struct.request_queue.294830* %9, %struct.request_queue.294830** %155, align 8 %156 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 1 store i32 0, i32* %156, align 8 %157 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 2 store i32 0, i32* %157, align 4 %158 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 3 %159 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %160 = load i32, i32* %159, align 8 store i32 %160, i32* %158, align 8 %161 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 4 store i32 0, i32* %161, align 4 %162 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 5 store i32 1, i32* %162, align 8 %163 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 6 %164 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 11 %165 = bitcast %struct.request.294838*** %163 to i8* %166 = load volatile i64, i64* %164, align 8 %167 = and i64 %166, 8 %168 = icmp eq i64 %167, 0 %169 = and i32 %160, 409600 %170 = icmp eq i32 %169, 0 %171 = and i1 %170, %168 br i1 %171, label %172, label %176 %173 = call zeroext i1 bitcast (i1 (%struct.request_queue.289873*, %struct.bio.289986*, i32, i8*)* @blk_attempt_plug_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32, i8*)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40, i8* nonnull %4) #83 br i1 %173, label %207, label %174 %175 = call zeroext i1 bitcast (i1 (%struct.request_queue.296452*, %struct.bio.296418*, i32)* @blk_mq_sched_bio_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40) #83 br i1 %175, label %207, label %176 %177 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 4 %178 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %177, align 8 %179 = icmp eq %struct.rq_qos.294814* %178, null br i1 %179, label %185, label %180 %181 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 3 %182 = load i16, i16* %181, align 4 %183 = or i16 %182, 1024 store i16 %183, i16* %181, align 4 %184 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %177, align 8 call void bitcast (void (%struct.rq_qos.299433*, %struct.bio.299428*)* @__rq_qos_throttle to void (%struct.rq_qos.294814*, %struct.bio.294796*)*)(%struct.rq_qos.294814* %184, %struct.bio.294796* %41) #83 br label %185 br i1 %46, label %191, label %186 %187 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 2 %188 = load i16, i16* %187, align 8 %189 = zext i16 %188 to i32 store i32 %189, i32* %162, align 8 store i16 1, i16* %187, align 8 %190 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 1 store %struct.request.294838** %190, %struct.request.294838*** %163, align 8 br label %191 %192 = call fastcc %struct.request.294838* @__blk_mq_alloc_requests(%struct.blk_mq_alloc_data.294797* nonnull %2) #83 %193 = icmp eq %struct.request.294838* %192, null br i1 %193, label %194, label %208 br label %210 %211 = phi %struct.request.294838* [ %192, %208 ], [ %49, %94 ], [ %49, %105 ] %212 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_getrq to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_submit_bio, %213)) #6 to label %233 [label %213], !srcloc !10 %234 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 4 %235 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %234, align 8 %236 = icmp eq %struct.rq_qos.294814* %235, null br i1 %236, label %239, label %237 %240 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 %241 = load i32, i32* %5, align 4 %242 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 2 %243 = load i32, i32* %242, align 8 %244 = and i32 %243, 524288 %245 = icmp eq i32 %244, 0 br i1 %245, label %250, label %246 %247 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 3 %248 = load i32, i32* %247, align 8 %249 = or i32 %248, 1792 store i32 %249, i32* %247, align 8 br label %250 %251 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 8, i32 0 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 9 store i64 %252, i64* %253, align 8 %254 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 5 %255 = load i16, i16* %254, align 8 %256 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 19 store i16 %255, i16* %256, align 4 %257 = trunc i32 %241 to i16 %258 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 18 store i16 %257, i16* %258, align 2 %259 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 8, i32 1 %260 = load i32, i32* %259, align 8 %261 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 8 store i32 %260, i32* %261, align 4 %262 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 11 store %struct.bio.294796* %240, %struct.bio.294796** %262, align 8 %263 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 10 store %struct.bio.294796* %240, %struct.bio.294796** %263, align 8 %264 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 4 %265 = load i16, i16* %264, align 2 %266 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 20 store i16 %265, i16* %266, align 2 %267 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 1 %268 = load %struct.block_device.294788*, %struct.block_device.294788** %267, align 8 %269 = icmp eq %struct.block_device.294788* %268, null br i1 %269, label %276, label %270 %271 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %268, i64 0, i32 17 %272 = bitcast %struct.gendisk.294786** %271 to i64* %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 13 %275 = bitcast %struct.gendisk.294786** %274 to i64* store i64 %273, i64* %275, align 8 br label %276 %277 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 4 %278 = load i32, i32* %277, align 4 %279 = and i32 %278, 8192 %280 = icmp eq i32 %279, 0 br i1 %280, label %287, label %281 %288 = phi %struct.bio.294796* [ %240, %276 ], [ %240, %281 ], [ %286, %285 ] %289 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %288, i64 0, i32 2 %290 = load i32, i32* %289, align 8 %291 = and i32 %290, 393216 %292 = icmp eq i32 %291, 0 br i1 %292, label %294, label %293 br i1 %46, label %416, label %295 %417 = load i32, i32* %277, align 4 %418 = and i32 %417, 4194304 %419 = icmp eq i32 %418, 0 br i1 %419, label %420, label %427 %421 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 9 %422 = load i32, i32* %421, align 8 br label %529 %530 = phi i32 [ %422, %420 ], [ %297, %428 ] %531 = icmp ugt i32 %530, 1 %532 = and i1 %16, %531 %533 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 2 %534 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %533, align 8 br i1 %532, label %539, label %535 call fastcc void @blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.294739* %534, %struct.request.294838* nonnull %211) #84 Function:blk_mq_try_issue_directly %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %10, label %7 %11 = phi i64 [ %4, %2 ], [ %9, %7 ] %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15 tail call void @__rcu_read_lock() #83 br label %18 %19 = phi i32 [ 0, %14 ], [ %17, %15 ] %20 = tail call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.294739* %0, %struct.request.294838* %1, i1 zeroext false, i1 zeroext true) #84 Function:__blk_mq_try_issue_directly %5 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 0 %6 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %7 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %71 %12 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 16777216 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %71 %17 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4194304 %20 = icmp eq i32 %19, 0 %21 = or i1 %20, %2 br i1 %21, label %22, label %70 %23 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 5 %24 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %23, align 8 %25 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %24, i64 0, i32 2 %26 = load i32 (%struct.request_queue.294830*)*, i32 (%struct.request_queue.294830*)** %25, align 8 %27 = icmp eq i32 (%struct.request_queue.294830*)* %26, null br i1 %27, label %35, label %28 %29 = tail call i32 %26(%struct.request_queue.294830* %6) #83 %30 = icmp slt i32 %29, 0 br i1 %30, label %70, label %31 %32 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %33 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %32, i64 0, i32 5 %34 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %33, align 8 br label %35 %36 = phi %struct.blk_mq_ops.294818* [ %34, %31 ], [ %24, %22 ] %37 = phi i32 [ %29, %31 ], [ 0, %22 ] %38 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %36, i64 0, i32 4 %39 = load void (%struct.request.294838*, i32)*, void (%struct.request.294838*, i32)** %38, align 8 %40 = icmp eq void (%struct.request.294838*, i32)* %39, null br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %44 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %43, align 8 %45 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, -1 br i1 %47, label %60, label %48 %61 = tail call zeroext i1 @__blk_mq_get_driver_tag(%struct.blk_mq_hw_ctx.294739* %44, %struct.request.294838* %1) #83 Function:__blk_mq_get_driver_tag %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, -1 br i1 %5, label %6, label %89 %7 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %8 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 19 %10 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %9, align 64 %11 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 3 %12 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 5 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 2 %17 = icmp eq i64 %16, 0 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 bitcast (i1 (%struct.blk_mq_hw_ctx.295159*)* @__blk_mq_tag_busy to i1 (%struct.blk_mq_hw_ctx.294739*)*)(%struct.blk_mq_hw_ctx.294739* %8) #83 %20 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 br label %21 %22 = phi %struct.blk_mq_hw_ctx.294739* [ %8, %6 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 20 %24 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %23, align 8 %25 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 6 %26 = load i32, i32* %25, align 4 %27 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %24, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, %26 br i1 %29, label %30, label %34 %35 = icmp eq %struct.blk_mq_hw_ctx.294739* %22, null br i1 %35, label %82, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = and i64 %38, 2 %40 = icmp eq i64 %39, 0 br i1 %40, label %82, label %41 %42 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %11, i64 0, i32 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %82, label %45 %46 = and i64 %38, 8 %47 = icmp eq i64 %46, 0 br i1 %47, label %55, label %48 %56 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 0, i32 2 %57 = load volatile i64, i64* %56, align 8 %58 = and i64 %57, 2 %59 = icmp eq i64 %58, 0 br i1 %59, label %82, label %60 %61 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 19 %62 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %61, align 64 %63 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %62, i64 0, i32 2, i32 0 %64 = load volatile i32, i32* %63, align 4 %65 = icmp eq i32 %64, 0 br i1 %65, label %82, label %66 %67 = add i32 %43, -1 %68 = add i32 %67, %64 %69 = udiv i32 %68, %64 %70 = icmp ugt i32 %69, 4 %71 = select i1 %70, i32 %69, i32 4 br i1 %47, label %76, label %72 %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 25, i32 0 br label %78 %79 = phi i32* [ %75, %72 ], [ %77, %76 ] %80 = load volatile i32, i32* %79, align 4 %81 = icmp ult i32 %80, %71 br i1 %81, label %82, label %118 %83 = phi %struct.sbitmap_queue* [ %33, %30 ], [ %11, %78 ], [ %11, %48 ], [ %11, %36 ], [ %11, %34 ], [ %11, %41 ], [ %11, %55 ], [ %11, %60 ] %84 = phi i32 [ 0, %30 ], [ %13, %78 ], [ %13, %48 ], [ %13, %36 ], [ %13, %34 ], [ %13, %41 ], [ %13, %55 ], [ %13, %60 ] %85 = tail call i32 @__sbitmap_queue_get(%struct.sbitmap_queue* %83) #83 Function:__sbitmap_queue_get %2 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %0, i64 0, i32 0 %3 = tail call i32 @sbitmap_get(%struct.sbitmap* %2) #83 Function:sbitmap_get %2 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 5 %3 = load i32*, i32** %2, align 8 %4 = icmp eq i32* %3, null br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 0 %8 = load volatile i32, i32* %7, align 8 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %3) #6, !srcloc !8 %10 = icmp ult i32 %9, %8 br i1 %10, label %19, label %11, !prof !9, !misexpect !5 %20 = phi i32 [ %17, %16 ], [ %9, %6 ] %21 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 3 %24 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %96, label %27 %28 = load i8, i8* %23, align 4, !range !11 %29 = icmp eq i8 %28, 0 %30 = shl nsw i32 -1, %22 %31 = xor i32 %30, -1 %32 = and i32 %20, %31 %33 = select i1 %29, i32 0, i32 %32 %34 = lshr i32 %20, %22 %35 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 4 br label %36 %37 = phi i32 [ %34, %27 ], [ %87, %83 ] %38 = phi i32 [ 0, %27 ], [ %88, %83 ] %39 = phi i32 [ %33, %27 ], [ 0, %83 ] %40 = load %struct.sbitmap_word*, %struct.sbitmap_word** %35, align 8 %41 = sext i32 %37 to i64 %42 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 2 %43 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 0 %44 = icmp eq i32 %39, 0 %45 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 4 br label %46 %47 = load i64, i64* %43, align 64 %48 = load i8, i8* %23, align 4, !range !11 %49 = icmp ne i8 %48, 0 %50 = add i64 %47, -1 %51 = or i1 %44, %49 br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 %64 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %42, i64 %58, i64* %42) #6, !srcloc !12 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %74, label %67 %68 = add i32 %56, 1 %69 = zext i32 %68 to i64 %70 = icmp ugt i64 %50, %69 %71 = select i1 %70, i32 %68, i32 0 br label %72 %73 = phi i32 [ %71, %67 ], [ 0, %60 ] br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sbitmap_get 1 __sbitmap_queue_get 2 __blk_mq_get_driver_tag 3 __blk_mq_try_issue_directly 4 blk_mq_request_issue_directly 5 blk_mq_try_issue_list_directly 6 blk_mq_sched_insert_requests 7 blk_mq_flush_plug_list 8 blk_flush_plug 9 blk_finish_plug 10 __se_sys_io_submit 11 __ia32_sys_io_submit ------------- Path:  Function:__ia32_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_io_submit(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %74, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %74, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 64 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #83 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %4) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 Function:blk_mq_try_issue_list_directly %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %1, i64 0, i32 0 %4 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %5 = icmp eq %struct.list_head* %4, %1 br i1 %5, label %51, label %6 %7 = phi %struct.list_head* [ %49, %46 ], [ %4, %2 ] %8 = phi i32 [ %48, %46 ], [ 0, %2 ] %9 = phi i32 [ %47, %46 ], [ 0, %2 ] %10 = getelementptr %struct.list_head, %struct.list_head* %7, i64 -5, i32 1 %11 = bitcast %struct.list_head** %10 to %struct.request.294838* %12 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store volatile %struct.list_head* %7, %struct.list_head** %14, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 %18 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %19 = icmp eq %struct.list_head* %18, %1 %20 = tail call zeroext i8 @blk_mq_request_issue_directly(%struct.request.294838* %11, i1 zeroext %19) #83 Function:blk_mq_request_issue_directly %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %4 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %3, align 8 %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %4, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %10 tail call void @__rcu_read_lock() #83 br label %13 %14 = phi i32 [ 0, %9 ], [ %12, %10 ] %15 = tail call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.294739* %4, %struct.request.294838* %0, i1 zeroext true, i1 zeroext %1) #84 Function:__blk_mq_try_issue_directly %5 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 0 %6 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %7 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %71 %12 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 16777216 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %71 %17 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4194304 %20 = icmp eq i32 %19, 0 %21 = or i1 %20, %2 br i1 %21, label %22, label %70 %23 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 5 %24 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %23, align 8 %25 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %24, i64 0, i32 2 %26 = load i32 (%struct.request_queue.294830*)*, i32 (%struct.request_queue.294830*)** %25, align 8 %27 = icmp eq i32 (%struct.request_queue.294830*)* %26, null br i1 %27, label %35, label %28 %29 = tail call i32 %26(%struct.request_queue.294830* %6) #83 %30 = icmp slt i32 %29, 0 br i1 %30, label %70, label %31 %32 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %33 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %32, i64 0, i32 5 %34 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %33, align 8 br label %35 %36 = phi %struct.blk_mq_ops.294818* [ %34, %31 ], [ %24, %22 ] %37 = phi i32 [ %29, %31 ], [ 0, %22 ] %38 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %36, i64 0, i32 4 %39 = load void (%struct.request.294838*, i32)*, void (%struct.request.294838*, i32)** %38, align 8 %40 = icmp eq void (%struct.request.294838*, i32)* %39, null br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %44 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %43, align 8 %45 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, -1 br i1 %47, label %60, label %48 %61 = tail call zeroext i1 @__blk_mq_get_driver_tag(%struct.blk_mq_hw_ctx.294739* %44, %struct.request.294838* %1) #83 Function:__blk_mq_get_driver_tag %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, -1 br i1 %5, label %6, label %89 %7 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %8 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 19 %10 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %9, align 64 %11 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 3 %12 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 5 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 2 %17 = icmp eq i64 %16, 0 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 bitcast (i1 (%struct.blk_mq_hw_ctx.295159*)* @__blk_mq_tag_busy to i1 (%struct.blk_mq_hw_ctx.294739*)*)(%struct.blk_mq_hw_ctx.294739* %8) #83 %20 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 br label %21 %22 = phi %struct.blk_mq_hw_ctx.294739* [ %8, %6 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 20 %24 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %23, align 8 %25 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 6 %26 = load i32, i32* %25, align 4 %27 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %24, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, %26 br i1 %29, label %30, label %34 %35 = icmp eq %struct.blk_mq_hw_ctx.294739* %22, null br i1 %35, label %82, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = and i64 %38, 2 %40 = icmp eq i64 %39, 0 br i1 %40, label %82, label %41 %42 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %11, i64 0, i32 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %82, label %45 %46 = and i64 %38, 8 %47 = icmp eq i64 %46, 0 br i1 %47, label %55, label %48 %56 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 0, i32 2 %57 = load volatile i64, i64* %56, align 8 %58 = and i64 %57, 2 %59 = icmp eq i64 %58, 0 br i1 %59, label %82, label %60 %61 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 19 %62 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %61, align 64 %63 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %62, i64 0, i32 2, i32 0 %64 = load volatile i32, i32* %63, align 4 %65 = icmp eq i32 %64, 0 br i1 %65, label %82, label %66 %67 = add i32 %43, -1 %68 = add i32 %67, %64 %69 = udiv i32 %68, %64 %70 = icmp ugt i32 %69, 4 %71 = select i1 %70, i32 %69, i32 4 br i1 %47, label %76, label %72 %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 25, i32 0 br label %78 %79 = phi i32* [ %75, %72 ], [ %77, %76 ] %80 = load volatile i32, i32* %79, align 4 %81 = icmp ult i32 %80, %71 br i1 %81, label %82, label %118 %83 = phi %struct.sbitmap_queue* [ %33, %30 ], [ %11, %78 ], [ %11, %48 ], [ %11, %36 ], [ %11, %34 ], [ %11, %41 ], [ %11, %55 ], [ %11, %60 ] %84 = phi i32 [ 0, %30 ], [ %13, %78 ], [ %13, %48 ], [ %13, %36 ], [ %13, %34 ], [ %13, %41 ], [ %13, %55 ], [ %13, %60 ] %85 = tail call i32 @__sbitmap_queue_get(%struct.sbitmap_queue* %83) #83 Function:__sbitmap_queue_get %2 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %0, i64 0, i32 0 %3 = tail call i32 @sbitmap_get(%struct.sbitmap* %2) #83 Function:sbitmap_get %2 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 5 %3 = load i32*, i32** %2, align 8 %4 = icmp eq i32* %3, null br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 0 %8 = load volatile i32, i32* %7, align 8 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %3) #6, !srcloc !8 %10 = icmp ult i32 %9, %8 br i1 %10, label %19, label %11, !prof !9, !misexpect !5 %20 = phi i32 [ %17, %16 ], [ %9, %6 ] %21 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 3 %24 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %96, label %27 %28 = load i8, i8* %23, align 4, !range !11 %29 = icmp eq i8 %28, 0 %30 = shl nsw i32 -1, %22 %31 = xor i32 %30, -1 %32 = and i32 %20, %31 %33 = select i1 %29, i32 0, i32 %32 %34 = lshr i32 %20, %22 %35 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 4 br label %36 %37 = phi i32 [ %34, %27 ], [ %87, %83 ] %38 = phi i32 [ 0, %27 ], [ %88, %83 ] %39 = phi i32 [ %33, %27 ], [ 0, %83 ] %40 = load %struct.sbitmap_word*, %struct.sbitmap_word** %35, align 8 %41 = sext i32 %37 to i64 %42 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 2 %43 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 0 %44 = icmp eq i32 %39, 0 %45 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 4 br label %46 %47 = load i64, i64* %43, align 64 %48 = load i8, i8* %23, align 4, !range !11 %49 = icmp ne i8 %48, 0 %50 = add i64 %47, -1 %51 = or i1 %44, %49 br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 %64 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %42, i64 %58, i64* %42) #6, !srcloc !12 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %74, label %67 %68 = add i32 %56, 1 %69 = zext i32 %68 to i64 %70 = icmp ugt i64 %50, %69 %71 = select i1 %70, i32 %68, i32 0 br label %72 %73 = phi i32 [ %71, %67 ], [ 0, %60 ] br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sbitmap_get 1 __sbitmap_queue_get 2 __blk_mq_get_driver_tag 3 __blk_mq_try_issue_directly 4 blk_mq_request_issue_directly 5 blk_mq_try_issue_list_directly 6 blk_mq_sched_insert_requests 7 blk_mq_flush_plug_list 8 blk_flush_plug 9 blk_finish_plug 10 __se_sys_io_submit 11 __x64_sys_io_submit ------------- Path:  Function:__x64_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_io_submit(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %74, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %74, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 64 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #83 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %4) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 Function:blk_mq_try_issue_list_directly %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %1, i64 0, i32 0 %4 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %5 = icmp eq %struct.list_head* %4, %1 br i1 %5, label %51, label %6 %7 = phi %struct.list_head* [ %49, %46 ], [ %4, %2 ] %8 = phi i32 [ %48, %46 ], [ 0, %2 ] %9 = phi i32 [ %47, %46 ], [ 0, %2 ] %10 = getelementptr %struct.list_head, %struct.list_head* %7, i64 -5, i32 1 %11 = bitcast %struct.list_head** %10 to %struct.request.294838* %12 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store volatile %struct.list_head* %7, %struct.list_head** %14, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 %18 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %19 = icmp eq %struct.list_head* %18, %1 %20 = tail call zeroext i8 @blk_mq_request_issue_directly(%struct.request.294838* %11, i1 zeroext %19) #83 Function:blk_mq_request_issue_directly %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %4 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %3, align 8 %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %4, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %10 tail call void @__rcu_read_lock() #83 br label %13 %14 = phi i32 [ 0, %9 ], [ %12, %10 ] %15 = tail call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.294739* %4, %struct.request.294838* %0, i1 zeroext true, i1 zeroext %1) #84 Function:__blk_mq_try_issue_directly %5 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 0 %6 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %7 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %71 %12 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 16777216 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %71 %17 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4194304 %20 = icmp eq i32 %19, 0 %21 = or i1 %20, %2 br i1 %21, label %22, label %70 %23 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 5 %24 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %23, align 8 %25 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %24, i64 0, i32 2 %26 = load i32 (%struct.request_queue.294830*)*, i32 (%struct.request_queue.294830*)** %25, align 8 %27 = icmp eq i32 (%struct.request_queue.294830*)* %26, null br i1 %27, label %35, label %28 %29 = tail call i32 %26(%struct.request_queue.294830* %6) #83 %30 = icmp slt i32 %29, 0 br i1 %30, label %70, label %31 %32 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %33 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %32, i64 0, i32 5 %34 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %33, align 8 br label %35 %36 = phi %struct.blk_mq_ops.294818* [ %34, %31 ], [ %24, %22 ] %37 = phi i32 [ %29, %31 ], [ 0, %22 ] %38 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %36, i64 0, i32 4 %39 = load void (%struct.request.294838*, i32)*, void (%struct.request.294838*, i32)** %38, align 8 %40 = icmp eq void (%struct.request.294838*, i32)* %39, null br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %44 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %43, align 8 %45 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, -1 br i1 %47, label %60, label %48 %61 = tail call zeroext i1 @__blk_mq_get_driver_tag(%struct.blk_mq_hw_ctx.294739* %44, %struct.request.294838* %1) #83 Function:__blk_mq_get_driver_tag %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, -1 br i1 %5, label %6, label %89 %7 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %8 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 19 %10 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %9, align 64 %11 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 3 %12 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 5 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 2 %17 = icmp eq i64 %16, 0 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 bitcast (i1 (%struct.blk_mq_hw_ctx.295159*)* @__blk_mq_tag_busy to i1 (%struct.blk_mq_hw_ctx.294739*)*)(%struct.blk_mq_hw_ctx.294739* %8) #83 %20 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 br label %21 %22 = phi %struct.blk_mq_hw_ctx.294739* [ %8, %6 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 20 %24 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %23, align 8 %25 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 6 %26 = load i32, i32* %25, align 4 %27 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %24, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, %26 br i1 %29, label %30, label %34 %35 = icmp eq %struct.blk_mq_hw_ctx.294739* %22, null br i1 %35, label %82, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = and i64 %38, 2 %40 = icmp eq i64 %39, 0 br i1 %40, label %82, label %41 %42 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %11, i64 0, i32 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %82, label %45 %46 = and i64 %38, 8 %47 = icmp eq i64 %46, 0 br i1 %47, label %55, label %48 %56 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 0, i32 2 %57 = load volatile i64, i64* %56, align 8 %58 = and i64 %57, 2 %59 = icmp eq i64 %58, 0 br i1 %59, label %82, label %60 %61 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 19 %62 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %61, align 64 %63 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %62, i64 0, i32 2, i32 0 %64 = load volatile i32, i32* %63, align 4 %65 = icmp eq i32 %64, 0 br i1 %65, label %82, label %66 %67 = add i32 %43, -1 %68 = add i32 %67, %64 %69 = udiv i32 %68, %64 %70 = icmp ugt i32 %69, 4 %71 = select i1 %70, i32 %69, i32 4 br i1 %47, label %76, label %72 %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 25, i32 0 br label %78 %79 = phi i32* [ %75, %72 ], [ %77, %76 ] %80 = load volatile i32, i32* %79, align 4 %81 = icmp ult i32 %80, %71 br i1 %81, label %82, label %118 %83 = phi %struct.sbitmap_queue* [ %33, %30 ], [ %11, %78 ], [ %11, %48 ], [ %11, %36 ], [ %11, %34 ], [ %11, %41 ], [ %11, %55 ], [ %11, %60 ] %84 = phi i32 [ 0, %30 ], [ %13, %78 ], [ %13, %48 ], [ %13, %36 ], [ %13, %34 ], [ %13, %41 ], [ %13, %55 ], [ %13, %60 ] %85 = tail call i32 @__sbitmap_queue_get(%struct.sbitmap_queue* %83) #83 Function:__sbitmap_queue_get %2 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %0, i64 0, i32 0 %3 = tail call i32 @sbitmap_get(%struct.sbitmap* %2) #83 Function:sbitmap_get %2 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 5 %3 = load i32*, i32** %2, align 8 %4 = icmp eq i32* %3, null br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 0 %8 = load volatile i32, i32* %7, align 8 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %3) #6, !srcloc !8 %10 = icmp ult i32 %9, %8 br i1 %10, label %19, label %11, !prof !9, !misexpect !5 %20 = phi i32 [ %17, %16 ], [ %9, %6 ] %21 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 3 %24 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %96, label %27 %28 = load i8, i8* %23, align 4, !range !11 %29 = icmp eq i8 %28, 0 %30 = shl nsw i32 -1, %22 %31 = xor i32 %30, -1 %32 = and i32 %20, %31 %33 = select i1 %29, i32 0, i32 %32 %34 = lshr i32 %20, %22 %35 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 4 br label %36 %37 = phi i32 [ %34, %27 ], [ %87, %83 ] %38 = phi i32 [ 0, %27 ], [ %88, %83 ] %39 = phi i32 [ %33, %27 ], [ 0, %83 ] %40 = load %struct.sbitmap_word*, %struct.sbitmap_word** %35, align 8 %41 = sext i32 %37 to i64 %42 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 2 %43 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 0 %44 = icmp eq i32 %39, 0 %45 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 4 br label %46 %47 = load i64, i64* %43, align 64 %48 = load i8, i8* %23, align 4, !range !11 %49 = icmp ne i8 %48, 0 %50 = add i64 %47, -1 %51 = or i1 %44, %49 br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 %64 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %42, i64 %58, i64* %42) #6, !srcloc !12 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %74, label %67 %68 = add i32 %56, 1 %69 = zext i32 %68 to i64 %70 = icmp ugt i64 %50, %69 %71 = select i1 %70, i32 %68, i32 0 br label %72 %73 = phi i32 [ %71, %67 ], [ 0, %60 ] br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sbitmap_get 1 __sbitmap_queue_get 2 __blk_mq_get_driver_tag 3 __blk_mq_try_issue_directly 4 blk_mq_request_issue_directly 5 blk_mq_try_issue_list_directly 6 blk_mq_sched_insert_requests 7 blk_mq_flush_plug_list 8 blk_flush_plug 9 blk_finish_plug 10 do_madvise 11 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %210 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %211 = load %struct.mm_struct*, %struct.mm_struct** %210, align 8 %212 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %213 = load i64, i64* %212, align 8 switch i32 %3, label %254 [ i32 0, label %214 i32 2, label %216 i32 1, label %219 i32 10, label %222 i32 11, label %224 i32 18, label %229 i32 19, label %238 i32 16, label %240 i32 17, label %242 i32 15, label %250 i32 14, label %250 ] %243 = and i64 %213, 4194304 %244 = icmp ne i64 %243, 0 %245 = and i64 %213, 268715008 %246 = icmp eq i64 %245, 0 %247 = or i1 %244, %246 br i1 %247, label %248, label %329 %330 = phi i32 [ -12, %53 ], [ %328, %327 ], [ -22, %242 ], [ -12, %284 ], [ -12, %273 ], [ -22, %229 ], [ -22, %224 ], [ -22, %141 ], [ -22, %136 ], [ %81, %312 ], [ -12, %78 ], [ %81, %310 ], [ -12, %323 ] call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 Function:blk_mq_try_issue_list_directly %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %1, i64 0, i32 0 %4 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %5 = icmp eq %struct.list_head* %4, %1 br i1 %5, label %51, label %6 %7 = phi %struct.list_head* [ %49, %46 ], [ %4, %2 ] %8 = phi i32 [ %48, %46 ], [ 0, %2 ] %9 = phi i32 [ %47, %46 ], [ 0, %2 ] %10 = getelementptr %struct.list_head, %struct.list_head* %7, i64 -5, i32 1 %11 = bitcast %struct.list_head** %10 to %struct.request.294838* %12 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store volatile %struct.list_head* %7, %struct.list_head** %14, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 %18 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %19 = icmp eq %struct.list_head* %18, %1 %20 = tail call zeroext i8 @blk_mq_request_issue_directly(%struct.request.294838* %11, i1 zeroext %19) #83 Function:blk_mq_request_issue_directly %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %4 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %3, align 8 %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %4, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %10 tail call void @__rcu_read_lock() #83 br label %13 %14 = phi i32 [ 0, %9 ], [ %12, %10 ] %15 = tail call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.294739* %4, %struct.request.294838* %0, i1 zeroext true, i1 zeroext %1) #84 Function:__blk_mq_try_issue_directly %5 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 0 %6 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %7 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %71 %12 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 16777216 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %71 %17 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4194304 %20 = icmp eq i32 %19, 0 %21 = or i1 %20, %2 br i1 %21, label %22, label %70 %23 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 5 %24 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %23, align 8 %25 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %24, i64 0, i32 2 %26 = load i32 (%struct.request_queue.294830*)*, i32 (%struct.request_queue.294830*)** %25, align 8 %27 = icmp eq i32 (%struct.request_queue.294830*)* %26, null br i1 %27, label %35, label %28 %29 = tail call i32 %26(%struct.request_queue.294830* %6) #83 %30 = icmp slt i32 %29, 0 br i1 %30, label %70, label %31 %32 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %33 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %32, i64 0, i32 5 %34 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %33, align 8 br label %35 %36 = phi %struct.blk_mq_ops.294818* [ %34, %31 ], [ %24, %22 ] %37 = phi i32 [ %29, %31 ], [ 0, %22 ] %38 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %36, i64 0, i32 4 %39 = load void (%struct.request.294838*, i32)*, void (%struct.request.294838*, i32)** %38, align 8 %40 = icmp eq void (%struct.request.294838*, i32)* %39, null br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %44 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %43, align 8 %45 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, -1 br i1 %47, label %60, label %48 %61 = tail call zeroext i1 @__blk_mq_get_driver_tag(%struct.blk_mq_hw_ctx.294739* %44, %struct.request.294838* %1) #83 Function:__blk_mq_get_driver_tag %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, -1 br i1 %5, label %6, label %89 %7 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %8 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 19 %10 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %9, align 64 %11 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 3 %12 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 5 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 2 %17 = icmp eq i64 %16, 0 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 bitcast (i1 (%struct.blk_mq_hw_ctx.295159*)* @__blk_mq_tag_busy to i1 (%struct.blk_mq_hw_ctx.294739*)*)(%struct.blk_mq_hw_ctx.294739* %8) #83 %20 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 br label %21 %22 = phi %struct.blk_mq_hw_ctx.294739* [ %8, %6 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 20 %24 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %23, align 8 %25 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 6 %26 = load i32, i32* %25, align 4 %27 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %24, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, %26 br i1 %29, label %30, label %34 %35 = icmp eq %struct.blk_mq_hw_ctx.294739* %22, null br i1 %35, label %82, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = and i64 %38, 2 %40 = icmp eq i64 %39, 0 br i1 %40, label %82, label %41 %42 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %11, i64 0, i32 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %82, label %45 %46 = and i64 %38, 8 %47 = icmp eq i64 %46, 0 br i1 %47, label %55, label %48 %56 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 0, i32 2 %57 = load volatile i64, i64* %56, align 8 %58 = and i64 %57, 2 %59 = icmp eq i64 %58, 0 br i1 %59, label %82, label %60 %61 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 19 %62 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %61, align 64 %63 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %62, i64 0, i32 2, i32 0 %64 = load volatile i32, i32* %63, align 4 %65 = icmp eq i32 %64, 0 br i1 %65, label %82, label %66 %67 = add i32 %43, -1 %68 = add i32 %67, %64 %69 = udiv i32 %68, %64 %70 = icmp ugt i32 %69, 4 %71 = select i1 %70, i32 %69, i32 4 br i1 %47, label %76, label %72 %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 25, i32 0 br label %78 %79 = phi i32* [ %75, %72 ], [ %77, %76 ] %80 = load volatile i32, i32* %79, align 4 %81 = icmp ult i32 %80, %71 br i1 %81, label %82, label %118 %83 = phi %struct.sbitmap_queue* [ %33, %30 ], [ %11, %78 ], [ %11, %48 ], [ %11, %36 ], [ %11, %34 ], [ %11, %41 ], [ %11, %55 ], [ %11, %60 ] %84 = phi i32 [ 0, %30 ], [ %13, %78 ], [ %13, %48 ], [ %13, %36 ], [ %13, %34 ], [ %13, %41 ], [ %13, %55 ], [ %13, %60 ] %85 = tail call i32 @__sbitmap_queue_get(%struct.sbitmap_queue* %83) #83 Function:__sbitmap_queue_get %2 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %0, i64 0, i32 0 %3 = tail call i32 @sbitmap_get(%struct.sbitmap* %2) #83 Function:sbitmap_get %2 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 5 %3 = load i32*, i32** %2, align 8 %4 = icmp eq i32* %3, null br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 0 %8 = load volatile i32, i32* %7, align 8 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %3) #6, !srcloc !8 %10 = icmp ult i32 %9, %8 br i1 %10, label %19, label %11, !prof !9, !misexpect !5 %20 = phi i32 [ %17, %16 ], [ %9, %6 ] %21 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 3 %24 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %96, label %27 %28 = load i8, i8* %23, align 4, !range !11 %29 = icmp eq i8 %28, 0 %30 = shl nsw i32 -1, %22 %31 = xor i32 %30, -1 %32 = and i32 %20, %31 %33 = select i1 %29, i32 0, i32 %32 %34 = lshr i32 %20, %22 %35 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 4 br label %36 %37 = phi i32 [ %34, %27 ], [ %87, %83 ] %38 = phi i32 [ 0, %27 ], [ %88, %83 ] %39 = phi i32 [ %33, %27 ], [ 0, %83 ] %40 = load %struct.sbitmap_word*, %struct.sbitmap_word** %35, align 8 %41 = sext i32 %37 to i64 %42 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 2 %43 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 0 %44 = icmp eq i32 %39, 0 %45 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 4 br label %46 %47 = load i64, i64* %43, align 64 %48 = load i8, i8* %23, align 4, !range !11 %49 = icmp ne i8 %48, 0 %50 = add i64 %47, -1 %51 = or i1 %44, %49 br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 %64 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %42, i64 %58, i64* %42) #6, !srcloc !12 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %74, label %67 %68 = add i32 %56, 1 %69 = zext i32 %68 to i64 %70 = icmp ugt i64 %50, %69 %71 = select i1 %70, i32 %68, i32 0 br label %72 %73 = phi i32 [ %71, %67 ], [ 0, %60 ] br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sbitmap_get 1 __sbitmap_queue_get 2 __blk_mq_get_driver_tag 3 __blk_mq_try_issue_directly 4 blk_mq_request_issue_directly 5 blk_mq_try_issue_list_directly 6 blk_mq_sched_insert_requests 7 blk_mq_flush_plug_list 8 blk_flush_plug 9 blk_finish_plug 10 do_madvise 11 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %210 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %211 = load %struct.mm_struct*, %struct.mm_struct** %210, align 8 %212 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %213 = load i64, i64* %212, align 8 switch i32 %3, label %254 [ i32 0, label %214 i32 2, label %216 i32 1, label %219 i32 10, label %222 i32 11, label %224 i32 18, label %229 i32 19, label %238 i32 16, label %240 i32 17, label %242 i32 15, label %250 i32 14, label %250 ] %243 = and i64 %213, 4194304 %244 = icmp ne i64 %243, 0 %245 = and i64 %213, 268715008 %246 = icmp eq i64 %245, 0 %247 = or i1 %244, %246 br i1 %247, label %248, label %329 %330 = phi i32 [ -12, %53 ], [ %328, %327 ], [ -22, %242 ], [ -12, %284 ], [ -12, %273 ], [ -22, %229 ], [ -22, %224 ], [ -22, %141 ], [ -22, %136 ], [ %81, %312 ], [ -12, %78 ], [ %81, %310 ], [ -12, %323 ] call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 Function:blk_mq_try_issue_list_directly %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %1, i64 0, i32 0 %4 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %5 = icmp eq %struct.list_head* %4, %1 br i1 %5, label %51, label %6 %7 = phi %struct.list_head* [ %49, %46 ], [ %4, %2 ] %8 = phi i32 [ %48, %46 ], [ 0, %2 ] %9 = phi i32 [ %47, %46 ], [ 0, %2 ] %10 = getelementptr %struct.list_head, %struct.list_head* %7, i64 -5, i32 1 %11 = bitcast %struct.list_head** %10 to %struct.request.294838* %12 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store volatile %struct.list_head* %7, %struct.list_head** %14, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 %18 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %19 = icmp eq %struct.list_head* %18, %1 %20 = tail call zeroext i8 @blk_mq_request_issue_directly(%struct.request.294838* %11, i1 zeroext %19) #83 Function:blk_mq_request_issue_directly %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %4 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %3, align 8 %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %4, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %10 tail call void @__rcu_read_lock() #83 br label %13 %14 = phi i32 [ 0, %9 ], [ %12, %10 ] %15 = tail call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.294739* %4, %struct.request.294838* %0, i1 zeroext true, i1 zeroext %1) #84 Function:__blk_mq_try_issue_directly %5 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 0 %6 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %7 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %71 %12 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 16777216 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %71 %17 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4194304 %20 = icmp eq i32 %19, 0 %21 = or i1 %20, %2 br i1 %21, label %22, label %70 %23 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 5 %24 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %23, align 8 %25 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %24, i64 0, i32 2 %26 = load i32 (%struct.request_queue.294830*)*, i32 (%struct.request_queue.294830*)** %25, align 8 %27 = icmp eq i32 (%struct.request_queue.294830*)* %26, null br i1 %27, label %35, label %28 %29 = tail call i32 %26(%struct.request_queue.294830* %6) #83 %30 = icmp slt i32 %29, 0 br i1 %30, label %70, label %31 %32 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %33 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %32, i64 0, i32 5 %34 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %33, align 8 br label %35 %36 = phi %struct.blk_mq_ops.294818* [ %34, %31 ], [ %24, %22 ] %37 = phi i32 [ %29, %31 ], [ 0, %22 ] %38 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %36, i64 0, i32 4 %39 = load void (%struct.request.294838*, i32)*, void (%struct.request.294838*, i32)** %38, align 8 %40 = icmp eq void (%struct.request.294838*, i32)* %39, null br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %44 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %43, align 8 %45 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, -1 br i1 %47, label %60, label %48 %61 = tail call zeroext i1 @__blk_mq_get_driver_tag(%struct.blk_mq_hw_ctx.294739* %44, %struct.request.294838* %1) #83 Function:__blk_mq_get_driver_tag %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, -1 br i1 %5, label %6, label %89 %7 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %8 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 19 %10 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %9, align 64 %11 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 3 %12 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 5 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 2 %17 = icmp eq i64 %16, 0 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 bitcast (i1 (%struct.blk_mq_hw_ctx.295159*)* @__blk_mq_tag_busy to i1 (%struct.blk_mq_hw_ctx.294739*)*)(%struct.blk_mq_hw_ctx.294739* %8) #83 %20 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 br label %21 %22 = phi %struct.blk_mq_hw_ctx.294739* [ %8, %6 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 20 %24 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %23, align 8 %25 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 6 %26 = load i32, i32* %25, align 4 %27 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %24, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, %26 br i1 %29, label %30, label %34 %35 = icmp eq %struct.blk_mq_hw_ctx.294739* %22, null br i1 %35, label %82, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = and i64 %38, 2 %40 = icmp eq i64 %39, 0 br i1 %40, label %82, label %41 %42 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %11, i64 0, i32 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %82, label %45 %46 = and i64 %38, 8 %47 = icmp eq i64 %46, 0 br i1 %47, label %55, label %48 %56 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 0, i32 2 %57 = load volatile i64, i64* %56, align 8 %58 = and i64 %57, 2 %59 = icmp eq i64 %58, 0 br i1 %59, label %82, label %60 %61 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 19 %62 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %61, align 64 %63 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %62, i64 0, i32 2, i32 0 %64 = load volatile i32, i32* %63, align 4 %65 = icmp eq i32 %64, 0 br i1 %65, label %82, label %66 %67 = add i32 %43, -1 %68 = add i32 %67, %64 %69 = udiv i32 %68, %64 %70 = icmp ugt i32 %69, 4 %71 = select i1 %70, i32 %69, i32 4 br i1 %47, label %76, label %72 %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 25, i32 0 br label %78 %79 = phi i32* [ %75, %72 ], [ %77, %76 ] %80 = load volatile i32, i32* %79, align 4 %81 = icmp ult i32 %80, %71 br i1 %81, label %82, label %118 %83 = phi %struct.sbitmap_queue* [ %33, %30 ], [ %11, %78 ], [ %11, %48 ], [ %11, %36 ], [ %11, %34 ], [ %11, %41 ], [ %11, %55 ], [ %11, %60 ] %84 = phi i32 [ 0, %30 ], [ %13, %78 ], [ %13, %48 ], [ %13, %36 ], [ %13, %34 ], [ %13, %41 ], [ %13, %55 ], [ %13, %60 ] %85 = tail call i32 @__sbitmap_queue_get(%struct.sbitmap_queue* %83) #83 Function:__sbitmap_queue_get %2 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %0, i64 0, i32 0 %3 = tail call i32 @sbitmap_get(%struct.sbitmap* %2) #83 Function:sbitmap_get %2 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 5 %3 = load i32*, i32** %2, align 8 %4 = icmp eq i32* %3, null br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 0 %8 = load volatile i32, i32* %7, align 8 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %3) #6, !srcloc !8 %10 = icmp ult i32 %9, %8 br i1 %10, label %19, label %11, !prof !9, !misexpect !5 %20 = phi i32 [ %17, %16 ], [ %9, %6 ] %21 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 3 %24 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %96, label %27 %28 = load i8, i8* %23, align 4, !range !11 %29 = icmp eq i8 %28, 0 %30 = shl nsw i32 -1, %22 %31 = xor i32 %30, -1 %32 = and i32 %20, %31 %33 = select i1 %29, i32 0, i32 %32 %34 = lshr i32 %20, %22 %35 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 4 br label %36 %37 = phi i32 [ %34, %27 ], [ %87, %83 ] %38 = phi i32 [ 0, %27 ], [ %88, %83 ] %39 = phi i32 [ %33, %27 ], [ 0, %83 ] %40 = load %struct.sbitmap_word*, %struct.sbitmap_word** %35, align 8 %41 = sext i32 %37 to i64 %42 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 2 %43 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 0 %44 = icmp eq i32 %39, 0 %45 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 4 br label %46 %47 = load i64, i64* %43, align 64 %48 = load i8, i8* %23, align 4, !range !11 %49 = icmp ne i8 %48, 0 %50 = add i64 %47, -1 %51 = or i1 %44, %49 br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 %64 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %42, i64 %58, i64* %42) #6, !srcloc !12 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %74, label %67 %68 = add i32 %56, 1 %69 = zext i32 %68 to i64 %70 = icmp ugt i64 %50, %69 %71 = select i1 %70, i32 %68, i32 0 br label %72 %73 = phi i32 [ %71, %67 ], [ 0, %60 ] br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sbitmap_get 1 __sbitmap_queue_get 2 __blk_mq_get_driver_tag 3 __blk_mq_try_issue_directly 4 blk_mq_request_issue_directly 5 blk_mq_try_issue_list_directly 6 blk_mq_sched_insert_requests 7 blk_mq_flush_plug_list 8 blk_flush_plug 9 blk_finish_plug 10 __ia32_compat_sys_io_submit ------------- Path:  Function:__ia32_compat_sys_io_submit %2 = alloca %struct.blk_plug, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %6 to i32 %11 = inttoptr i64 %9 to i32* %12 = bitcast %struct.blk_plug* %2 to i8* %13 = icmp sgt i32 %10, -1 br i1 %13, label %14, label %82, !prof !4, !misexpect !5 %15 = and i64 %4, 4294967295 %16 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %15) #83 %17 = icmp eq %struct.kioctx* %16, null br i1 %17, label %82, label %18, !prof !6, !misexpect !5 %19 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %16, i64 0, i32 7 %20 = load i32, i32* %19, align 64 %21 = icmp ult i32 %20, %10 %22 = select i1 %21, i32 %20, i32 %10 %23 = icmp sgt i32 %22, 2 br i1 %23, label %24, label %25 %26 = icmp sgt i32 %22, 0 br i1 %26, label %27, label %57 %28 = zext i32 %22 to i64 br label %29 %30 = phi i64 [ 0, %27 ], [ %46, %45 ] %32 = getelementptr i32, i32* %11, i64 %30 %33 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %32, i64 4, i64 %31) #6, !srcloc !7 %34 = extractvalue { i32*, i32, i64 } %33, 0 %35 = extractvalue { i32*, i32, i64 } %33, 2 %36 = ptrtoint i32* %34 to i64 %37 = and i64 %36, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %51, !prof !4, !misexpect !5 %40 = extractvalue { i32*, i32, i64 } %33, 1 %41 = zext i32 %40 to i64 %42 = inttoptr i64 %41 to %struct.iocb* %43 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %16, %struct.iocb* %42, i1 zeroext true) #83 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %48 %46 = add nuw nsw i64 %30, 1 %47 = icmp eq i64 %46, %28 br i1 %47, label %53, label %29 %54 = phi i32 [ %49, %48 ], [ %52, %51 ], [ %22, %45 ] %55 = phi i64 [ %50, %48 ], [ -14, %51 ], [ 0, %45 ] br i1 %23, label %56, label %57 call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %2) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 Function:blk_mq_try_issue_list_directly %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %1, i64 0, i32 0 %4 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %5 = icmp eq %struct.list_head* %4, %1 br i1 %5, label %51, label %6 %7 = phi %struct.list_head* [ %49, %46 ], [ %4, %2 ] %8 = phi i32 [ %48, %46 ], [ 0, %2 ] %9 = phi i32 [ %47, %46 ], [ 0, %2 ] %10 = getelementptr %struct.list_head, %struct.list_head* %7, i64 -5, i32 1 %11 = bitcast %struct.list_head** %10 to %struct.request.294838* %12 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store volatile %struct.list_head* %7, %struct.list_head** %14, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 %18 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %19 = icmp eq %struct.list_head* %18, %1 %20 = tail call zeroext i8 @blk_mq_request_issue_directly(%struct.request.294838* %11, i1 zeroext %19) #83 Function:blk_mq_request_issue_directly %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %4 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %3, align 8 %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %4, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %10 tail call void @__rcu_read_lock() #83 br label %13 %14 = phi i32 [ 0, %9 ], [ %12, %10 ] %15 = tail call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.294739* %4, %struct.request.294838* %0, i1 zeroext true, i1 zeroext %1) #84 Function:__blk_mq_try_issue_directly %5 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 0 %6 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %7 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %71 %12 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 16777216 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %71 %17 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4194304 %20 = icmp eq i32 %19, 0 %21 = or i1 %20, %2 br i1 %21, label %22, label %70 %23 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 5 %24 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %23, align 8 %25 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %24, i64 0, i32 2 %26 = load i32 (%struct.request_queue.294830*)*, i32 (%struct.request_queue.294830*)** %25, align 8 %27 = icmp eq i32 (%struct.request_queue.294830*)* %26, null br i1 %27, label %35, label %28 %29 = tail call i32 %26(%struct.request_queue.294830* %6) #83 %30 = icmp slt i32 %29, 0 br i1 %30, label %70, label %31 %32 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %33 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %32, i64 0, i32 5 %34 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %33, align 8 br label %35 %36 = phi %struct.blk_mq_ops.294818* [ %34, %31 ], [ %24, %22 ] %37 = phi i32 [ %29, %31 ], [ 0, %22 ] %38 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %36, i64 0, i32 4 %39 = load void (%struct.request.294838*, i32)*, void (%struct.request.294838*, i32)** %38, align 8 %40 = icmp eq void (%struct.request.294838*, i32)* %39, null br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %44 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %43, align 8 %45 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, -1 br i1 %47, label %60, label %48 %61 = tail call zeroext i1 @__blk_mq_get_driver_tag(%struct.blk_mq_hw_ctx.294739* %44, %struct.request.294838* %1) #83 Function:__blk_mq_get_driver_tag %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, -1 br i1 %5, label %6, label %89 %7 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %8 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 19 %10 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %9, align 64 %11 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 3 %12 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 5 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 2 %17 = icmp eq i64 %16, 0 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 bitcast (i1 (%struct.blk_mq_hw_ctx.295159*)* @__blk_mq_tag_busy to i1 (%struct.blk_mq_hw_ctx.294739*)*)(%struct.blk_mq_hw_ctx.294739* %8) #83 %20 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 br label %21 %22 = phi %struct.blk_mq_hw_ctx.294739* [ %8, %6 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 20 %24 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %23, align 8 %25 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 6 %26 = load i32, i32* %25, align 4 %27 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %24, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, %26 br i1 %29, label %30, label %34 %35 = icmp eq %struct.blk_mq_hw_ctx.294739* %22, null br i1 %35, label %82, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = and i64 %38, 2 %40 = icmp eq i64 %39, 0 br i1 %40, label %82, label %41 %42 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %11, i64 0, i32 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %82, label %45 %46 = and i64 %38, 8 %47 = icmp eq i64 %46, 0 br i1 %47, label %55, label %48 %56 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 0, i32 2 %57 = load volatile i64, i64* %56, align 8 %58 = and i64 %57, 2 %59 = icmp eq i64 %58, 0 br i1 %59, label %82, label %60 %61 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 19 %62 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %61, align 64 %63 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %62, i64 0, i32 2, i32 0 %64 = load volatile i32, i32* %63, align 4 %65 = icmp eq i32 %64, 0 br i1 %65, label %82, label %66 %67 = add i32 %43, -1 %68 = add i32 %67, %64 %69 = udiv i32 %68, %64 %70 = icmp ugt i32 %69, 4 %71 = select i1 %70, i32 %69, i32 4 br i1 %47, label %76, label %72 %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 25, i32 0 br label %78 %79 = phi i32* [ %75, %72 ], [ %77, %76 ] %80 = load volatile i32, i32* %79, align 4 %81 = icmp ult i32 %80, %71 br i1 %81, label %82, label %118 %83 = phi %struct.sbitmap_queue* [ %33, %30 ], [ %11, %78 ], [ %11, %48 ], [ %11, %36 ], [ %11, %34 ], [ %11, %41 ], [ %11, %55 ], [ %11, %60 ] %84 = phi i32 [ 0, %30 ], [ %13, %78 ], [ %13, %48 ], [ %13, %36 ], [ %13, %34 ], [ %13, %41 ], [ %13, %55 ], [ %13, %60 ] %85 = tail call i32 @__sbitmap_queue_get(%struct.sbitmap_queue* %83) #83 Function:__sbitmap_queue_get %2 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %0, i64 0, i32 0 %3 = tail call i32 @sbitmap_get(%struct.sbitmap* %2) #83 Function:sbitmap_get %2 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 5 %3 = load i32*, i32** %2, align 8 %4 = icmp eq i32* %3, null br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 0 %8 = load volatile i32, i32* %7, align 8 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %3) #6, !srcloc !8 %10 = icmp ult i32 %9, %8 br i1 %10, label %19, label %11, !prof !9, !misexpect !5 %20 = phi i32 [ %17, %16 ], [ %9, %6 ] %21 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 3 %24 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %96, label %27 %28 = load i8, i8* %23, align 4, !range !11 %29 = icmp eq i8 %28, 0 %30 = shl nsw i32 -1, %22 %31 = xor i32 %30, -1 %32 = and i32 %20, %31 %33 = select i1 %29, i32 0, i32 %32 %34 = lshr i32 %20, %22 %35 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 4 br label %36 %37 = phi i32 [ %34, %27 ], [ %87, %83 ] %38 = phi i32 [ 0, %27 ], [ %88, %83 ] %39 = phi i32 [ %33, %27 ], [ 0, %83 ] %40 = load %struct.sbitmap_word*, %struct.sbitmap_word** %35, align 8 %41 = sext i32 %37 to i64 %42 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 2 %43 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 0 %44 = icmp eq i32 %39, 0 %45 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 4 br label %46 %47 = load i64, i64* %43, align 64 %48 = load i8, i8* %23, align 4, !range !11 %49 = icmp ne i8 %48, 0 %50 = add i64 %47, -1 %51 = or i1 %44, %49 br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 %64 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %42, i64 %58, i64* %42) #6, !srcloc !12 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %74, label %67 %68 = add i32 %56, 1 %69 = zext i32 %68 to i64 %70 = icmp ugt i64 %50, %69 %71 = select i1 %70, i32 %68, i32 0 br label %72 %73 = phi i32 [ %71, %67 ], [ 0, %60 ] br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sbitmap_get 1 __sbitmap_queue_get 2 __blk_mq_get_driver_tag 3 __blk_mq_try_issue_directly 4 blk_mq_request_issue_directly 5 blk_mq_try_issue_list_directly 6 blk_mq_sched_insert_requests 7 blk_mq_flush_plug_list 8 blk_flush_plug 9 bio_poll 10 iocb_bio_iopoll ------------- Path:  Function:iocb_bio_iopoll tail call void @__rcu_read_lock() #83 %4 = getelementptr inbounds %struct.kiocb.290504, %struct.kiocb.290504* %0, i64 0, i32 3 %5 = load volatile i8*, i8** %4, align 8 %6 = bitcast i8* %5 to %struct.bio.290594* %7 = icmp eq i8* %5, null br i1 %7, label %15, label %8 %9 = getelementptr inbounds i8, i8* %5, i64 8 %10 = bitcast i8* %9 to %struct.block_device.290586** %11 = load %struct.block_device.290586*, %struct.block_device.290586** %10, align 8 %12 = icmp eq %struct.block_device.290586* %11, null br i1 %12, label %15, label %13 %14 = tail call i32 @bio_poll(%struct.bio.290594* nonnull %6, %struct.io_comp_batch.290810* %1, i32 %2) #84 Function:bio_poll %4 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %5 = load %struct.block_device.290586*, %struct.block_device.290586** %4, align 8 %6 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %5, i64 0, i32 18 %7 = load %struct.request_queue.290802*, %struct.request_queue.290802** %6, align 8 %8 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 9 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, -1 br i1 %10, label %54, label %11 %12 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %7, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 65536 %15 = icmp eq i64 %14, 0 br i1 %15, label %54, label %16 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.290793* %19 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %18, i64 0, i32 129 %20 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %19, align 8 %21 = icmp eq %struct.blk_plug.290756* %20, null br i1 %21, label %23, label %22 tail call void @blk_flush_plug(%struct.blk_plug.290756* nonnull %20, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 Function:blk_mq_try_issue_list_directly %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %1, i64 0, i32 0 %4 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %5 = icmp eq %struct.list_head* %4, %1 br i1 %5, label %51, label %6 %7 = phi %struct.list_head* [ %49, %46 ], [ %4, %2 ] %8 = phi i32 [ %48, %46 ], [ 0, %2 ] %9 = phi i32 [ %47, %46 ], [ 0, %2 ] %10 = getelementptr %struct.list_head, %struct.list_head* %7, i64 -5, i32 1 %11 = bitcast %struct.list_head** %10 to %struct.request.294838* %12 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store volatile %struct.list_head* %7, %struct.list_head** %14, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 %18 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %19 = icmp eq %struct.list_head* %18, %1 %20 = tail call zeroext i8 @blk_mq_request_issue_directly(%struct.request.294838* %11, i1 zeroext %19) #83 Function:blk_mq_request_issue_directly %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %4 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %3, align 8 %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %4, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %10 tail call void @__rcu_read_lock() #83 br label %13 %14 = phi i32 [ 0, %9 ], [ %12, %10 ] %15 = tail call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.294739* %4, %struct.request.294838* %0, i1 zeroext true, i1 zeroext %1) #84 Function:__blk_mq_try_issue_directly %5 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 0 %6 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %7 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %71 %12 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 16777216 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %71 %17 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4194304 %20 = icmp eq i32 %19, 0 %21 = or i1 %20, %2 br i1 %21, label %22, label %70 %23 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 5 %24 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %23, align 8 %25 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %24, i64 0, i32 2 %26 = load i32 (%struct.request_queue.294830*)*, i32 (%struct.request_queue.294830*)** %25, align 8 %27 = icmp eq i32 (%struct.request_queue.294830*)* %26, null br i1 %27, label %35, label %28 %29 = tail call i32 %26(%struct.request_queue.294830* %6) #83 %30 = icmp slt i32 %29, 0 br i1 %30, label %70, label %31 %32 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %33 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %32, i64 0, i32 5 %34 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %33, align 8 br label %35 %36 = phi %struct.blk_mq_ops.294818* [ %34, %31 ], [ %24, %22 ] %37 = phi i32 [ %29, %31 ], [ 0, %22 ] %38 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %36, i64 0, i32 4 %39 = load void (%struct.request.294838*, i32)*, void (%struct.request.294838*, i32)** %38, align 8 %40 = icmp eq void (%struct.request.294838*, i32)* %39, null br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %44 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %43, align 8 %45 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, -1 br i1 %47, label %60, label %48 %61 = tail call zeroext i1 @__blk_mq_get_driver_tag(%struct.blk_mq_hw_ctx.294739* %44, %struct.request.294838* %1) #83 Function:__blk_mq_get_driver_tag %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, -1 br i1 %5, label %6, label %89 %7 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %8 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 19 %10 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %9, align 64 %11 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 3 %12 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 5 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 2 %17 = icmp eq i64 %16, 0 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 bitcast (i1 (%struct.blk_mq_hw_ctx.295159*)* @__blk_mq_tag_busy to i1 (%struct.blk_mq_hw_ctx.294739*)*)(%struct.blk_mq_hw_ctx.294739* %8) #83 %20 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 br label %21 %22 = phi %struct.blk_mq_hw_ctx.294739* [ %8, %6 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 20 %24 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %23, align 8 %25 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 6 %26 = load i32, i32* %25, align 4 %27 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %24, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, %26 br i1 %29, label %30, label %34 %35 = icmp eq %struct.blk_mq_hw_ctx.294739* %22, null br i1 %35, label %82, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = and i64 %38, 2 %40 = icmp eq i64 %39, 0 br i1 %40, label %82, label %41 %42 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %11, i64 0, i32 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %82, label %45 %46 = and i64 %38, 8 %47 = icmp eq i64 %46, 0 br i1 %47, label %55, label %48 %56 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 0, i32 2 %57 = load volatile i64, i64* %56, align 8 %58 = and i64 %57, 2 %59 = icmp eq i64 %58, 0 br i1 %59, label %82, label %60 %61 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 19 %62 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %61, align 64 %63 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %62, i64 0, i32 2, i32 0 %64 = load volatile i32, i32* %63, align 4 %65 = icmp eq i32 %64, 0 br i1 %65, label %82, label %66 %67 = add i32 %43, -1 %68 = add i32 %67, %64 %69 = udiv i32 %68, %64 %70 = icmp ugt i32 %69, 4 %71 = select i1 %70, i32 %69, i32 4 br i1 %47, label %76, label %72 %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 25, i32 0 br label %78 %79 = phi i32* [ %75, %72 ], [ %77, %76 ] %80 = load volatile i32, i32* %79, align 4 %81 = icmp ult i32 %80, %71 br i1 %81, label %82, label %118 %83 = phi %struct.sbitmap_queue* [ %33, %30 ], [ %11, %78 ], [ %11, %48 ], [ %11, %36 ], [ %11, %34 ], [ %11, %41 ], [ %11, %55 ], [ %11, %60 ] %84 = phi i32 [ 0, %30 ], [ %13, %78 ], [ %13, %48 ], [ %13, %36 ], [ %13, %34 ], [ %13, %41 ], [ %13, %55 ], [ %13, %60 ] %85 = tail call i32 @__sbitmap_queue_get(%struct.sbitmap_queue* %83) #83 Function:__sbitmap_queue_get %2 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %0, i64 0, i32 0 %3 = tail call i32 @sbitmap_get(%struct.sbitmap* %2) #83 Function:sbitmap_get %2 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 5 %3 = load i32*, i32** %2, align 8 %4 = icmp eq i32* %3, null br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 0 %8 = load volatile i32, i32* %7, align 8 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %3) #6, !srcloc !8 %10 = icmp ult i32 %9, %8 br i1 %10, label %19, label %11, !prof !9, !misexpect !5 %20 = phi i32 [ %17, %16 ], [ %9, %6 ] %21 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 3 %24 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %96, label %27 %28 = load i8, i8* %23, align 4, !range !11 %29 = icmp eq i8 %28, 0 %30 = shl nsw i32 -1, %22 %31 = xor i32 %30, -1 %32 = and i32 %20, %31 %33 = select i1 %29, i32 0, i32 %32 %34 = lshr i32 %20, %22 %35 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 4 br label %36 %37 = phi i32 [ %34, %27 ], [ %87, %83 ] %38 = phi i32 [ 0, %27 ], [ %88, %83 ] %39 = phi i32 [ %33, %27 ], [ 0, %83 ] %40 = load %struct.sbitmap_word*, %struct.sbitmap_word** %35, align 8 %41 = sext i32 %37 to i64 %42 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 2 %43 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 0 %44 = icmp eq i32 %39, 0 %45 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 4 br label %46 %47 = load i64, i64* %43, align 64 %48 = load i8, i8* %23, align 4, !range !11 %49 = icmp ne i8 %48, 0 %50 = add i64 %47, -1 %51 = or i1 %44, %49 br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 %64 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %42, i64 %58, i64* %42) #6, !srcloc !12 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %74, label %67 %68 = add i32 %56, 1 %69 = zext i32 %68 to i64 %70 = icmp ugt i64 %50, %69 %71 = select i1 %70, i32 %68, i32 0 br label %72 %73 = phi i32 [ %71, %67 ], [ 0, %60 ] br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 sbitmap_get 1 __sbitmap_queue_get 2 __blk_mq_get_driver_tag 3 __blk_mq_try_issue_directly 4 blk_mq_request_issue_directly 5 blk_mq_try_issue_list_directly 6 blk_mq_sched_insert_requests 7 blk_mq_flush_plug_list 8 blk_flush_plug 9 wakeup_flusher_threads 10 ksys_sync 11 __do_sys_sync ------------- Path:  Function:__do_sys_sync tail call void @ksys_sync() #83 Function:ksys_sync %1 = alloca i32, align 4 %2 = alloca i32, align 4 %3 = bitcast i32* %1 to i8* store i32 0, i32* %1, align 4 %4 = bitcast i32* %2 to i8* store i32 1, i32* %2, align 4 tail call void @wakeup_flusher_threads(i32 2) #83 Function:wakeup_flusher_threads %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 129 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, null br i1 %6, label %17, label %7 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 0 %9 = load %struct.request*, %struct.request** %8, align 8 %10 = icmp eq %struct.request* %9, null br i1 %10, label %11, label %16 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 7 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %17, label %16 tail call void bitcast (void (%struct.blk_plug.290756*, i1)* @blk_flush_plug to void (%struct.blk_plug*, i1)*)(%struct.blk_plug* nonnull %5, i1 zeroext true) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 Function:blk_mq_try_issue_list_directly %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %1, i64 0, i32 0 %4 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %5 = icmp eq %struct.list_head* %4, %1 br i1 %5, label %51, label %6 %7 = phi %struct.list_head* [ %49, %46 ], [ %4, %2 ] %8 = phi i32 [ %48, %46 ], [ 0, %2 ] %9 = phi i32 [ %47, %46 ], [ 0, %2 ] %10 = getelementptr %struct.list_head, %struct.list_head* %7, i64 -5, i32 1 %11 = bitcast %struct.list_head** %10 to %struct.request.294838* %12 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store volatile %struct.list_head* %7, %struct.list_head** %14, align 8 store %struct.list_head* %7, %struct.list_head** %12, align 8 %18 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %19 = icmp eq %struct.list_head* %18, %1 %20 = tail call zeroext i8 @blk_mq_request_issue_directly(%struct.request.294838* %11, i1 zeroext %19) #83 Function:blk_mq_request_issue_directly %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %4 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %3, align 8 %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %4, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %10 tail call void @__rcu_read_lock() #83 br label %13 %14 = phi i32 [ 0, %9 ], [ %12, %10 ] %15 = tail call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.294739* %4, %struct.request.294838* %0, i1 zeroext true, i1 zeroext %1) #84 Function:__blk_mq_try_issue_directly %5 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 0 %6 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %7 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %71 %12 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 16777216 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %71 %17 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4194304 %20 = icmp eq i32 %19, 0 %21 = or i1 %20, %2 br i1 %21, label %22, label %70 %23 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %6, i64 0, i32 5 %24 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %23, align 8 %25 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %24, i64 0, i32 2 %26 = load i32 (%struct.request_queue.294830*)*, i32 (%struct.request_queue.294830*)** %25, align 8 %27 = icmp eq i32 (%struct.request_queue.294830*)* %26, null br i1 %27, label %35, label %28 %29 = tail call i32 %26(%struct.request_queue.294830* %6) #83 %30 = icmp slt i32 %29, 0 br i1 %30, label %70, label %31 %32 = load %struct.request_queue.294830*, %struct.request_queue.294830** %5, align 8 %33 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %32, i64 0, i32 5 %34 = load %struct.blk_mq_ops.294818*, %struct.blk_mq_ops.294818** %33, align 8 br label %35 %36 = phi %struct.blk_mq_ops.294818* [ %34, %31 ], [ %24, %22 ] %37 = phi i32 [ %29, %31 ], [ 0, %22 ] %38 = getelementptr inbounds %struct.blk_mq_ops.294818, %struct.blk_mq_ops.294818* %36, i64 0, i32 4 %39 = load void (%struct.request.294838*, i32)*, void (%struct.request.294838*, i32)** %38, align 8 %40 = icmp eq void (%struct.request.294838*, i32)* %39, null br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %44 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %43, align 8 %45 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, -1 br i1 %47, label %60, label %48 %61 = tail call zeroext i1 @__blk_mq_get_driver_tag(%struct.blk_mq_hw_ctx.294739* %44, %struct.request.294838* %1) #83 Function:__blk_mq_get_driver_tag %3 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, -1 br i1 %5, label %6, label %89 %7 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 2 %8 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 19 %10 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %9, align 64 %11 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 3 %12 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %10, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %8, i64 0, i32 5 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 2 %17 = icmp eq i64 %16, 0 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 bitcast (i1 (%struct.blk_mq_hw_ctx.295159*)* @__blk_mq_tag_busy to i1 (%struct.blk_mq_hw_ctx.294739*)*)(%struct.blk_mq_hw_ctx.294739* %8) #83 %20 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %7, align 8 br label %21 %22 = phi %struct.blk_mq_hw_ctx.294739* [ %8, %6 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 20 %24 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %23, align 8 %25 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %1, i64 0, i32 6 %26 = load i32, i32* %25, align 4 %27 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %24, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, %26 br i1 %29, label %30, label %34 %35 = icmp eq %struct.blk_mq_hw_ctx.294739* %22, null br i1 %35, label %82, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = and i64 %38, 2 %40 = icmp eq i64 %39, 0 br i1 %40, label %82, label %41 %42 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %11, i64 0, i32 0, i32 0 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 1 br i1 %44, label %82, label %45 %46 = and i64 %38, 8 %47 = icmp eq i64 %46, 0 br i1 %47, label %55, label %48 %56 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 0, i32 2 %57 = load volatile i64, i64* %56, align 8 %58 = and i64 %57, 2 %59 = icmp eq i64 %58, 0 br i1 %59, label %82, label %60 %61 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 19 %62 = load %struct.blk_mq_tags.294730*, %struct.blk_mq_tags.294730** %61, align 64 %63 = getelementptr inbounds %struct.blk_mq_tags.294730, %struct.blk_mq_tags.294730* %62, i64 0, i32 2, i32 0 %64 = load volatile i32, i32* %63, align 4 %65 = icmp eq i32 %64, 0 br i1 %65, label %82, label %66 %67 = add i32 %43, -1 %68 = add i32 %67, %64 %69 = udiv i32 %68, %64 %70 = icmp ugt i32 %69, 4 %71 = select i1 %70, i32 %69, i32 4 br i1 %47, label %76, label %72 %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %22, i64 0, i32 25, i32 0 br label %78 %79 = phi i32* [ %75, %72 ], [ %77, %76 ] %80 = load volatile i32, i32* %79, align 4 %81 = icmp ult i32 %80, %71 br i1 %81, label %82, label %118 %83 = phi %struct.sbitmap_queue* [ %33, %30 ], [ %11, %78 ], [ %11, %48 ], [ %11, %36 ], [ %11, %34 ], [ %11, %41 ], [ %11, %55 ], [ %11, %60 ] %84 = phi i32 [ 0, %30 ], [ %13, %78 ], [ %13, %48 ], [ %13, %36 ], [ %13, %34 ], [ %13, %41 ], [ %13, %55 ], [ %13, %60 ] %85 = tail call i32 @__sbitmap_queue_get(%struct.sbitmap_queue* %83) #83 Function:__sbitmap_queue_get %2 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %0, i64 0, i32 0 %3 = tail call i32 @sbitmap_get(%struct.sbitmap* %2) #83 Function:sbitmap_get %2 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 5 %3 = load i32*, i32** %2, align 8 %4 = icmp eq i32* %3, null br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 0 %8 = load volatile i32, i32* %7, align 8 %9 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %3) #6, !srcloc !8 %10 = icmp ult i32 %9, %8 br i1 %10, label %19, label %11, !prof !9, !misexpect !5 %20 = phi i32 [ %17, %16 ], [ %9, %6 ] %21 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 3 %24 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %96, label %27 %28 = load i8, i8* %23, align 4, !range !11 %29 = icmp eq i8 %28, 0 %30 = shl nsw i32 -1, %22 %31 = xor i32 %30, -1 %32 = and i32 %20, %31 %33 = select i1 %29, i32 0, i32 %32 %34 = lshr i32 %20, %22 %35 = getelementptr inbounds %struct.sbitmap, %struct.sbitmap* %0, i64 0, i32 4 br label %36 %37 = phi i32 [ %34, %27 ], [ %87, %83 ] %38 = phi i32 [ 0, %27 ], [ %88, %83 ] %39 = phi i32 [ %33, %27 ], [ 0, %83 ] %40 = load %struct.sbitmap_word*, %struct.sbitmap_word** %35, align 8 %41 = sext i32 %37 to i64 %42 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 2 %43 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 0 %44 = icmp eq i32 %39, 0 %45 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %40, i64 %41, i32 4 br label %46 %47 = load i64, i64* %43, align 64 %48 = load i8, i8* %23, align 4, !range !11 %49 = icmp ne i8 %48, 0 %50 = add i64 %47, -1 %51 = or i1 %44, %49 br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 %64 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %42, i64 %58, i64* %42) #6, !srcloc !12 %65 = and i8 %64, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %74, label %67 %68 = add i32 %56, 1 %69 = zext i32 %68 to i64 %70 = icmp ugt i64 %50, %69 %71 = select i1 %70, i32 %68, i32 0 br label %72 %73 = phi i32 [ %71, %67 ], [ 0, %60 ] br label %52 %53 = phi i32 [ %39, %46 ], [ %73, %72 ] %54 = zext i32 %53 to i64 %55 = tail call i64 @_find_next_bit(i64* %42, i64* null, i64 %47, i64 %54, i64 -1, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_large_bitmap ------------- Path:  Function:proc_do_large_bitmap %6 = alloca [22 x i8], align 16 %7 = alloca i64, align 8 %8 = alloca [3 x i8], align 1 %9 = alloca [3 x i8], align 1 %10 = alloca i8, align 1 %11 = alloca i8*, align 8 %12 = alloca i64, align 8 %13 = alloca i64, align 8 %14 = alloca i8, align 1 %15 = ptrtoint i8* %2 to i64 %16 = bitcast i64* %7 to i8* %17 = load i64, i64* %3, align 8 store i64 %17, i64* %7, align 8 %18 = getelementptr inbounds %struct.ctl_table.50160, %struct.ctl_table.50160* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = sext i32 %19 to i64 %21 = getelementptr inbounds %struct.ctl_table.50160, %struct.ctl_table.50160* %0, i64 0, i32 1 %22 = bitcast i8** %21 to i64*** %23 = load i64**, i64*** %22, align 8 %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds [3 x i8], [3 x i8]* %8, i64 0, i64 0 %26 = getelementptr inbounds [3 x i8], [3 x i8]* %9, i64 0, i64 0 %27 = icmp ne i64* %24, null %28 = icmp ne i32 %19, 0 %29 = and i1 %28, %27 %30 = icmp ne i64 %17, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %37 %33 = load i64, i64* %4, align 8 %34 = icmp eq i64 %33, 0 %35 = icmp ne i32 %1, 0 %36 = or i1 %35, %34 br i1 %36, label %38, label %37 br i1 %35, label %41, label %39 %40 = getelementptr inbounds [22 x i8], [22 x i8]* %6, i64 0, i64 0 br label %141 %142 = phi i8* [ %2, %39 ], [ %194, %192 ] %143 = phi i1 [ true, %39 ], [ false, %192 ] %144 = phi i64 [ 0, %39 ], [ %150, %192 ] %145 = phi i64 [ %15, %39 ], [ %195, %192 ] %146 = tail call i64 @_find_next_bit(i64* nonnull %24, i64* null, i64 %20, i64 %144, i64 0, i64 0) #83 %149 = add nuw i64 %146, 1 %150 = tail call i64 @_find_next_bit(i64* nonnull %24, i64* null, i64 %20, i64 %149, i64 -1, i64 0) #83 %151 = add i64 %150, -1 br i1 %143, label %157, label %152 %153 = inttoptr i64 %145 to i8* store i8 44, i8* %153, align 1 %154 = load i64, i64* %7, align 8 %155 = add i64 %154, -1 store i64 %155, i64* %7, align 8 %156 = getelementptr i8, i8* %153, i64 1 br label %157 %158 = phi i8* [ %142, %148 ], [ %156, %152 ] %159 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %40, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.1.5334, i64 0, i64 0), i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.3.5335, i64 0, i64 0), i64 %146) #83 %160 = call i64 @strlen(i8* nonnull %40) #83 %161 = shl i64 %160, 32 %162 = ashr exact i64 %161, 32 %163 = load i64, i64* %7, align 8 %164 = icmp ugt i64 %162, %163 %165 = select i1 %164, i64 %163, i64 %160 %166 = shl i64 %165, 32 %167 = ashr exact i64 %166, 32 %168 = load i64, i64* %7, align 8 %169 = sub i64 %168, %167 store i64 %169, i64* %7, align 8 %170 = getelementptr i8, i8* %158, i64 %167 %171 = icmp eq i64 %146, %151 br i1 %171, label %192, label %172 %193 = phi i64 [ %169, %157 ], [ %190, %178 ] %194 = phi i8* [ %170, %157 ], [ %191, %178 ] %195 = ptrtoint i8* %194 to i64 %196 = icmp eq i64 %193, 0 br i1 %196, label %206, label %141 %142 = phi i8* [ %2, %39 ], [ %194, %192 ] %143 = phi i1 [ true, %39 ], [ false, %192 ] %144 = phi i64 [ 0, %39 ], [ %150, %192 ] %145 = phi i64 [ %15, %39 ], [ %195, %192 ] %146 = tail call i64 @_find_next_bit(i64* nonnull %24, i64* null, i64 %20, i64 %144, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_large_bitmap ------------- Path:  Function:proc_do_large_bitmap %6 = alloca [22 x i8], align 16 %7 = alloca i64, align 8 %8 = alloca [3 x i8], align 1 %9 = alloca [3 x i8], align 1 %10 = alloca i8, align 1 %11 = alloca i8*, align 8 %12 = alloca i64, align 8 %13 = alloca i64, align 8 %14 = alloca i8, align 1 %15 = ptrtoint i8* %2 to i64 %16 = bitcast i64* %7 to i8* %17 = load i64, i64* %3, align 8 store i64 %17, i64* %7, align 8 %18 = getelementptr inbounds %struct.ctl_table.50160, %struct.ctl_table.50160* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = sext i32 %19 to i64 %21 = getelementptr inbounds %struct.ctl_table.50160, %struct.ctl_table.50160* %0, i64 0, i32 1 %22 = bitcast i8** %21 to i64*** %23 = load i64**, i64*** %22, align 8 %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds [3 x i8], [3 x i8]* %8, i64 0, i64 0 %26 = getelementptr inbounds [3 x i8], [3 x i8]* %9, i64 0, i64 0 %27 = icmp ne i64* %24, null %28 = icmp ne i32 %19, 0 %29 = and i1 %28, %27 %30 = icmp ne i64 %17, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %37 %33 = load i64, i64* %4, align 8 %34 = icmp eq i64 %33, 0 %35 = icmp ne i32 %1, 0 %36 = or i1 %35, %34 br i1 %36, label %38, label %37 br i1 %35, label %41, label %39 %40 = getelementptr inbounds [22 x i8], [22 x i8]* %6, i64 0, i64 0 br label %141 %142 = phi i8* [ %2, %39 ], [ %194, %192 ] %143 = phi i1 [ true, %39 ], [ false, %192 ] %144 = phi i64 [ 0, %39 ], [ %150, %192 ] %145 = phi i64 [ %15, %39 ], [ %195, %192 ] %146 = tail call i64 @_find_next_bit(i64* nonnull %24, i64* null, i64 %20, i64 %144, i64 0, i64 0) #83 %147 = icmp ult i64 %146, %20 br i1 %147, label %148, label %197 %149 = add nuw i64 %146, 1 %150 = tail call i64 @_find_next_bit(i64* nonnull %24, i64* null, i64 %20, i64 %149, i64 -1, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 94 %18 = load %struct.cred*, %struct.cred** %17, align 8 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %106 = inttoptr i64 %95 to %struct.ebitmap_node* %107 = trunc i64 %98 to i32 %108 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %106, i64 0, i32 2 %109 = load i32, i32* %108, align 8 %110 = add i32 %109, %107 %111 = load i32, i32* %84, align 8 %112 = icmp ult i32 %110, %111 br i1 %112, label %113, label %198 %114 = trunc i32 %90 to i16 %115 = add i16 %114, 1 br label %116 %117 = phi i32 [ %110, %113 ], [ %195, %193 ] %118 = phi i64 [ %95, %113 ], [ %194, %193 ] store i16 %115, i16* %85, align 2 %119 = trunc i32 %117 to i16 %120 = add i16 %119, 1 store i16 %120, i16* %86, align 2 %121 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %87, %struct.winsize* nonnull %14) #83 %122 = icmp eq %struct.avtab_node* %121, null br i1 %122, label %155, label %123 %124 = phi %struct.avtab_node* [ %153, %150 ], [ %121, %116 ] %125 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %124, i64 0, i32 0, i32 3 %126 = load i16, i16* %125, align 2 switch i16 %126, label %145 [ i16 1, label %127 i16 2, label %133 i16 4, label %139 ] %146 = and i16 %126, 1792 %147 = icmp eq i16 %146, 0 %148 = or i1 %19, %147 br i1 %148, label %150, label %149 %151 = load i16, i16* %45, align 2 %152 = zext i16 %151 to i32 %153 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %124, i32 %152) #83 %154 = icmp eq %struct.avtab_node* %153, null br i1 %154, label %155, label %123 call void @cond_compute_av(%struct.avtab* %88, %struct.winsize* nonnull %14, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #83 %156 = inttoptr i64 %118 to %struct.ebitmap_node* %157 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 1, i64 0 %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 2 %159 = load i32, i32* %158, align 8 %160 = add i32 %117, 1 %161 = sub i32 %160, %159 %162 = zext i32 %161 to i64 %163 = call i64 @_find_next_bit(i64* %157, i64* null, i64 384, i64 %162, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %106 = inttoptr i64 %95 to %struct.ebitmap_node* %107 = trunc i64 %98 to i32 %108 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %106, i64 0, i32 2 %109 = load i32, i32* %108, align 8 %110 = add i32 %109, %107 %111 = load i32, i32* %84, align 8 %112 = icmp ult i32 %110, %111 br i1 %112, label %113, label %198 %114 = trunc i32 %90 to i16 %115 = add i16 %114, 1 br label %116 %117 = phi i32 [ %110, %113 ], [ %195, %193 ] %118 = phi i64 [ %95, %113 ], [ %194, %193 ] store i16 %115, i16* %85, align 2 %119 = trunc i32 %117 to i16 %120 = add i16 %119, 1 store i16 %120, i16* %86, align 2 %121 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %87, %struct.winsize* nonnull %14) #83 %122 = icmp eq %struct.avtab_node* %121, null br i1 %122, label %155, label %123 %124 = phi %struct.avtab_node* [ %153, %150 ], [ %121, %116 ] %125 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %124, i64 0, i32 0, i32 3 %126 = load i16, i16* %125, align 2 switch i16 %126, label %145 [ i16 1, label %127 i16 2, label %133 i16 4, label %139 ] %146 = and i16 %126, 1792 %147 = icmp eq i16 %146, 0 %148 = or i1 %19, %147 br i1 %148, label %150, label %149 %151 = load i16, i16* %45, align 2 %152 = zext i16 %151 to i32 %153 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %124, i32 %152) #83 %154 = icmp eq %struct.avtab_node* %153, null br i1 %154, label %155, label %123 call void @cond_compute_av(%struct.avtab* %88, %struct.winsize* nonnull %14, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #83 %156 = inttoptr i64 %118 to %struct.ebitmap_node* %157 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 1, i64 0 %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 2 %159 = load i32, i32* %158, align 8 %160 = add i32 %117, 1 %161 = sub i32 %160, %159 %162 = zext i32 %161 to i64 %163 = call i64 @_find_next_bit(i64* %157, i64* null, i64 384, i64 %162, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %106 = inttoptr i64 %95 to %struct.ebitmap_node* %107 = trunc i64 %98 to i32 %108 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %106, i64 0, i32 2 %109 = load i32, i32* %108, align 8 %110 = add i32 %109, %107 %111 = load i32, i32* %84, align 8 %112 = icmp ult i32 %110, %111 br i1 %112, label %113, label %198 %114 = trunc i32 %90 to i16 %115 = add i16 %114, 1 br label %116 %117 = phi i32 [ %110, %113 ], [ %195, %193 ] %118 = phi i64 [ %95, %113 ], [ %194, %193 ] store i16 %115, i16* %85, align 2 %119 = trunc i32 %117 to i16 %120 = add i16 %119, 1 store i16 %120, i16* %86, align 2 %121 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %87, %struct.winsize* nonnull %14) #83 %122 = icmp eq %struct.avtab_node* %121, null br i1 %122, label %155, label %123 %124 = phi %struct.avtab_node* [ %153, %150 ], [ %121, %116 ] %125 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %124, i64 0, i32 0, i32 3 %126 = load i16, i16* %125, align 2 switch i16 %126, label %145 [ i16 1, label %127 i16 2, label %133 i16 4, label %139 ] %146 = and i16 %126, 1792 %147 = icmp eq i16 %146, 0 %148 = or i1 %19, %147 br i1 %148, label %150, label %149 %151 = load i16, i16* %45, align 2 %152 = zext i16 %151 to i32 %153 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %124, i32 %152) #83 %154 = icmp eq %struct.avtab_node* %153, null br i1 %154, label %155, label %123 call void @cond_compute_av(%struct.avtab* %88, %struct.winsize* nonnull %14, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #83 %156 = inttoptr i64 %118 to %struct.ebitmap_node* %157 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 1, i64 0 %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 2 %159 = load i32, i32* %158, align 8 %160 = add i32 %117, 1 %161 = sub i32 %160, %159 %162 = zext i32 %161 to i64 %163 = call i64 @_find_next_bit(i64* %157, i64* null, i64 384, i64 %162, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 94 %19 = load %struct.cred*, %struct.cred** %18, align 8 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %106 = inttoptr i64 %95 to %struct.ebitmap_node* %107 = trunc i64 %98 to i32 %108 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %106, i64 0, i32 2 %109 = load i32, i32* %108, align 8 %110 = add i32 %109, %107 %111 = load i32, i32* %84, align 8 %112 = icmp ult i32 %110, %111 br i1 %112, label %113, label %198 %114 = trunc i32 %90 to i16 %115 = add i16 %114, 1 br label %116 %117 = phi i32 [ %110, %113 ], [ %195, %193 ] %118 = phi i64 [ %95, %113 ], [ %194, %193 ] store i16 %115, i16* %85, align 2 %119 = trunc i32 %117 to i16 %120 = add i16 %119, 1 store i16 %120, i16* %86, align 2 %121 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %87, %struct.winsize* nonnull %14) #83 %122 = icmp eq %struct.avtab_node* %121, null br i1 %122, label %155, label %123 %124 = phi %struct.avtab_node* [ %153, %150 ], [ %121, %116 ] %125 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %124, i64 0, i32 0, i32 3 %126 = load i16, i16* %125, align 2 switch i16 %126, label %145 [ i16 1, label %127 i16 2, label %133 i16 4, label %139 ] %146 = and i16 %126, 1792 %147 = icmp eq i16 %146, 0 %148 = or i1 %19, %147 br i1 %148, label %150, label %149 %151 = load i16, i16* %45, align 2 %152 = zext i16 %151 to i32 %153 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %124, i32 %152) #83 %154 = icmp eq %struct.avtab_node* %153, null br i1 %154, label %155, label %123 call void @cond_compute_av(%struct.avtab* %88, %struct.winsize* nonnull %14, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #83 %156 = inttoptr i64 %118 to %struct.ebitmap_node* %157 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 1, i64 0 %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %156, i64 0, i32 2 %159 = load i32, i32* %158, align 8 %160 = add i32 %117, 1 %161 = sub i32 %160, %159 %162 = zext i32 %161 to i64 %163 = call i64 @_find_next_bit(i64* %157, i64* null, i64 384, i64 %162, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 94 %18 = load %struct.cred*, %struct.cred** %17, align 8 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %102 = inttoptr i64 %95 to i64* %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %198, label %94 %199 = inttoptr i64 %91 to %struct.ebitmap_node* %200 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 1, i64 0 %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 2 %202 = load i32, i32* %201, align 8 %203 = add i32 %90, 1 %204 = sub i32 %203, %202 %205 = zext i32 %204 to i64 %206 = call i64 @_find_next_bit(i64* %200, i64* null, i64 384, i64 %205, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %102 = inttoptr i64 %95 to i64* %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %198, label %94 %199 = inttoptr i64 %91 to %struct.ebitmap_node* %200 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 1, i64 0 %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 2 %202 = load i32, i32* %201, align 8 %203 = add i32 %90, 1 %204 = sub i32 %203, %202 %205 = zext i32 %204 to i64 %206 = call i64 @_find_next_bit(i64* %200, i64* null, i64 384, i64 %205, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %102 = inttoptr i64 %95 to i64* %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %198, label %94 %199 = inttoptr i64 %91 to %struct.ebitmap_node* %200 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 1, i64 0 %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 2 %202 = load i32, i32* %201, align 8 %203 = add i32 %90, 1 %204 = sub i32 %203, %202 %205 = zext i32 %204 to i64 %206 = call i64 @_find_next_bit(i64* %200, i64* null, i64 384, i64 %205, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 94 %19 = load %struct.cred*, %struct.cred** %18, align 8 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #83 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #83 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void @__rcu_read_lock() #83 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #84 Function:avc_compute_av tail call void @__rcu_read_unlock() #83 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #83 Function:security_compute_av tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !4 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #83 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #83 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #83 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !6, !misexpect !7 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #85 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @_find_first_bit(i64* %64, i64 384) #83 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %73 = inttoptr i64 %62 to %struct.ebitmap_node* %74 = trunc i64 %65 to i32 %75 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %73, i64 0, i32 2 %76 = load i32, i32* %75, align 8 %77 = add i32 %76, %74 %78 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %79 = load i32, i32* %78, align 8 %80 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51, i32 1 %81 = icmp ult i32 %77, %79 br i1 %81, label %82, label %241 %83 = bitcast %struct.ebitmap* %57 to i64* %84 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56, i32 1 %85 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 0 %86 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 1 %87 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %89 %90 = phi i32 [ %77, %82 ], [ %238, %236 ] %91 = phi i64 [ %62, %82 ], [ %237, %236 ] %92 = load i64, i64* %83, align 8 %93 = icmp eq i64 %92, 0 br i1 %93, label %198, label %94 %95 = phi i64 [ %103, %101 ], [ %92, %89 ] %96 = inttoptr i64 %95 to %struct.ebitmap_node* %97 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %96, i64 0, i32 1, i64 0 %98 = call i64 @_find_first_bit(i64* %97, i64 384) #83 %99 = and i64 %98, 4294967168 %100 = icmp ult i64 %99, 384 br i1 %100, label %105, label %101 %102 = inttoptr i64 %95 to i64* %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %198, label %94 %199 = inttoptr i64 %91 to %struct.ebitmap_node* %200 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 1, i64 0 %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %199, i64 0, i32 2 %202 = load i32, i32* %201, align 8 %203 = add i32 %90, 1 %204 = sub i32 %203, %202 %205 = zext i32 %204 to i64 %206 = call i64 @_find_next_bit(i64* %200, i64* null, i64 384, i64 %205, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_tagset_busy_iter 1 scsi_host_busy 2 show_host_busy ------------- Path:  Function:show_host_busy %4 = getelementptr %struct.device.609954, %struct.device.609954* %0, i64 -2, i32 10, i32 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.Scsi_Host.610238* %6 = tail call i32 bitcast (i32 (%struct.Scsi_Host*)* @scsi_host_busy to i32 (%struct.Scsi_Host.610238*)*)(%struct.Scsi_Host.610238* %5) #83 Function:scsi_host_busy %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 %4 = getelementptr inbounds %struct.Scsi_Host, %struct.Scsi_Host* %0, i64 0, i32 13 call void bitcast (void (%struct.blk_mq_tag_set.295231*, i1 (%struct.request.295248*, i8*, i1)*, i8*)* @blk_mq_tagset_busy_iter to void (%struct.blk_mq_tag_set.606518*, i1 (%struct.request.606602*, i8*, i1)*, i8*)*)(%struct.blk_mq_tag_set.606518* %4, i1 (%struct.request.606602*, i8*, i1)* nonnull @scsi_host_check_in_flight, i8* nonnull %3) #83 Function:blk_mq_tagset_busy_iter %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.blk_mq_tag_set.295231, %struct.blk_mq_tag_set.295231* %0, i64 0, i32 9 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %15 = phi i32 [ %12, %10 ], [ 1, %3 ] %16 = getelementptr inbounds %struct.blk_mq_tag_set.295231, %struct.blk_mq_tag_set.295231* %0, i64 0, i32 11 %17 = bitcast i64* %4 to i8* %18 = bitcast i64* %5 to i8* %19 = zext i32 %15 to i64 br label %20 %21 = phi i64 [ 0, %14 ], [ %231, %230 ] %22 = load %struct.blk_mq_tags.295150**, %struct.blk_mq_tags.295150*** %16, align 8 %23 = icmp eq %struct.blk_mq_tags.295150** %22, null br i1 %23, label %230, label %24 %25 = getelementptr %struct.blk_mq_tags.295150*, %struct.blk_mq_tags.295150** %22, i64 %21 %26 = load %struct.blk_mq_tags.295150*, %struct.blk_mq_tags.295150** %25, align 8 %27 = icmp eq %struct.blk_mq_tags.295150* %26, null br i1 %27, label %230, label %28 %29 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %130, label %32 %33 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 5 %34 = load %struct.request.295248**, %struct.request.295248*** %33, align 8 %35 = icmp eq %struct.request.295248** %34, null br i1 %35, label %130, label %36 %37 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 4, i32 0, i32 0 %38 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 4, i32 0, i32 1 %39 = load i32, i32* %37, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %130, label %41 %42 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 4, i32 0, i32 4 %43 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 4, i32 0, i32 2 %44 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 8, i32 0, i32 0 br label %45 %46 = phi i32 [ %39, %41 ], [ %124, %123 ] %47 = phi i32 [ 0, %41 ], [ %128, %123 ] %48 = phi i32 [ 0, %41 ], [ %57, %123 ] %49 = load %struct.sbitmap_word*, %struct.sbitmap_word** %42, align 8 %50 = zext i32 %47 to i64 %51 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %49, i64 %50, i32 0 %52 = load i64, i64* %51, align 64 %53 = trunc i64 %52 to i32 %54 = sub i32 %46, %48 %55 = icmp ugt i32 %54, %53 %56 = select i1 %55, i32 %53, i32 %54 %57 = add i32 %56, %48 %58 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %49, i64 %50, i32 2 %59 = load i64, i64* %58, align 64 %60 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %49, i64 %50, i32 4 %61 = load i64, i64* %60, align 64 %62 = xor i64 %61, -1 %63 = and i64 %59, %62 store i64 %63, i64* %4, align 8 %64 = icmp eq i64 %63, 0 br i1 %64, label %123, label %65 %66 = zext i32 %56 to i64 br label %67 %68 = phi i64 [ 0, %65 ], [ %112, %111 ] %69 = and i64 %68, 4294967295 %70 = call i64 @_find_next_bit(i64* nonnull %4, i64* null, i64 %66, i64 %69, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_tagset_busy_iter 1 scsi_host_busy 2 show_host_busy ------------- Path:  Function:show_host_busy %4 = getelementptr %struct.device.609954, %struct.device.609954* %0, i64 -2, i32 10, i32 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.Scsi_Host.610238* %6 = tail call i32 bitcast (i32 (%struct.Scsi_Host*)* @scsi_host_busy to i32 (%struct.Scsi_Host.610238*)*)(%struct.Scsi_Host.610238* %5) #83 Function:scsi_host_busy %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 %4 = getelementptr inbounds %struct.Scsi_Host, %struct.Scsi_Host* %0, i64 0, i32 13 call void bitcast (void (%struct.blk_mq_tag_set.295231*, i1 (%struct.request.295248*, i8*, i1)*, i8*)* @blk_mq_tagset_busy_iter to void (%struct.blk_mq_tag_set.606518*, i1 (%struct.request.606602*, i8*, i1)*, i8*)*)(%struct.blk_mq_tag_set.606518* %4, i1 (%struct.request.606602*, i8*, i1)* nonnull @scsi_host_check_in_flight, i8* nonnull %3) #83 Function:blk_mq_tagset_busy_iter %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.blk_mq_tag_set.295231, %struct.blk_mq_tag_set.295231* %0, i64 0, i32 9 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %15 = phi i32 [ %12, %10 ], [ 1, %3 ] %16 = getelementptr inbounds %struct.blk_mq_tag_set.295231, %struct.blk_mq_tag_set.295231* %0, i64 0, i32 11 %17 = bitcast i64* %4 to i8* %18 = bitcast i64* %5 to i8* %19 = zext i32 %15 to i64 br label %20 %21 = phi i64 [ 0, %14 ], [ %231, %230 ] %22 = load %struct.blk_mq_tags.295150**, %struct.blk_mq_tags.295150*** %16, align 8 %23 = icmp eq %struct.blk_mq_tags.295150** %22, null br i1 %23, label %230, label %24 %25 = getelementptr %struct.blk_mq_tags.295150*, %struct.blk_mq_tags.295150** %22, i64 %21 %26 = load %struct.blk_mq_tags.295150*, %struct.blk_mq_tags.295150** %25, align 8 %27 = icmp eq %struct.blk_mq_tags.295150* %26, null br i1 %27, label %230, label %28 %29 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 1 %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %130, label %32 %33 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 5 %34 = load %struct.request.295248**, %struct.request.295248*** %33, align 8 %35 = icmp eq %struct.request.295248** %34, null br i1 %35, label %130, label %36 %37 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 4, i32 0, i32 0 %38 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 4, i32 0, i32 1 %39 = load i32, i32* %37, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %130, label %41 %42 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 4, i32 0, i32 4 %43 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 4, i32 0, i32 2 %44 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 8, i32 0, i32 0 br label %45 %46 = phi i32 [ %39, %41 ], [ %124, %123 ] %47 = phi i32 [ 0, %41 ], [ %128, %123 ] %48 = phi i32 [ 0, %41 ], [ %57, %123 ] %49 = load %struct.sbitmap_word*, %struct.sbitmap_word** %42, align 8 %50 = zext i32 %47 to i64 %51 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %49, i64 %50, i32 0 %52 = load i64, i64* %51, align 64 %53 = trunc i64 %52 to i32 %54 = sub i32 %46, %48 %55 = icmp ugt i32 %54, %53 %56 = select i1 %55, i32 %53, i32 %54 %57 = add i32 %56, %48 %58 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %49, i64 %50, i32 2 %59 = load i64, i64* %58, align 64 %60 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %49, i64 %50, i32 4 %61 = load i64, i64* %60, align 64 %62 = xor i64 %61, -1 %63 = and i64 %59, %62 store i64 %63, i64* %4, align 8 %64 = icmp eq i64 %63, 0 br i1 %64, label %123, label %65 %66 = zext i32 %56 to i64 br label %67 %68 = phi i64 [ 0, %65 ], [ %112, %111 ] %69 = and i64 %68, 4294967295 %70 = call i64 @_find_next_bit(i64* nonnull %4, i64* null, i64 %66, i64 %69, i64 0, i64 0) #83 %71 = trunc i64 %70 to i32 %72 = icmp ugt i32 %56, %71 br i1 %72, label %73, label %121 %122 = load i32, i32* %37, align 8 br label %123 %124 = phi i32 [ %122, %121 ], [ %46, %45 ] %125 = add i32 %47, 1 %126 = load i32, i32* %43, align 8 %127 = icmp ult i32 %125, %126 %128 = select i1 %127, i32 %125, i32 0 %129 = icmp ugt i32 %124, %57 br i1 %129, label %45, label %130 %131 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 5 %132 = load %struct.request.295248**, %struct.request.295248*** %131, align 8 %133 = icmp eq %struct.request.295248** %132, null br i1 %133, label %230, label %134 %135 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 3, i32 0, i32 0 %136 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 3, i32 0, i32 1 %137 = load i32, i32* %135, align 8 %138 = icmp eq i32 %137, 0 br i1 %138, label %230, label %139 %140 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 3, i32 0, i32 4 %141 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 3, i32 0, i32 2 %142 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %26, i64 0, i32 8, i32 0, i32 0 br label %143 %144 = phi i32 [ %137, %139 ], [ %224, %223 ] %145 = phi i32 [ 0, %139 ], [ %228, %223 ] %146 = phi i32 [ 0, %139 ], [ %155, %223 ] %147 = load %struct.sbitmap_word*, %struct.sbitmap_word** %140, align 8 %148 = zext i32 %145 to i64 %149 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %147, i64 %148, i32 0 %150 = load i64, i64* %149, align 64 %151 = trunc i64 %150 to i32 %152 = sub i32 %144, %146 %153 = icmp ugt i32 %152, %151 %154 = select i1 %153, i32 %151, i32 %152 %155 = add i32 %154, %146 %156 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %147, i64 %148, i32 2 %157 = load i64, i64* %156, align 64 %158 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %147, i64 %148, i32 4 %159 = load i64, i64* %158, align 64 %160 = xor i64 %159, -1 %161 = and i64 %157, %160 store i64 %161, i64* %5, align 8 %162 = icmp eq i64 %161, 0 br i1 %162, label %223, label %163 %164 = zext i32 %154 to i64 br label %165 %166 = phi i64 [ 0, %163 ], [ %212, %211 ] %167 = and i64 %166, 4294967295 %168 = call i64 @_find_next_bit(i64* nonnull %5, i64* null, i64 %164, i64 %167, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 bt_for_each 1 blk_mq_queue_tag_busy_iter 2 blk_mq_in_flight_rw 3 part_inflight_show ------------- Path:  Function:part_inflight_show %4 = alloca [2 x i32], align 4 %5 = getelementptr %struct.device.292000, %struct.device.292000* %0, i64 -1, i32 29 %6 = getelementptr inbounds i32, i32* %5, i64 210 %7 = bitcast i32* %6 to %struct.request_queue.292200** %8 = load %struct.request_queue.292200*, %struct.request_queue.292200** %7, align 8 %9 = bitcast [2 x i32]* %4 to i8* %10 = getelementptr inbounds %struct.request_queue.292200, %struct.request_queue.292200* %8, i64 0, i32 5 %11 = load %struct.blk_mq_ops.292193*, %struct.blk_mq_ops.292193** %10, align 8 %12 = icmp eq %struct.blk_mq_ops.292193* %11, null %13 = getelementptr inbounds [2 x i32], [2 x i32]* %4, i64 0, i64 0 br i1 %12, label %19, label %14 %15 = bitcast i32* %5 to %struct.block_device.292024* call void bitcast (void (%struct.request_queue.294830*, %struct.block_device.294788*, i32*)* @blk_mq_in_flight_rw to void (%struct.request_queue.292200*, %struct.block_device.292024*, i32*)*)(%struct.request_queue.292200* %8, %struct.block_device.292024* %15, i32* nonnull %13) #83 Function:blk_mq_in_flight_rw %4 = alloca %struct.mq_inflight, align 8 %5 = bitcast %struct.mq_inflight* %4 to i8* %6 = getelementptr inbounds %struct.mq_inflight, %struct.mq_inflight* %4, i64 0, i32 0 store %struct.block_device.294788* %1, %struct.block_device.294788** %6, align 8 %7 = getelementptr inbounds %struct.mq_inflight, %struct.mq_inflight* %4, i64 0, i32 1 %8 = bitcast [2 x i32]* %7 to i64* store i64 0, i64* %8, align 8 call void bitcast (void (%struct.request_queue.295240*, i1 (%struct.blk_mq_hw_ctx.295159*, %struct.request.295248*, i8*, i1)*, i8*)* @blk_mq_queue_tag_busy_iter to void (%struct.request_queue.294830*, i1 (%struct.blk_mq_hw_ctx.294739*, %struct.request.294838*, i8*, i1)*, i8*)*)(%struct.request_queue.294830* %0, i1 (%struct.blk_mq_hw_ctx.294739*, %struct.request.294838*, i8*, i1)* nonnull @blk_mq_check_inflight, i8* nonnull %5) #83 Function:blk_mq_queue_tag_busy_iter tail call void @__rcu_read_lock() #83 %4 = getelementptr inbounds %struct.request_queue.295240, %struct.request_queue.295240* %0, i64 0, i32 2, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 3 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10, !prof !4, !misexpect !5 %11 = getelementptr inbounds %struct.request_queue.295240, %struct.request_queue.295240* %0, i64 0, i32 2, i32 1 %12 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %11, align 8 %13 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %12, i64 0, i32 0, i32 0 %14 = load volatile i64, i64* %13, align 8 %15 = icmp eq i64 %14, 0 br i1 %15, label %26, label %16, !prof !7, !misexpect !5 %17 = phi i64 [ %24, %23 ], [ %14, %10 ] %18 = add i64 %17, 1 %19 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 %18, i64* %13, i64 %17) #6, !srcloc !8 %20 = extractvalue { i8, i64 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %27, !prof !7, !misexpect !5 tail call void @__rcu_read_unlock() #83 %28 = getelementptr inbounds %struct.request_queue.295240, %struct.request_queue.295240* %0, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %60, label %31 %32 = getelementptr inbounds %struct.request_queue.295240, %struct.request_queue.295240* %0, i64 0, i32 8 br label %33 %34 = phi i32 [ %29, %31 ], [ %57, %56 ] %35 = phi i32 [ 0, %31 ], [ %58, %56 ] %36 = load %struct.blk_mq_hw_ctx.295159**, %struct.blk_mq_hw_ctx.295159*** %32, align 8 %37 = sext i32 %35 to i64 %38 = getelementptr %struct.blk_mq_hw_ctx.295159*, %struct.blk_mq_hw_ctx.295159** %36, i64 %37 %39 = load %struct.blk_mq_hw_ctx.295159*, %struct.blk_mq_hw_ctx.295159** %38, align 8 %40 = getelementptr inbounds %struct.blk_mq_hw_ctx.295159, %struct.blk_mq_hw_ctx.295159* %39, i64 0, i32 19 %41 = load %struct.blk_mq_tags.295150*, %struct.blk_mq_tags.295150** %40, align 64 %42 = getelementptr inbounds %struct.blk_mq_hw_ctx.295159, %struct.blk_mq_hw_ctx.295159* %39, i64 0, i32 14 %43 = load i16, i16* %42, align 2 %44 = icmp ne i16 %43, 0 %45 = icmp ne %struct.blk_mq_tags.295150* %41, null %46 = and i1 %45, %44 br i1 %46, label %47, label %56 %48 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %41, i64 0, i32 1 %49 = load i32, i32* %48, align 4 %50 = icmp eq i32 %49, 0 br i1 %50, label %53, label %51 %54 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %41, i64 0, i32 3 tail call fastcc void @bt_for_each(%struct.blk_mq_hw_ctx.295159* %39, %struct.sbitmap_queue* %54, i1 (%struct.blk_mq_hw_ctx.295159*, %struct.request.295248*, i8*, i1)* %1, i8* %2, i1 zeroext false) #84 Function:bt_for_each %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 0 %8 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 1 %9 = load i32, i32* %7, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %116, label %11 %12 = bitcast i64* %6 to i8* %13 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 4 %14 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 2 %15 = getelementptr inbounds %struct.blk_mq_hw_ctx.295159, %struct.blk_mq_hw_ctx.295159* %0, i64 0, i32 19 %16 = getelementptr inbounds %struct.blk_mq_hw_ctx.295159, %struct.blk_mq_hw_ctx.295159* %0, i64 0, i32 7 br label %17 %18 = phi i32 [ %9, %11 ], [ %110, %109 ] %19 = phi i32 [ 0, %11 ], [ %114, %109 ] %20 = phi i32 [ 0, %11 ], [ %29, %109 ] %21 = load %struct.sbitmap_word*, %struct.sbitmap_word** %13, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 0 %24 = load i64, i64* %23, align 64 %25 = trunc i64 %24 to i32 %26 = sub i32 %18, %20 %27 = icmp ugt i32 %26, %25 %28 = select i1 %27, i32 %25, i32 %26 %29 = add i32 %28, %20 %30 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 2 %31 = load i64, i64* %30, align 64 %32 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 4 %33 = load i64, i64* %32, align 64 %34 = xor i64 %33, -1 %35 = and i64 %31, %34 store i64 %35, i64* %6, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %109, label %37 %38 = zext i32 %28 to i64 br label %39 %40 = phi i64 [ 0, %37 ], [ %93, %92 ] %41 = and i64 %40, 4294967295 %42 = call i64 @_find_next_bit(i64* nonnull %6, i64* null, i64 %38, i64 %41, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 bt_for_each 1 blk_mq_queue_tag_busy_iter 2 blk_mq_in_flight 3 part_stat_show ------------- Path:  Function:part_stat_show %4 = alloca %struct.disk_stats, align 8 %5 = getelementptr %struct.device.292000, %struct.device.292000* %0, i64 -1, i32 29 %6 = bitcast i32* %5 to %struct.block_device.292024* %7 = getelementptr inbounds i32, i32* %5, i64 210 %8 = bitcast i32* %7 to %struct.request_queue.292200** %9 = load %struct.request_queue.292200*, %struct.request_queue.292200** %8, align 8 %10 = bitcast %struct.disk_stats* %4 to i8* call fastcc void @part_stat_read_all(%struct.block_device.292024* %6, %struct.disk_stats* nonnull %4) #83 %11 = getelementptr inbounds %struct.request_queue.292200, %struct.request_queue.292200* %9, i64 0, i32 5 %12 = load %struct.blk_mq_ops.292193*, %struct.blk_mq_ops.292193** %11, align 8 %13 = icmp eq %struct.blk_mq_ops.292193* %12, null br i1 %13, label %16, label %14 %15 = tail call i32 bitcast (i32 (%struct.request_queue.294830*, %struct.block_device.294788*)* @blk_mq_in_flight to i32 (%struct.request_queue.292200*, %struct.block_device.292024*)*)(%struct.request_queue.292200* %9, %struct.block_device.292024* %6) #84 Function:blk_mq_in_flight %3 = alloca %struct.mq_inflight, align 8 %4 = bitcast %struct.mq_inflight* %3 to i8* %5 = getelementptr inbounds %struct.mq_inflight, %struct.mq_inflight* %3, i64 0, i32 0 store %struct.block_device.294788* %1, %struct.block_device.294788** %5, align 8 %6 = getelementptr inbounds %struct.mq_inflight, %struct.mq_inflight* %3, i64 0, i32 1 %7 = bitcast [2 x i32]* %6 to i64* store i64 0, i64* %7, align 8 call void bitcast (void (%struct.request_queue.295240*, i1 (%struct.blk_mq_hw_ctx.295159*, %struct.request.295248*, i8*, i1)*, i8*)* @blk_mq_queue_tag_busy_iter to void (%struct.request_queue.294830*, i1 (%struct.blk_mq_hw_ctx.294739*, %struct.request.294838*, i8*, i1)*, i8*)*)(%struct.request_queue.294830* %0, i1 (%struct.blk_mq_hw_ctx.294739*, %struct.request.294838*, i8*, i1)* nonnull @blk_mq_check_inflight, i8* nonnull %4) #83 Function:blk_mq_queue_tag_busy_iter tail call void @__rcu_read_lock() #83 %4 = getelementptr inbounds %struct.request_queue.295240, %struct.request_queue.295240* %0, i64 0, i32 2, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 3 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10, !prof !4, !misexpect !5 %11 = getelementptr inbounds %struct.request_queue.295240, %struct.request_queue.295240* %0, i64 0, i32 2, i32 1 %12 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %11, align 8 %13 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %12, i64 0, i32 0, i32 0 %14 = load volatile i64, i64* %13, align 8 %15 = icmp eq i64 %14, 0 br i1 %15, label %26, label %16, !prof !7, !misexpect !5 %17 = phi i64 [ %24, %23 ], [ %14, %10 ] %18 = add i64 %17, 1 %19 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 %18, i64* %13, i64 %17) #6, !srcloc !8 %20 = extractvalue { i8, i64 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %27, !prof !7, !misexpect !5 tail call void @__rcu_read_unlock() #83 %28 = getelementptr inbounds %struct.request_queue.295240, %struct.request_queue.295240* %0, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %60, label %31 %32 = getelementptr inbounds %struct.request_queue.295240, %struct.request_queue.295240* %0, i64 0, i32 8 br label %33 %34 = phi i32 [ %29, %31 ], [ %57, %56 ] %35 = phi i32 [ 0, %31 ], [ %58, %56 ] %36 = load %struct.blk_mq_hw_ctx.295159**, %struct.blk_mq_hw_ctx.295159*** %32, align 8 %37 = sext i32 %35 to i64 %38 = getelementptr %struct.blk_mq_hw_ctx.295159*, %struct.blk_mq_hw_ctx.295159** %36, i64 %37 %39 = load %struct.blk_mq_hw_ctx.295159*, %struct.blk_mq_hw_ctx.295159** %38, align 8 %40 = getelementptr inbounds %struct.blk_mq_hw_ctx.295159, %struct.blk_mq_hw_ctx.295159* %39, i64 0, i32 19 %41 = load %struct.blk_mq_tags.295150*, %struct.blk_mq_tags.295150** %40, align 64 %42 = getelementptr inbounds %struct.blk_mq_hw_ctx.295159, %struct.blk_mq_hw_ctx.295159* %39, i64 0, i32 14 %43 = load i16, i16* %42, align 2 %44 = icmp ne i16 %43, 0 %45 = icmp ne %struct.blk_mq_tags.295150* %41, null %46 = and i1 %45, %44 br i1 %46, label %47, label %56 %48 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %41, i64 0, i32 1 %49 = load i32, i32* %48, align 4 %50 = icmp eq i32 %49, 0 br i1 %50, label %53, label %51 %54 = getelementptr inbounds %struct.blk_mq_tags.295150, %struct.blk_mq_tags.295150* %41, i64 0, i32 3 tail call fastcc void @bt_for_each(%struct.blk_mq_hw_ctx.295159* %39, %struct.sbitmap_queue* %54, i1 (%struct.blk_mq_hw_ctx.295159*, %struct.request.295248*, i8*, i1)* %1, i8* %2, i1 zeroext false) #84 Function:bt_for_each %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 0 %8 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 1 %9 = load i32, i32* %7, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %116, label %11 %12 = bitcast i64* %6 to i8* %13 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 4 %14 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 2 %15 = getelementptr inbounds %struct.blk_mq_hw_ctx.295159, %struct.blk_mq_hw_ctx.295159* %0, i64 0, i32 19 %16 = getelementptr inbounds %struct.blk_mq_hw_ctx.295159, %struct.blk_mq_hw_ctx.295159* %0, i64 0, i32 7 br label %17 %18 = phi i32 [ %9, %11 ], [ %110, %109 ] %19 = phi i32 [ 0, %11 ], [ %114, %109 ] %20 = phi i32 [ 0, %11 ], [ %29, %109 ] %21 = load %struct.sbitmap_word*, %struct.sbitmap_word** %13, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 0 %24 = load i64, i64* %23, align 64 %25 = trunc i64 %24 to i32 %26 = sub i32 %18, %20 %27 = icmp ugt i32 %26, %25 %28 = select i1 %27, i32 %25, i32 %26 %29 = add i32 %28, %20 %30 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 2 %31 = load i64, i64* %30, align 64 %32 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 4 %33 = load i64, i64* %32, align 64 %34 = xor i64 %33, -1 %35 = and i64 %31, %34 store i64 %35, i64* %6, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %109, label %37 %38 = zext i32 %28 to i64 br label %39 %40 = phi i64 [ 0, %37 ], [ %93, %92 ] %41 = and i64 %40, 4294967295 %42 = call i64 @_find_next_bit(i64* nonnull %6, i64* null, i64 %38, i64 %41, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %188 = sub i32 %11, %14 %189 = shl i32 %188, 5 %190 = icmp slt i32 %189, %3 br i1 %190, label %191, label %232 %233 = sext i32 %189 to i64 %234 = tail call i64 @_find_next_bit(i64* %2, i64* null, i64 %233, i64 %8, i64 0, i64 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #83 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #83 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i32 [ %11, %4 ], [ %35, %178 ] %15 = phi i8* [ %7, %4 ], [ %180, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %15, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %15, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %15, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %188 = sub i32 %11, %14 %189 = shl i32 %188, 5 %190 = icmp slt i32 %189, %3 br i1 %190, label %191, label %232 %233 = sext i32 %189 to i64 %234 = tail call i64 @_find_next_bit(i64* %2, i64* null, i64 %233, i64 %8, i64 0, i64 0) #83 ------------- Good: 967 Bad: 30 Ignored: 841 Check Use of Function:scsi_init_command Check Use of Function:ext4_xattr_trusted_get Check Use of Function:ieee80211_sta_cur_vht_bw Check Use of Function:sd_config_write_same Check Use of Function:tty_read Check Use of Function:arp_hash Check Use of Function:shmem_xattr_handler_get Check Use of Function:snd_seq_ioctl Use: =BAD PATH= Call Stack: 0 snd_seq_ioctl_compat ------------- Path:  Function:snd_seq_ioctl_compat %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.snd_seq_client** %6 = load %struct.snd_seq_client*, %struct.snd_seq_client** %5, align 8 %7 = and i64 %2, 4294967295 %8 = icmp eq %struct.snd_seq_client* %6, null br i1 %8, label %32, label %9, !prof !4, !misexpect !5 switch i32 %1, label %32 [ i32 -2147200256, label %10 i32 -2147200255, label %10 i32 -1070574846, label %10 i32 -1061399792, label %10 i32 1086083857, label %10 i32 1079006000, label %10 i32 1079006001, label %10 i32 -1064545486, label %10 i32 1082938163, label %10 i32 -1064545484, label %10 i32 -1064545483, label %10 i32 -1064545482, label %10 i32 -1067691200, label %10 i32 -1070836927, label %10 i32 1076646722, label %10 i32 -1067429051, label %10 i32 1080054598, label %10 i32 -1068739767, label %10 i32 1078743882, label %10 i32 -1067953333, label %10 i32 1079530316, label %10 i32 1077957454, label %10 i32 -1067953329, label %10 i32 -1068477616, label %10 i32 -1061399727, label %10 i32 -1072671997, label %10 i32 -1062972640, label %12 i32 1084511009, label %16 i32 -1062972638, label %20 i32 1084511011, label %24 i32 -1062972590, label %28 ] %11 = tail call i64 @snd_seq_ioctl(%struct.file* %0, i32 %1, i64 %2) #83 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:sockfs_xattr_get Check Use of Function:ieee80211_queue_work Check Use of Function:idr_replace Check Use of Function:security_inode_getsecurity Check Use of Function:futex_q_lock Check Use of Function:__SCT__tp_func_drm_vblank_event_delivered Check Use of Function:ata_acpi_dev_notify_dock Check Use of Function:rtnl_fdb_notify Check Use of Function:security_inode_getxattr Check Use of Function:posix_clock_ioctl Check Use of Function:mon_bin_compat_ioctl Check Use of Function:umount_tree Check Use of Function:__vfs_removexattr Check Use of Function:__break_lease Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.233145** %6 = load %struct.nfs_unlinkdata.233145*, %struct.nfs_unlinkdata.233145** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %17, label %10 %18 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 1 %19 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %18, align 8 %20 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 6 %21 = bitcast %struct.nfs4_exception* %3 to i8* %22 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = load i32, i32* %22, align 4 %25 = icmp sgt i32 %24, -1 br i1 %25, label %47, label %26 %27 = icmp ne i64* %20, null br i1 %27, label %28, label %31 %29 = load i64, i64* %20, align 8 %30 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %29, i64* %30, align 8 br label %31 %32 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %19, i32 %24, %struct.nfs4_exception* nonnull %3) #83 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !4 %35 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !4 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.233148** %7 = load %struct.nfs_renamedata.233148*, %struct.nfs_renamedata.233148** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %8, align 8 %10 = icmp eq %struct.nfs4_slot.233140* %9, null br i1 %10, label %18, label %11 %19 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 1 %20 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %19, align 8 %21 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 10 %22 = bitcast %struct.nfs4_exception* %4 to i8* %23 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = load i32, i32* %23, align 4 %26 = icmp sgt i32 %25, -1 br i1 %26, label %48, label %27 %28 = icmp ne i64* %21, null br i1 %28, label %29, label %32 %30 = load i64, i64* %21, align 8 %31 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %30, i64* %31, align 8 br label %32 %33 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %20, i32 %25, %struct.nfs4_exception* nonnull %4) #83 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !4 %35 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !4 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 1, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %44 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %43, align 8 %45 = icmp eq %struct.rpc_procinfo* %44, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %45, label %46, label %64 %65 = load i32, i32* %15, align 4 br label %66 %67 = phi i32 [ %65, %64 ], [ %59, %58 ] %68 = icmp sgt i32 %67, 0 br i1 %68, label %69, label %72 %70 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %71 = load %struct.inode*, %struct.inode** %70, align 8 call void bitcast (void (%struct.inode.214835*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %71) #83 br label %72 %73 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %74 = bitcast {}** %73 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %75 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %74, align 8 %76 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %75, null br i1 %76, label %79, label %77 %80 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.233131** %10 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = load i32, i32* %11, align 4 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %60 %37 = bitcast %struct.nfs4_exception* %3 to i8* %38 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %39 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %38, align 8 %40 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %39, i64 0, i32 5 %41 = bitcast %struct.nfs4_state.233157** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %45 = bitcast %struct.nfs_pgio_header.233175* %1 to i64* %46 = load i64, i64* %45, align 8 %47 = bitcast %struct.inode** %44 to i64* store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %49 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %49, %struct.nfs4_stateid_struct** %48, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %50, align 8 %51 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %51, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %52, align 1 %53 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %10, i32 %34, %struct.nfs4_exception* nonnull %3) #84 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !4 %35 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !4 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 2, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %44 = bitcast {}** %43 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %45 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %44, align 8 %46 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %45, null br i1 %46, label %49, label %47 %50 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = load i32, i32* %6, align 4 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %61 %32 = bitcast %struct.nfs4_exception* %3 to i8* %33 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %34 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %33, align 8 %35 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %34, i64 0, i32 5 %36 = bitcast %struct.nfs4_state.233157** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %37, i64* %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %40 = bitcast %struct.nfs_pgio_header.233175* %1 to i64* %41 = load i64, i64* %40, align 8 %42 = bitcast %struct.inode** %39 to i64* store i64 %41, i64* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %44 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %44, %struct.nfs4_stateid_struct** %43, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %49 = load %struct.super_block*, %struct.super_block** %48, align 8 %50 = getelementptr inbounds %struct.super_block, %struct.super_block* %49, i64 0, i32 28 %51 = bitcast i8** %50 to %struct.nfs_server.233131** %52 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %51, align 16 %53 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.233131* %52, i32 %29, %struct.nfs4_exception* nonnull %3) #84 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %1, i64 0, i32 0 %6 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %1, i32 %2, %struct.nfs4_exception* %3) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !4 %35 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !4 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #83 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %18 = bitcast %struct.nfs_fh** %16 to %struct.list_head*** %19 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %21 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %22 = bitcast %struct.nfs4_readlink_res* %8 to i8* %23 = bitcast %struct.rpc_message* %9 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs_setaclargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_readlink_res** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %30 = add i64 %2, 4095 %31 = icmp eq i64 %2, 0 %32 = and i64 %30, 17592186040320 %33 = icmp ugt i64 %32, 65536 %34 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %5 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %12, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %17, %struct.list_head*** %18, align 8 store i64 %2, i64* %19, align 8 store %struct.page** %21, %struct.page*** %20, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %24, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %26, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %28, align 8 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %31, label %165, label %63 %64 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %62, i64 0, i32 10 %65 = load i32, i32* %64, align 8 %66 = and i32 %65, 8 %67 = icmp eq i32 %66, 0 %68 = or i1 %67, %33 %69 = select i1 %67, i32 -95, i32 -34 br i1 %68, label %165, label %70 %71 = phi i32 [ %94, %83 ], [ 0, %63 ] %72 = phi %struct.page** [ %93, %83 ], [ %21, %63 ] %73 = phi i64 [ %92, %83 ], [ %2, %63 ] %74 = phi i8* [ %91, %83 ], [ %1, %63 ] %75 = icmp ult i64 %73, 4096 %76 = select i1 %75, i64 %73, i64 4096 %77 = call %struct.page* @alloc_pages(i32 3264, i32 0) #83 %78 = icmp eq %struct.page* %77, null br i1 %78, label %79, label %83 %80 = icmp sgt i32 %71, 0 br i1 %80, label %81, label %165 %82 = zext i32 %71 to i64 br label %96 %97 = phi i64 [ %82, %81 ], [ %104, %96 ] %98 = phi i32 [ %71, %81 ], [ %99, %96 ] %99 = add nsw i32 %98, -1 %100 = zext i32 %99 to i64 %101 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %100 %102 = load %struct.page*, %struct.page** %101, align 8 call void bitcast (void (%struct.page.135016*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %102, i32 0) #83 %103 = icmp sgt i64 %97, 1 %104 = add nsw i64 %97, -1 br i1 %103, label %96, label %165 %166 = phi i32 [ %135, %164 ], [ -22, %58 ], [ %69, %63 ], [ %94, %105 ], [ -12, %79 ], [ -12, %96 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %167)) #6 to label %187 [label %167], !srcloc !6 switch i32 %166, label %188 [ i32 -10039, label %197 i32 -10041, label %197 ] %189 = load %struct.super_block*, %struct.super_block** %12, align 8 %190 = getelementptr inbounds %struct.super_block, %struct.super_block* %189, i64 0, i32 28 %191 = bitcast i8** %190 to %struct.nfs_server.233131** %192 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %191, align 16 %193 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %192, i32 %166, %struct.nfs4_exception* nonnull %10) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !4 %35 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !4 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %16 = bitcast %struct.nfs_fh** %14 to %struct.list_head*** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %15, %struct.list_head*** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.233131* %62, %struct.nfs_server.233131** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #83 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #83 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %32, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %108, label %70 %109 = phi i32 [ %98, %106 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %110)) #6 to label %130 [label %110], !srcloc !4 %131 = load %struct.super_block*, %struct.super_block** %11, align 8 %132 = getelementptr inbounds %struct.super_block, %struct.super_block* %131, i64 0, i32 28 %133 = bitcast i8** %132 to %struct.nfs_server.233131** %134 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %133, align 16 %135 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %134, i32 %109, %struct.nfs4_exception* nonnull %8) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !4 %35 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !4 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %69, label %17 %70 = phi i32 [ -36, %16 ], [ %68, %21 ], [ -12, %17 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %71)) #6 to label %91 [label %71], !srcloc !4 %92 = load %struct.super_block*, %struct.super_block** %13, align 8 %93 = getelementptr inbounds %struct.super_block, %struct.super_block* %92, i64 0, i32 28 %94 = bitcast i8** %93 to %struct.nfs_server.233131** %95 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %94, align 16 %96 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %95, i32 %70, %struct.nfs4_exception* nonnull %7) #85 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !4 %35 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !4 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #84 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.233131* %0, i32 %1, %struct.nfs4_exception* %2) #83 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %0, i64 0, i32 0 %5 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.233157* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #83 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.237801** %7 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %7, i64 0, i32 0 %9 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 tail call void @__rcu_read_lock() #83 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 21, i32 1 %12 = bitcast %struct.list_head** %11 to %struct.nfs_delegation.233205** %13 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %12, align 8 %14 = icmp eq %struct.nfs_delegation.233205* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !4 %35 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.237866, %struct.nfs_client.237866* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !4 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_inode_make_writeable 2 _nfs4_do_setattr 3 nfs4_do_setattr 4 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %35 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %32, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = load volatile %struct.list_head*, %struct.list_head** %36, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %38 = icmp eq %struct.list_head* %37, %35 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %32, i64 0, i32 3, i32 1 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = icmp eq %struct.list_head* %41, %35 br i1 %42, label %45, label %43 %44 = tail call i32 @__break_lease(%struct.inode* %0, i32 3, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_inode_make_writeable 2 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.233146** %6 = load %struct.nfs_renameargs.233146*, %struct.nfs_renameargs.233146** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.233147** %9 = load %struct.nfs_renameres.233147*, %struct.nfs_renameres.233147** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %35 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %32, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = load volatile %struct.list_head*, %struct.list_head** %36, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %38 = icmp eq %struct.list_head* %37, %35 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %32, i64 0, i32 3, i32 1 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = icmp eq %struct.list_head* %41, %35 br i1 %42, label %45, label %43 %44 = tail call i32 @__break_lease(%struct.inode* %0, i32 3, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_inode_make_writeable 2 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %35 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %32, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = load volatile %struct.list_head*, %struct.list_head** %36, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %38 = icmp eq %struct.list_head* %37, %35 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %32, i64 0, i32 3, i32 1 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = icmp eq %struct.list_head* %41, %35 br i1 %42, label %45, label %43 %44 = tail call i32 @__break_lease(%struct.inode* %0, i32 3, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.233142** %6 = load %struct.nfs_removeargs.233142*, %struct.nfs_removeargs.233142** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.233144** %9 = load %struct.nfs_removeres.233144*, %struct.nfs_removeres.233144** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.233131** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #83 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %35 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %32, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = load volatile %struct.list_head*, %struct.list_head** %36, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %38 = icmp eq %struct.list_head* %37, %35 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %32, i64 0, i32 3, i32 1 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = icmp eq %struct.list_head* %41, %35 br i1 %42, label %45, label %43 %44 = tail call i32 @__break_lease(%struct.inode* %0, i32 3, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 _nfs4_do_setattr 4 nfs4_do_setattr 5 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %16, i64 0, i32 3 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %23, label %27 %28 = tail call i32 @__break_lease(%struct.inode* %0, i32 %14, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.233146** %6 = load %struct.nfs_renameargs.233146*, %struct.nfs_renameargs.233146** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.233147** %9 = load %struct.nfs_renameres.233147*, %struct.nfs_renameres.233147** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %16, i64 0, i32 3 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %23, label %27 %28 = tail call i32 @__break_lease(%struct.inode* %0, i32 %14, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %16, i64 0, i32 3 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %23, label %27 %28 = tail call i32 @__break_lease(%struct.inode* %0, i32 %14, i32 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.233142** %6 = load %struct.nfs_removeargs.233142*, %struct.nfs_removeargs.233142** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.233144** %9 = load %struct.nfs_removeres.233144*, %struct.nfs_removeres.233144** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.233131** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #83 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %16, i64 0, i32 3 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %23, label %27 %28 = tail call i32 @__break_lease(%struct.inode* %0, i32 %14, i32 32) #83 ------------- Good: 60 Bad: 16 Ignored: 25 Check Use of Function:proc_task_lookup Check Use of Function:cfg80211_register_wdev Check Use of Function:security_sb_kern_mount Check Use of Function:drm_atomic_set_property Check Use of Function:ext4_compat_ioctl Check Use of Function:snapshot_image_loaded Check Use of Function:ieee80211_vht_handle_opmode Check Use of Function:audit_log_multicast Use: =BAD PATH= Call Stack: 0 audit_multicast_unbind ------------- Path:  Function:audit_multicast_unbind tail call fastcc void @audit_log_multicast(i32 %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.62.10985, i64 0, i64 0), i32 0) #83 ------------- Good: 5 Bad: 1 Ignored: 0 Check Use of Function:efivar_entry_find Check Use of Function:i915_gem_ww_ctx_fini Check Use of Function:perf_compat_ioctl Check Use of Function:tcf_proto_signal_destroying Check Use of Function:ieee80211_recalc_ps_vif Check Use of Function:selnl_notify_setenforce Check Use of Function:__tcf_block_put Check Use of Function:rate_control_rate_update Check Use of Function:i915_perf_ioctl Check Use of Function:__tcf_block_find Check Use of Function:wbinvd_on_cpu Check Use of Function:snapshot_ioctl Use: =BAD PATH= Call Stack: 0 snapshot_compat_ioctl ------------- Path:  Function:snapshot_compat_ioctl switch i32 %1, label %6 [ i32 -2146946290, label %4 i32 -2146946285, label %4 i32 -2146946284, label %4 i32 1074017041, label %4 i32 1074541325, label %4 ] %7 = phi i64 [ %5, %4 ], [ %2, %3 ] %8 = tail call i64 @snapshot_ioctl(%struct.file* %0, i32 %1, i64 %7) #83 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:posix_clock_compat_ioctl Check Use of Function:ktime_add_safe Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %37 = call i64 @ktime_get() #83 %38 = load i64, i64* %7, align 8 %39 = call i64 @ktime_add_safe(i64 %37, i64 %38) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %37 = call i64 @ktime_get() #83 %38 = load i64, i64* %7, align 8 %39 = call i64 @ktime_add_safe(i64 %37, i64 %38) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %37 = call i64 @ktime_get() #83 %38 = load i64, i64* %7, align 8 %39 = call i64 @ktime_add_safe(i64 %37, i64 %38) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %37 = call i64 @ktime_get() #83 %38 = load i64, i64* %7, align 8 %39 = call i64 @ktime_add_safe(i64 %37, i64 %38) #83 ------------- Good: 8 Bad: 4 Ignored: 6 Check Use of Function:__SCT__tp_func_drv_channel_switch_beacon Check Use of Function:__tcf_get_next_proto Check Use of Function:tcf_chain_flush Check Use of Function:idr_remove Check Use of Function:ieee80211_recalc_ps Check Use of Function:tcf_fill_node Check Use of Function:nfs_file_read Check Use of Function:ieee80211_flush_queues Check Use of Function:map_files_d_revalidate Check Use of Function:task_set_jobctl_pending Check Use of Function:drm_lease_filter_crtcs Check Use of Function:dma_sync_single_for_cpu Check Use of Function:driver_unregister Check Use of Function:mqueue_create Check Use of Function:rtnl_configure_link Check Use of Function:vm_get_page_prot Check Use of Function:ieee80211_free_keys_iface Check Use of Function:simple_unlink Check Use of Function:replace_fd Check Use of Function:__SCT__tp_func_ext4_shutdown Check Use of Function:compat_blkdev_ioctl Check Use of Function:security_task_fix_setuid Check Use of Function:exit_shm Check Use of Function:rtc_set_time Check Use of Function:set_user Check Use of Function:rdev_set_wakeup Check Use of Function:uprobe_copy_process Check Use of Function:security_locked_down Use: =BAD PATH= Call Stack: 0 pccard_store_cis ------------- Path:  Function:pccard_store_cis %7 = tail call i32 @security_locked_down(i32 10) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_bus_pci_write ------------- Path:  Function:proc_bus_pci_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = tail call i8* @PDE_DATA(%struct.inode* %6) #83 %8 = bitcast i8* %7 to %struct.pci_dev.322187* %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds i8, i8* %7, i64 928 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 8 %14 = tail call i32 @security_locked_down(i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_bus_pci_ioctl ------------- Path:  Function:proc_bus_pci_ioctl %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = tail call i8* @PDE_DATA(%struct.inode* %5) #83 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.static_call_site** %9 = load %struct.static_call_site*, %struct.static_call_site** %8, align 8 %10 = tail call i32 @security_locked_down(i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_bus_pci_ioctl ------------- Path:  Function:proc_bus_pci_ioctl %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = tail call i8* @PDE_DATA(%struct.inode* %5) #83 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.static_call_site** %9 = load %struct.static_call_site*, %struct.static_call_site** %8, align 8 %10 = tail call i32 @security_locked_down(i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.313800* %9 = trunc i64 %5 to i32 %10 = tail call i32 @security_locked_down(i32 6) #83 ------------- Use: =BAD PATH= Call Stack: 0 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %63 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %29 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %30 = load i32, i32* %29, align 4 %31 = and i32 %30, 2 %32 = icmp eq i32 %31, 0 br i1 %32, label %63, label %33 %34 = inttoptr i64 %2 to i8* %35 = call i64 @_copy_from_user(i8* nonnull %5, i8* %34, i64 32) #83 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %63 %38 = call i32 @security_locked_down(i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %63 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %29 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %30 = load i32, i32* %29, align 4 %31 = and i32 %30, 2 %32 = icmp eq i32 %31, 0 br i1 %32, label %63, label %33 %34 = inttoptr i64 %2 to i8* %35 = call i64 @_copy_from_user(i8* nonnull %5, i8* %34, i64 32) #83 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %63 %38 = call i32 @security_locked_down(i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 msr_write ------------- Path:  Function:msr_write %5 = alloca [2 x i32], align 4 %6 = bitcast i8* %1 to i32* %7 = bitcast [2 x i32]* %5 to i8* %8 = load i64, i64* %3, align 8 %9 = trunc i64 %8 to i32 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.inode, %struct.inode* %11, i64 0, i32 13 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 1048575 %15 = tail call i32 @security_locked_down(i32 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 disk_store ------------- Path:  Function:disk_store %5 = load i1, i1* @nohibernate, align 4 br i1 %5, label %36, label %6 %7 = tail call i32 @security_locked_down(i32 5) #83 ------------- Use: =BAD PATH= Call Stack: 0 disk_show ------------- Path:  Function:disk_show %4 = load i1, i1* @nohibernate, align 4 br i1 %4, label %13, label %5 %6 = tail call i32 @security_locked_down(i32 5) #83 ------------- Use: =BAD PATH= Call Stack: 0 hibernation_available 1 is_hibernate_resume_dev 2 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug.289471, align 8 %4 = getelementptr inbounds %struct.kiocb.289133, %struct.kiocb.289133* %0, i64 0, i32 0 %5 = load %struct.file.289341*, %struct.file.289341** %4, align 8 %6 = getelementptr inbounds %struct.file.289341, %struct.file.289341* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.block_device.289220** %8 = load %struct.block_device.289220*, %struct.block_device.289220** %7, align 8 %9 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %8, i64 0, i32 7 %10 = load %struct.inode.289534*, %struct.inode.289534** %9, align 8 %11 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %8, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = shl i64 %12, 9 %14 = bitcast %struct.blk_plug.289471* %3 to i8* %15 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %8, i64 0, i32 4 %16 = load i8, i8* %15, align 8, !range !4 %17 = icmp eq i8 %16, 0 br i1 %17, label %18, label %83 %19 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %8, i64 0, i32 17 %20 = load %struct.gendisk.289218*, %struct.gendisk.289218** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.289218, %struct.gendisk.289218* %20, i64 0, i32 7 %22 = load %struct.block_device.289220*, %struct.block_device.289220** %21, align 8 %23 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %22, i64 0, i32 4 %24 = load i8, i8* %23, align 8, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %83 %27 = getelementptr inbounds %struct.gendisk.289218, %struct.gendisk.289218* %20, i64 0, i32 12 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 2 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %83 %32 = getelementptr inbounds %struct.inode.289534, %struct.inode.289534* %10, i64 0, i32 4 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 256 %35 = icmp eq i32 %34, 0 br i1 %35, label %41, label %36 %37 = getelementptr inbounds %struct.inode.289534, %struct.inode.289534* %10, i64 0, i32 13 %38 = load i32, i32* %37, align 4 %39 = tail call i32 @is_hibernate_resume_dev(i32 %38) #83 Function:is_hibernate_resume_dev %2 = tail call zeroext i1 @hibernation_available() #83 Function:hibernation_available %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %8, label %2 %3 = tail call i32 @security_locked_down(i32 5) #83 ------------- Use: =BAD PATH= Call Stack: 0 hibernation_available 1 snapshot_open ------------- Path:  Function:snapshot_open %3 = tail call zeroext i1 @hibernation_available() #83 Function:hibernation_available %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %8, label %2 %3 = tail call i32 @security_locked_down(i32 5) #83 ------------- Use: =BAD PATH= Call Stack: 0 hibernation_available 1 state_show.7841 ------------- Path:  Function:state_show.7841 %4 = load i8*, i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @pm_states, i64 0, i64 1), align 8 %5 = icmp eq i8* %4, null br i1 %5, label %10, label %6 %11 = phi i8* [ %9, %6 ], [ %2, %3 ] %12 = load i8*, i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @pm_states, i64 0, i64 2), align 8 %13 = icmp eq i8* %12, null br i1 %13, label %29, label %25 %26 = tail call i32 (i8*, i8*, ...) @sprintf(i8* %11, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.30.7830, i64 0, i64 0), i8* nonnull %12) #83 %27 = sext i32 %26 to i64 %28 = getelementptr i8, i8* %11, i64 %27 br label %29 %30 = phi i8* [ %28, %25 ], [ %11, %10 ] %31 = load i8*, i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @pm_states, i64 0, i64 3), align 8 %32 = icmp eq i8* %31, null br i1 %32, label %37, label %33 %34 = tail call i32 (i8*, i8*, ...) @sprintf(i8* %30, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.30.7830, i64 0, i64 0), i8* nonnull %31) #83 %35 = sext i32 %34 to i64 %36 = getelementptr i8, i8* %30, i64 %35 br label %37 %38 = phi i8* [ %36, %33 ], [ %30, %29 ] %39 = tail call zeroext i1 @hibernation_available() #84 Function:hibernation_available %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %8, label %2 %3 = tail call i32 @security_locked_down(i32 5) #83 ------------- Use: =BAD PATH= Call Stack: 0 hibernate 1 state_store ------------- Path:  Function:state_store %5 = tail call i8* @memchr(i8* %2, i32 10, i64 %3) #83 %6 = icmp eq i8* %5, null %7 = ptrtoint i8* %5 to i64 %8 = ptrtoint i8* %2 to i64 %9 = sub i64 %7, %8 %10 = select i1 %6, i64 %3, i64 %9 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 4 br i1 %12, label %13, label %16 %14 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.32.7842, i64 0, i64 0), i64 4) #83 %15 = icmp eq i32 %14, 0 br i1 %15, label %50, label %16 %51 = tail call i32 @hibernate() #83 Function:hibernate %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %7, label %2 %3 = tail call i32 @security_locked_down(i32 5) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_saved_tgids_open ------------- Path:  Function:tracing_saved_tgids_open %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_saved_cmdlines_open ------------- Path:  Function:tracing_saved_cmdlines_open %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_buffers_open ------------- Path:  Function:tracing_buffers_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_err_log_open ------------- Path:  Function:tracing_err_log_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = bitcast i8* %4 to %struct.trace_array* %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_time_stamp_mode_open ------------- Path:  Function:tracing_time_stamp_mode_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_clock_open ------------- Path:  Function:tracing_clock_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_pipe ------------- Path:  Function:tracing_open_pipe %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open ------------- Path:  Function:tracing_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_trace_options_open ------------- Path:  Function:tracing_trace_options_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 show_traces_open ------------- Path:  Function:show_traces_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = bitcast i8* %4 to %struct.trace_array* %6 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 dyn_event_open ------------- Path:  Function:dyn_event_open %3 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.108344*)*)(%struct.trace_array.108344* null) #83 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 ftrace_event_set_open ------------- Path:  Function:ftrace_event_set_open %3 = getelementptr inbounds %struct.inode.108445, %struct.inode.108445* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array.108344** %5 = load %struct.trace_array.108344*, %struct.trace_array.108344** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.108344*)*)(%struct.trace_array.108344* %5) #83 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 ftrace_event_set_pid_open ------------- Path:  Function:ftrace_event_set_pid_open %3 = getelementptr inbounds %struct.inode.108445, %struct.inode.108445* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array.108344** %5 = load %struct.trace_array.108344*, %struct.trace_array.108344** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.108344*)*)(%struct.trace_array.108344* %5) #83 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 ftrace_event_set_npid_open ------------- Path:  Function:ftrace_event_set_npid_open %3 = getelementptr inbounds %struct.inode.108445, %struct.inode.108445* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array.108344** %5 = load %struct.trace_array.108344*, %struct.trace_array.108344** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.108344*)*)(%struct.trace_array.108344* %5) #83 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 tracing_stat_open ------------- Path:  Function:tracing_stat_open %3 = getelementptr inbounds %struct.inode.105868, %struct.inode.105868* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 ftrace_formats_open ------------- Path:  Function:ftrace_formats_open %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 ftrace_event_avail_open ------------- Path:  Function:ftrace_event_avail_open %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 event_trigger_open ------------- Path:  Function:event_trigger_open %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 profile_open ------------- Path:  Function:profile_open %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 probes_open ------------- Path:  Function:probes_open %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 profile_open.12646 ------------- Path:  Function:profile_open.12646 %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 probes_open.12651 ------------- Path:  Function:probes_open.12651 %3 = tail call i32 @security_locked_down(i32 22) #83 ------------- Use: =BAD PATH= Call Stack: 0 open_kcore ------------- Path:  Function:open_kcore %3 = tail call i32 @security_locked_down(i32 18) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #83 ------------- Good: 64 Bad: 57 Ignored: 91 Check Use of Function:futex_lock_pi_atomic Check Use of Function:tcp_send_window_probe Check Use of Function:tg3_free_rings Check Use of Function:update_ref_ctr Check Use of Function:scsi_ioctl Use: =BAD PATH= Call Stack: 0 sg_ioctl ------------- Path:  Function:sg_ioctl %4 = alloca %struct.sg_request*, align 8 %5 = alloca %struct.wait_queue_entry, align 8 %6 = alloca %struct.sg_scsi_id, align 4 %7 = inttoptr i64 %2 to i8* %8 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.sg_fd** %10 = load %struct.sg_fd*, %struct.sg_fd** %9, align 8 %11 = icmp eq %struct.sg_fd* %10, null br i1 %11, label %781, label %12 %13 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %10, i64 0, i32 1 %14 = load %struct.sg_device*, %struct.sg_device** %13, align 8 %15 = icmp eq %struct.sg_device* %14, null br i1 %15, label %781, label %16 %17 = inttoptr i64 %2 to i32* %18 = bitcast %struct.sg_request** %4 to i8* %19 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 3 %22 = icmp ne i32 %21, 2 %23 = zext i1 %22 to i32 switch i32 %1, label %758 [ i32 8837, label %24 i32 8705, label %97 i32 8706, label %121 i32 8825, label %768 i32 8826, label %125 i32 8822, label %133 i32 8827, label %172 i32 8828, label %188 i32 8829, label %232 i32 8831, label %271 i32 8821, label %281 i32 8818, label %414 i32 8817, label %435 i32 8816, label %451 i32 8839, label %462 i32 8840, label %477 i32 8835, label %488 i32 8834, label %507 i32 8841, label %515 i32 8838, label %527 i32 8707, label %656 i32 1, label %679 i32 8830, label %690 i32 4711, label %705 i32 -1069018509, label %722 i32 4724, label %733 i32 4725, label %740 i32 4726, label %747 i32 21378, label %754 i32 21382, label %754 i32 21381, label %754 i32 8709, label %754 i32 8836, label %754 ] %680 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 7, i32 0 %681 = load volatile i32, i32* %680, align 4 %682 = icmp eq i32 %681, 0 br i1 %682, label %683, label %768 %684 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 0 %685 = load %struct.scsi_device.615267*, %struct.scsi_device.615267** %684, align 8 %686 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 8 %687 = load i32, i32* %686, align 4 %688 = tail call i32 bitcast (i32 (%struct.scsi_device.607757*, %struct.gendisk.607492*, i32, i32, i8*)* @scsi_ioctl to i32 (%struct.scsi_device.615267*, %struct.gendisk.289686*, i32, i32, i8*)*)(%struct.scsi_device.615267* %685, %struct.gendisk.289686* null, i32 %687, i32 1, i8* %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 sg_ioctl ------------- Path:  Function:sg_ioctl %4 = alloca %struct.sg_request*, align 8 %5 = alloca %struct.wait_queue_entry, align 8 %6 = alloca %struct.sg_scsi_id, align 4 %7 = inttoptr i64 %2 to i8* %8 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.sg_fd** %10 = load %struct.sg_fd*, %struct.sg_fd** %9, align 8 %11 = icmp eq %struct.sg_fd* %10, null br i1 %11, label %781, label %12 %13 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %10, i64 0, i32 1 %14 = load %struct.sg_device*, %struct.sg_device** %13, align 8 %15 = icmp eq %struct.sg_device* %14, null br i1 %15, label %781, label %16 %17 = inttoptr i64 %2 to i32* %18 = bitcast %struct.sg_request** %4 to i8* %19 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 3 %22 = icmp ne i32 %21, 2 %23 = zext i1 %22 to i32 switch i32 %1, label %758 [ i32 8837, label %24 i32 8705, label %97 i32 8706, label %121 i32 8825, label %768 i32 8826, label %125 i32 8822, label %133 i32 8827, label %172 i32 8828, label %188 i32 8829, label %232 i32 8831, label %271 i32 8821, label %281 i32 8818, label %414 i32 8817, label %435 i32 8816, label %451 i32 8839, label %462 i32 8840, label %477 i32 8835, label %488 i32 8834, label %507 i32 8841, label %515 i32 8838, label %527 i32 8707, label %656 i32 1, label %679 i32 8830, label %690 i32 4711, label %705 i32 -1069018509, label %722 i32 4724, label %733 i32 4725, label %740 i32 4726, label %747 i32 21378, label %754 i32 21382, label %754 i32 21381, label %754 i32 8709, label %754 i32 8836, label %754 ] %25 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 7, i32 0 %26 = load volatile i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %768 %29 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 0 %30 = load %struct.scsi_device.615267*, %struct.scsi_device.615267** %29, align 8 %31 = tail call i32 bitcast (i32 (%struct.scsi_device.608549*)* @scsi_block_when_processing_errors to i32 (%struct.scsi_device.615267*)*)(%struct.scsi_device.615267* %30) #83 %32 = icmp eq i32 %31, 0 br i1 %32, label %768, label %33 %34 = call fastcc i64 @sg_new_write(%struct.sg_fd* nonnull %10, %struct.file.289897* %0, i8* %7, i64 88, i32 %23, i32 1, %struct.sg_request** nonnull %4) #83 %35 = trunc i64 %34 to i32 %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %40 %38 = shl i64 %34, 32 %39 = ashr exact i64 %38, 32 br label %770 %771 = phi i64 [ %753, %747 ], [ %746, %740 ], [ %739, %733 ], [ %732, %722 ], [ %721, %705 ], [ %700, %698 ], [ %689, %683 ], [ %678, %660 ], [ %526, %515 ], [ %514, %507 ], [ %499, %497 ], [ %487, %477 ], [ %472, %470 ], [ %461, %451 ], [ %445, %443 ], [ %434, %414 ], [ %292, %290 ], [ %280, %271 ], [ %270, %262 ], [ %218, %209 ], [ %231, %224 ], [ %182, %180 ], [ %171, %170 ], [ %132, %125 ], [ %124, %121 ], [ %108, %106 ], [ %39, %37 ], [ %94, %87 ], [ %79, %95 ], [ %655, %654 ], [ %767, %759 ] %772 = trunc i64 %771 to i32 %773 = icmp eq i32 %772, -515 br i1 %773, label %774, label %781 %775 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %14, i64 0, i32 0 %776 = load %struct.scsi_device.615267*, %struct.scsi_device.615267** %775, align 8 %777 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 8 %778 = load i32, i32* %777, align 4 %779 = call i32 bitcast (i32 (%struct.scsi_device.607757*, %struct.gendisk.607492*, i32, i32, i8*)* @scsi_ioctl to i32 (%struct.scsi_device.615267*, %struct.gendisk.289686*, i32, i32, i8*)*)(%struct.scsi_device.615267* %776, %struct.gendisk.289686* null, i32 %778, i32 %1, i8* %7) #83 ------------- Good: 2 Bad: 2 Ignored: 0 Check Use of Function:i915_gem_object_pin_to_display_plane Check Use of Function:unlock_rename Check Use of Function:untrack_pfn Check Use of Function:usbdev_ioctl Check Use of Function:i8042_flush Check Use of Function:__i915_active_wait Check Use of Function:track_pfn_insert Check Use of Function:__SCT__tp_func_drv_sta_set_4addr Check Use of Function:drm_debugfs_cleanup Check Use of Function:ieee80211_free_keys Check Use of Function:vm_munmap Check Use of Function:drm_file_free Check Use of Function:xt_alloc_table_info Check Use of Function:dev_ingress_queue_create Check Use of Function:setup_swap_info Check Use of Function:hiddev_ioctl Check Use of Function:posix_acl_xattr_get Check Use of Function:vfat_lookup Check Use of Function:tty_write Check Use of Function:futex_top_waiter Check Use of Function:ipip6_newlink Check Use of Function:tty_compat_ioctl Check Use of Function:cgroup_cancel_fork Check Use of Function:snapshot_compat_ioctl Check Use of Function:xt_table_unlock Check Use of Function:drm_prime_init_file_private Check Use of Function:evdev_ioctl_compat Check Use of Function:vfat_unlink Check Use of Function:mon_bin_ioctl Use: =BAD PATH= Call Stack: 0 mon_bin_compat_ioctl ------------- Path:  Function:mon_bin_compat_ioctl %4 = alloca %struct.kernel_symbol, align 4 %5 = alloca %struct.kernel_symbol, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mon_reader_bin** %8 = load %struct.mon_reader_bin*, %struct.mon_reader_bin** %7, align 8 switch i32 %1, label %79 [ i32 1074565638, label %9 i32 1074565642, label %9 i32 -1072918009, label %32 i32 -2146921981, label %81 i32 37377, label %84 i32 37381, label %84 i32 37380, label %84 i32 37384, label %84 ] %85 = tail call i64 @mon_bin_ioctl(%struct.file* %0, i32 %1, i64 %2) #84 ------------- Use: =BAD PATH= Call Stack: 0 mon_bin_compat_ioctl ------------- Path:  Function:mon_bin_compat_ioctl %4 = alloca %struct.kernel_symbol, align 4 %5 = alloca %struct.kernel_symbol, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mon_reader_bin** %8 = load %struct.mon_reader_bin*, %struct.mon_reader_bin** %7, align 8 switch i32 %1, label %79 [ i32 1074565638, label %9 i32 1074565642, label %9 i32 -1072918009, label %32 i32 -2146921981, label %81 i32 37377, label %84 i32 37381, label %84 i32 37380, label %84 i32 37384, label %84 ] %82 = and i64 %2, 4294967295 %83 = tail call i64 @mon_bin_ioctl(%struct.file* %0, i32 -2146921981, i64 %82) #84 ------------- Good: 1 Bad: 2 Ignored: 2 Check Use of Function:ieee80211_roc_setup Check Use of Function:snd_seq_ioctl_compat Check Use of Function:sta_info_hash_del Check Use of Function:tty_ldisc_failto Check Use of Function:snd_ctl_ioctl_compat Check Use of Function:vfat_rename Check Use of Function:rdev_stop_nan Check Use of Function:reconfigure_super Check Use of Function:snd_timer_user_ioctl_compat Check Use of Function:drm_atomic_helper_dirtyfb Check Use of Function:__tcf_chain_get Check Use of Function:__ieee80211_tx_skb_tid_band Check Use of Function:napi_gro_receive Check Use of Function:xa_find_after Check Use of Function:netif_receive_skb_list Check Use of Function:ksys_sync_helper Check Use of Function:ieee80211_alloc_led_names Check Use of Function:send_sig_info Check Use of Function:bprm_execve Check Use of Function:xfrm_user_policy Check Use of Function:cfg80211_sme_assoc_timeout Check Use of Function:ieee80211_txq_teardown_flows Check Use of Function:__ftrace_trace_stack Check Use of Function:device_rename Check Use of Function:device_del Check Use of Function:wiphy_regulatory_deregister Check Use of Function:ieee80211_remove_interfaces Check Use of Function:register_inet6addr_notifier Check Use of Function:msr_ioctl Check Use of Function:down_read_killable Use: =BAD PATH= Call Stack: 0 __access_remote_vm 1 access_remote_vm 2 environ_read ------------- Path:  Function:environ_read %5 = load i64, i64* %3, align 8 %6 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mm_struct.176084** %8 = load %struct.mm_struct.176084*, %struct.mm_struct.176084** %7, align 8 %9 = icmp eq %struct.mm_struct.176084* %8, null br i1 %9, label %73, label %10 %11 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 40 %12 = load i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %73, label %14 %15 = tail call i64 @__get_free_pages(i32 3264, i32 0) #83 %16 = inttoptr i64 %15 to i8* %17 = icmp eq i64 %15, 0 br i1 %17, label %73, label %18 %19 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 12, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %70, label %22, !prof !4, !misexpect !5 %23 = phi i32 [ %30, %29 ], [ %20, %18 ] %24 = add i32 %23, 1 %25 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 %24, i32* %19, i32 %23) #6, !srcloc !6 %26 = extractvalue { i8, i32 } %25, 0 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %29, label %32, !prof !4, !misexpect !5 %33 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 29, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #83 %34 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 39 %35 = load i64, i64* %34, align 8 %36 = load i64, i64* %11, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %33) #83 %37 = icmp ne i64 %2, 0 %38 = sub i64 %36, %35 %39 = icmp ult i64 %5, %38 %40 = and i1 %39, %37 br i1 %40, label %41, label %67 %42 = phi i8* [ %62, %59 ], [ %1, %32 ] %43 = phi i64 [ %63, %59 ], [ %2, %32 ] %44 = phi i64 [ %61, %59 ], [ %5, %32 ] %45 = phi i32 [ %60, %59 ], [ 0, %32 ] %46 = add i64 %44, %35 %47 = sub i64 %36, %46 %48 = icmp ult i64 %43, 4096 %49 = select i1 %48, i64 %43, i64 4096 %50 = icmp ult i64 %49, %47 %51 = select i1 %50, i64 %49, i64 %47 %52 = trunc i64 %51 to i32 %53 = tail call i32 bitcast (i32 (%struct.mm_struct*, i64, i8*, i32, i32)* @access_remote_vm to i32 (%struct.mm_struct.176084*, i64, i8*, i32, i32)*)(%struct.mm_struct.176084* nonnull %8, i64 %46, i8* nonnull %16, i32 %52, i32 32768) #83 Function:access_remote_vm %6 = tail call i32 @__access_remote_vm(%struct.mm_struct* %0, i64 %1, i8* %2, i32 %3, i32 %4) #83 Function:__access_remote_vm %6 = alloca %struct.vm_area_struct*, align 8 %7 = alloca %struct.page*, align 8 %8 = bitcast %struct.vm_area_struct** %6 to i8* %9 = and i32 %4, 1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__access_remote_vm, %10)) #6 to label %11 [label %10], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %13 = tail call i32 @down_read_killable(%struct.rw_semaphore* %12) #83 ------------- Use: =BAD PATH= Call Stack: 0 __access_remote_vm 1 access_remote_vm 2 mem_rw 3 mem_read ------------- Path:  Function:mem_read %5 = tail call fastcc i64 @mem_rw(%struct.file.175888* %0, i8* %1, i64 %2, i64* %3, i32 0) #83 Function:mem_rw %6 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mm_struct.176084** %8 = load %struct.mm_struct.176084*, %struct.mm_struct.176084** %7, align 8 %9 = load i64, i64* %3, align 8 %10 = icmp eq %struct.mm_struct.176084* %8, null br i1 %10, label %71, label %11 %12 = tail call i64 @__get_free_pages(i32 3264, i32 0) #83 %13 = inttoptr i64 %12 to i8* %14 = icmp eq i64 %12, 0 br i1 %14, label %71, label %15 %16 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 12, i32 0 %17 = load volatile i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %69, label %19, !prof !4, !misexpect !5 %20 = phi i32 [ %27, %26 ], [ %17, %15 ] %21 = add i32 %20, 1 %22 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 %21, i32* %16, i32 %20) #6, !srcloc !6 %23 = extractvalue { i8, i32 } %22, 0 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %30 = icmp eq i32 %4, 0 %31 = xor i1 %30, true %32 = zext i1 %31 to i32 %33 = or i32 %32, 16 %34 = icmp eq i64 %2, 0 br i1 %34, label %66, label %35 %36 = phi i8* [ %61, %60 ], [ %1, %29 ] %37 = phi i64 [ %64, %60 ], [ %2, %29 ] %38 = phi i64 [ %62, %60 ], [ %9, %29 ] %39 = phi i64 [ %63, %60 ], [ 0, %29 ] %40 = icmp ult i64 %37, 4096 %41 = select i1 %40, i64 %37, i64 4096 br i1 %30, label %45, label %42 %43 = tail call i64 @_copy_from_user(i8* nonnull %13, i8* %36, i64 %41) #83 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %66 %46 = trunc i64 %41 to i32 %47 = tail call i32 bitcast (i32 (%struct.mm_struct*, i64, i8*, i32, i32)* @access_remote_vm to i32 (%struct.mm_struct.176084*, i64, i8*, i32, i32)*)(%struct.mm_struct.176084* nonnull %8, i64 %38, i8* nonnull %13, i32 %46, i32 %33) #83 Function:access_remote_vm %6 = tail call i32 @__access_remote_vm(%struct.mm_struct* %0, i64 %1, i8* %2, i32 %3, i32 %4) #83 Function:__access_remote_vm %6 = alloca %struct.vm_area_struct*, align 8 %7 = alloca %struct.page*, align 8 %8 = bitcast %struct.vm_area_struct** %6 to i8* %9 = and i32 %4, 1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__access_remote_vm, %10)) #6 to label %11 [label %10], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %13 = tail call i32 @down_read_killable(%struct.rw_semaphore* %12) #83 ------------- Use: =BAD PATH= Call Stack: 0 __access_remote_vm 1 access_remote_vm 2 mem_rw 3 mem_write ------------- Path:  Function:mem_write %5 = tail call fastcc i64 @mem_rw(%struct.file.175888* %0, i8* %1, i64 %2, i64* %3, i32 1) #83 Function:mem_rw %6 = getelementptr inbounds %struct.file.175888, %struct.file.175888* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mm_struct.176084** %8 = load %struct.mm_struct.176084*, %struct.mm_struct.176084** %7, align 8 %9 = load i64, i64* %3, align 8 %10 = icmp eq %struct.mm_struct.176084* %8, null br i1 %10, label %71, label %11 %12 = tail call i64 @__get_free_pages(i32 3264, i32 0) #83 %13 = inttoptr i64 %12 to i8* %14 = icmp eq i64 %12, 0 br i1 %14, label %71, label %15 %16 = getelementptr inbounds %struct.mm_struct.176084, %struct.mm_struct.176084* %8, i64 0, i32 0, i32 12, i32 0 %17 = load volatile i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %69, label %19, !prof !4, !misexpect !5 %20 = phi i32 [ %27, %26 ], [ %17, %15 ] %21 = add i32 %20, 1 %22 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16, i32 %21, i32* %16, i32 %20) #6, !srcloc !6 %23 = extractvalue { i8, i32 } %22, 0 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %29, !prof !4, !misexpect !5 %30 = icmp eq i32 %4, 0 %31 = xor i1 %30, true %32 = zext i1 %31 to i32 %33 = or i32 %32, 16 %34 = icmp eq i64 %2, 0 br i1 %34, label %66, label %35 %36 = phi i8* [ %61, %60 ], [ %1, %29 ] %37 = phi i64 [ %64, %60 ], [ %2, %29 ] %38 = phi i64 [ %62, %60 ], [ %9, %29 ] %39 = phi i64 [ %63, %60 ], [ 0, %29 ] %40 = icmp ult i64 %37, 4096 %41 = select i1 %40, i64 %37, i64 4096 br i1 %30, label %45, label %42 %43 = tail call i64 @_copy_from_user(i8* nonnull %13, i8* %36, i64 %41) #83 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %66 %46 = trunc i64 %41 to i32 %47 = tail call i32 bitcast (i32 (%struct.mm_struct*, i64, i8*, i32, i32)* @access_remote_vm to i32 (%struct.mm_struct.176084*, i64, i8*, i32, i32)*)(%struct.mm_struct.176084* nonnull %8, i64 %38, i8* nonnull %13, i32 %46, i32 %33) #83 Function:access_remote_vm %6 = tail call i32 @__access_remote_vm(%struct.mm_struct* %0, i64 %1, i8* %2, i32 %3, i32 %4) #83 Function:__access_remote_vm %6 = alloca %struct.vm_area_struct*, align 8 %7 = alloca %struct.page*, align 8 %8 = bitcast %struct.vm_area_struct** %6 to i8* %9 = and i32 %4, 1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__access_remote_vm, %10)) #6 to label %11 [label %10], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %13 = tail call i32 @down_read_killable(%struct.rw_semaphore* %12) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __ia32_sys_kcmp ------------- Path:  Function:__ia32_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_kcmp(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_kcmp %6 = alloca %struct.kernel_symbol, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void @__rcu_read_lock() #83 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #83 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #83 %12 = icmp ne %struct.task_struct* %10, null %13 = icmp ne %struct.task_struct* %11, null %14 = and i1 %12, %13 br i1 %14, label %15, label %261 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #83 br label %26 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 0 br i1 %30, label %35, label %31, !prof !5, !misexpect !6 %32 = add i32 %29, 1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !7, !misexpect !6 %36 = phi i32 [ 2, %26 ], [ 1, %31 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %27, i32 %36) #83 br label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 104 %39 = load %struct.signal_struct*, %struct.signal_struct** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %39, i64 0, i32 60 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 104 %42 = load %struct.signal_struct*, %struct.signal_struct** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %42, i64 0, i32 60 %44 = icmp ugt %struct.signal_struct* %42, %39 %45 = select i1 %44, %struct.rw_semaphore* %40, %struct.rw_semaphore* %43 %46 = select i1 %44, %struct.rw_semaphore* %43, %struct.rw_semaphore* %40 %47 = tail call i32 @down_read_killable(%struct.rw_semaphore* %46) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __x64_sys_kcmp ------------- Path:  Function:__x64_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_kcmp(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_kcmp %6 = alloca %struct.kernel_symbol, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void @__rcu_read_lock() #83 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #83 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #83 %12 = icmp ne %struct.task_struct* %10, null %13 = icmp ne %struct.task_struct* %11, null %14 = and i1 %12, %13 br i1 %14, label %15, label %261 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #83 br label %26 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 0 br i1 %30, label %35, label %31, !prof !5, !misexpect !6 %32 = add i32 %29, 1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !7, !misexpect !6 %36 = phi i32 [ 2, %26 ], [ 1, %31 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %27, i32 %36) #83 br label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 104 %39 = load %struct.signal_struct*, %struct.signal_struct** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %39, i64 0, i32 60 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 104 %42 = load %struct.signal_struct*, %struct.signal_struct** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %42, i64 0, i32 60 %44 = icmp ugt %struct.signal_struct* %42, %39 %45 = select i1 %44, %struct.rw_semaphore* %40, %struct.rw_semaphore* %43 %46 = select i1 %44, %struct.rw_semaphore* %43, %struct.rw_semaphore* %40 %47 = tail call i32 @down_read_killable(%struct.rw_semaphore* %46) #83 ------------- Good: 36 Bad: 5 Ignored: 40 Check Use of Function:acpi_cppc_processor_exit Check Use of Function:register_inetaddr_notifier Check Use of Function:io_acct_cancel_pending_work Check Use of Function:rfkill_destroy Check Use of Function:rfkill_register Check Use of Function:may_delete Check Use of Function:cfg80211_radar_event Check Use of Function:cfg80211_chandef_dfs_required Check Use of Function:ieee80211_mgd_stop Check Use of Function:futex_q_unlock Check Use of Function:ieee80211_color_change_finalize Check Use of Function:ieee80211_sta_wmm_params Check Use of Function:timens_install Check Use of Function:ieee80211_xmit_fast_finish Check Use of Function:call_netevent_notifiers Check Use of Function:cfg80211_report_obss_beacon_khz Check Use of Function:ieee80211_determine_chantype Check Use of Function:swsusp_free Check Use of Function:ieee80211_set_disassoc Check Use of Function:__sta_info_destroy_part2 Check Use of Function:__put_cred Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %348 = phi %struct.cred.265010* [ %346, %344 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %349 = phi %struct.__key_reference_with_attributes* [ %345, %344 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %350 = icmp eq %struct.cred.265010* %348, null br i1 %350, label %357, label %351 %352 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %348, i64 0, i32 0, i32 0 %353 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %352, i32* %352) #6, !srcloc !11 %354 = and i8 %353, 1 %355 = icmp eq i8 %354, 0 br i1 %355, label %357, label %356 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %348) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %348 = phi %struct.cred.265010* [ %346, %344 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %349 = phi %struct.__key_reference_with_attributes* [ %345, %344 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %350 = icmp eq %struct.cred.265010* %348, null br i1 %350, label %357, label %351 %352 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %348, i64 0, i32 0, i32 0 %353 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %352, i32* %352) #6, !srcloc !11 %354 = and i8 %353, 1 %355 = icmp eq i8 %354, 0 br i1 %355, label %357, label %356 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %348) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_keyring_move 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %348 = phi %struct.cred.265010* [ %346, %344 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %349 = phi %struct.__key_reference_with_attributes* [ %345, %344 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %350 = icmp eq %struct.cred.265010* %348, null br i1 %350, label %357, label %351 %352 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %348, i64 0, i32 0, i32 0 %353 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %352, i32* %352) #6, !srcloc !11 %354 = and i8 %353, 1 %355 = icmp eq i8 %354, 0 br i1 %355, label %357, label %356 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %348) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %348 = phi %struct.cred.265010* [ %346, %344 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %349 = phi %struct.__key_reference_with_attributes* [ %345, %344 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %350 = icmp eq %struct.cred.265010* %348, null br i1 %350, label %357, label %351 %352 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %348, i64 0, i32 0, i32 0 %353 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %352, i32* %352) #6, !srcloc !11 %354 = and i8 %353, 1 %355 = icmp eq i8 %354, 0 br i1 %355, label %357, label %356 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %348) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %348 = phi %struct.cred.265010* [ %346, %344 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %349 = phi %struct.__key_reference_with_attributes* [ %345, %344 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %350 = icmp eq %struct.cred.265010* %348, null br i1 %350, label %357, label %351 %352 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %348, i64 0, i32 0, i32 0 %353 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %352, i32* %352) #6, !srcloc !11 %354 = and i8 %353, 1 %355 = icmp eq i8 %354, 0 br i1 %355, label %357, label %356 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %348) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 16 %126 = load %struct.key.264821*, %struct.key.264821** %125, align 8 %127 = icmp eq %struct.key.264821* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #84 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %344, label %365 %366 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %367 = icmp eq %struct.cred.265010* %366, null br i1 %367, label %368, label %369 %370 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %366, i64 0, i32 0, i32 0 %371 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %370, i32* %370) #6, !srcloc !11 %372 = and i8 %371, 1 %373 = icmp eq i8 %372, 0 br i1 %373, label %368, label %374 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %366) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 16 %126 = load %struct.key.264821*, %struct.key.264821** %125, align 8 %127 = icmp eq %struct.key.264821* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #84 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %344, label %365 %366 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %367 = icmp eq %struct.cred.265010* %366, null br i1 %367, label %368, label %369 %370 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %366, i64 0, i32 0, i32 0 %371 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %370, i32* %370) #6, !srcloc !11 %372 = and i8 %371, 1 %373 = icmp eq i8 %372, 0 br i1 %373, label %368, label %374 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %366) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_keyring_move 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #83 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 16 %126 = load %struct.key.264821*, %struct.key.264821** %125, align 8 %127 = icmp eq %struct.key.264821* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #84 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %344, label %365 %366 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %367 = icmp eq %struct.cred.265010* %366, null br i1 %367, label %368, label %369 %370 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %366, i64 0, i32 0, i32 0 %371 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %370, i32* %370) #6, !srcloc !11 %372 = and i8 %371, 1 %373 = icmp eq i8 %372, 0 br i1 %373, label %368, label %374 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %366) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 16 %126 = load %struct.key.264821*, %struct.key.264821** %125, align 8 %127 = icmp eq %struct.key.264821* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #84 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %344, label %365 %366 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %367 = icmp eq %struct.cred.265010* %366, null br i1 %367, label %368, label %369 %370 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %366, i64 0, i32 0, i32 0 %371 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %370, i32* %370) #6, !srcloc !11 %372 = and i8 %371, 1 %373 = icmp eq i8 %372, 0 br i1 %373, label %368, label %374 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %366) #83 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.265228, align 8 %5 = alloca %struct.key.264821*, align 8 %6 = alloca %struct.key.264821*, align 8 %7 = bitcast %struct.keyring_search_context.265228* %4 to i8* %8 = bitcast %struct.key.264821** %5 to i8* %9 = bitcast %struct.key.264821** %6 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.265185** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.265185**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.265185* %12 = getelementptr inbounds %struct.task_struct.265185, %struct.task_struct.265185* %11, i64 0, i32 94 %13 = getelementptr inbounds %struct.keyring_search_context.265228, %struct.keyring_search_context.265228* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.265010*, %struct.cred.265010** %12, align 8 %18 = icmp eq %struct.cred.265010* %17, null br i1 %18, label %23, label %19 store %struct.cred.265010* %17, %struct.cred.265010** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %347 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %17, i64 0, i32 16 %126 = load %struct.key.264821*, %struct.key.264821** %125, align 8 %127 = icmp eq %struct.key.264821* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.264821, %struct.key.264821* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #84 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %344, label %365 %366 = load %struct.cred.265010*, %struct.cred.265010** %13, align 8 %367 = icmp eq %struct.cred.265010* %366, null br i1 %367, label %368, label %369 %370 = getelementptr inbounds %struct.cred.265010, %struct.cred.265010* %366, i64 0, i32 0, i32 0 %371 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %370, i32* %370) #6, !srcloc !11 %372 = and i8 %371, 1 %373 = icmp eq i8 %372, 0 br i1 %373, label %368, label %374 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.265010*)*)(%struct.cred.265010* nonnull %366) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 _nfs4_do_setattr 4 nfs4_do_setattr 5 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.cred, %struct.cred* %195, i64 0, i32 0, i32 0 %199 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %198, i32* %198) #6, !srcloc !11 %200 = and i8 %199, 1 %201 = icmp eq i8 %200, 0 br i1 %201, label %203, label %202 tail call void @__put_cred(%struct.cred* nonnull %195) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.233146** %6 = load %struct.nfs_renameargs.233146*, %struct.nfs_renameargs.233146** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.233147** %9 = load %struct.nfs_renameres.233147*, %struct.nfs_renameres.233147** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.cred, %struct.cred* %195, i64 0, i32 0, i32 0 %199 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %198, i32* %198) #6, !srcloc !11 %200 = and i8 %199, 1 %201 = icmp eq i8 %200, 0 br i1 %201, label %203, label %202 tail call void @__put_cred(%struct.cred* nonnull %195) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.cred, %struct.cred* %195, i64 0, i32 0, i32 0 %199 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %198, i32* %198) #6, !srcloc !11 %200 = and i8 %199, 1 %201 = icmp eq i8 %200, 0 br i1 %201, label %203, label %202 tail call void @__put_cred(%struct.cred* nonnull %195) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.233142** %6 = load %struct.nfs_removeargs.233142*, %struct.nfs_removeargs.233142** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.233144** %9 = load %struct.nfs_removeres.233144*, %struct.nfs_removeres.233144** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.233131** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #83 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 br i1 %169, label %182, label %176 %177 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 %178 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %177, i32* %177) #6, !srcloc !11 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %182, label %181 tail call void @__put_cred(%struct.cred* nonnull %168) #83 br label %182 %183 = phi i32 [ %150, %160 ], [ 0, %161 ], [ %175, %174 ], [ %175, %176 ], [ %175, %181 ] %184 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 8 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !12 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %194 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %195 = load %struct.cred*, %struct.cred** %194, align 8 %196 = icmp eq %struct.cred* %195, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.cred, %struct.cred* %195, i64 0, i32 0, i32 0 %199 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %198, i32* %198) #6, !srcloc !11 %200 = and i8 %199, 1 %201 = icmp eq i8 %200, 0 br i1 %201, label %203, label %202 tail call void @__put_cred(%struct.cred* nonnull %195) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_complete_unlink 1 nfs_dentry_iput ------------- Path:  Function:nfs_dentry_iput %3 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 4096 %6 = icmp eq i32 %5, 0 br i1 %6, label %18, label %7 tail call void bitcast (void (%struct.dentry.220135*, %struct.inode.220132*)* @nfs_complete_unlink to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %0, %struct.inode* %1) #83 Function:nfs_complete_unlink %3 = alloca %struct.rpc_message.220176, align 8 %4 = alloca %struct.rpc_task_setup.220214, align 8 %5 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %0, i64 0, i32 7, i32 0 %6 = bitcast %struct.anon.1* %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #83 %7 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %0, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, -4097 store i32 %9, i32* %7, align 8 %10 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %0, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.nfs_unlinkdata.220198** %12 = load %struct.nfs_unlinkdata.220198*, %struct.nfs_unlinkdata.220198** %11, align 8 store i8* null, i8** %10, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %6) #83 %13 = getelementptr %struct.inode.220132, %struct.inode.220132* %1, i64 -1, i32 24, i32 4 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 9 %15 = bitcast %struct.list_head* %14 to i64* %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 2 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %115 %20 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %0, i64 0, i32 3 %21 = load %struct.dentry.220135*, %struct.dentry.220135** %20, align 8 %22 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %21, i64 0, i32 5 %23 = load %struct.inode.220132*, %struct.inode.220132** %22, align 8 %24 = getelementptr %struct.inode.220132, %struct.inode.220132* %23, i64 -1, i32 24, i32 4 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 15, i32 1 %26 = bitcast %struct.list_head** %25 to %struct.rw_semaphore* tail call void @down_read(%struct.rw_semaphore* %26) #83 %27 = load %struct.dentry.220135*, %struct.dentry.220135** %20, align 8 %28 = getelementptr inbounds %struct.nfs_unlinkdata.220198, %struct.nfs_unlinkdata.220198* %12, i64 0, i32 0, i32 2 %29 = getelementptr inbounds %struct.nfs_unlinkdata.220198, %struct.nfs_unlinkdata.220198* %12, i64 0, i32 3 %30 = tail call %struct.dentry.220135* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.220135* (%struct.dentry.220135*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.220135* %27, %struct.qstr* %28, %struct.wait_queue_head* %29) #83 %31 = icmp ugt %struct.dentry.220135* %30, inttoptr (i64 -4096 to %struct.dentry.220135*) br i1 %31, label %32, label %33 %34 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %30, i64 0, i32 0 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, 268435456 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %53 %39 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %30, i64 0, i32 7, i32 0 %40 = bitcast %struct.anon.1* %39 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %40) #83 %41 = getelementptr inbounds %struct.dentry.220135, %struct.dentry.220135* %30, i64 0, i32 5 %42 = load %struct.inode.220132*, %struct.inode.220132** %41, align 8 %43 = icmp eq %struct.inode.220132* %42, null br i1 %43, label %113, label %44 %45 = load i32, i32* %34, align 8 %46 = and i32 %45, 4096 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %114 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %40) #83 tail call void bitcast (void (%struct.dentry.148048*)* @dput to void (%struct.dentry.220135*)*)(%struct.dentry.220135* %30) #83 tail call void @up_read(%struct.rw_semaphore* %26) #83 tail call void @kfree(i8* null) #83 br label %115 %116 = getelementptr inbounds %struct.nfs_unlinkdata.220198, %struct.nfs_unlinkdata.220198* %12, i64 0, i32 4 %117 = load %struct.cred*, %struct.cred** %116, align 8 %118 = icmp eq %struct.cred* %117, null br i1 %118, label %125, label %119 %120 = getelementptr inbounds %struct.cred, %struct.cred* %117, i64 0, i32 0, i32 0 %121 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32* %120) #6, !srcloc !4 %122 = and i8 %121, 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %125, label %124 tail call void @__put_cred(%struct.cred* nonnull %117) #83 ------------- Use: =BAD PATH= Call Stack: 0 __put_nfs_open_context 1 nfs_file_clear_open_context 2 nfs_file_release ------------- Path:  Function:nfs_file_release %3 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %0, i64 0, i32 8 %4 = load %struct.super_block.213267*, %struct.super_block.213267** %3, align 8 %5 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.213423** %7 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %7, i64 0, i32 6 %9 = load %struct.nfs_iostats*, %struct.nfs_iostats** %8, align 8 %10 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %9, i64 0, i32 1, i64 17 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %10, i64* %10) #6, !srcloc !4 tail call void bitcast (void (%struct.file.214359*)* @nfs_file_clear_open_context to void (%struct.file.213286*)*)(%struct.file.213286* %1) #83 Function:nfs_file_clear_open_context %2 = getelementptr inbounds %struct.file.214359, %struct.file.214359* %0, i64 0, i32 16 %3 = bitcast i8** %2 to %struct.nfs_open_context.214915** %4 = load %struct.nfs_open_context.214915*, %struct.nfs_open_context.214915** %3, align 8 %5 = icmp eq %struct.nfs_open_context.214915* %4, null br i1 %5, label %21, label %6 %7 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %4, i64 0, i32 2 %8 = load %struct.dentry.214823*, %struct.dentry.214823** %7, align 8 %9 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %8, i64 0, i32 5 %10 = load %struct.inode.214835*, %struct.inode.214835** %9, align 8 %11 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %4, i64 0, i32 7 %12 = bitcast i64* %11 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %12, i32 -17, i8* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %4, i64 0, i32 8 %14 = load i32, i32* %13, align 8 %15 = icmp slt i32 %14, 0 br i1 %15, label %16, label %20 %17 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %10, i64 0, i32 9 %18 = load %struct.address_space.214836*, %struct.address_space.214836** %17, align 8 %19 = tail call i32 bitcast (i32 (%struct.address_space.121998*)* @invalidate_inode_pages2 to i32 (%struct.address_space.214836*)*)(%struct.address_space.214836* %18) #83 br label %20 store i8* null, i8** %2, align 8 tail call fastcc void @__put_nfs_open_context(%struct.nfs_open_context.214915* nonnull %4, i32 1) #83 Function:__put_nfs_open_context %3 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 2 %4 = load %struct.dentry.214823*, %struct.dentry.214823** %3, align 8 %5 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %4, i64 0, i32 5 %6 = load %struct.inode.214835*, %struct.inode.214835** %5, align 8 %7 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %4, i64 0, i32 9 %8 = load %struct.super_block.214819*, %struct.super_block.214819** %7, align 8 %9 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0 %10 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 9 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %30, label %23 %31 = icmp eq %struct.inode.214835* %6, null br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 3 %46 = load %struct.cred*, %struct.cred** %45, align 8 %47 = icmp eq %struct.cred* %46, null br i1 %47, label %54, label %48 %49 = getelementptr inbounds %struct.cred, %struct.cred* %46, i64 0, i32 0, i32 0 %50 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %49, i32* %49) #6, !srcloc !8 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %54, label %53 tail call void @__put_cred(%struct.cred* nonnull %46) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 %69 = xor i1 %68, true %70 = or i1 %47, %69 br i1 %70, label %83, label %71 br i1 %3, label %72, label %107 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 %73 = load %struct.super_block*, %struct.super_block** %45, align 8 %74 = getelementptr inbounds %struct.super_block, %struct.super_block* %73, i64 0, i32 28 %75 = bitcast i8** %74 to %struct.nfs_server.212651** %76 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %75, align 16 %77 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %76, %struct.inode* %0) #83 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %110 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %80 = load i64, i64* %7, align 8 %81 = and i64 %80, 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %46, label %109 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %38) #83 tail call void @nfs_access_zap_cache(%struct.inode* %0) #83 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %81, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %25, label %16 %26 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 12 %28 = bitcast %struct.list_head* %27 to %struct.rb_root* %29 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %30 = icmp eq %struct.rb_node* %29, null br i1 %30, label %47, label %31 %32 = phi %struct.rb_node* [ %45, %31 ], [ %29, %25 ] call void @rb_erase(%struct.rb_node* nonnull %32, %struct.rb_root* %28) #83 %33 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1 %34 = bitcast %struct.rb_node* %33 to %struct.list_head* %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %32, i64 1, i32 1 %36 = bitcast %struct.rb_node** %35 to %struct.list_head** %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = bitcast %struct.rb_node* %33 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 1 store %struct.list_head* %37, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 0 store volatile %struct.list_head* %39, %struct.list_head** %41, align 8 %42 = load %struct.list_head*, %struct.list_head** %4, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.rb_node** store %struct.rb_node* %33, %struct.rb_node** %44, align 8 store %struct.list_head* %42, %struct.list_head** %38, align 8 store %struct.list_head* %2, %struct.list_head** %36, align 8 store volatile %struct.list_head* %34, %struct.list_head** %4, align 8 %45 = call %struct.rb_node* @rb_first(%struct.rb_root* %28) #83 %46 = icmp eq %struct.rb_node* %45, null br i1 %46, label %47, label %31 %48 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 9, i32 1 %49 = bitcast %struct.list_head** %48 to i64* %50 = load i64, i64* %49, align 8 %51 = and i64 %50, -9 store i64 %51, i64* %49, align 8 call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #83 %52 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %53 = icmp eq %struct.list_head* %52, %2 br i1 %53, label %81, label %54 %55 = phi %struct.list_head* [ %79, %78 ], [ %52, %47 ] %56 = getelementptr %struct.list_head, %struct.list_head* %55, i64 -2, i32 1 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %55, i64 0, i32 1 %58 = load %struct.list_head*, %struct.list_head** %57, align 8 %59 = getelementptr %struct.list_head, %struct.list_head* %55, i64 0, i32 0 %60 = load %struct.list_head*, %struct.list_head** %59, align 8 %61 = getelementptr inbounds %struct.list_head, %struct.list_head* %60, i64 0, i32 1 store %struct.list_head* %58, %struct.list_head** %61, align 8 %62 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 0 store volatile %struct.list_head* %60, %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %59, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %57, align 8 %63 = getelementptr %struct.list_head, %struct.list_head* %55, i64 1 %64 = bitcast %struct.list_head* %63 to %struct.cred** %65 = load %struct.cred*, %struct.cred** %64, align 8 %66 = icmp eq %struct.cred* %65, null br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.cred, %struct.cred* %65, i64 0, i32 0, i32 0 %69 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %68, i32* %68) #6, !srcloc !5 %70 = and i8 %69, 1 %71 = icmp eq i8 %70, 0 br i1 %71, label %73, label %72 call void @__put_cred(%struct.cred* nonnull %65) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_fs_context 1 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.156180*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #83 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 5 %3 = load %struct.dentry.156117*, %struct.dentry.156117** %2, align 8 %4 = icmp eq %struct.dentry.156117* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.155755*, %struct.fs_context_operations.155755** %15, align 8 %17 = icmp eq %struct.fs_context_operations.155755* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.155755, %struct.fs_context_operations.155755* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.156180*)*, void (%struct.fs_context.156180*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.156180*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #83 %25 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 %32 = add i32 %29, -1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !5, !misexpect !6 %38 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 8 %39 = load %struct.cred*, %struct.cred** %38, align 8 %40 = icmp eq %struct.cred* %39, null br i1 %40, label %47, label %41 %42 = getelementptr inbounds %struct.cred, %struct.cred* %39, i64 0, i32 0, i32 0 %43 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32* %42) #6, !srcloc !8 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %47, label %46 tail call void @__put_cred(%struct.cred* nonnull %39) #83 ------------- Good: 157 Bad: 59 Ignored: 133 Check Use of Function:xt_compat_match_offset Check Use of Function:ieee80211_chandef_downgrade Check Use of Function:vfs_path_lookup Check Use of Function:cleanup_single_sta Check Use of Function:netif_carrier_off Check Use of Function:ata_acpi_ap_uevent Check Use of Function:ieee80211_set_wmm_default Check Use of Function:ieee80211_led_assoc Check Use of Function:__mmap_lock_do_trace_acquire_returned Check Use of Function:ieee80211_reset_erp_info Check Use of Function:ieee80211_purge_tx_queue Check Use of Function:drv_stop_ap Check Use of Function:inet6_addr_add Check Use of Function:cfg80211_cac_event Check Use of Function:security_context_to_sid Check Use of Function:acpi_update_all_gpes Check Use of Function:inet_addr_type_table Check Use of Function:ieee80211_add_virtual_monitor Check Use of Function:unapply_uprobe Check Use of Function:ieee80211_recalc_idle Check Use of Function:putback_movable_pages Check Use of Function:__hw_addr_unsync Check Use of Function:ieee80211_txq_remove_vlan Check Use of Function:security_msg_queue_associate Use: =BAD PATH= Call Stack: 0 __x64_sys_msgget ------------- Path:  Function:__x64_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 103 %13 = load %struct.nsproxy*, %struct.nsproxy** %12, align 64 %14 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %16, align 8 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %17, align 4 %18 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 0, i64 1 %19 = call i32 bitcast (i32 (%struct.ipc_namespace.259985*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.260893*, %struct.ipc_params*)*)(%struct.ipc_namespace* %15, %struct.ipc_ids* %18, %struct.ipc_ops.260893* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_msgget ------------- Path:  Function:__ia32_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 103 %13 = load %struct.nsproxy*, %struct.nsproxy** %12, align 64 %14 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace*, %struct.ipc_namespace** %14, align 8 %16 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %16, align 8 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %17, align 4 %18 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %15, i64 0, i32 0, i64 1 %19 = call i32 bitcast (i32 (%struct.ipc_namespace.259985*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.260893*, %struct.ipc_params*)*)(%struct.ipc_namespace* %15, %struct.ipc_ids* %18, %struct.ipc_ops.260893* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_msgget 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #83 Function:compat_ksys_ipc %7 = alloca %struct.static_call_site, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %71 = tail call i64 @ksys_msgget(i32 %1, i32 %2) #83 Function:ksys_msgget %3 = alloca %struct.ipc_params, align 8 %4 = bitcast %struct.ipc_params* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 103 %8 = load %struct.nsproxy*, %struct.nsproxy** %7, align 64 %9 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %8, i64 0, i32 2 %10 = load %struct.ipc_namespace*, %struct.ipc_namespace** %9, align 8 %11 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 store i32 %0, i32* %11, align 8 %12 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 store i32 %1, i32* %12, align 4 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %10, i64 0, i32 0, i64 1 %14 = call i32 bitcast (i32 (%struct.ipc_namespace.259985*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.260893*, %struct.ipc_params*)*)(%struct.ipc_namespace* %10, %struct.ipc_ids* %13, %struct.ipc_ops.260893* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %3) #83 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:ieee80211_configure_filter Check Use of Function:__SCT__tp_func_drv_leave_ibss Check Use of Function:ieee80211_rx_bss_put Check Use of Function:ieee80211_check_fast_xmit Check Use of Function:futex_wait_queue Check Use of Function:__mnt_drop_write Check Use of Function:blkdev_read_iter Check Use of Function:shmem_rename2 Check Use of Function:tasklet_setup Check Use of Function:acpi_run_osc Check Use of Function:bus_set_iommu Check Use of Function:populate_vma_page_range Check Use of Function:ieee80211_tx_h_select_key Check Use of Function:ieee80211_xmit Check Use of Function:ieee80211_tx_frags Check Use of Function:ext4_file_read_iter Check Use of Function:__pm_runtime_idle Check Use of Function:i915_request_add Check Use of Function:netif_carrier_on Check Use of Function:sd_pr_reserve Check Use of Function:drm_mode_create Check Use of Function:ata_acpi_ap_notify_dock Check Use of Function:ieee80211_sdata_stop Check Use of Function:pci_xr17c154_setup Check Use of Function:drv_start_nan Check Use of Function:vfs_fchown Check Use of Function:__ieee80211_request_sched_scan_start Check Use of Function:ieee80211_reenable_keys Check Use of Function:__anon_vma_prepare Use: =BAD PATH= Call Stack: 0 expand_downwards 1 find_extend_vma 2 __get_user_pages 3 faultin_vma_page_range 4 madvise_populate 5 do_madvise 6 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #83 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %224, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #83 Function:find_extend_vma %3 = and i64 %1, -4096 %4 = tail call %struct.vm_area_struct* bitcast (%struct.vm_area_struct.126282* (%struct.mm_struct.126293*, i64)* @vmacache_find to %struct.vm_area_struct* (%struct.mm_struct*, i64)*)(%struct.mm_struct* %0, i64 %3) #83 %5 = icmp eq %struct.vm_area_struct* %4, null br i1 %5, label %6, label %38, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 1, i32 0 %8 = load %struct.rb_node*, %struct.rb_node** %7, align 8 %9 = icmp eq %struct.rb_node* %8, null br i1 %9, label %57, label %10 %11 = phi %struct.rb_node* [ %30, %27 ], [ %8, %6 ] %12 = phi %struct.vm_area_struct* [ %28, %27 ], [ null, %6 ] %13 = getelementptr %struct.rb_node, %struct.rb_node* %11, i64 -2, i32 2 %14 = bitcast %struct.rb_node** %13 to %struct.vm_area_struct* %15 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %13, i64 1 %16 = bitcast %struct.rb_node** %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %3 br i1 %18, label %19, label %25 %26 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %11, i64 0, i32 1 br label %27 %28 = phi %struct.vm_area_struct* [ %14, %23 ], [ %12, %25 ] %29 = phi %struct.rb_node** [ %24, %23 ], [ %26, %25 ] %30 = load %struct.rb_node*, %struct.rb_node** %29, align 8 %31 = icmp eq %struct.rb_node* %30, null br i1 %31, label %34, label %10 %35 = phi %struct.vm_area_struct* [ %33, %32 ], [ %28, %27 ] %36 = icmp eq %struct.vm_area_struct* %35, null br i1 %36, label %57, label %37 tail call void bitcast (void (i64, %struct.vm_area_struct.126282*)* @vmacache_update to void (i64, %struct.vm_area_struct*)*)(i64 %3, %struct.vm_area_struct* nonnull %35) #83 br label %38 %39 = phi %struct.vm_area_struct* [ %4, %2 ], [ %35, %37 ] %40 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp ugt i64 %41, %3 br i1 %42, label %43, label %57 %44 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 8 %45 = load i64, i64* %44, align 8 %46 = and i64 %45, 256 %47 = icmp eq i64 %46, 0 br i1 %47, label %57, label %48 %49 = tail call i32 @expand_downwards(%struct.vm_area_struct* nonnull %39, i64 %3) #83 Function:expand_downwards %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %4 = load %struct.mm_struct*, %struct.mm_struct** %3, align 8 %5 = and i64 %1, -4096 %6 = load i64, i64* @mmap_min_addr, align 8 %7 = icmp ult i64 %5, %6 br i1 %7, label %264, label %8 %9 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 3 %10 = load %struct.vm_area_struct*, %struct.vm_area_struct** %9, align 8 %11 = icmp eq %struct.vm_area_struct* %10, null br i1 %11, label %26, label %12 %13 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %10, i64 0, i32 8 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 256 %16 = icmp eq i64 %15, 0 %17 = and i64 %14, 7 %18 = icmp ne i64 %17, 0 %19 = and i1 %16, %18 br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 11 %28 = load %struct.anon_vma*, %struct.anon_vma** %27, align 8 %29 = icmp eq %struct.anon_vma* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %31 = tail call i32 bitcast (i32 (%struct.vm_area_struct.133481*)* @__anon_vma_prepare to i32 (%struct.vm_area_struct*)*)(%struct.vm_area_struct* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 expand_downwards 1 find_extend_vma 2 __get_user_pages 3 faultin_vma_page_range 4 madvise_populate 5 do_madvise 6 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86, i32 %3) #83 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #83 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #83 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #83 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %224, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #83 Function:find_extend_vma %3 = and i64 %1, -4096 %4 = tail call %struct.vm_area_struct* bitcast (%struct.vm_area_struct.126282* (%struct.mm_struct.126293*, i64)* @vmacache_find to %struct.vm_area_struct* (%struct.mm_struct*, i64)*)(%struct.mm_struct* %0, i64 %3) #83 %5 = icmp eq %struct.vm_area_struct* %4, null br i1 %5, label %6, label %38, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 1, i32 0 %8 = load %struct.rb_node*, %struct.rb_node** %7, align 8 %9 = icmp eq %struct.rb_node* %8, null br i1 %9, label %57, label %10 %11 = phi %struct.rb_node* [ %30, %27 ], [ %8, %6 ] %12 = phi %struct.vm_area_struct* [ %28, %27 ], [ null, %6 ] %13 = getelementptr %struct.rb_node, %struct.rb_node* %11, i64 -2, i32 2 %14 = bitcast %struct.rb_node** %13 to %struct.vm_area_struct* %15 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %13, i64 1 %16 = bitcast %struct.rb_node** %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %3 br i1 %18, label %19, label %25 %26 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %11, i64 0, i32 1 br label %27 %28 = phi %struct.vm_area_struct* [ %14, %23 ], [ %12, %25 ] %29 = phi %struct.rb_node** [ %24, %23 ], [ %26, %25 ] %30 = load %struct.rb_node*, %struct.rb_node** %29, align 8 %31 = icmp eq %struct.rb_node* %30, null br i1 %31, label %34, label %10 %35 = phi %struct.vm_area_struct* [ %33, %32 ], [ %28, %27 ] %36 = icmp eq %struct.vm_area_struct* %35, null br i1 %36, label %57, label %37 tail call void bitcast (void (i64, %struct.vm_area_struct.126282*)* @vmacache_update to void (i64, %struct.vm_area_struct*)*)(i64 %3, %struct.vm_area_struct* nonnull %35) #83 br label %38 %39 = phi %struct.vm_area_struct* [ %4, %2 ], [ %35, %37 ] %40 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp ugt i64 %41, %3 br i1 %42, label %43, label %57 %44 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 8 %45 = load i64, i64* %44, align 8 %46 = and i64 %45, 256 %47 = icmp eq i64 %46, 0 br i1 %47, label %57, label %48 %49 = tail call i32 @expand_downwards(%struct.vm_area_struct* nonnull %39, i64 %3) #83 Function:expand_downwards %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %4 = load %struct.mm_struct*, %struct.mm_struct** %3, align 8 %5 = and i64 %1, -4096 %6 = load i64, i64* @mmap_min_addr, align 8 %7 = icmp ult i64 %5, %6 br i1 %7, label %264, label %8 %9 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 3 %10 = load %struct.vm_area_struct*, %struct.vm_area_struct** %9, align 8 %11 = icmp eq %struct.vm_area_struct* %10, null br i1 %11, label %26, label %12 %13 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %10, i64 0, i32 8 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 256 %16 = icmp eq i64 %15, 0 %17 = and i64 %14, 7 %18 = icmp ne i64 %17, 0 %19 = and i1 %16, %18 br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 11 %28 = load %struct.anon_vma*, %struct.anon_vma** %27, align 8 %29 = icmp eq %struct.anon_vma* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %31 = tail call i32 bitcast (i32 (%struct.vm_area_struct.133481*)* @__anon_vma_prepare to i32 (%struct.vm_area_struct*)*)(%struct.vm_area_struct* %0) #83 ------------- Good: 58 Bad: 2 Ignored: 89 Check Use of Function:ieee80211_send_nullfunc Check Use of Function:uart_startup Check Use of Function:nfs_rename Check Use of Function:ieee80211_ibss_stop Check Use of Function:sta_info_destroy_addr Check Use of Function:rtc_cmos_read Check Use of Function:user_shm_unlock Check Use of Function:ieee80211_auth.74744 Check Use of Function:netif_tx_wake_queue Check Use of Function:print_rd_rules Check Use of Function:ieee80211_queue_delayed_work Check Use of Function:__sta_info_destroy Check Use of Function:arch_setup_additional_pages Check Use of Function:handle_dots Check Use of Function:xt_compat_target_from_user Check Use of Function:ieee80211_recalc_sw_work Check Use of Function:acpi_notifier_call_chain Check Use of Function:__efivar_entry_delete Check Use of Function:___ieee80211_stop_tx_ba_session Check Use of Function:cfg80211_rx_mlme_mgmt Check Use of Function:drm_dev_dbg Use: =BAD PATH= Call Stack: 0 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.373290* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.45512, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 intel_overlay_put_image_ioctl ------------- Path:  Function:intel_overlay_put_image_ioctl %4 = alloca i8, align 1 %5 = alloca %struct.i915_gem_ww_ctx.545140, align 8 %6 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.intel_overlay** %9 = load %struct.intel_overlay*, %struct.intel_overlay** %8, align 8 %10 = icmp eq %struct.intel_overlay* %9, null br i1 %10, label %11, label %18 %12 = icmp eq %struct.drm_device.373290* %0, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %11 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.45512, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer2_ioctl ------------- Path:  Function:i915_gem_execbuffer2_ioctl %4 = alloca %struct.static_call_site, align 4 %5 = alloca %struct.i915_execbuffer, align 8 %6 = bitcast i8* %1 to %struct.drm_i915_gem_execbuffer2* %7 = getelementptr inbounds i8, i8* %1, i64 8 %8 = bitcast i8* %7 to i32* %9 = load i32, i32* %8, align 8 %10 = zext i32 %9 to i64 %11 = add nsw i64 %10, -1 %12 = icmp ult i64 %11, 2147483647 br i1 %12, label %20, label %13 %14 = icmp eq %struct.drm_device.373290* %0, null br i1 %14, label %18, label %15 %19 = phi %struct.device* [ %17, %15 ], [ null, %13 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %19, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.42291, i64 0, i64 0), i64 %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_dsc_fec_support_write ------------- Path:  Function:i915_dsc_fec_support_write %5 = alloca i8, align 1 store i8 0, i8* %5, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.intel_connector.428338** %11 = load %struct.intel_connector.428338*, %struct.intel_connector.428338** %10, align 8 %12 = getelementptr inbounds %struct.intel_connector.428338, %struct.intel_connector.428338* %11, i64 0, i32 1 %13 = load %struct.intel_encoder.428309*, %struct.intel_encoder.428309** %12, align 8 %14 = bitcast %struct.intel_encoder.428309* %13 to %struct.drm_i915_private.428426** %15 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %14, align 8 %16 = getelementptr inbounds %struct.intel_encoder.428309, %struct.intel_encoder.428309* %13, i64 0, i32 1 %17 = load i32, i32* %16, align 8 switch i32 %17, label %24 [ i32 10, label %18 i32 7, label %18 i32 8, label %18 i32 6, label %18 i32 11, label %20 ] %25 = phi %struct.intel_digital_port.428335* [ %19, %18 ], [ %23, %20 ], [ null, %4 ] %26 = icmp eq i64 %2, 0 br i1 %26, label %51, label %27 %28 = icmp eq %struct.drm_i915_private.428426* %15, null br i1 %28, label %32, label %29 %33 = phi %struct.device* [ %31, %29 ], [ null, %27 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %33, i32 2, i8* getelementptr inbounds ([41 x i8], [41 x i8]* @.str.254.41070, i64 0, i64 0), i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %70, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %70 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #84 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %70 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.41039, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %70, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %70 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #84 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 store i32 50, i32* %5, align 4 %28 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %28, label %41, label %37 %42 = phi i32 [ %38, %37 ], [ %33, %36 ], [ 50, %27 ] %43 = phi %struct.device* [ %40, %37 ], [ null, %36 ], [ null, %27 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([45 x i8], [45 x i8]* @.str.40.41038, i64 0, i64 0), i32 %42) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %66, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %66 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #84 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %66 %38 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.41033, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.41034, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.41035, i64 0, i64 0), i8* %46) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.426591** %7 = load %struct.i915_gpu_coredump.426591*, %struct.i915_gpu_coredump.426591** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.426591* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %10, align 8 %12 = icmp eq %struct.drm_i915_private.426623* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.40.40785, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = icmp eq %struct.drm_i915_private.412466* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.40123, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_managed_release 1 drm_dev_put 2 singleton_release ------------- Path:  Function:singleton_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_i915_private.436298** %5 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %5, i64 0, i32 109, i32 1 %7 = bitcast %struct.file** %6 to i64* %8 = tail call %struct.file* asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, %struct.file* null, %struct.file* %1, i64* %7) #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %5, i64 0, i32 0 tail call void @drm_dev_put(%struct.drm_device.373290* %9) #83 Function:drm_dev_put %2 = icmp eq %struct.drm_device.373290* %0, null br i1 %2, label %28, label %3 %4 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -1 %16 = bitcast %struct.qspinlock* %15 to %struct.drm_device.373290* %17 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 11 %18 = bitcast %struct.qspinlock* %17 to %struct.drm_driver** %19 = load %struct.drm_driver*, %struct.drm_driver** %18, align 8 %20 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %19, i64 0, i32 5 %21 = load void (%struct.drm_device.373290*)*, void (%struct.drm_device.373290*)** %20, align 8 %22 = icmp eq void (%struct.drm_device.373290*)* %21, null br i1 %22, label %24, label %23 tail call void %21(%struct.drm_device.373290* %16) #83 br label %24 tail call void bitcast (void (%struct.drm_device.397450*)* @drm_managed_release to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %16) #83 Function:drm_managed_release %2 = icmp eq %struct.drm_device.397450* %0, null br i1 %2, label %6, label %3 %7 = phi %struct.device* [ %5, %3 ], [ null, %1 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %7, i32 512, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.39613, i64 0, i64 0)) #83 ------------- Good: 2937 Bad: 10 Ignored: 1536 Check Use of Function:___ieee80211_stop_rx_ba_session Check Use of Function:cgroup_setup_root Check Use of Function:cfg80211_del_sta_sinfo Check Use of Function:shmem_rmdir Check Use of Function:page_add_new_anon_rmap Check Use of Function:arch_mmap_rnd Check Use of Function:sta_set_sinfo Check Use of Function:sta_info_move_state Check Use of Function:nfs_swap_activate Check Use of Function:drv_sta_pre_rcu_remove Check Use of Function:ndisc_hash Check Use of Function:rw_verify_area Check Use of Function:kcalloc.73331 Check Use of Function:drv_tdls_cancel_channel_switch Check Use of Function:inode_doinit_with_dentry Check Use of Function:drv_sync_rx_queues Check Use of Function:backlight_force_update Check Use of Function:ieee80211_teardown_tdls_peers Check Use of Function:local_bh_enable.73464 Check Use of Function:vm_brk Check Use of Function:wiphy_register Check Use of Function:_dev_printk Use: =BAD PATH= Call Stack: 0 pnp_disable_dev 1 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.343946* %11 = getelementptr inbounds %struct.pnp_dev.343946, %struct.pnp_dev.343946* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #84 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.35209, i64 0, i64 0), i64 7) #85 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.344092*)* @pnp_disable_dev to i32 (%struct.pnp_dev.343946*)*)(%struct.pnp_dev.343946* %10) #84 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.344082*, %struct.pnp_protocol.344082** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.344082, %struct.pnp_protocol.344082* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.344092*)*, i32 (%struct.pnp_dev.344092*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.344092*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %23 = load i32, i32* @pnp_debug, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %51, label %25 %26 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.35105, i64 0, i64 0), %struct.device* %26, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.7.35106, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 pnp_auto_config_dev 1 pnp_activate_dev 2 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.343946* %11 = getelementptr inbounds %struct.pnp_dev.343946, %struct.pnp_dev.343946* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #84 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.35209, i64 0, i64 0), i64 7) #85 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.12.35210, i64 0, i64 0), i64 8) #85 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %27 %26 = tail call i32 bitcast (i32 (%struct.pnp_dev.344092*)* @pnp_activate_dev to i32 (%struct.pnp_dev.343946*)*)(%struct.pnp_dev.343946* %10) #84 Function:pnp_activate_dev %2 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %33 %6 = tail call i32 @pnp_auto_config_dev(%struct.pnp_dev.344092* %0) #83 Function:pnp_auto_config_dev %2 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %10 %6 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 14 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %15 %11 = load i32, i32* @pnp_debug, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %33, label %13 %14 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.35105, i64 0, i64 0), %struct.device* %14, i8* getelementptr inbounds ([29 x i8], [29 x i8]* @.str.1.35119, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.373290* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.45512, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %70, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %70 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #84 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %70 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.41039, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %66, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %66 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #84 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %66 %38 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.41033, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.41034, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.41035, i64 0, i64 0), i8* %46) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.426591** %7 = load %struct.i915_gpu_coredump.426591*, %struct.i915_gpu_coredump.426591** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.426591* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %10, align 8 %12 = icmp eq %struct.drm_i915_private.426623* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.40.40785, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = icmp eq %struct.drm_i915_private.412466* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.40123, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 ------------- Good: 2240 Bad: 7 Ignored: 730 Check Use of Function:ieee80211_init_rate_ctrl_alg Check Use of Function:ieee80211_txq_purge Check Use of Function:intel_overlay_switch_off Check Use of Function:codel_dequeue_func Check Use of Function:xt_compat_target_to_user Check Use of Function:ieee80211_queue_skb Check Use of Function:invoke_tx_handlers_early Check Use of Function:wiphy_free Check Use of Function:ieee80211_tx_monitor Check Use of Function:bprm_change_interp Check Use of Function:sock_wfree Check Use of Function:pci_write_config_byte Check Use of Function:netlink_rcv_skb Use: =BAD PATH= Call Stack: 0 uevent_net_rcv ------------- Path:  Function:uevent_net_rcv %2 = tail call i32 @netlink_rcv_skb(%struct.sk_buff* %0, i32 (%struct.sk_buff*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @uevent_net_rcv_skb) #83 ------------- Use: =BAD PATH= Call Stack: 0 rtnetlink_rcv ------------- Path:  Function:rtnetlink_rcv %2 = tail call i32 @netlink_rcv_skb(%struct.sk_buff* %0, i32 (%struct.sk_buff*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @rtnetlink_rcv_msg) #83 ------------- Good: 4 Bad: 2 Ignored: 0 Check Use of Function:__ieee80211_unschedule_txq Check Use of Function:cfg80211_sme_disassoc Check Use of Function:acpi_ut_release_mutex Check Use of Function:acpi_unlock_hp_context Check Use of Function:intel_legacy_cursor_update Check Use of Function:__cfg80211_disconnected Check Use of Function:__cfg80211_connect_result Check Use of Function:__ext4_msg Use: =BAD PATH= Call Stack: 0 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca %struct.readahead_control.189108, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.hw_perf_event_extra, align 8 %6 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 2 %7 = load %struct.inode.189107*, %struct.inode.189107** %6, align 8 %8 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 8 %9 = load %struct.super_block.189089*, %struct.super_block.189089** %8, align 8 %10 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 4 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 16384 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %853 %15 = getelementptr inbounds %struct.super_block.189089, %struct.super_block.189089* %9, i64 0, i32 28 %16 = bitcast i8** %15 to %struct.ext4_sb_info.189208** %17 = load %struct.ext4_sb_info.189208*, %struct.ext4_sb_info.189208** %16, align 16 %18 = getelementptr inbounds %struct.ext4_sb_info.189208, %struct.ext4_sb_info.189208* %17, i64 0, i32 15 %19 = load %struct.ext4_super_block*, %struct.ext4_super_block** %18, align 8 %20 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %19, i64 0, i32 28 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 32 %23 = icmp eq i32 %22, 0 br i1 %23, label %540, label %24 %25 = getelementptr %struct.inode.189107, %struct.inode.189107* %7, i64 -1, i32 34 %26 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %25, i64 10, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = and i64 %27, 4096 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %47 %31 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.super_block.189089, %struct.super_block.189089* %9, i64 0, i32 2 %34 = load i8, i8* %33, align 4 %35 = zext i8 %34 to i64 %36 = ashr i64 %32, %35 %37 = icmp eq i64 %36, 1 br i1 %37, label %47, label %38 %39 = load volatile i64, i64* %26, align 8 %40 = and i64 %39, 268435456 %41 = icmp eq i64 %40, 0 br i1 %41, label %540, label %42 %43 = bitcast %struct.anon.1* %25 to %struct.ext4_inode_info* %44 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %43, i64 0, i32 33 %45 = load i16, i16* %44, align 2 %46 = icmp eq i16 %45, 0 br i1 %46, label %540, label %47 %48 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 16 %49 = bitcast i8** %48 to %struct.dir_private_info** %50 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %51 = icmp eq %struct.dir_private_info* %50, null br i1 %51, label %55, label %52 %56 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 48) #83 %60 = icmp eq i8* %59, null br i1 %60, label %853, label %61 %62 = bitcast i8* %59 to %struct.dir_private_info* %63 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 8 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 512 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %88 %68 = and i32 %64, 1024 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %93 %71 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.189079** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.189079**)) #11, !srcloc !4 %72 = inttoptr i64 %71 to %struct.task_struct.189079* %73 = getelementptr inbounds %struct.task_struct.189079, %struct.task_struct.189079* %72, i64 0, i32 0, i32 2 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2 %76 = icmp eq i32 %75, 0 %77 = trunc i64 %57 to i32 %78 = shl i32 %77, 1 %79 = lshr i64 %57, 31 %80 = trunc i64 %79 to i32 %81 = and i32 %80, -2 %82 = select i1 %76, i32 %81, i32 %78 %83 = getelementptr inbounds i8, i8* %59, i64 32 %84 = bitcast i8* %83 to i32* store i32 %82, i32* %84, align 8 %85 = load i32, i32* %73, align 8 %86 = and i32 %85, 2 %87 = icmp eq i32 %86, 0 br i1 %87, label %99, label %101 %100 = trunc i64 %57 to i32 br label %101 %102 = phi i32 [ %100, %99 ], [ 0, %70 ], [ 0, %88 ] %103 = getelementptr inbounds i8, i8* %59, i64 36 %104 = bitcast i8* %103 to i32* store i32 %102, i32* %104, align 4 store i8* %59, i8** %48, align 8 br label %105 %106 = phi %struct.dir_private_info* [ %50, %52 ], [ %62, %101 ] %107 = phi i32 [ %54, %52 ], [ %64, %101 ] %108 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %109 = load i64, i64* %108, align 8 %110 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 8 %111 = and i32 %107, 512 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %124 %114 = and i32 %107, 1024 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %123 %117 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.189079** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.189079**)) #11, !srcloc !4 %118 = inttoptr i64 %117 to %struct.task_struct.189079* %119 = getelementptr inbounds %struct.task_struct.189079, %struct.task_struct.189079* %118, i64 0, i32 0, i32 2 %120 = load i32, i32* %119, align 8 %121 = and i32 %120, 2 %122 = icmp eq i32 %121, 0 br i1 %122, label %123, label %124 br label %124 %125 = phi i64 [ 9223372036854775807, %123 ], [ 2147483647, %116 ], [ 2147483647, %105 ] %126 = icmp eq i64 %109, %125 br i1 %126, label %853, label %127 %128 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 3 %129 = load i64, i64* %128, align 8 %130 = icmp eq i64 %129, %109 br i1 %130, label %202, label %131 %203 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 2 %204 = load %struct.fname*, %struct.fname** %203, align 8 %205 = icmp eq %struct.fname* %204, null br i1 %205, label %277, label %206 %207 = load %struct.inode.189107*, %struct.inode.189107** %6, align 8 %208 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %207, i64 0, i32 8 %209 = load %struct.super_block.189089*, %struct.super_block.189089** %208, align 8 %210 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 0 %211 = load i32, i32* %210, align 8 %212 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 1 %213 = load i32, i32* %212, align 4 br i1 %112, label %214, label %224 %215 = and i32 %107, 1024 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %227 %218 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.189079** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.189079**)) #11, !srcloc !4 %219 = inttoptr i64 %218 to %struct.task_struct.189079* %220 = getelementptr inbounds %struct.task_struct.189079, %struct.task_struct.189079* %219, i64 0, i32 0, i32 2 %221 = load i32, i32* %220, align 8 %222 = and i32 %221, 2 %223 = icmp eq i32 %222, 0 br i1 %223, label %227, label %224 %228 = lshr i32 %211, 1 %229 = zext i32 %228 to i64 %230 = shl nuw nsw i64 %229, 32 %231 = zext i32 %213 to i64 %232 = or i64 %230, %231 br label %233 %234 = phi i64 [ %226, %224 ], [ %232, %227 ] store i64 %234, i64* %108, align 8 %235 = getelementptr inbounds %struct.super_block.189089, %struct.super_block.189089* %209, i64 0, i32 28 %236 = bitcast i8** %235 to %struct.ext4_sb_info.189208** %237 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %238 %239 = phi %struct.fname* [ %204, %233 ], [ %271, %269 ] %240 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 7, i64 0 %241 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 5 %242 = load i8, i8* %241, align 4 %243 = zext i8 %242 to i32 %244 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 4 %245 = load i32, i32* %244, align 8 %246 = zext i32 %245 to i64 %247 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 6 %248 = load i8, i8* %247, align 1 %249 = load %struct.ext4_sb_info.189208*, %struct.ext4_sb_info.189208** %236, align 16 %250 = getelementptr inbounds %struct.ext4_sb_info.189208, %struct.ext4_sb_info.189208* %249, i64 0, i32 15 %251 = load %struct.ext4_super_block*, %struct.ext4_super_block** %250, align 8 %252 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %251, i64 0, i32 29 %253 = load i32, i32* %252, align 8 %254 = and i32 %253, 2 %255 = icmp eq i32 %254, 0 %256 = icmp ugt i8 %248, 7 %257 = or i1 %256, %255 br i1 %257, label %262, label %258 %259 = zext i8 %248 to i64 %260 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %259 %261 = load i8, i8* %260, align 1 br label %262 %263 = phi i8 [ %261, %258 ], [ 0, %238 ] %264 = zext i8 %263 to i32 %265 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %237, align 8 %266 = load i64, i64* %108, align 8 %267 = tail call i32 %265(%struct.dir_context* %1, i8* %240, i32 %243, i64 %266, i64 %246, i32 %264) #84 %268 = icmp eq i32 %267, 0 br i1 %268, label %269, label %273 %270 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 3 %271 = load %struct.fname*, %struct.fname** %270, align 8 %272 = icmp eq %struct.fname* %271, null br i1 %272, label %276, label %238 store %struct.fname* null, %struct.fname** %203, align 8 br label %464 %465 = phi i32 [ 0, %276 ], [ %375, %390 ], [ %375, %457 ] %466 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %467 = load %struct.rb_node*, %struct.rb_node** %466, align 8 %468 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %467) #84 store %struct.rb_node* %468, %struct.rb_node** %466, align 8 %469 = icmp eq %struct.rb_node* %468, null %470 = bitcast %struct.rb_node* %468 to i8* br i1 %469, label %480, label %471 %481 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %482 = load i32, i32* %481, align 8 %483 = icmp eq i32 %482, -1 br i1 %483, label %484, label %501 %502 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 store i32 %482, i32* %502, align 8 %503 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 store i32 0, i32* %503, align 4 br label %287 %288 = phi i8* [ %470, %471 ], [ %470, %501 ], [ %281, %277 ], [ %286, %282 ] %289 = phi %struct.rb_node* [ %468, %471 ], [ null, %501 ], [ %279, %277 ], [ %285, %282 ] %290 = phi i32 [ %465, %471 ], [ %465, %501 ], [ 0, %277 ], [ 0, %282 ] %291 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %292 = icmp eq %struct.rb_node* %289, null br i1 %292, label %300, label %293 %294 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 14 %295 = load i64, i64* %294, align 8 %296 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 33, i32 0 %297 = load volatile i64, i64* %296, align 8 %298 = lshr i64 %297, 1 %299 = icmp eq i64 %298, %295 br i1 %299, label %373, label %300 store %struct.rb_node* null, %struct.rb_node** %291, align 8 %301 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0 %302 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %301) #84 %303 = icmp eq %struct.rb_node* %302, null %304 = getelementptr %struct.rb_node, %struct.rb_node* %302, i64 -1, i32 2 %305 = icmp eq %struct.rb_node** %304, null %306 = or i1 %303, %305 br i1 %306, label %326, label %307 %308 = bitcast %struct.rb_node** %304 to %struct.fname* br label %311 %312 = phi %struct.fname* [ %318, %309 ], [ %308, %307 ] %313 = getelementptr inbounds %struct.fname, %struct.fname* %312, i64 0, i32 2 %314 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %313) #84 %315 = icmp eq %struct.rb_node* %314, null %316 = getelementptr %struct.rb_node, %struct.rb_node* %314, i64 -1, i32 2 %317 = bitcast %struct.rb_node** %316 to %struct.fname* %318 = select i1 %315, %struct.fname* null, %struct.fname* %317 %319 = icmp eq %struct.fname* %312, null br i1 %319, label %309, label %320 %321 = phi %struct.fname* [ %323, %320 ], [ %312, %311 ] %322 = getelementptr inbounds %struct.fname, %struct.fname* %321, i64 0, i32 3 %323 = load %struct.fname*, %struct.fname** %322, align 8 %324 = bitcast %struct.fname* %321 to i8* tail call void @kfree(i8* nonnull %324) #84 %325 = icmp eq %struct.fname* %323, null br i1 %325, label %309, label %320 %310 = icmp eq %struct.fname* %318, null br i1 %310, label %326, label %311 %327 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %327, align 8 %328 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 33, i32 0 %329 = load volatile i64, i64* %328, align 8 br label %330 %331 = phi i64 [ %329, %326 ], [ %337, %335 ] %332 = and i64 %331, 1 %333 = icmp eq i64 %332, 0 br i1 %333, label %335, label %334 %336 = or i64 %331, 1 %337 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %328, i64 %336, i64 %331, i64* %328) #6, !srcloc !6 %338 = icmp eq i64 %337, %331 br i1 %338, label %339, label %330, !prof !7, !misexpect !8 %340 = lshr i64 %331, 1 %341 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 14 store i64 %340, i64* %341, align 8 %342 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 %343 = load i32, i32* %342, align 8 %344 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 %345 = load i32, i32* %344, align 4 %346 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %347 = tail call i32 bitcast (i32 (%struct.file.189755*, i32, i32, i32*)* @ext4_htree_fill_tree to i32 (%struct.file.188978*, i32, i32, i32*)*)(%struct.file.188978* %0, i32 %343, i32 %345, i32* %346) #84 %348 = icmp slt i32 %347, 0 br i1 %348, label %349, label %351 %352 = icmp eq i32 %347, 0 br i1 %352, label %353, label %370 %371 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %301) #84 store %struct.rb_node* %371, %struct.rb_node** %291, align 8 %372 = bitcast %struct.rb_node* %371 to i8* br label %373 %374 = phi i8* [ %288, %293 ], [ %372, %370 ] %375 = phi i32 [ %290, %293 ], [ %347, %370 ] %376 = getelementptr i8, i8* %374, i64 -8 %377 = bitcast i8* %376 to %struct.fname* %378 = bitcast i8* %376 to i32* %379 = load i32, i32* %378, align 8 %380 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 store i32 %379, i32* %380, align 8 %381 = getelementptr i8, i8* %374, i64 -4 %382 = bitcast i8* %381 to i32* %383 = load i32, i32* %382, align 4 %384 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 store i32 %383, i32* %384, align 4 %385 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %386 = load %struct.inode.189107*, %struct.inode.189107** %6, align 8 %387 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %386, i64 0, i32 8 %388 = load %struct.super_block.189089*, %struct.super_block.189089** %387, align 8 %389 = icmp eq i8* %376, null br i1 %389, label %390, label %396 %391 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %386, i64 0, i32 11 %392 = load i64, i64* %391, align 8 %393 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.189079** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.189079**)) #11, !srcloc !4 %394 = inttoptr i64 %393 to %struct.task_struct.189079* %395 = getelementptr inbounds %struct.task_struct.189079, %struct.task_struct.189079* %394, i64 0, i32 96, i64 0 tail call void (%struct.super_block.189089*, i8*, i8*, ...) bitcast (void (%struct.super_block*, i8*, i8*, ...)* @__ext4_msg to void (%struct.super_block.189089*, i8*, i8*, ...)*)(%struct.super_block.189089* %388, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.11.19641, i64 0, i64 0), i8* getelementptr inbounds ([54 x i8], [54 x i8]* @.str.12.19642, i64 0, i64 0), i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.call_filldir, i64 0, i64 0), i32 532, i64 %392, i8* %395) #84 ------------- Good: 325 Bad: 1 Ignored: 64 Check Use of Function:pci_mmap_page_range Check Use of Function:cfg80211_sme_rx_auth Check Use of Function:pndisc_destructor Check Use of Function:rate_control_rate_init Check Use of Function:__setplane_internal Check Use of Function:kmem_cache_alloc_trace Use: =BAD PATH= Call Stack: 0 rfkill_fop_open ------------- Path:  Function:rfkill_fop_open %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 3520, i64 96) #83 ------------- Use: =BAD PATH= Call Stack: 0 gss_setup_upcall 1 gss_create_upcall 2 gss_cred_init 3 rpcauth_lookup_credcache 4 gss_lookup_cred 5 nfs_ctx_key_to_expire 6 nfs_key_timeout_notify 7 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.212839, %struct.kiocb.212839* %0, i64 0, i32 0 %4 = load %struct.file.213286*, %struct.file.213286** %3, align 8 %5 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %4, i64 0, i32 2 %6 = load %struct.inode.213279*, %struct.inode.213279** %5, align 8 %7 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %6, i64 0, i32 8 %8 = load %struct.super_block.213267*, %struct.super_block.213267** %7, align 8 %9 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.213423** %11 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.213286*, %struct.inode.213279*)*)(%struct.file.213286* %4, %struct.inode.213279* %6) #83 Function:nfs_key_timeout_notify %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.nfs_open_context** %5 = load %struct.nfs_open_context*, %struct.nfs_open_context** %4, align 8 %6 = tail call zeroext i1 @nfs_ctx_key_to_expire(%struct.nfs_open_context* %5, %struct.inode* %1) #83 Function:nfs_ctx_key_to_expire %3 = alloca %struct.auth_cred, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server** %8 = load %struct.nfs_server*, %struct.nfs_server** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server, %struct.nfs_server* %8, i64 0, i32 3 %10 = load %struct.rpc_clnt*, %struct.rpc_clnt** %9, align 8 %11 = getelementptr inbounds %struct.rpc_clnt, %struct.rpc_clnt* %10, i64 0, i32 11 %12 = load %struct.rpc_auth*, %struct.rpc_auth** %11, align 8 %13 = bitcast %struct.auth_cred* %3 to i8* %14 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 3 %15 = bitcast %struct.cred** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = bitcast %struct.auth_cred* %3 to i64* store i64 %16, i64* %17, align 8 %18 = getelementptr inbounds %struct.auth_cred, %struct.auth_cred* %3, i64 0, i32 1 store i8* null, i8** %18, align 8 tail call void @__rcu_read_lock() #83 %19 = getelementptr inbounds %struct.nfs_open_context, %struct.nfs_open_context* %0, i64 0, i32 4 %20 = load volatile %struct.rpc_cred*, %struct.rpc_cred** %19, align 8 %21 = icmp eq %struct.rpc_cred* %20, null br i1 %21, label %31, label %22 %23 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %20, i64 0, i32 4 %24 = load %struct.rpc_credops*, %struct.rpc_credops** %23, align 8 %25 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %24, i64 0, i32 9 %26 = load i32 (%struct.rpc_cred*)*, i32 (%struct.rpc_cred*)** %25, align 8 %27 = icmp eq i32 (%struct.rpc_cred*)* %26, null br i1 %27, label %55, label %28 %29 = tail call i32 %26(%struct.rpc_cred* nonnull %20) #83 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 tail call void @__rcu_read_unlock() #83 %32 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %12, i64 0, i32 5 %33 = load %struct.rpc_authops*, %struct.rpc_authops** %32, align 8 %34 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %33, i64 0, i32 6 %35 = load %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)*, %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32)** %34, align 8 %36 = call %struct.rpc_cred* %35(%struct.rpc_auth* %12, %struct.auth_cred* nonnull %3, i32 0) #83 Function:gss_lookup_cred %4 = tail call %struct.rpc_cred* @rpcauth_lookup_credcache(%struct.rpc_auth* %0, %struct.auth_cred* %1, i32 %2, i32 3136) #83 Function:rpcauth_lookup_credcache %5 = alloca %struct.list_head, align 8 %6 = bitcast %struct.list_head* %5 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 0 store %struct.list_head* %5, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 0, i32 1 store %struct.list_head* %5, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %0, i64 0, i32 8 %10 = load %struct.rpc_cred_cache*, %struct.rpc_cred_cache** %9, align 8 %11 = getelementptr inbounds %struct.rpc_auth, %struct.rpc_auth* %0, i64 0, i32 5 %12 = load %struct.rpc_authops*, %struct.rpc_authops** %11, align 8 %13 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %12, i64 0, i32 5 %14 = load i32 (%struct.auth_cred*, i32)*, i32 (%struct.auth_cred*, i32)** %13, align 8 %15 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 1 %16 = load i32, i32* %15, align 8 %17 = call i32 %14(%struct.auth_cred* %1, i32 %16) #83 call void @__rcu_read_lock() #83 %18 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 0 %19 = load %struct.hlist_head*, %struct.hlist_head** %18, align 8 %20 = zext i32 %17 to i64 %21 = getelementptr %struct.hlist_head, %struct.hlist_head* %19, i64 %20, i32 0 %22 = load volatile %struct.hlist_node*, %struct.hlist_node** %21, align 8 %23 = icmp eq %struct.hlist_node* %22, null br i1 %23, label %64, label %24 %25 = phi %struct.hlist_node* [ %60, %58 ], [ %22, %4 ] %26 = bitcast %struct.hlist_node* %25 to %struct.rpc_cred* %27 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %25, i64 3, i32 1 %28 = bitcast %struct.hlist_node*** %27 to %struct.rpc_credops** %29 = load %struct.rpc_credops*, %struct.rpc_credops** %28, align 8 %30 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %29, i64 0, i32 3 %31 = load i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)*, i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)** %30, align 8 %32 = call i32 %31(%struct.auth_cred* %1, %struct.rpc_cred* nonnull %26, i32 %2) #83 %33 = icmp eq i32 %32, 0 br i1 %33, label %58, label %34 %35 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %25, i64 5 %36 = bitcast %struct.hlist_node* %35 to %struct.seqcount_spinlock* %37 = bitcast %struct.hlist_node* %35 to i32* %38 = load volatile i32, i32* %37, align 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %50, label %40 %41 = phi i32 [ %48, %47 ], [ %38, %34 ] %42 = add i32 %41, 1 %43 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %37, i32 %42, i32* %37, i32 %41) #6, !srcloc !4 %44 = extractvalue { i8, i32 } %43, 0 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %47, label %50, !prof !5, !misexpect !6 %48 = extractvalue { i8, i32 } %43, 1 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %40 %51 = phi i32 [ 0, %34 ], [ %41, %40 ], [ 0, %47 ] %52 = add i32 %51, 1 %53 = or i32 %52, %51 %54 = icmp sgt i32 %53, -1 br i1 %54, label %56, label %55, !prof !7, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %36, i32 0) #83 br label %56 %57 = icmp eq i32 %51, 0 br i1 %57, label %58, label %62 %59 = getelementptr %struct.hlist_node, %struct.hlist_node* %25, i64 0, i32 0 %60 = load volatile %struct.hlist_node*, %struct.hlist_node** %59, align 8 %61 = icmp eq %struct.hlist_node* %60, null br i1 %61, label %64, label %24 call void @__rcu_read_unlock() #83 %65 = load %struct.rpc_authops*, %struct.rpc_authops** %11, align 8 %66 = getelementptr inbounds %struct.rpc_authops, %struct.rpc_authops* %65, i64 0, i32 7 %67 = load %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32, i32)*, %struct.rpc_cred* (%struct.rpc_auth*, %struct.auth_cred*, i32, i32)** %66, align 8 %68 = call %struct.rpc_cred* %67(%struct.rpc_auth* %0, %struct.auth_cred* %1, i32 %2, i32 %3) #83 %69 = icmp ugt %struct.rpc_cred* %68, inttoptr (i64 -4096 to %struct.rpc_cred*) br i1 %69, label %189, label %70 %71 = getelementptr inbounds %struct.rpc_cred_cache, %struct.rpc_cred_cache* %10, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %71) #83 %72 = load %struct.hlist_head*, %struct.hlist_head** %18, align 8 %73 = getelementptr %struct.hlist_head, %struct.hlist_head* %72, i64 %20, i32 0 %74 = bitcast %struct.hlist_node** %73 to %struct.rpc_cred** %75 = load %struct.rpc_cred*, %struct.rpc_cred** %74, align 8 %76 = icmp eq %struct.rpc_cred* %75, null br i1 %76, label %112, label %77 %78 = phi %struct.rpc_cred* [ %110, %108 ], [ %75, %70 ] %79 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %78, i64 0, i32 4 %80 = load %struct.rpc_credops*, %struct.rpc_credops** %79, align 8 %81 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %80, i64 0, i32 3 %82 = load i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)*, i32 (%struct.auth_cred*, %struct.rpc_cred*, i32)** %81, align 8 %83 = call i32 %82(%struct.auth_cred* %1, %struct.rpc_cred* nonnull %78, i32 %2) #83 %84 = icmp eq i32 %83, 0 br i1 %84, label %108, label %85 %86 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %78, i64 0, i32 7 %87 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %86, i64 0, i32 0, i32 0 %88 = load volatile i32, i32* %87, align 4 %89 = icmp eq i32 %88, 0 br i1 %89, label %100, label %90 %91 = phi i32 [ %98, %97 ], [ %88, %85 ] %92 = add i32 %91, 1 %93 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %87, i32 %92, i32* %87, i32 %91) #6, !srcloc !4 %94 = extractvalue { i8, i32 } %93, 0 %95 = and i8 %94, 1 %96 = icmp eq i8 %95, 0 br i1 %96, label %97, label %100, !prof !5, !misexpect !6 %98 = extractvalue { i8, i32 } %93, 1 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %90 %101 = phi i32 [ 0, %85 ], [ %91, %90 ], [ 0, %97 ] %102 = add i32 %101, 1 %103 = or i32 %102, %101 %104 = icmp sgt i32 %103, -1 br i1 %104, label %106, label %105, !prof !7, !misexpect !6 call void @refcount_warn_saturate(%struct.seqcount_spinlock* %86, i32 0) #83 br label %106 %107 = icmp eq i32 %101, 0 br i1 %107, label %108, label %135 %109 = bitcast %struct.rpc_cred* %78 to %struct.rpc_cred** %110 = load %struct.rpc_cred*, %struct.rpc_cred** %109, align 8 %111 = icmp eq %struct.rpc_cred* %110, null br i1 %111, label %112, label %77 %113 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %68, i64 0, i32 6 %114 = bitcast i64* %113 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %114, i32 4, i8* %114) #6, !srcloc !8 %115 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %68, i64 0, i32 7 %116 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %115, i64 0, i32 0, i32 0 %117 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %116, i32 1, i32* %116) #6, !srcloc !9 %118 = icmp eq i32 %117, 0 br i1 %118, label %123, label %119, !prof !5, !misexpect !6 %120 = add i32 %117, 1 %121 = or i32 %120, %117 %122 = icmp sgt i32 %121, -1 br i1 %122, label %125, label %123, !prof !7, !misexpect !6 %124 = phi i32 [ 2, %112 ], [ 1, %119 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %115, i32 %124) #83 br label %125 %126 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %68, i64 0, i32 0 %127 = load %struct.hlist_head*, %struct.hlist_head** %18, align 8 %128 = getelementptr %struct.hlist_head, %struct.hlist_head* %127, i64 %20, i32 0 %129 = load %struct.hlist_node*, %struct.hlist_node** %128, align 8 %130 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %68, i64 0, i32 0, i32 0 store %struct.hlist_node* %129, %struct.hlist_node** %130, align 8 %131 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %68, i64 0, i32 0, i32 1 store volatile %struct.hlist_node** %128, %struct.hlist_node*** %131, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 store volatile %struct.hlist_node* %126, %struct.hlist_node** %128, align 8 %132 = icmp eq %struct.hlist_node* %129, null br i1 %132, label %141, label %133 %134 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %129, i64 0, i32 1 store volatile %struct.hlist_node** %130, %struct.hlist_node*** %134, align 8 br label %141 %142 = phi %struct.rpc_cred* [ %78, %135 ], [ %68, %125 ], [ %68, %133 ] call void @_raw_spin_unlock(%struct.raw_spinlock* %71) #83 %143 = load i64, i64* @number_cred_unused, align 8 %144 = load i64, i64* @auth_max_cred_cachesize, align 8 %145 = icmp ugt i64 %143, %144 br i1 %145, label %146, label %152 %147 = sub i64 %143, %144 %148 = icmp ult i64 %147, 100 %149 = select i1 %148, i64 %147, i64 100 %150 = trunc i64 %149 to i32 %151 = call fastcc i64 @rpcauth_cache_do_shrink(i32 %150) #83 br label %152 %153 = phi %struct.rpc_cred* [ %63, %62 ], [ %142, %141 ], [ %142, %146 ] %154 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %153, i64 0, i32 6 %155 = load volatile i64, i64* %154, align 8 %156 = and i64 %155, 1 %157 = icmp eq i64 %156, 0 br i1 %157, label %173, label %158 %159 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %153, i64 0, i32 4 %160 = load %struct.rpc_credops*, %struct.rpc_credops** %159, align 8 %161 = getelementptr inbounds %struct.rpc_credops, %struct.rpc_credops* %160, i64 0, i32 1 %162 = load i32 (%struct.rpc_auth*, %struct.rpc_cred*)*, i32 (%struct.rpc_auth*, %struct.rpc_cred*)** %161, align 8 %163 = icmp ne i32 (%struct.rpc_auth*, %struct.rpc_cred*)* %162, null %164 = and i32 %2, 1 %165 = icmp eq i32 %164, 0 %166 = and i1 %165, %163 br i1 %166, label %167, label %173 %168 = call i32 %162(%struct.rpc_auth* %0, %struct.rpc_cred* %153) #83 Function:gss_cred_init %3 = getelementptr %struct.rpc_auth, %struct.rpc_auth* %0, i64 -1, i32 5 %4 = bitcast %struct.rpc_authops** %3 to %struct.gss_auth* %5 = bitcast %struct.rpc_cred* %1 to %struct.gss_cred* br label %6 %7 = tail call fastcc i32 @gss_create_upcall(%struct.gss_auth* %4, %struct.gss_cred* %5) #83 %7 = tail call fastcc i32 @gss_create_upcall(%struct.gss_auth* %4, %struct.gss_cred* %5) #83 Function:gss_create_upcall %3 = alloca %struct.wait_queue_entry, align 8 %4 = alloca %struct.wait_queue_entry, align 8 %5 = getelementptr inbounds %struct.gss_auth, %struct.gss_auth* %0, i64 0, i32 6 %6 = load %struct.net*, %struct.net** %5, align 8 %7 = load i32, i32* @sunrpc_net_id, align 4 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.net, %struct.net* %6, i64 0, i32 38 %9 = load volatile %struct.net_generic*, %struct.net_generic** %8, align 64 %10 = bitcast %struct.net_generic* %9 to [0 x i8*]* %11 = zext i32 %7 to i64 %12 = getelementptr [0 x i8*], [0 x i8*]* %10, i64 0, i64 %11 %13 = load i8*, i8** %12, align 8 tail call void @__rcu_read_unlock() #83 %14 = getelementptr inbounds %struct.gss_cred, %struct.gss_cred* %1, i64 0, i32 0 %15 = bitcast %struct.wait_queue_entry* %3 to i8* %16 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct* %20 = bitcast i8** %17 to %struct.task_struct** store %struct.task_struct* %19, %struct.task_struct** %20, align 8 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %21, align 8 %22 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 store %struct.list_head* %22, %struct.list_head** %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 store %struct.list_head* %22, %struct.list_head** %24, align 8 %25 = getelementptr inbounds i8, i8* %13, i64 188 %26 = bitcast i8* %25 to i32* %27 = bitcast %struct.wait_queue_entry* %4 to i8* br label %28 %29 = call zeroext i1 @gssd_running(%struct.net* %6) #83 br i1 %29, label %30, label %142 %31 = call fastcc %struct.gss_upcall_msg* @gss_setup_upcall(%struct.gss_auth* %0, %struct.rpc_cred* %14) #84 Function:gss_setup_upcall %3 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %1, i64 0, i32 8 %4 = load %struct.cred*, %struct.cred** %3, align 8 %5 = getelementptr inbounds %struct.cred, %struct.cred* %4, i64 0, i32 7, i32 0 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.rpc_cred, %struct.rpc_cred* %1, i64 1, i32 1, i32 1 %8 = bitcast %struct.list_head** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %11 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %10, i32 3392, i64 584) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_tcp_available_ulp ------------- Path:  Function:proc_tcp_available_ulp %6 = alloca %struct.ctl_table, align 8 %7 = bitcast %struct.ctl_table* %6 to i8* %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 2048, i32* %8, align 8 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 1051840, i64 2048) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_tcp_available_congestion_control ------------- Path:  Function:proc_tcp_available_congestion_control %6 = alloca %struct.ctl_table, align 8 %7 = bitcast %struct.ctl_table* %6 to i8* %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 2048, i32* %8, align 8 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 1051840, i64 2048) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_allowed_congestion_control ------------- Path:  Function:proc_allowed_congestion_control %6 = alloca %struct.ctl_table, align 8 %7 = bitcast %struct.ctl_table* %6 to i8* %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 2048, i32* %8, align 8 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 1051840, i64 2048) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_tcp_fastopen_key ------------- Path:  Function:proc_tcp_fastopen_key %6 = alloca [4 x i32], align 16 %7 = alloca %struct.ctl_table, align 8 %8 = alloca [8 x i32], align 16 %9 = bitcast [8 x i32]* %8 to i8* %10 = alloca [8 x i32], align 16 %11 = bitcast [8 x i32]* %10 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %13 = load i8*, i8** %12, align 8 %14 = getelementptr i8, i8* %13, i64 -1108 %15 = bitcast i8* %14 to %struct.net* %16 = bitcast %struct.ctl_table* %7 to i8* %17 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 2 store i32 74, i32* %17, align 8 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %19 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 3264, i64 74) #83 ------------- Use: =BAD PATH= Call Stack: 0 ip_ra_control 1 ip_setsockopt ------------- Path:  Function:ip_setsockopt %7 = alloca %struct.compat_group_source_req, align 4 %8 = alloca %struct.group_source_req, align 8 %9 = alloca %struct.kernel_symbol, align 4 %10 = alloca %struct.sched_domain_shared, align 4 %11 = alloca %struct.sched_domain_shared, align 4 %12 = alloca %struct.group_req, align 8 %13 = alloca %struct.compat_group_req, align 4 %14 = alloca %struct.sched_domain_shared, align 4 %15 = alloca i32, align 4 %16 = alloca i8, align 1 %17 = alloca %struct.ip_options_rcu*, align 8 %18 = alloca %struct.sched_domain_shared, align 8 %19 = alloca %struct.sched_domain_shared, align 8 %20 = alloca %struct.kernel_symbol, align 4 %21 = alloca %struct.sched_domain_shared, align 4 %22 = icmp eq i32 %1, 0 br i1 %22, label %23, label %960 %24 = bitcast %struct.sock.813299* %0 to %struct.inet_sock.818337* %25 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %0, i64 0, i32 0, i32 9, i32 0 %26 = load %struct.net.813150*, %struct.net.813150** %25, align 8 %27 = bitcast i32* %15 to i8* store i32 0, i32* %15, align 4 %28 = add i32 %2, -35 %29 = icmp ult i32 %28, 14 switch i32 %2, label %66 [ i32 8, label %30 i32 12, label %30 i32 6, label %30 i32 13, label %30 i32 7, label %30 i32 1, label %30 i32 2, label %30 i32 3, label %30 i32 10, label %30 i32 11, label %30 i32 5, label %30 i32 15, label %30 i32 18, label %30 i32 19, label %30 i32 21, label %30 i32 22, label %30 i32 24, label %30 i32 50, label %30 i32 33, label %30 i32 49, label %30 i32 34, label %30 i32 20, label %30 i32 23, label %30 i32 25, label %30 i32 26, label %30 ] %31 = icmp ugt i32 %5, 3 br i1 %31, label %32, label %42 %43 = icmp eq i32 %5, 0 br i1 %43, label %59, label %44 %45 = and i8 %4, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %49, label %47 %50 = call i64 @_copy_from_user(i8* nonnull %16, i8* %3, i64 1) #83 %51 = trunc i64 %50 to i32 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %58 %54 = load i8, i8* %16, align 1 br label %55 %56 = phi i8 [ %54, %53 ], [ %48, %47 ] %57 = zext i8 %56 to i32 store i32 %57, i32* %15, align 4 br label %59 %60 = icmp eq i32 %2, 5 br i1 %60, label %61, label %71 %62 = load i32, i32* %15, align 4 %63 = icmp ne i32 %62, 0 %64 = zext i1 %63 to i8 %65 = call i32 @ip_ra_control(%struct.sock.813299* %0, i8 zeroext %64, void (%struct.sock.813299*)* null) #83 Function:ip_ra_control %4 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %0, i64 0, i32 0, i32 9, i32 0 %5 = load %struct.net.813150*, %struct.net.813150** %4, align 8 %6 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %0, i64 0, i32 46 %7 = load i16, i16* %6, align 2 %8 = icmp eq i16 %7, 3 br i1 %8, label %9, label %84 %10 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %0, i64 0, i32 0, i32 2 %11 = bitcast %struct.kuid_t* %10 to %struct.raw_hdlc_proto* %12 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %11, i64 0, i32 1 %13 = load i16, i16* %12, align 2 %14 = icmp eq i16 %13, 255 br i1 %14, label %84, label %15 %16 = icmp eq i8 %1, 0 br i1 %16, label %22, label %17 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %19 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 3264, i64 40) #83 ------------- Use: =BAD PATH= Call Stack: 0 dst_cow_metrics_generic ------------- Path:  Function:dst_cow_metrics_generic %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 2592, i64 72) #83 ------------- Use: =BAD PATH= Call Stack: 0 __scm_send 1 netlink_sendmsg ------------- Path:  Function:netlink_sendmsg %4 = alloca %struct.scm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.sock* %6 to %struct.netlink_sock* %8 = bitcast %struct.msghdr* %1 to %struct.sctphdr** %9 = load %struct.sctphdr*, %struct.sctphdr** %8, align 8 %10 = bitcast %struct.scm_cookie* %4 to i8* %11 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %194 %16 = icmp eq i64 %2, 0 br i1 %16, label %17, label %21 %22 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 1, i32 0 store i32 -1, i32* %22, align 4 %23 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 2, i32 0 store i32 -1, i32* %23, align 8 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 104 %27 = load %struct.signal_struct*, %struct.signal_struct** %26, align 8 %28 = getelementptr %struct.signal_struct, %struct.signal_struct* %27, i64 0, i32 22, i64 1 %29 = load %struct.pid*, %struct.pid** %28, align 8 %30 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 94 %31 = load %struct.cred*, %struct.cred** %30, align 8 %32 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 1, i32 0 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 2, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq %struct.pid* %29, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0 %39 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0, i32 0, i32 0 %40 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 1, i32* %39) #6, !srcloc !7 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43, !prof !8, !misexpect !5 %44 = add i32 %40, 1 %45 = or i32 %44, %40 %46 = icmp sgt i32 %45, -1 br i1 %46, label %48, label %47, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %38, i32 1) #84 br label %48 %49 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 0 store %struct.pid* %29, %struct.pid** %49, align 8 %50 = tail call i32 @pid_vnr(%struct.pid* %29) #84 %51 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 0 store i32 %50, i32* %51, align 8 store i32 %33, i32* %22, align 4 store i32 %35, i32* %23, align 8 %52 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 3 %53 = call i32 @security_socket_getpeersec_dgram(%struct.socket* %0, %struct.sk_buff* null, i32* %52) #84 %54 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %60, label %57 %58 = call i32 @__scm_send(%struct.socket* %0, %struct.msghdr* %1, %struct.scm_cookie* nonnull %4) #84 Function:__scm_send %4 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 15 br i1 %6, label %7, label %209 %8 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %9 = bitcast i8** %8 to %struct.arch_uprobe_task** %10 = load %struct.arch_uprobe_task*, %struct.arch_uprobe_task** %9, align 8 %11 = icmp eq %struct.arch_uprobe_task* %10, null br i1 %11, label %209, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %14 = bitcast i8** %13 to i64* %15 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 0 %16 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 0 %17 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 1, i32 0 %18 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 2, i32 0 %19 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 5 %20 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 1 %21 = bitcast %struct.scm_fp_list** %20 to i8** br label %22 %23 = phi i64 [ %5, %12 ], [ %196, %194 ] %24 = phi %struct.arch_uprobe_task* [ %10, %12 ], [ %207, %194 ] %25 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %26, 15 br i1 %27, label %28, label %221 %29 = load i64, i64* %14, align 8 %30 = ptrtoint %struct.arch_uprobe_task* %24 to i64 %31 = sub i64 %23, %30 %32 = add i64 %31, %29 %33 = icmp ugt i64 %26, %32 br i1 %33, label %221, label %34 %35 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = icmp eq i32 %36, 1 br i1 %37, label %38, label %194 %39 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 2 %40 = load i32, i32* %39, align 4 switch i32 %40, label %221 [ i32 1, label %41 i32 2, label %124 ] %42 = load %struct.proto_ops*, %struct.proto_ops** %19, align 32 %43 = icmp eq %struct.proto_ops* %42, null br i1 %43, label %221, label %44 %45 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %42, i64 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, 1 br i1 %47, label %48, label %221 %49 = getelementptr %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 1 %50 = bitcast %struct.arch_uprobe_task* %49 to i32* %51 = load %struct.scm_fp_list*, %struct.scm_fp_list** %20, align 8 %52 = add i64 %26, 17179869168 %53 = lshr i64 %52, 2 %54 = trunc i64 %53 to i32 %55 = icmp slt i32 %54, 1 br i1 %55, label %194, label %56 %57 = icmp sgt i32 %54, 253 br i1 %57, label %221, label %58 %59 = icmp eq %struct.scm_fp_list* %51, null br i1 %59, label %60, label %71 %61 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %62 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %61, i32 4197568, i64 2040) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_seq_call_port_info_ioctl 1 snd_seq_ioctl_compat ------------- Path:  Function:snd_seq_ioctl_compat %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.snd_seq_client** %6 = load %struct.snd_seq_client*, %struct.snd_seq_client** %5, align 8 %7 = and i64 %2, 4294967295 %8 = icmp eq %struct.snd_seq_client* %6, null br i1 %8, label %32, label %9, !prof !4, !misexpect !5 switch i32 %1, label %32 [ i32 -2147200256, label %10 i32 -2147200255, label %10 i32 -1070574846, label %10 i32 -1061399792, label %10 i32 1086083857, label %10 i32 1079006000, label %10 i32 1079006001, label %10 i32 -1064545486, label %10 i32 1082938163, label %10 i32 -1064545484, label %10 i32 -1064545483, label %10 i32 -1064545482, label %10 i32 -1067691200, label %10 i32 -1070836927, label %10 i32 1076646722, label %10 i32 -1067429051, label %10 i32 1080054598, label %10 i32 -1068739767, label %10 i32 1078743882, label %10 i32 -1067953333, label %10 i32 1079530316, label %10 i32 1077957454, label %10 i32 -1067953329, label %10 i32 -1068477616, label %10 i32 -1061399727, label %10 i32 -1072671997, label %10 i32 -1062972640, label %12 i32 1084511009, label %16 i32 -1062972638, label %20 i32 1084511011, label %24 i32 -1062972590, label %28 ] %29 = inttoptr i64 %7 to %struct.snd_seq_port_info32* %30 = tail call fastcc i32 @snd_seq_call_port_info_ioctl(%struct.snd_seq_client* nonnull %6, i32 -1062710446, %struct.snd_seq_port_info32* %29) #83 Function:snd_seq_call_port_info_ioctl %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3264, i64 168) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_ioctl_hw_params_compat 1 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %159 = inttoptr i64 %10 to %struct.snd_pcm_hw_params32* %160 = tail call fastcc i32 @snd_pcm_ioctl_hw_params_compat(%struct.snd_pcm_substream.721187* nonnull %18, i32 0, %struct.snd_pcm_hw_params32* %159) #83 Function:snd_pcm_ioctl_hw_params_compat %4 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %5 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %4, align 8 %6 = icmp eq %struct.snd_pcm_runtime.721183* %5, null br i1 %6, label %63, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 608) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_ioctl_hw_params_compat 1 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %159 = inttoptr i64 %10 to %struct.snd_pcm_hw_params32* %160 = tail call fastcc i32 @snd_pcm_ioctl_hw_params_compat(%struct.snd_pcm_substream.721187* nonnull %18, i32 0, %struct.snd_pcm_hw_params32* %159) #83 Function:snd_pcm_ioctl_hw_params_compat %4 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %5 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %4, align 8 %6 = icmp eq %struct.snd_pcm_runtime.721183* %5, null br i1 %6, label %63, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 608) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_timer_user_open ------------- Path:  Function:snd_timer_user_open %3 = tail call i32 @stream_open(%struct.inode* %0, %struct.file* %1) #83 %4 = icmp slt i32 %3, 0 br i1 %4, label %24, label %5 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 176) #84 ------------- Use: =BAD PATH= Call Stack: 0 snd_ctl_ioctl 1 snd_ctl_ioctl_compat ------------- Path:  Function:snd_ctl_ioctl_compat %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca %struct.snd_ctl_elem_list, align 8 %9 = and i64 %2, 4294967295 %10 = inttoptr i64 %9 to i8* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.snd_ctl_file** %13 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %12, align 8 %14 = icmp eq %struct.snd_ctl_file* %13, null br i1 %14, label %233, label %15, !prof !4 %16 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %13, i64 0, i32 1 %17 = load %struct.snd_card*, %struct.snd_card** %16, align 8 %18 = icmp eq %struct.snd_card* %17, null br i1 %18, label %233, label %19, !prof !4, !misexpect !5 switch i32 %1, label %212 [ i32 -2147199744, label %20 i32 -2122820351, label %20 i32 -1073457898, label %20 i32 -1073457712, label %20 i32 -2147199535, label %20 i32 1077957908, label %20 i32 1077957909, label %20 i32 -1069525735, label %20 i32 -1073195750, label %20 i32 -1073195749, label %20 i32 -1073195748, label %20 i32 -1069001456, label %22 i32 -1055894255, label %51 i32 -1027320558, label %154 i32 -1027320557, label %179 i32 -1055894249, label %204 i32 -1055894248, label %208 ] %21 = tail call i64 @snd_ctl_ioctl(%struct.file* %0, i32 %1, i64 %9) #83 Function:snd_ctl_ioctl %4 = alloca %struct.snd_ctl_elem_id, align 4 %5 = alloca %struct.snd_ctl_elem_id, align 4 %6 = alloca %struct.snd_ctl_elem_id, align 4 %7 = alloca %struct.snd_ctl_elem_info, align 8 %8 = alloca %struct.snd_ctl_elem_list, align 8 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %2 to i32* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.snd_ctl_file** %13 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %12, align 8 %14 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %13, i64 0, i32 1 %15 = load %struct.snd_card*, %struct.snd_card** %14, align 8 %16 = icmp eq %struct.snd_card* %15, null br i1 %16, label %361, label %17, !prof !4, !misexpect !5 switch i32 %1, label %343 [ i32 -2147199744, label %18 i32 -2122820351, label %27 i32 -1068477168, label %56 i32 -1055894255, label %70 i32 -993503982, label %87 i32 -993503981, label %107 i32 1077957908, label %127 i32 1077957909, label %173 i32 -1055894249, label %221 i32 -1055894248, label %225 i32 -1069525735, label %229 i32 -1073457898, label %265 i32 -1073195750, label %313 i32 -1073195749, label %320 i32 -1073195748, label %327 i32 -1073457712, label %361 i32 -2147199535, label %334 ] %28 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %29 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %28, i32 3520, i64 376) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_ctl_ioctl ------------- Path:  Function:snd_ctl_ioctl %4 = alloca %struct.snd_ctl_elem_id, align 4 %5 = alloca %struct.snd_ctl_elem_id, align 4 %6 = alloca %struct.snd_ctl_elem_id, align 4 %7 = alloca %struct.snd_ctl_elem_info, align 8 %8 = alloca %struct.snd_ctl_elem_list, align 8 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %2 to i32* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.snd_ctl_file** %13 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %12, align 8 %14 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %13, i64 0, i32 1 %15 = load %struct.snd_card*, %struct.snd_card** %14, align 8 %16 = icmp eq %struct.snd_card* %15, null br i1 %16, label %361, label %17, !prof !4, !misexpect !5 switch i32 %1, label %343 [ i32 -2147199744, label %18 i32 -2122820351, label %27 i32 -1068477168, label %56 i32 -1055894255, label %70 i32 -993503982, label %87 i32 -993503981, label %107 i32 1077957908, label %127 i32 1077957909, label %173 i32 -1055894249, label %221 i32 -1055894248, label %225 i32 -1069525735, label %229 i32 -1073457898, label %265 i32 -1073195750, label %313 i32 -1073195749, label %320 i32 -1073195748, label %327 i32 -1073457712, label %361 i32 -2147199535, label %334 ] %28 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %29 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %28, i32 3520, i64 376) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_ctl_elem_add_compat 1 snd_ctl_ioctl_compat ------------- Path:  Function:snd_ctl_ioctl_compat %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca %struct.snd_ctl_elem_list, align 8 %9 = and i64 %2, 4294967295 %10 = inttoptr i64 %9 to i8* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.snd_ctl_file** %13 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %12, align 8 %14 = icmp eq %struct.snd_ctl_file* %13, null br i1 %14, label %233, label %15, !prof !4 %16 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %13, i64 0, i32 1 %17 = load %struct.snd_card*, %struct.snd_card** %16, align 8 %18 = icmp eq %struct.snd_card* %17, null br i1 %18, label %233, label %19, !prof !4, !misexpect !5 switch i32 %1, label %212 [ i32 -2147199744, label %20 i32 -2122820351, label %20 i32 -1073457898, label %20 i32 -1073457712, label %20 i32 -2147199535, label %20 i32 1077957908, label %20 i32 1077957909, label %20 i32 -1069525735, label %20 i32 -1073195750, label %20 i32 -1073195749, label %20 i32 -1073195748, label %20 i32 -1069001456, label %22 i32 -1055894255, label %51 i32 -1027320558, label %154 i32 -1027320557, label %179 i32 -1055894249, label %204 i32 -1055894248, label %208 ] %209 = inttoptr i64 %9 to %struct.snd_ctl_elem_info* %210 = tail call fastcc i32 @snd_ctl_elem_add_compat(%struct.snd_ctl_file* nonnull %13, %struct.snd_ctl_elem_info* %209, i32 1) #83 Function:snd_ctl_elem_add_compat %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3520, i64 272) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_ctl_ioctl_compat ------------- Path:  Function:snd_ctl_ioctl_compat %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca %struct.snd_ctl_elem_list, align 8 %9 = and i64 %2, 4294967295 %10 = inttoptr i64 %9 to i8* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.snd_ctl_file** %13 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %12, align 8 %14 = icmp eq %struct.snd_ctl_file* %13, null br i1 %14, label %233, label %15, !prof !4 %16 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %13, i64 0, i32 1 %17 = load %struct.snd_card*, %struct.snd_card** %16, align 8 %18 = icmp eq %struct.snd_card* %17, null br i1 %18, label %233, label %19, !prof !4, !misexpect !5 switch i32 %1, label %212 [ i32 -2147199744, label %20 i32 -2122820351, label %20 i32 -1073457898, label %20 i32 -1073457712, label %20 i32 -2147199535, label %20 i32 1077957908, label %20 i32 1077957909, label %20 i32 -1069525735, label %20 i32 -1073195750, label %20 i32 -1073195749, label %20 i32 -1073195748, label %20 i32 -1069001456, label %22 i32 -1055894255, label %51 i32 -1027320558, label %154 i32 -1027320557, label %179 i32 -1055894249, label %204 i32 -1055894248, label %208 ] %180 = inttoptr i64 %9 to %struct.snd_ctl_elem_value32* %181 = getelementptr inbounds %struct.snd_ctl_elem_value32, %struct.snd_ctl_elem_value32* %180, i64 0, i32 2 %182 = bitcast %union.anon.106.615794* %181 to i8* %183 = bitcast i32* %4 to i8* %184 = bitcast i32* %5 to i8* %185 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %186 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %185, i32 3520, i64 1224) #85 ------------- Use: =BAD PATH= Call Stack: 0 snd_ctl_ioctl_compat ------------- Path:  Function:snd_ctl_ioctl_compat %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca %struct.snd_ctl_elem_list, align 8 %9 = and i64 %2, 4294967295 %10 = inttoptr i64 %9 to i8* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.snd_ctl_file** %13 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %12, align 8 %14 = icmp eq %struct.snd_ctl_file* %13, null br i1 %14, label %233, label %15, !prof !4 %16 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %13, i64 0, i32 1 %17 = load %struct.snd_card*, %struct.snd_card** %16, align 8 %18 = icmp eq %struct.snd_card* %17, null br i1 %18, label %233, label %19, !prof !4, !misexpect !5 switch i32 %1, label %212 [ i32 -2147199744, label %20 i32 -2122820351, label %20 i32 -1073457898, label %20 i32 -1073457712, label %20 i32 -2147199535, label %20 i32 1077957908, label %20 i32 1077957909, label %20 i32 -1069525735, label %20 i32 -1073195750, label %20 i32 -1073195749, label %20 i32 -1073195748, label %20 i32 -1069001456, label %22 i32 -1055894255, label %51 i32 -1027320558, label %154 i32 -1027320557, label %179 i32 -1055894249, label %204 i32 -1055894248, label %208 ] %155 = inttoptr i64 %9 to %struct.snd_ctl_elem_value32* %156 = getelementptr inbounds %struct.snd_ctl_elem_value32, %struct.snd_ctl_elem_value32* %155, i64 0, i32 2 %157 = bitcast %union.anon.106.615794* %156 to i8* %158 = bitcast i32* %6 to i8* %159 = bitcast i32* %7 to i8* %160 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %161 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %160, i32 3520, i64 1224) #85 ------------- Use: =BAD PATH= Call Stack: 0 snd_ctl_ioctl_compat ------------- Path:  Function:snd_ctl_ioctl_compat %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca %struct.snd_ctl_elem_list, align 8 %9 = and i64 %2, 4294967295 %10 = inttoptr i64 %9 to i8* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.snd_ctl_file** %13 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %12, align 8 %14 = icmp eq %struct.snd_ctl_file* %13, null br i1 %14, label %233, label %15, !prof !4 %16 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %13, i64 0, i32 1 %17 = load %struct.snd_card*, %struct.snd_card** %16, align 8 %18 = icmp eq %struct.snd_card* %17, null br i1 %18, label %233, label %19, !prof !4, !misexpect !5 switch i32 %1, label %212 [ i32 -2147199744, label %20 i32 -2122820351, label %20 i32 -1073457898, label %20 i32 -1073457712, label %20 i32 -2147199535, label %20 i32 1077957908, label %20 i32 1077957909, label %20 i32 -1069525735, label %20 i32 -1073195750, label %20 i32 -1073195749, label %20 i32 -1073195748, label %20 i32 -1069001456, label %22 i32 -1055894255, label %51 i32 -1027320558, label %154 i32 -1027320557, label %179 i32 -1055894249, label %204 i32 -1055894248, label %208 ] %52 = inttoptr i64 %9 to %struct.snd_ctl_elem_info* %53 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %54 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %53, i32 3520, i64 272) #85 ------------- Use: =BAD PATH= Call Stack: 0 hidraw_open ------------- Path:  Function:hidraw_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 13 %4 = load i32, i32* %3, align 4 %5 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %5, i32 3520, i64 1096) #83 ------------- Use: =BAD PATH= Call Stack: 0 hid_debug_events_open ------------- Path:  Function:hid_debug_events_open %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 3520, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 new_id_store.61484 ------------- Path:  Function:new_id_store.61484 %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i64, align 8 %8 = getelementptr %struct.device_driver, %struct.device_driver* %0, i64 -2, i32 16 %9 = bitcast i32* %4 to i8* %10 = bitcast i32* %5 to i8* %11 = bitcast i32* %6 to i8* %12 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %13 = call i32 (i8*, i8*, ...) @sscanf(i8* %1, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.82.61485, i64 0, i64 0), i32* nonnull %4, i32* nonnull %5, i32* nonnull %6, i64* nonnull %7) #83 %14 = icmp slt i32 %13, 3 br i1 %14, label %53, label %15 %16 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %17 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %16, i32 3520, i64 40) #84 ------------- Use: =BAD PATH= Call Stack: 0 dm_open ------------- Path:  Function:dm_open %3 = tail call i32 bitcast (i32 (%struct.inode*, %struct.file*)* @nonseekable_open to i32 (%struct.inode.690677*, %struct.file.690524*)*)(%struct.inode.690677* %0, %struct.file.690524* %1) #83 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %13, !prof !4, !misexpect !5 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 4) #84 ------------- Use: =BAD PATH= Call Stack: 0 md_ioctl 1 md_compat_ioctl ------------- Path:  Function:md_compat_ioctl switch i32 %2, label %5 [ i32 2338, label %7 i32 2344, label %7 i32 2345, label %7 i32 1074006315, label %7 ] %8 = phi i64 [ %6, %5 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ] %9 = tail call i32 @md_ioctl(%struct.block_device.687185* %0, i32 %1, i32 %2, i64 %8) #83 Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1042 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 17 %29 = load %struct.gendisk.687208*, %struct.gendisk.687208** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %375 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %328 i32 2344, label %328 i32 2338, label %345 ] %302 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %303 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %302, i32 3328, i64 4096) #84 ------------- Use: =BAD PATH= Call Stack: 0 md_ioctl ------------- Path:  Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1042 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %0, i64 0, i32 17 %29 = load %struct.gendisk.687208*, %struct.gendisk.687208** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %375 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %328 i32 2344, label %328 i32 2338, label %345 ] %302 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %303 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %302, i32 3328, i64 4096) #84 ------------- Use: =BAD PATH= Call Stack: 0 i2c_new_client_device 1 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* %21, i8* nonnull %6) #83 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 %32 = load i16, i16* %21, align 2 %33 = and i16 %32, -24576 %34 = icmp eq i16 %33, -24576 br i1 %34, label %35, label %40 %36 = and i16 %32, 24575 store i16 %36, i16* %21, align 2 %37 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 1 %38 = load i16, i16* %37, align 4 %39 = or i16 %38, 16 store i16 %39, i16* %37, align 4 br label %40 %41 = phi i16 [ %36, %35 ], [ %32, %31 ] %42 = and i16 %41, 4096 %43 = icmp eq i16 %42, 0 br i1 %43, label %49, label %44 %50 = call %struct.i2c_client* @i2c_new_client_device(%struct.i2c_adapter* %8, %struct.i2c_board_info* nonnull %5) #83 Function:i2c_new_client_device %3 = alloca i32, align 4 %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3520, i64 792) #83 ------------- Use: =BAD PATH= Call Stack: 0 serport_ldisc_read ------------- Path:  Function:serport_ldisc_read %7 = alloca %struct.wait_queue_entry, align 8 %8 = getelementptr inbounds %struct.tty_struct.351000, %struct.tty_struct.351000* %0, i64 0, i32 29 %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 48 %11 = bitcast i8* %10 to i64* %12 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 1, i64* %11) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %72 %16 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %17 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %16, i32 3520, i64 1096) #83 ------------- Use: =BAD PATH= Call Stack: 0 truinst_show ------------- Path:  Function:truinst_show %4 = getelementptr %struct.device.666185, %struct.device.666185* %0, i64 -1, i32 32 %5 = getelementptr inbounds %struct.class.666182*, %struct.class.666182** %4, i64 14 %6 = bitcast %struct.class.666182** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr i8, i8* %7, i64 -168 %9 = bitcast i8* %8 to %struct.usb_device.666496* %10 = load i32, i32* @swi_tru_install, align 4 %11 = icmp eq i32 %10, 2 br i1 %11, label %12, label %13 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %15 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 3264, i64 60) #83 ------------- Use: =BAD PATH= Call Stack: 0 debug_async_open ------------- Path:  Function:debug_async_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to i64* %5 = load i64, i64* %4, align 8 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 debug_periodic_open ------------- Path:  Function:debug_periodic_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to i64* %5 = load i64, i64* %4, align 8 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 debug_registers_open ------------- Path:  Function:debug_registers_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to i64* %5 = load i64, i64* %4, align 8 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 mon_stat_open ------------- Path:  Function:mon_stat_open %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 3264, i64 84) #83 ------------- Use: =BAD PATH= Call Stack: 0 usbdev_mmap ------------- Path:  Function:usbdev_mmap %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.usb_dev_state** %6 = load %struct.usb_dev_state*, %struct.usb_dev_state** %5, align 8 %7 = getelementptr inbounds %struct.usb_dev_state, %struct.usb_dev_state* %6, i64 0, i32 1 %8 = load %struct.usb_device*, %struct.usb_device** %7, align 8 %9 = getelementptr inbounds %struct.usb_device, %struct.usb_device* %8, i64 0, i32 14 %10 = bitcast %struct.usb_bus** %9 to %struct.usb_hcd** %11 = load %struct.usb_hcd*, %struct.usb_hcd** %10, align 8 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %15 = load i64, i64* %14, align 8 %16 = sub i64 %13, %15 %17 = bitcast i64* %3 to i8* %18 = add i64 %16, 64 %19 = load volatile i32, i32* @usbfs_memory_mb, align 4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; addq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @usbfs_memory_usage, i64 0, i32 0), i64 %18, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @usbfs_memory_usage, i64 0, i32 0)) #6, !srcloc !4 %20 = icmp eq i32 %19, 0 br i1 %20, label %27, label %21 %28 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %29 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %28, i32 3520, i64 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 usbdev_open ------------- Path:  Function:usbdev_open %3 = alloca i32, align 4 %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3520, i64 200) #83 ------------- Use: =BAD PATH= Call Stack: 0 usb_store_new_id 1 new_id_store.55282 ------------- Path:  Function:new_id_store.55282 %4 = getelementptr %struct.device_driver, %struct.device_driver* %0, i64 -1, i32 4 %5 = getelementptr inbounds i8, i8* %4, i64 88 %6 = bitcast i8* %5 to %struct.wait_queue_head* %7 = getelementptr inbounds i8, i8* %4, i64 72 %8 = bitcast i8* %7 to %struct.usb_device_id** %9 = load %struct.usb_device_id*, %struct.usb_device_id** %8, align 8 %10 = tail call i64 @usb_store_new_id(%struct.wait_queue_head* %6, %struct.usb_device_id* %9, %struct.device_driver* %0, i8* %1, i64 %2) #83 Function:usb_store_new_id %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %12 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %13 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %14 = bitcast i32* %9 to i8* %15 = bitcast i32* %10 to i8* %16 = call i32 (i8*, i8*, ...) @sscanf(i8* %3, i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.55269, i64 0, i64 0), i32* nonnull %6, i32* nonnull %7, i32* nonnull %8, i32* nonnull %9, i32* nonnull %10) #83 %17 = icmp slt i32 %16, 2 br i1 %17, label %92, label %18 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %20 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 48) #84 ------------- Use: =BAD PATH= Call Stack: 0 pccard_show_cis ------------- Path:  Function:pccard_show_cis %7 = alloca %struct.tuple_t, align 8 %8 = alloca i32, align 4 %9 = icmp sgt i64 %4, 511 br i1 %9, label %146, label %10 %11 = bitcast i32* %8 to i8* store i32 1, i32* %8, align 4 %12 = add i64 %5, %4 %13 = icmp ugt i64 %12, 512 %14 = sub i64 512, %4 %15 = select i1 %13, i64 %14, i64 %5 %16 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -9, i32 1, i32 1 %17 = bitcast %struct.list_head** %16 to %struct.pcmcia_socket.645769* %18 = getelementptr inbounds %struct.pcmcia_socket.645769, %struct.pcmcia_socket.645769* %17, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %142, label %22 %23 = getelementptr inbounds %struct.pcmcia_socket.645769, %struct.pcmcia_socket.645769* %17, i64 0, i32 4 %24 = load i16, i16* %23, align 4 %25 = icmp eq i16 %24, 0 br i1 %25, label %26, label %32 %33 = bitcast %struct.tuple_t* %7 to i8* %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3264, i64 256) #84 ------------- Use: =BAD PATH= Call Stack: 0 new_id_store.54775 ------------- Path:  Function:new_id_store.54775 %4 = alloca i16, align 2 %5 = alloca i16, align 2 %6 = alloca i16, align 2 %7 = alloca i8, align 1 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca [4 x i32], align 16 %11 = getelementptr %struct.device_driver, %struct.device_driver* %0, i64 -1, i32 12 %12 = bitcast i16* %4 to i8* %13 = bitcast i16* %5 to i8* %14 = bitcast i16* %6 to i8* %15 = bitcast [4 x i32]* %10 to i8* %16 = getelementptr inbounds [4 x i32], [4 x i32]* %10, i64 0, i64 0 %17 = getelementptr inbounds [4 x i32], [4 x i32]* %10, i64 0, i64 1 %18 = getelementptr inbounds [4 x i32], [4 x i32]* %10, i64 0, i64 2 %19 = getelementptr inbounds [4 x i32], [4 x i32]* %10, i64 0, i64 3 %20 = call i32 (i8*, i8*, ...) @sscanf(i8* %1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.6.54776, i64 0, i64 0), i16* nonnull %4, i16* nonnull %5, i16* nonnull %6, i8* nonnull %7, i8* nonnull %8, i8* nonnull %9, i32* nonnull %16, i32* %17, i32* %18, i32* %19) #83 %21 = icmp slt i32 %20, 6 br i1 %21, label %61, label %22 %23 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %24 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %23, i32 3520, i64 96) #84 ------------- Use: =BAD PATH= Call Stack: 0 sg_ioctl ------------- Path:  Function:sg_ioctl %4 = alloca %struct.sg_request*, align 8 %5 = alloca %struct.wait_queue_entry, align 8 %6 = alloca %struct.sg_scsi_id, align 4 %7 = inttoptr i64 %2 to i8* %8 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 16 %9 = bitcast i8** %8 to %struct.sg_fd** %10 = load %struct.sg_fd*, %struct.sg_fd** %9, align 8 %11 = icmp eq %struct.sg_fd* %10, null br i1 %11, label %781, label %12 %13 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %10, i64 0, i32 1 %14 = load %struct.sg_device*, %struct.sg_device** %13, align 8 %15 = icmp eq %struct.sg_device* %14, null br i1 %15, label %781, label %16 %17 = inttoptr i64 %2 to i32* %18 = bitcast %struct.sg_request** %4 to i8* %19 = getelementptr inbounds %struct.file.289897, %struct.file.289897* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 3 %22 = icmp ne i32 %21, 2 %23 = zext i1 %22 to i32 switch i32 %1, label %758 [ i32 8837, label %24 i32 8705, label %97 i32 8706, label %121 i32 8825, label %768 i32 8826, label %125 i32 8822, label %133 i32 8827, label %172 i32 8828, label %188 i32 8829, label %232 i32 8831, label %271 i32 8821, label %281 i32 8818, label %414 i32 8817, label %435 i32 8816, label %451 i32 8839, label %462 i32 8840, label %477 i32 8835, label %488 i32 8834, label %507 i32 8841, label %515 i32 8838, label %527 i32 8707, label %656 i32 1, label %679 i32 8830, label %690 i32 4711, label %705 i32 -1069018509, label %722 i32 4724, label %733 i32 4725, label %740 i32 4726, label %747 i32 21378, label %754 i32 21382, label %754 i32 21381, label %754 i32 8709, label %754 i32 8836, label %754 ] %528 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %529 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %528, i32 3520, i64 384) #84 ------------- Use: =BAD PATH= Call Stack: 0 sdev_prefix_printk 1 max_retries_store ------------- Path:  Function:max_retries_store %5 = alloca i32, align 4 %6 = getelementptr %struct.device.613560, %struct.device.613560* %0, i64 -1, i32 36 %7 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %6, i64 1 %8 = bitcast %struct.dev_iommu** %7 to %struct.scsi_device.613577** %9 = load %struct.scsi_device.613577*, %struct.scsi_device.613577** %8, align 8 %10 = bitcast i32* %5 to i8* %11 = call i32 @kstrtoint(i8* %2, i32 10, i32* nonnull %5) #83 %12 = icmp eq i32 %11, 0 br i1 %12, label %15, label %13 %16 = load i32, i32* %5, align 4 %17 = icmp slt i32 %16, 6 br i1 %17, label %18, label %21 call void (i8*, %struct.scsi_device.613577*, i8*, i8*, ...) bitcast (void (i8*, %struct.scsi_device.611890*, i8*, i8*, ...)* @sdev_prefix_printk to void (i8*, %struct.scsi_device.613577*, i8*, i8*, ...)*)(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.34.50994, i64 0, i64 0), %struct.scsi_device.613577* %9, i8* null, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.130.50995, i64 0, i64 0), i32 5) #83 Function:sdev_prefix_printk %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %7 = icmp eq %struct.scsi_device.611890* %1, null br i1 %7, label %27, label %8 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 2592, i64 128) #83 ------------- Use: =BAD PATH= Call Stack: 0 sdev_prefix_printk 1 store_queue_type_field ------------- Path:  Function:store_queue_type_field %5 = getelementptr %struct.device.609954, %struct.device.609954* %0, i64 -1, i32 11, i32 8, i32 0, i32 1 %6 = bitcast i64* %5 to %struct.scsi_device.610229* %7 = getelementptr inbounds %struct.scsi_device.610229, %struct.scsi_device.610229* %6, i64 0, i32 41 %8 = bitcast i48* %7 to i64* %9 = load i64, i64* %8, align 4 %10 = and i64 %9, 2048 %11 = icmp eq i64 %10, 0 br i1 %11, label %13, label %12 tail call void (i8*, %struct.scsi_device.610229*, i8*, i8*, ...) bitcast (void (i8*, %struct.scsi_device.611890*, i8*, i8*, ...)* @sdev_prefix_printk to void (i8*, %struct.scsi_device.610229*, i8*, i8*, ...)*)(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.1.50293, i64 0, i64 0), %struct.scsi_device.610229* %6, i8* null, i8* getelementptr inbounds ([50 x i8], [50 x i8]* @.str.90.50294, i64 0, i64 0)) #83 Function:sdev_prefix_printk %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %7 = icmp eq %struct.scsi_device.611890* %1, null br i1 %7, label %27, label %8 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 2592, i64 128) #83 ------------- Use: =BAD PATH= Call Stack: 0 regmap_name_read_file ------------- Path:  Function:regmap_name_read_file %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.regmap.603327** %7 = load %struct.regmap.603327*, %struct.regmap.603327** %6, align 8 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 wakeup_source_register 1 device_wakeup_enable 2 device_set_wakeup_enable 3 wakeup_store ------------- Path:  Function:wakeup_store %5 = getelementptr inbounds %struct.device.597927, %struct.device.597927* %0, i64 0, i32 11, i32 1 %6 = load i16, i16* %5, align 4 %7 = and i16 %6, 1 %8 = icmp eq i16 %7, 0 br i1 %8, label %17, label %9 %10 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @_enabled, i64 0, i64 0)) #83 br i1 %10, label %11, label %13 %14 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @_disabled, i64 0, i64 0)) #83 br i1 %14, label %15, label %17 %16 = tail call i32 bitcast (i32 (%struct.device*, i1)* @device_set_wakeup_enable to i32 (%struct.device.597927*, i1)*)(%struct.device.597927* %0, i1 zeroext false) #83 Function:device_set_wakeup_enable br i1 %1, label %3, label %5 %4 = tail call i32 @device_wakeup_enable(%struct.device* %0) #83 Function:device_wakeup_enable %2 = icmp eq %struct.device* %0, null br i1 %2, label %36, label %3 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 1 %5 = load i16, i16* %4, align 4 %6 = and i16 %5, 1 %7 = icmp eq i16 %6, 0 br i1 %7, label %36, label %8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 3 %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = phi i8* [ %14, %12 ], [ %10, %8 ] %17 = tail call %struct.wakeup_source* @wakeup_source_register(%struct.device* nonnull %0, i8* %16) #83 Function:wakeup_source_register %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 3520, i64 192) #83 ------------- Use: =BAD PATH= Call Stack: 0 uevent_show ------------- Path:  Function:uevent_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 0 br label %5 %6 = phi %struct.kobject* [ %4, %3 ], [ %12, %10 ] %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %6, i64 0, i32 3 %8 = load %struct.kset*, %struct.kset** %7, align 8 %9 = icmp eq %struct.kset* %8, null br i1 %9, label %10, label %14 %15 = getelementptr inbounds %struct.kset, %struct.kset* %8, i64 0, i32 3 %16 = load %struct.kset_uevent_ops*, %struct.kset_uevent_ops** %15, align 8 %17 = icmp eq %struct.kset_uevent_ops* %16, null br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.kset_uevent_ops, %struct.kset_uevent_ops* %16, i64 0, i32 2 %20 = load i32 (%struct.kset*, %struct.kobject*, %struct.kobj_uevent_env*)*, i32 (%struct.kset*, %struct.kobject*, %struct.kobj_uevent_env*)** %19, align 8 %21 = icmp eq i32 (%struct.kset*, %struct.kobject*, %struct.kobj_uevent_env*)* %20, null br i1 %21, label %61, label %22 %23 = getelementptr inbounds %struct.kset_uevent_ops, %struct.kset_uevent_ops* %16, i64 0, i32 0 %24 = load i32 (%struct.kset*, %struct.kobject*)*, i32 (%struct.kset*, %struct.kobject*)** %23, align 8 %25 = icmp eq i32 (%struct.kset*, %struct.kobject*)* %24, null br i1 %25, label %29, label %26 %27 = tail call i32 %24(%struct.kset* nonnull %8, %struct.kobject* %4) #83 %28 = icmp eq i32 %27, 0 br i1 %28, label %61, label %29 %30 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %31 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %30, i32 3520, i64 2592) #84 ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_read ------------- Path:  Function:vga_arb_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.vga_arb_private** %7 = load %struct.vga_arb_private*, %struct.vga_arb_private** %6, align 8 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 1024) #83 ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_open ------------- Path:  Function:vga_arb_open %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 3520, i64 288) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %6 = bitcast %struct.workqueue_struct** %5 to %struct.i915_perf.436281* %7 = bitcast i32* %4 to i8* %8 = bitcast %struct.workqueue_struct** %5 to %struct.drm_i915_private.436298** %9 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %8, align 8 %10 = icmp eq %struct.drm_i915_private.436298* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 3 %14 = bitcast i32* %13 to %struct.kobject** %15 = load %struct.kobject*, %struct.kobject** %14, align 8 %16 = icmp eq %struct.kobject* %15, null br i1 %16, label %17, label %18 %19 = load i32, i32* @i915_perf_stream_paranoid, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = tail call zeroext i1 @capable(i32 38) #83 br i1 %22, label %26, label %23 %27 = getelementptr inbounds i8, i8* %1, i64 48 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 8 %30 = icmp eq i64 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds i8, i8* %1, i64 36 %33 = bitcast i8* %32 to i32* %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %57 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 216) #84 ------------- Use: =BAD PATH= Call Stack: 0 gen8_ppgtt_create 1 i915_ppgtt_create 2 i915_gem_vm_create_ioctl ------------- Path:  Function:i915_gem_vm_create_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 19 %6 = bitcast i8** %5 to %struct.drm_i915_file_private.436064** %7 = load %struct.drm_i915_file_private.436064*, %struct.drm_i915_file_private.436064** %6, align 8 %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15, i32 3 %10 = bitcast %struct.list_head* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = icmp ugt i32 %11, 1 br i1 %12, label %13, label %57 %14 = getelementptr inbounds i8, i8* %1, i64 8 %15 = bitcast i8* %14 to i32* %16 = load i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %57 %19 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 66 %20 = bitcast %struct.drm_property.373206** %19 to %struct.intel_gt.436116* %21 = tail call %struct.i915_ppgtt.436037* bitcast (%struct.i915_ppgtt.432337* (%struct.intel_gt.432609*, i64)* @i915_ppgtt_create to %struct.i915_ppgtt.436037* (%struct.intel_gt.436116*, i64)*)(%struct.intel_gt.436116* %20, i64 0) #83 Function:i915_ppgtt_create %3 = getelementptr inbounds %struct.intel_gt.432609, %struct.intel_gt.432609* %0, i64 0, i32 0 %4 = load %struct.drm_i915_private.432574*, %struct.drm_i915_private.432574** %3, align 8 %5 = getelementptr inbounds %struct.drm_i915_private.432574, %struct.drm_i915_private.432574* %4, i64 0, i32 3, i32 0 %6 = load i8, i8* %5, align 8 %7 = icmp ult i8 %6, 8 br i1 %7, label %8, label %10 %11 = tail call %struct.i915_ppgtt.432337* @gen8_ppgtt_create(%struct.intel_gt.432609* %0, i64 %1) #83 Function:gen8_ppgtt_create %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 3520, i64 600) #83 ------------- Use: =BAD PATH= Call Stack: 0 gen6_ppgtt_create 1 i915_ppgtt_create 2 i915_gem_vm_create_ioctl ------------- Path:  Function:i915_gem_vm_create_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 19 %6 = bitcast i8** %5 to %struct.drm_i915_file_private.436064** %7 = load %struct.drm_i915_file_private.436064*, %struct.drm_i915_file_private.436064** %6, align 8 %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 1, i32 15, i32 3 %10 = bitcast %struct.list_head* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = icmp ugt i32 %11, 1 br i1 %12, label %13, label %57 %14 = getelementptr inbounds i8, i8* %1, i64 8 %15 = bitcast i8* %14 to i32* %16 = load i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %57 %19 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 66 %20 = bitcast %struct.drm_property.373206** %19 to %struct.intel_gt.436116* %21 = tail call %struct.i915_ppgtt.436037* bitcast (%struct.i915_ppgtt.432337* (%struct.intel_gt.432609*, i64)* @i915_ppgtt_create to %struct.i915_ppgtt.436037* (%struct.intel_gt.436116*, i64)*)(%struct.intel_gt.436116* %20, i64 0) #83 Function:i915_ppgtt_create %3 = getelementptr inbounds %struct.intel_gt.432609, %struct.intel_gt.432609* %0, i64 0, i32 0 %4 = load %struct.drm_i915_private.432574*, %struct.drm_i915_private.432574** %3, align 8 %5 = getelementptr inbounds %struct.drm_i915_private.432574, %struct.drm_i915_private.432574* %4, i64 0, i32 3, i32 0 %6 = load i8, i8* %5, align 8 %7 = icmp ult i8 %6, 8 br i1 %7, label %8, label %10 %9 = tail call %struct.i915_ppgtt.432337* @gen6_ppgtt_create(%struct.intel_gt.432609* %0) #83 Function:gen6_ppgtt_create %2 = getelementptr inbounds %struct.intel_gt.432609, %struct.intel_gt.432609* %0, i64 0, i32 2 %3 = load %struct.i915_ggtt.432339*, %struct.i915_ggtt.432339** %2, align 8 %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3520, i64 696) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_l3_write ------------- Path:  Function:i915_l3_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = getelementptr inbounds %struct.bin_attribute, %struct.bin_attribute* %2, i64 0, i32 2 %14 = bitcast i8** %13 to i64* %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.drm_i915_private.412466, %struct.drm_i915_private.412466* %12, i64 0, i32 3, i32 16 %17 = bitcast [3 x i8]* %16 to i24* %18 = load i24, i24* %17, align 8 %19 = and i24 %18, 512 %20 = icmp eq i24 %19, 0 br i1 %20, label %68, label %21 %22 = and i64 %4, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %68 %25 = icmp sgt i64 %4, 127 br i1 %25, label %68, label %26 %27 = icmp ult i64 %5, 4 br i1 %27, label %68, label %28 %29 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %30 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %29, i32 3520, i64 128) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_l3_write ------------- Path:  Function:i915_l3_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = getelementptr inbounds %struct.bin_attribute, %struct.bin_attribute* %2, i64 0, i32 2 %14 = bitcast i8** %13 to i64* %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.drm_i915_private.412466, %struct.drm_i915_private.412466* %12, i64 0, i32 3, i32 16 %17 = bitcast [3 x i8]* %16 to i24* %18 = load i24, i24* %17, align 8 %19 = and i24 %18, 512 %20 = icmp eq i24 %19, 0 br i1 %20, label %68, label %21 %22 = and i64 %4, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %68 %25 = icmp sgt i64 %4, 127 br i1 %25, label %68, label %26 %27 = icmp ult i64 %5, 4 br i1 %27, label %68, label %28 %29 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %30 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %29, i32 3520, i64 128) #83 ------------- Use: =BAD PATH= Call Stack: 0 crtc_crc_open ------------- Path:  Function:crtc_crc_open %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %5 = bitcast i8** %4 to %struct.drm_crtc.400184** %6 = load %struct.drm_crtc.400184*, %struct.drm_crtc.400184** %5, align 8 %7 = bitcast i64* %3 to i8* %8 = getelementptr inbounds %struct.drm_crtc.400184, %struct.drm_crtc.400184* %6, i64 0, i32 0 %9 = load %struct.drm_device.373290*, %struct.drm_device.373290** %8, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 4 %11 = load %struct.drm_driver*, %struct.drm_driver** %10, align 8 %12 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %11, i64 0, i32 24 %13 = load i32, i32* %12, align 8 %14 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 10 %15 = load i32, i32* %14, align 8 %16 = and i32 %13, 16 %17 = and i32 %16, %15 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %27 %20 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %9, i64 0, i32 30, i32 27 %21 = load %struct.drm_mode_config_funcs.373271*, %struct.drm_mode_config_funcs.373271** %20, align 8 %22 = icmp eq %struct.drm_mode_config_funcs.373271* %21, null br i1 %22, label %37, label %23 %24 = getelementptr inbounds %struct.drm_mode_config_funcs.373271, %struct.drm_mode_config_funcs.373271* %21, i64 0, i32 5 %25 = load i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)*, i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)** %24, align 8 %26 = icmp eq i32 (%struct.drm_device.373290*, %struct.drm_atomic_state.373270*, i1)* %25, null br i1 %26, label %37, label %27 %38 = getelementptr inbounds %struct.drm_crtc.400184, %struct.drm_crtc.400184* %6, i64 0, i32 16 %39 = load %struct.drm_crtc_funcs.400179*, %struct.drm_crtc_funcs.400179** %38, align 8 %40 = getelementptr inbounds %struct.drm_crtc_funcs.400179, %struct.drm_crtc_funcs.400179* %39, i64 0, i32 17 %41 = load i32 (%struct.drm_crtc.400184*, i8*, i64*)*, i32 (%struct.drm_crtc.400184*, i8*, i64*)** %40, align 8 %42 = getelementptr inbounds %struct.drm_crtc.400184, %struct.drm_crtc.400184* %6, i64 0, i32 26, i32 1 %43 = load i8*, i8** %42, align 8 %44 = call i32 %41(%struct.drm_crtc.400184* %6, i8* %43, i64* nonnull %3) #83 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %78 %47 = load i64, i64* %3, align 8 %48 = icmp ugt i64 %47, 10 br i1 %48, label %49, label %50, !prof !5, !misexpect !6 %51 = icmp eq i64 %47, 0 br i1 %51, label %52, label %53, !prof !5, !misexpect !6 %54 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 13), align 8 %55 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %54, i32 3520, i64 6144) #84 ------------- Use: =BAD PATH= Call Stack: 0 drm_modeset_lock_all 1 wm_latency_write 2 pri_wm_latency_write ------------- Path:  Function:pri_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.428426** %10 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 0, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #83 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.428426** %14 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #83 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.41054, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #84 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.387280*)* @drm_modeset_lock_all to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %15) #83 Function:drm_modeset_lock_all %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 36288, i64 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_modeset_lock_all 1 wm_latency_write 2 spr_wm_latency_write ------------- Path:  Function:spr_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.428426** %10 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 1, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #83 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.428426** %14 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #83 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.41054, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #84 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.387280*)* @drm_modeset_lock_all to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %15) #83 Function:drm_modeset_lock_all %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 36288, i64 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_modeset_lock_all 1 wm_latency_write 2 cur_wm_latency_write ------------- Path:  Function:cur_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.428426** %10 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %10, i64 0, i32 102, i32 2, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #83 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.428426** %14 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.428426, %struct.drm_i915_private.428426* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #83 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.41054, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #84 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.387280*)* @drm_modeset_lock_all to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %15) #83 Function:drm_modeset_lock_all %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 36288, i64 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_modeset_lock_all 1 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 tail call void bitcast (void (%struct.drm_device.387280*)* @drm_modeset_lock_all to void (%struct.drm_device.373290*)*)(%struct.drm_device.373290* %0) #83 Function:drm_modeset_lock_all %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 36288, i64 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 read_mem ------------- Path:  Function:read_mem %5 = load i64, i64* %3, align 8 %6 = tail call i32 @valid_phys_addr_range(i64 %5, i64 %2) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %72, label %8 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 3264, i64 4096) #84 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_kdgkb_ioctl 1 vt_ioctl ------------- Path:  Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.355841*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.static_call_site, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.355841** %15 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.355747* %19 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %18, i64 0, i32 104 %20 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %19, align 8 %21 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %20, i64 0, i32 25 %22 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %21, align 8 %23 = icmp eq %struct.tty_struct.355831* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #83 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.355841, %struct.vc_data.355841* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] %161 = inttoptr i64 %2 to %struct.kbsentry* %162 = zext i1 %28 to i32 %163 = tail call i32 @vt_do_kdgkb_ioctl(i32 %1, %struct.kbsentry* %161, i32 %162) #83 Function:vt_do_kdgkb_ioctl %5 = getelementptr inbounds %struct.kbsentry, %struct.kbsentry* %1, i64 0, i32 0 %6 = tail call { i8*, i8, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i8* %5, i64 1, i64 %4) #6, !srcloc !4 %7 = extractvalue { i8*, i8, i64 } %6, 0 %8 = extractvalue { i8*, i8, i64 } %6, 2 %9 = ptrtoint i8* %7 to i64 %10 = and i64 %9, 4294967295 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %73, !prof !5, !misexpect !6 %13 = extractvalue { i8*, i8, i64 } %6, 1 %14 = zext i8 %13 to i64 %15 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 256, i64 %14) #6, !srcloc !7 %16 = trunc i64 %15 to i8 %17 = and i8 %13, %16 switch i32 %0, label %70 [ i32 19272, label %18 i32 19273, label %40 ] %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3264, i64 512) #83 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_kdgkb_ioctl 1 vt_ioctl 2 vt_compat_ioctl ------------- Path:  Function:vt_compat_ioctl %4 = alloca %struct.compat_sock_fprog, align 4 %5 = alloca %struct.console_font_op, align 8 %6 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %7 = bitcast i8** %6 to %struct.vc_data.355841** %8 = load %struct.vc_data.355841*, %struct.vc_data.355841** %7, align 8 %9 = bitcast %struct.console_font_op* %5 to i8* %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.355747* %14 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %13, i64 0, i32 104 %15 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %14, align 8 %16 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %15, i64 0, i32 25 %17 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %16, align 8 %18 = icmp eq %struct.tty_struct.355831* %17, %0 br i1 %18, label %21, label %19 %20 = tail call zeroext i1 @capable(i32 26) #83 br i1 %20, label %21, label %22 br label %22 %23 = phi i1 [ false, %21 ], [ true, %19 ] switch i32 %1, label %79 [ i32 19314, label %24 i32 19303, label %48 i32 19302, label %48 i32 19247, label %77 i32 19248, label %77 i32 19252, label %77 i32 19253, label %77 i32 19258, label %77 i32 19260, label %77 i32 19261, label %77 i32 19269, label %77 i32 19299, label %77 i32 19301, label %77 i32 19250, label %77 i32 19278, label %77 i32 22022, label %77 i32 22023, label %77 i32 22021, label %77 i32 22024, label %77 i32 22025, label %77 i32 22026, label %77 ] %80 = tail call i32 @vt_ioctl(%struct.tty_struct.355831* %0, i32 %1, i64 %10) #84 Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.355841*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.static_call_site, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.355841** %15 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.355747* %19 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %18, i64 0, i32 104 %20 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %19, align 8 %21 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %20, i64 0, i32 25 %22 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %21, align 8 %23 = icmp eq %struct.tty_struct.355831* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #83 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.355841, %struct.vc_data.355841* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] %161 = inttoptr i64 %2 to %struct.kbsentry* %162 = zext i1 %28 to i32 %163 = tail call i32 @vt_do_kdgkb_ioctl(i32 %1, %struct.kbsentry* %161, i32 %162) #83 Function:vt_do_kdgkb_ioctl %5 = getelementptr inbounds %struct.kbsentry, %struct.kbsentry* %1, i64 0, i32 0 %6 = tail call { i8*, i8, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i8* %5, i64 1, i64 %4) #6, !srcloc !4 %7 = extractvalue { i8*, i8, i64 } %6, 0 %8 = extractvalue { i8*, i8, i64 } %6, 2 %9 = ptrtoint i8* %7 to i64 %10 = and i64 %9, 4294967295 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %73, !prof !5, !misexpect !6 %13 = extractvalue { i8*, i8, i64 } %6, 1 %14 = zext i8 %13 to i64 %15 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 256, i64 %14) #6, !srcloc !7 %16 = trunc i64 %15 to i8 %17 = and i8 %13, %16 switch i32 %0, label %70 [ i32 19272, label %18 i32 19273, label %40 ] %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3264, i64 512) #83 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_diacrit 1 vt_ioctl ------------- Path:  Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.355841*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.static_call_site, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.355841** %15 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.355747* %19 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %18, i64 0, i32 104 %20 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %19, align 8 %21 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %20, i64 0, i32 25 %22 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %21, align 8 %23 = icmp eq %struct.tty_struct.355831* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #83 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.355841, %struct.vc_data.355841* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] %165 = zext i1 %28 to i32 %166 = tail call i32 @vt_do_diacrit(i32 %1, i8* %16, i32 %165) #83 Function:vt_do_diacrit switch i32 %0, label %167 [ i32 19274, label %4 i32 19450, label %56 i32 19275, label %84 i32 19451, label %135 ] %57 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %58 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %57, i32 3264, i64 3072) #83 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_diacrit 1 vt_ioctl 2 vt_compat_ioctl ------------- Path:  Function:vt_compat_ioctl %4 = alloca %struct.compat_sock_fprog, align 4 %5 = alloca %struct.console_font_op, align 8 %6 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %7 = bitcast i8** %6 to %struct.vc_data.355841** %8 = load %struct.vc_data.355841*, %struct.vc_data.355841** %7, align 8 %9 = bitcast %struct.console_font_op* %5 to i8* %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.355747* %14 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %13, i64 0, i32 104 %15 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %14, align 8 %16 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %15, i64 0, i32 25 %17 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %16, align 8 %18 = icmp eq %struct.tty_struct.355831* %17, %0 br i1 %18, label %21, label %19 %20 = tail call zeroext i1 @capable(i32 26) #83 br i1 %20, label %21, label %22 br label %22 %23 = phi i1 [ false, %21 ], [ true, %19 ] switch i32 %1, label %79 [ i32 19314, label %24 i32 19303, label %48 i32 19302, label %48 i32 19247, label %77 i32 19248, label %77 i32 19252, label %77 i32 19253, label %77 i32 19258, label %77 i32 19260, label %77 i32 19261, label %77 i32 19269, label %77 i32 19299, label %77 i32 19301, label %77 i32 19250, label %77 i32 19278, label %77 i32 22022, label %77 i32 22023, label %77 i32 22021, label %77 i32 22024, label %77 i32 22025, label %77 i32 22026, label %77 ] %80 = tail call i32 @vt_ioctl(%struct.tty_struct.355831* %0, i32 %1, i64 %10) #84 Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.355841*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.static_call_site, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.355841** %15 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.355747* %19 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %18, i64 0, i32 104 %20 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %19, align 8 %21 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %20, i64 0, i32 25 %22 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %21, align 8 %23 = icmp eq %struct.tty_struct.355831* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #83 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.355841, %struct.vc_data.355841* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] %165 = zext i1 %28 to i32 %166 = tail call i32 @vt_do_diacrit(i32 %1, i8* %16, i32 %165) #83 Function:vt_do_diacrit switch i32 %0, label %167 [ i32 19274, label %4 i32 19450, label %56 i32 19275, label %84 i32 19451, label %135 ] %57 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %58 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %57, i32 3264, i64 3072) #83 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_diacrit 1 vt_ioctl ------------- Path:  Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.355841*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.static_call_site, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.355841** %15 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.355747* %19 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %18, i64 0, i32 104 %20 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %19, align 8 %21 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %20, i64 0, i32 25 %22 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %21, align 8 %23 = icmp eq %struct.tty_struct.355831* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #83 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.355841, %struct.vc_data.355841* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] %165 = zext i1 %28 to i32 %166 = tail call i32 @vt_do_diacrit(i32 %1, i8* %16, i32 %165) #83 Function:vt_do_diacrit switch i32 %0, label %167 [ i32 19274, label %4 i32 19450, label %56 i32 19275, label %84 i32 19451, label %135 ] %5 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %5, i32 3264, i64 768) #83 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_diacrit 1 vt_ioctl 2 vt_compat_ioctl ------------- Path:  Function:vt_compat_ioctl %4 = alloca %struct.compat_sock_fprog, align 4 %5 = alloca %struct.console_font_op, align 8 %6 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %7 = bitcast i8** %6 to %struct.vc_data.355841** %8 = load %struct.vc_data.355841*, %struct.vc_data.355841** %7, align 8 %9 = bitcast %struct.console_font_op* %5 to i8* %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.355747* %14 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %13, i64 0, i32 104 %15 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %14, align 8 %16 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %15, i64 0, i32 25 %17 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %16, align 8 %18 = icmp eq %struct.tty_struct.355831* %17, %0 br i1 %18, label %21, label %19 %20 = tail call zeroext i1 @capable(i32 26) #83 br i1 %20, label %21, label %22 br label %22 %23 = phi i1 [ false, %21 ], [ true, %19 ] switch i32 %1, label %79 [ i32 19314, label %24 i32 19303, label %48 i32 19302, label %48 i32 19247, label %77 i32 19248, label %77 i32 19252, label %77 i32 19253, label %77 i32 19258, label %77 i32 19260, label %77 i32 19261, label %77 i32 19269, label %77 i32 19299, label %77 i32 19301, label %77 i32 19250, label %77 i32 19278, label %77 i32 22022, label %77 i32 22023, label %77 i32 22021, label %77 i32 22024, label %77 i32 22025, label %77 i32 22026, label %77 ] %80 = tail call i32 @vt_ioctl(%struct.tty_struct.355831* %0, i32 %1, i64 %10) #84 Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.355841*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca %struct.static_call_site, align 4 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.355831, %struct.tty_struct.355831* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.355841** %15 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.355747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.355747**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.355747* %19 = getelementptr inbounds %struct.task_struct.355747, %struct.task_struct.355747* %18, i64 0, i32 104 %20 = load %struct.signal_struct.355696*, %struct.signal_struct.355696** %19, align 8 %21 = getelementptr inbounds %struct.signal_struct.355696, %struct.signal_struct.355696* %20, i64 0, i32 25 %22 = load %struct.tty_struct.355831*, %struct.tty_struct.355831** %21, align 8 %23 = icmp eq %struct.tty_struct.355831* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #83 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = load %struct.vc_data.355841*, %struct.vc_data.355841** %14, align 8 %30 = getelementptr inbounds %struct.vc_data.355841, %struct.vc_data.355841* %29, i64 0, i32 3 %31 = load i16, i16* %30, align 8 %32 = zext i16 %31 to i32 switch i32 %1, label %759 [ i32 19247, label %33 i32 19248, label %41 i32 19251, label %57 i32 19252, label %64 i32 19253, label %64 i32 19254, label %73 i32 19255, label %73 i32 19282, label %79 i32 19258, label %93 i32 19259, label %115 i32 19260, label %760 i32 19261, label %760 i32 19269, label %125 i32 19268, label %131 i32 19299, label %139 i32 19298, label %142 i32 19276, label %150 i32 19277, label %150 i32 19270, label %156 i32 19271, label %156 i32 19272, label %160 i32 19273, label %160 i32 19274, label %164 i32 19450, label %164 i32 19275, label %164 i32 19451, label %164 i32 19300, label %167 i32 19301, label %167 i32 19249, label %167 i32 19250, label %167 i32 19278, label %170 i32 19314, label %196 i32 19313, label %218 i32 19312, label %221 i32 19265, label %223 i32 19264, label %226 i32 19306, label %228 i32 19305, label %232 i32 19304, label %235 i32 19303, label %238 i32 19302, label %238 i32 21532, label %269 i32 22018, label %271 i32 22017, label %304 i32 22019, label %312 i32 22016, label %364 i32 22022, label %403 i32 22031, label %414 i32 22023, label %466 i32 22021, label %473 i32 22024, label %497 i32 22025, label %590 i32 22026, label %628 i32 22027, label %712 i32 22028, label %715 i32 22029, label %718 i32 22030, label %727 ] %165 = zext i1 %28 to i32 %166 = tail call i32 @vt_do_diacrit(i32 %1, i8* %16, i32 %165) #83 Function:vt_do_diacrit switch i32 %0, label %167 [ i32 19274, label %4 i32 19450, label %56 i32 19275, label %84 i32 19451, label %135 ] %5 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %5, i32 3264, i64 768) #83 ------------- Use: =BAD PATH= Call Stack: 0 vcs_poll_data_get 1 vcs_poll ------------- Path:  Function:vcs_poll %3 = tail call fastcc %struct.vcs_poll_data* @vcs_poll_data_get(%struct.file* %0) #83 Function:vcs_poll_data_get %2 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %3 = bitcast i8** %2 to %struct.vcs_poll_data** %4 = load %struct.vcs_poll_data*, %struct.vcs_poll_data** %3, align 8 %5 = icmp eq %struct.vcs_poll_data* %4, null br i1 %5, label %6, label %36 %7 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %8 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %7, i32 3520, i64 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 vcs_poll_data_get 1 vcs_fasync ------------- Path:  Function:vcs_fasync %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.vcs_poll_data** %6 = load %struct.vcs_poll_data*, %struct.vcs_poll_data** %5, align 8 %7 = icmp eq %struct.vcs_poll_data* %6, null br i1 %7, label %8, label %13 %9 = icmp eq i32 %2, 0 br i1 %9, label %17, label %10 %11 = tail call fastcc %struct.vcs_poll_data* @vcs_poll_data_get(%struct.file* %1) #83 Function:vcs_poll_data_get %2 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %3 = bitcast i8** %2 to %struct.vcs_poll_data** %4 = load %struct.vcs_poll_data*, %struct.vcs_poll_data** %3, align 8 %5 = icmp eq %struct.vcs_poll_data* %4, null br i1 %5, label %6, label %36 %7 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %8 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %7, i32 3520, i64 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 pty_unix98_install ------------- Path:  Function:pty_unix98_install %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %0, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %8, label %89 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 3264, i64 352) #83 ------------- Use: =BAD PATH= Call Stack: 0 pty_unix98_install ------------- Path:  Function:pty_unix98_install %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %0, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %8, label %89 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %10 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 3264, i64 352) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_open ------------- Path:  Function:tty_open %3 = alloca i32, align 4 %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 13 %5 = load i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = tail call i32 @nonseekable_open(%struct.inode* %0, %struct.file* %1) #83 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %10 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 3264, i64 32) #84 ------------- Use: =BAD PATH= Call Stack: 0 tty_open ------------- Path:  Function:tty_open %3 = alloca i32, align 4 %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 13 %5 = load i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = tail call i32 @nonseekable_open(%struct.inode* %0, %struct.file* %1) #83 %9 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %10 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %9, i32 3264, i64 32) #84 ------------- Use: =BAD PATH= Call Stack: 0 resources_show ------------- Path:  Function:resources_show %4 = icmp eq %struct.device* %0, null br i1 %4, label %62, label %5 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 40) #83 ------------- Use: =BAD PATH= Call Stack: 0 options_show ------------- Path:  Function:options_show %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3520, i64 40) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_execute_simple_method 2 camera_store ------------- Path:  Function:camera_store %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %7 = bitcast i8** %6 to %struct.eeepc_laptop** %8 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %7, align 8 %9 = bitcast i32* %5 to i8* %10 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.56.62820, i64 0, i64 0), i32* nonnull %5) #83 %11 = icmp eq i32 %10, 1 br i1 %11, label %12, label %26 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %8, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %26, label %17 %18 = load i32, i32* %5, align 4 %19 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %8, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = sext i32 %18 to i64 %22 = call i32 @acpi_execute_simple_method(i8* %20, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.42.62835, i64 0, i64 0), i64 %21) #83 Function:acpi_execute_simple_method %4 = alloca %union.acpi_object, align 8 %5 = alloca %struct.acpi_object_list, align 8 %6 = bitcast %union.acpi_object* %4 to i8* %7 = bitcast %struct.acpi_object_list* %5 to i8* %8 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %5, i64 0, i32 0 store i32 1, i32* %8, align 8 %9 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %5, i64 0, i32 1 store %union.acpi_object* %4, %union.acpi_object** %9, align 8 %10 = getelementptr inbounds %union.acpi_object, %union.acpi_object* %4, i64 0, i32 0, i32 2 store i64 %2, i64* %10, align 8 %11 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* nonnull %5, %struct.trace_print_flags* null) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_execute_simple_method 2 cardr_store ------------- Path:  Function:cardr_store %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %7 = bitcast i8** %6 to %struct.eeepc_laptop** %8 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %7, align 8 %9 = bitcast i32* %5 to i8* %10 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.56.62820, i64 0, i64 0), i32* nonnull %5) #83 %11 = icmp eq i32 %10, 1 br i1 %11, label %12, label %26 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %8, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 1048576 %16 = icmp eq i32 %15, 0 br i1 %16, label %26, label %17 %18 = load i32, i32* %5, align 4 %19 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %8, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = sext i32 %18 to i64 %22 = call i32 @acpi_execute_simple_method(i8* %20, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.48.62832, i64 0, i64 0), i64 %21) #83 Function:acpi_execute_simple_method %4 = alloca %union.acpi_object, align 8 %5 = alloca %struct.acpi_object_list, align 8 %6 = bitcast %union.acpi_object* %4 to i8* %7 = bitcast %struct.acpi_object_list* %5 to i8* %8 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %5, i64 0, i32 0 store i32 1, i32* %8, align 8 %9 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %5, i64 0, i32 1 store %union.acpi_object* %4, %union.acpi_object** %9, align 8 %10 = getelementptr inbounds %union.acpi_object, %union.acpi_object* %4, i64 0, i32 0, i32 2 store i64 %2, i64* %10, align 8 %11 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* nonnull %5, %struct.trace_print_flags* null) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_execute_simple_method 2 disp_store ------------- Path:  Function:disp_store %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %7 = bitcast i8** %6 to %struct.eeepc_laptop** %8 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %7, align 8 %9 = bitcast i32* %5 to i8* %10 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.56.62820, i64 0, i64 0), i32* nonnull %5) #83 %11 = icmp eq i32 %10, 1 br i1 %11, label %12, label %26 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %8, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 256 %16 = icmp eq i32 %15, 0 br i1 %16, label %26, label %17 %18 = load i32, i32* %5, align 4 %19 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %8, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = sext i32 %18 to i64 %22 = call i32 @acpi_execute_simple_method(i8* %20, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.43.62830, i64 0, i64 0), i64 %21) #83 Function:acpi_execute_simple_method %4 = alloca %union.acpi_object, align 8 %5 = alloca %struct.acpi_object_list, align 8 %6 = bitcast %union.acpi_object* %4 to i8* %7 = bitcast %struct.acpi_object_list* %5 to i8* %8 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %5, i64 0, i32 0 store i32 1, i32* %8, align 8 %9 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %5, i64 0, i32 1 store %union.acpi_object* %4, %union.acpi_object** %9, align 8 %10 = getelementptr inbounds %union.acpi_object, %union.acpi_object* %4, i64 0, i32 0, i32 2 store i64 %2, i64* %10, align 8 %11 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* nonnull %5, %struct.trace_print_flags* null) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_evaluate_integer 2 camera_show ------------- Path:  Function:camera_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 16 %11 = icmp eq i32 %10, 0 br i1 %11, label %27, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.26.62836, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_evaluate_integer 2 cardr_show ------------- Path:  Function:cardr_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 1048576 %11 = icmp eq i32 %10, 0 br i1 %11, label %27, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.31.62833, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_evaluate_integer 2 cpufv_show ------------- Path:  Function:cpufv_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %35, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.28.62824, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_evaluate_integer 2 available_cpufv_show ------------- Path:  Function:available_cpufv_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %42, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.28.62824, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_evaluate_integer 2 uid_show.32298 ------------- Path:  Function:uid_show.32298 %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 7 %7 = bitcast i8** %6 to %struct.dock_station** %8 = load %struct.dock_station*, %struct.dock_station** %7, align 8 %9 = getelementptr inbounds %struct.dock_station, %struct.dock_station* %8, i64 0, i32 0 %10 = load i8*, i8** %9, align 8 %11 = call i32 @acpi_evaluate_integer(i8* %10, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.32299, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_evaluate_integer 2 acpi_device_get_power 3 real_power_state_show ------------- Path:  Function:real_power_state_show %4 = alloca i32, align 4 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 2 %6 = bitcast %struct.device_private** %5 to %struct.acpi_device* %7 = bitcast i32* %4 to i8* %8 = call i32 @acpi_device_get_power(%struct.acpi_device* %6, i32* nonnull %4) #83 Function:acpi_device_get_power %3 = alloca i64, align 8 %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* store i32 255, i32* %4, align 4 %6 = icmp ne %struct.acpi_device* %0, null %7 = icmp ne i32* %1, null %8 = and i1 %6, %7 br i1 %8, label %9, label %75 %10 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 9, i32 0 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %22 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 11, i32 1, i32 0 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 2 %25 = icmp eq i32 %24, 0 br i1 %25, label %31, label %26 %27 = call i32 @acpi_power_get_inferred_state(%struct.acpi_device* nonnull %0, i32* nonnull %4) #83 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %75 %30 = load i32, i32* %22, align 4 br label %31 %32 = phi i32 [ %30, %29 ], [ %23, %21 ] %33 = and i32 %32, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast i64* %3 to i8* %37 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 1 %38 = load i8*, i8** %37, align 8 %39 = call i32 @acpi_evaluate_integer(i8* %38, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.11.31884, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %3) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_evaluate_integer 2 sun_show ------------- Path:  Function:sun_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 2 %6 = bitcast i64* %4 to i8* %7 = getelementptr inbounds %struct.device_private*, %struct.device_private** %5, i64 1 %8 = bitcast %struct.device_private** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = call i32 @acpi_evaluate_integer(i8* %9, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.2.31849, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_evaluate_integer 2 hrv_show ------------- Path:  Function:hrv_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 2 %6 = bitcast i64* %4 to i8* %7 = getelementptr inbounds %struct.device_private*, %struct.device_private** %5, i64 1 %8 = bitcast %struct.device_private** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = call i32 @acpi_evaluate_integer(i8* %9, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.3.31850, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_evaluate_integer 2 status_show ------------- Path:  Function:status_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 2 %6 = bitcast i64* %4 to i8* %7 = getelementptr inbounds %struct.device_private*, %struct.device_private** %5, i64 1 %8 = bitcast %struct.device_private** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = call i32 @acpi_evaluate_integer(i8* %9, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.31851, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #83 Function:acpi_evaluate_integer %5 = alloca %union.acpi_object, align 8 %6 = alloca %struct.trace_print_flags, align 8 %7 = bitcast %union.acpi_object* %5 to i8* %8 = bitcast %struct.trace_print_flags* %6 to i8* %9 = icmp eq i64* %3, null br i1 %9, label %23, label %10 %11 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 0 store i64 24, i64* %11, align 8 %12 = getelementptr inbounds %struct.trace_print_flags, %struct.trace_print_flags* %6, i64 0, i32 1 %13 = bitcast i8** %12 to %union.acpi_object** store %union.acpi_object* %5, %union.acpi_object** %13, align 8 %14 = call i32 @acpi_evaluate_object(i8* %0, i8* %1, %struct.acpi_object_list* %2, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_evaluate_dsm 2 dsm_get_label 3 label_show ------------- Path:  Function:label_show %4 = tail call fastcc i32 @dsm_get_label(%struct.device.324838* %0, i8* %2, i32 0) #83 Function:dsm_get_label %4 = getelementptr inbounds %struct.device.324838, %struct.device.324838* %0, i64 0, i32 26 %5 = load %struct.fwnode_handle.324824*, %struct.fwnode_handle.324824** %4, align 8 %6 = tail call zeroext i1 bitcast (i1 (%struct.fwnode_handle*)* @is_acpi_device_node to i1 (%struct.fwnode_handle.324824*)*)(%struct.fwnode_handle.324824* %5) #83 %7 = getelementptr %struct.fwnode_handle.324824, %struct.fwnode_handle.324824* %5, i64 -1, i32 4, i32 1 %8 = icmp eq %struct.list_head** %7, null %9 = xor i1 %6, true %10 = or i1 %8, %9 br i1 %10, label %68, label %11 %12 = getelementptr inbounds %struct.list_head*, %struct.list_head** %7, i64 1 %13 = bitcast %struct.list_head** %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = icmp eq i8* %14, null br i1 %15, label %68, label %16 %17 = tail call %union.acpi_object* @acpi_evaluate_dsm(i8* nonnull %14, %struct.uuid_t* nonnull @pci_acpi_dsm_guid, i64 2, i64 7, %union.acpi_object* null) #83 Function:acpi_evaluate_dsm %6 = alloca %struct.trace_print_flags, align 8 %7 = alloca [4 x %union.acpi_object], align 16 %8 = alloca %struct.acpi_object_list, align 8 %9 = bitcast %struct.trace_print_flags* %6 to i8* %10 = bitcast [4 x %union.acpi_object]* %7 to i8* %11 = bitcast %struct.acpi_object_list* %8 to i8* %12 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %8, i64 0, i32 0 store i32 4, i32* %12, align 8 %13 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %8, i64 0, i32 1 %14 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0 store %union.acpi_object* %14, %union.acpi_object** %13, align 8 %15 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0, i32 0, i32 0 store i32 3, i32* %15, align 16 %16 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0, i32 0, i32 1 store i32 16, i32* %16, align 4 %17 = getelementptr %struct.uuid_t, %struct.uuid_t* %1, i64 0, i32 0, i64 0 %18 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0, i32 0, i32 2 %19 = bitcast i64* %18 to i8** store i8* %17, i8** %19, align 8 %20 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 1, i32 0, i32 0 store i32 1, i32* %20, align 8 %21 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 1, i32 0, i32 2 store i64 %2, i64* %21, align 8 %22 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 2, i32 0, i32 0 store i32 1, i32* %22, align 16 %23 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 2, i32 0, i32 2 store i64 %3, i64* %23, align 8 %24 = icmp eq %union.acpi_object* %4, null %25 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 3 br i1 %24, label %29, label %26 %30 = getelementptr %union.acpi_object, %union.acpi_object* %25, i64 0, i32 0, i32 0 store i32 4, i32* %30, align 8 %31 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 3, i32 0, i32 1 store i32 0, i32* %31, align 4 %32 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 3, i32 0, i32 2 %33 = bitcast i64* %32 to %union.acpi_object** store %union.acpi_object* null, %union.acpi_object** %33, align 8 br label %34 %35 = call i32 @acpi_evaluate_object(i8* %0, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.14.31765, i64 0, i64 0), %struct.acpi_object_list* nonnull %8, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 acpi_evaluate_object 1 acpi_evaluate_dsm 2 dsm_get_label 3 acpi_index_show ------------- Path:  Function:acpi_index_show %4 = tail call fastcc i32 @dsm_get_label(%struct.device.324838* %0, i8* %2, i32 1) #83 Function:dsm_get_label %4 = getelementptr inbounds %struct.device.324838, %struct.device.324838* %0, i64 0, i32 26 %5 = load %struct.fwnode_handle.324824*, %struct.fwnode_handle.324824** %4, align 8 %6 = tail call zeroext i1 bitcast (i1 (%struct.fwnode_handle*)* @is_acpi_device_node to i1 (%struct.fwnode_handle.324824*)*)(%struct.fwnode_handle.324824* %5) #83 %7 = getelementptr %struct.fwnode_handle.324824, %struct.fwnode_handle.324824* %5, i64 -1, i32 4, i32 1 %8 = icmp eq %struct.list_head** %7, null %9 = xor i1 %6, true %10 = or i1 %8, %9 br i1 %10, label %68, label %11 %12 = getelementptr inbounds %struct.list_head*, %struct.list_head** %7, i64 1 %13 = bitcast %struct.list_head** %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = icmp eq i8* %14, null br i1 %15, label %68, label %16 %17 = tail call %union.acpi_object* @acpi_evaluate_dsm(i8* nonnull %14, %struct.uuid_t* nonnull @pci_acpi_dsm_guid, i64 2, i64 7, %union.acpi_object* null) #83 Function:acpi_evaluate_dsm %6 = alloca %struct.trace_print_flags, align 8 %7 = alloca [4 x %union.acpi_object], align 16 %8 = alloca %struct.acpi_object_list, align 8 %9 = bitcast %struct.trace_print_flags* %6 to i8* %10 = bitcast [4 x %union.acpi_object]* %7 to i8* %11 = bitcast %struct.acpi_object_list* %8 to i8* %12 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %8, i64 0, i32 0 store i32 4, i32* %12, align 8 %13 = getelementptr inbounds %struct.acpi_object_list, %struct.acpi_object_list* %8, i64 0, i32 1 %14 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0 store %union.acpi_object* %14, %union.acpi_object** %13, align 8 %15 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0, i32 0, i32 0 store i32 3, i32* %15, align 16 %16 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0, i32 0, i32 1 store i32 16, i32* %16, align 4 %17 = getelementptr %struct.uuid_t, %struct.uuid_t* %1, i64 0, i32 0, i64 0 %18 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 0, i32 0, i32 2 %19 = bitcast i64* %18 to i8** store i8* %17, i8** %19, align 8 %20 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 1, i32 0, i32 0 store i32 1, i32* %20, align 8 %21 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 1, i32 0, i32 2 store i64 %2, i64* %21, align 8 %22 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 2, i32 0, i32 0 store i32 1, i32* %22, align 16 %23 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 2, i32 0, i32 2 store i64 %3, i64* %23, align 8 %24 = icmp eq %union.acpi_object* %4, null %25 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 3 br i1 %24, label %29, label %26 %30 = getelementptr %union.acpi_object, %union.acpi_object* %25, i64 0, i32 0, i32 0 store i32 4, i32* %30, align 8 %31 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 3, i32 0, i32 1 store i32 0, i32* %31, align 4 %32 = getelementptr inbounds [4 x %union.acpi_object], [4 x %union.acpi_object]* %7, i64 0, i64 3, i32 0, i32 2 %33 = bitcast i64* %32 to %union.acpi_object** store %union.acpi_object* null, %union.acpi_object** %33, align 8 br label %34 %35 = call i32 @acpi_evaluate_object(i8* %0, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.14.31765, i64 0, i64 0), %struct.acpi_object_list* nonnull %8, %struct.trace_print_flags* nonnull %6) #83 Function:acpi_evaluate_object %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to i8* %9 = bitcast i64* %6 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6) #6, !srcloc !4 %10 = load i64, i64* %6, align 8 %11 = and i64 %10, 512 %12 = icmp eq i64 %11, 0 %13 = select i1 %12, i32 2848, i32 3520 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %15 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 %13, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_bus_pci_open ------------- Path:  Function:proc_bus_pci_open %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 3264, i64 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 new_id_store ------------- Path:  Function:new_id_store %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = alloca i64, align 8 %11 = icmp eq %struct.device_driver* %0, null %12 = getelementptr %struct.device_driver, %struct.device_driver* %0, i64 -1, i32 3 %13 = bitcast i8** %12 to %struct.pci_driver.313794* %14 = select i1 %11, %struct.pci_driver.313794* null, %struct.pci_driver.313794* %13 %15 = getelementptr inbounds %struct.pci_driver.313794, %struct.pci_driver.313794* %14, i64 0, i32 2 %16 = load %struct.pci_device_id*, %struct.pci_device_id** %15, align 8 %17 = bitcast i32* %4 to i8* %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %20 = bitcast i32* %7 to i8* store i32 -1, i32* %7, align 4 %21 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %22 = bitcast i32* %9 to i8* store i32 0, i32* %9, align 4 %23 = bitcast i64* %10 to i8* store i64 0, i64* %10, align 8 %24 = call i32 (i8*, i8*, ...) @sscanf(i8* %1, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.5.30773, i64 0, i64 0), i32* nonnull %4, i32* nonnull %5, i32* nonnull %6, i32* nonnull %7, i32* nonnull %8, i32* nonnull %9, i64* nonnull %10) #83 %25 = icmp slt i32 %24, 2 br i1 %25, label %116, label %26 %27 = icmp eq i32 %24, 7 br i1 %27, label %55, label %28 %56 = icmp eq %struct.pci_device_id* %16, null %57 = load i64, i64* %10, align 8 br i1 %56, label %76, label %58 %59 = phi %struct.pci_device_id* [ %75, %71 ], [ %16, %55 ] %60 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %59, i64 0, i32 0 %61 = load i32, i32* %60, align 8 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %71 %64 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %59, i64 0, i32 2 %65 = load i32, i32* %64, align 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %71 %68 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %59, i64 0, i32 5 %69 = load i32, i32* %68, align 4 %70 = icmp eq i32 %69, 0 br i1 %70, label %116, label %71 %72 = getelementptr inbounds %struct.pci_device_id, %struct.pci_device_id* %59, i64 0, i32 6 %73 = load i64, i64* %72, align 8 %74 = icmp eq i64 %57, %73 %75 = getelementptr %struct.pci_device_id, %struct.pci_device_id* %59, i64 1 br i1 %74, label %76, label %58 %77 = load i32, i32* %4, align 4 %78 = load i32, i32* %5, align 4 %79 = load i32, i32* %6, align 4 %80 = load i32, i32* %7, align 4 %81 = load i32, i32* %8, align 4 %82 = load i32, i32* %9, align 4 %83 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %84 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %83, i32 3520, i64 56) #84 ------------- Use: =BAD PATH= Call Stack: 0 new_id_store ------------- Path:  Function:new_id_store %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = alloca i64, align 8 %11 = icmp eq %struct.device_driver* %0, null %12 = getelementptr %struct.device_driver, %struct.device_driver* %0, i64 -1, i32 3 %13 = bitcast i8** %12 to %struct.pci_driver.313794* %14 = select i1 %11, %struct.pci_driver.313794* null, %struct.pci_driver.313794* %13 %15 = getelementptr inbounds %struct.pci_driver.313794, %struct.pci_driver.313794* %14, i64 0, i32 2 %16 = load %struct.pci_device_id*, %struct.pci_device_id** %15, align 8 %17 = bitcast i32* %4 to i8* %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %20 = bitcast i32* %7 to i8* store i32 -1, i32* %7, align 4 %21 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %22 = bitcast i32* %9 to i8* store i32 0, i32* %9, align 4 %23 = bitcast i64* %10 to i8* store i64 0, i64* %10, align 8 %24 = call i32 (i8*, i8*, ...) @sscanf(i8* %1, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.5.30773, i64 0, i64 0), i32* nonnull %4, i32* nonnull %5, i32* nonnull %6, i32* nonnull %7, i32* nonnull %8, i32* nonnull %9, i64* nonnull %10) #83 %25 = icmp slt i32 %24, 2 br i1 %25, label %116, label %26 %27 = icmp eq i32 %24, 7 br i1 %27, label %55, label %28 %29 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %30 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %29, i32 3520, i64 2032) #84 ------------- Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 uevent_store.48328 ------------- Path:  Function:uevent_store.48328 %4 = getelementptr inbounds %struct.device_driver, %struct.device_driver* %0, i64 0, i32 18 %5 = load %struct.driver_private*, %struct.driver_private** %4, align 8 %6 = getelementptr inbounds %struct.driver_private, %struct.driver_private* %5, i64 0, i32 0 %7 = tail call i32 @kobject_synth_uevent(%struct.kobject* %6, i8* %1, i64 %2) #83 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #83 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.30025, i64 0, i64 0), i8* %1, i64 %21) #83 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.30026, i64 0, i64 0), i8* %1, i64 %21) #83 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.30027, i64 0, i64 0), i8* %1, i64 %21) #83 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.30028, i64 0, i64 0), i8* %1, i64 %21) #83 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.30029, i64 0, i64 0), i8* %1, i64 %21) #83 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.30030, i64 0, i64 0), i8* %1, i64 %21) #83 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.30031, i64 0, i64 0), i8* %1, i64 %21) #83 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.30032, i64 0, i64 0), i8* %1, i64 %21) #83 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %65 = ptrtoint i8* %22 to i64 %66 = sub i64 %18, %65 %67 = add i64 %66, %2 %68 = icmp eq i64 %67, 0 br i1 %68, label %162, label %69 %70 = add i64 %67, -1 %71 = getelementptr i8, i8* %22, i64 %70 %72 = load i8, i8* %71, align 1 switch i8 %72, label %75 [ i8 10, label %73 i8 0, label %73 ] %74 = icmp eq i64 %70, 0 br i1 %74, label %162, label %75 %76 = phi i64 [ %70, %73 ], [ %67, %69 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %78 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %77, i32 3520, i64 2592) #85 ------------- Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 bus_uevent_store ------------- Path:  Function:bus_uevent_store %4 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %0, i64 0, i32 20 %5 = load %struct.subsys_private*, %struct.subsys_private** %4, align 8 %6 = getelementptr inbounds %struct.subsys_private, %struct.subsys_private* %5, i64 0, i32 0, i32 2 %7 = tail call i32 @kobject_synth_uevent(%struct.kobject* %6, i8* %1, i64 %2) #83 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #83 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.30025, i64 0, i64 0), i8* %1, i64 %21) #83 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.30026, i64 0, i64 0), i8* %1, i64 %21) #83 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.30027, i64 0, i64 0), i8* %1, i64 %21) #83 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.30028, i64 0, i64 0), i8* %1, i64 %21) #83 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.30029, i64 0, i64 0), i8* %1, i64 %21) #83 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.30030, i64 0, i64 0), i8* %1, i64 %21) #83 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.30031, i64 0, i64 0), i8* %1, i64 %21) #83 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.30032, i64 0, i64 0), i8* %1, i64 %21) #83 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %65 = ptrtoint i8* %22 to i64 %66 = sub i64 %18, %65 %67 = add i64 %66, %2 %68 = icmp eq i64 %67, 0 br i1 %68, label %162, label %69 %70 = add i64 %67, -1 %71 = getelementptr i8, i8* %22, i64 %70 %72 = load i8, i8* %71, align 1 switch i8 %72, label %75 [ i8 10, label %73 i8 0, label %73 ] %74 = icmp eq i64 %70, 0 br i1 %74, label %162, label %75 %76 = phi i64 [ %70, %73 ], [ %67, %69 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %78 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %77, i32 3520, i64 2592) #85 ------------- Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 uevent_store ------------- Path:  Function:uevent_store %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 0 %6 = tail call i32 @kobject_synth_uevent(%struct.kobject* %5, i8* %2, i64 %3) #83 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #83 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.30025, i64 0, i64 0), i8* %1, i64 %21) #83 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.30026, i64 0, i64 0), i8* %1, i64 %21) #83 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.30027, i64 0, i64 0), i8* %1, i64 %21) #83 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.30028, i64 0, i64 0), i8* %1, i64 %21) #83 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.30029, i64 0, i64 0), i8* %1, i64 %21) #83 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.30030, i64 0, i64 0), i8* %1, i64 %21) #83 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.30031, i64 0, i64 0), i8* %1, i64 %21) #83 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.30032, i64 0, i64 0), i8* %1, i64 %21) #83 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %65 = ptrtoint i8* %22 to i64 %66 = sub i64 %18, %65 %67 = add i64 %66, %2 %68 = icmp eq i64 %67, 0 br i1 %68, label %162, label %69 %70 = add i64 %67, -1 %71 = getelementptr i8, i8* %22, i64 %70 %72 = load i8, i8* %71, align 1 switch i8 %72, label %75 [ i8 10, label %73 i8 0, label %73 ] %74 = icmp eq i64 %70, 0 br i1 %74, label %162, label %75 %76 = phi i64 [ %70, %73 ], [ %67, %69 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %78 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %77, i32 3520, i64 2592) #85 ------------- Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 store_uevent ------------- Path:  Function:store_uevent %5 = getelementptr inbounds %struct.module_kobject, %struct.module_kobject* %1, i64 0, i32 0 %6 = tail call i32 @kobject_synth_uevent(%struct.kobject* %5, i8* %2, i64 %3) #83 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #83 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.30025, i64 0, i64 0), i8* %1, i64 %21) #83 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.30026, i64 0, i64 0), i8* %1, i64 %21) #83 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.30027, i64 0, i64 0), i8* %1, i64 %21) #83 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.30028, i64 0, i64 0), i8* %1, i64 %21) #83 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.30029, i64 0, i64 0), i8* %1, i64 %21) #83 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.30030, i64 0, i64 0), i8* %1, i64 %21) #83 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.30031, i64 0, i64 0), i8* %1, i64 %21) #83 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.30032, i64 0, i64 0), i8* %1, i64 %21) #83 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %65 = ptrtoint i8* %22 to i64 %66 = sub i64 %18, %65 %67 = add i64 %66, %2 %68 = icmp eq i64 %67, 0 br i1 %68, label %162, label %69 %70 = add i64 %67, -1 %71 = getelementptr i8, i8* %22, i64 %70 %72 = load i8, i8* %71, align 1 switch i8 %72, label %75 [ i8 10, label %73 i8 0, label %73 ] %74 = icmp eq i64 %70, 0 br i1 %74, label %162, label %75 %76 = phi i64 [ %70, %73 ], [ %67, %69 ] %77 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %78 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %77, i32 3520, i64 2592) #85 ------------- Use: =BAD PATH= Call Stack: 0 __do_semtimedop 1 do_semtimedop 2 compat_ksys_semtimedop 3 compat_ksys_ipc 4 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #83 Function:compat_ksys_ipc %7 = alloca %struct.static_call_site, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %114 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %42 i16 12, label %45 i16 13, label %70 i16 14, label %73 i16 21, label %78 i16 22, label %100 i16 23, label %105 i16 24, label %109 ] %17 = zext i32 %4 to i64 %18 = inttoptr i64 %17 to %struct.orc_entry* %19 = zext i32 %5 to i64 %20 = inttoptr i64 %19 to %struct.static_call_site* %21 = tail call i64 @compat_ksys_semtimedop(i32 %1, %struct.orc_entry* %18, i32 %2, %struct.static_call_site* %20) #83 Function:compat_ksys_semtimedop %5 = alloca %struct.cpu_itimer, align 8 %6 = icmp eq %struct.static_call_site* %3, null br i1 %6, label %16, label %7 %17 = tail call fastcc i64 @do_semtimedop(i32 %0, %struct.orc_entry* %1, i32 %2, %struct.cpu_itimer* null) #84 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 ------------- Use: =BAD PATH= Call Stack: 0 __do_semtimedop 1 do_semtimedop 2 __ia32_sys_semop ------------- Path:  Function:__ia32_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.orc_entry* %11 = trunc i64 %8 to i32 %12 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %10, i32 %11, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 ------------- Use: =BAD PATH= Call Stack: 0 __do_semtimedop 1 do_semtimedop 2 __ia32_sys_semtimedop ------------- Path:  Function:__ia32_sys_semtimedop %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 ------------- Use: =BAD PATH= Call Stack: 0 __do_semtimedop 1 do_semtimedop 2 __ia32_sys_semtimedop_time32 ------------- Path:  Function:__ia32_sys_semtimedop_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 ------------- Use: =BAD PATH= Call Stack: 0 __do_semtimedop 1 do_semtimedop 2 __x64_sys_semop ------------- Path:  Function:__x64_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.orc_entry** %6 = load %struct.orc_entry*, %struct.orc_entry** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %6, i32 %10, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 ------------- Use: =BAD PATH= Call Stack: 0 __do_semtimedop 1 do_semtimedop 2 __x64_sys_semtimedop ------------- Path:  Function:__x64_sys_semtimedop %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 ------------- Use: =BAD PATH= Call Stack: 0 __do_semtimedop 1 do_semtimedop 2 __x64_sys_semtimedop_time32 ------------- Path:  Function:__x64_sys_semtimedop_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.cpu_itimer* null) #83 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = bitcast [64 x %struct.orc_entry]* %5 to i8* %7 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 103 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 64 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 2 %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 8 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 1, i64 2 %15 = load i32, i32* %14, align 8 %16 = icmp ult i32 %15, %2 br i1 %16, label %44, label %17 %18 = icmp eq i32 %2, 0 br i1 %18, label %44, label %19 %20 = icmp ugt i32 %2, 64 %21 = zext i32 %2 to i64 %22 = mul nuw nsw i64 %21, 6 br i1 %20, label %23, label %27 %28 = phi %struct.orc_entry* [ %25, %23 ], [ %7, %19 ] %29 = bitcast %struct.orc_entry* %28 to i8* %30 = icmp ugt i64 %22, 2147483647 br i1 %30, label %31, label %32, !prof !5, !misexpect !6 %33 = bitcast %struct.orc_entry* %1 to i8* %34 = call i64 @_copy_from_user(i8* %29, i8* %33, i64 %22) #84 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %40 %37 = call i64 @__do_semtimedop(i32 %0, %struct.orc_entry* %28, i32 %2, %struct.cpu_itimer* %3, %struct.ipc_namespace* %13) #85 Function:__do_semtimedop %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast %struct.sem_queue* %6 to i8* %9 = icmp eq i32 %2, 0 %10 = icmp slt i32 %0, 0 %11 = or i1 %10, %9 br i1 %11, label %710, label %12 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %4, i64 0, i32 1, i64 2 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, %2 br i1 %15, label %710, label %16 %17 = icmp ne %struct.cpu_itimer* %3, null br i1 %17, label %18, label %28 %19 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = icmp slt i64 %20, 0 br i1 %21, label %707, label %22 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999999 br i1 %25, label %707, label %26 %27 = tail call i64 @timespec64_to_jiffies(%struct.cpu_itimer* nonnull %3) #83 br label %28 %29 = phi i64 [ %27, %26 ], [ 0, %16 ] %30 = zext i32 %2 to i64 %31 = getelementptr %struct.orc_entry, %struct.orc_entry* %1, i64 %30 %32 = icmp ugt %struct.orc_entry* %31, %1 br i1 %32, label %33, label %323 %34 = phi %struct.orc_entry* [ %62, %33 ], [ %1, %28 ] %35 = phi i32 [ %47, %33 ], [ 0, %28 ] %36 = phi i8 [ %52, %33 ], [ 0, %28 ] %37 = phi i8 [ %61, %33 ], [ 0, %28 ] %38 = phi i8 [ %55, %33 ], [ 0, %28 ] %39 = phi i64 [ %60, %33 ], [ 0, %28 ] %40 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 0 %41 = load i16, i16* %40, align 2 %42 = zext i16 %41 to i32 %43 = and i32 %42, 63 %44 = zext i32 %43 to i64 %45 = shl nuw i64 1, %44 %46 = icmp ugt i32 %35, %42 %47 = select i1 %46, i32 %35, i32 %42 %48 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 2 %49 = load i16, i16* %48, align 2 %50 = and i16 %49, 4096 %51 = icmp eq i16 %50, 0 %52 = select i1 %51, i8 %36, i8 1 %53 = and i64 %45, %39 %54 = icmp eq i64 %53, 0 %55 = select i1 %54, i8 %38, i8 1 %56 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %34, i64 0, i32 1 %57 = load i16, i16* %56, align 2 %58 = icmp eq i16 %57, 0 %59 = select i1 %58, i64 0, i64 %45 %60 = or i64 %59, %39 %61 = select i1 %58, i8 %37, i8 1 %62 = getelementptr %struct.orc_entry, %struct.orc_entry* %34, i64 1 %63 = icmp ult %struct.orc_entry* %62, %31 br i1 %63, label %33, label %64 %65 = and i8 %52, 1 %66 = icmp eq i8 %65, 0 br i1 %66, label %323, label %67 %68 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %69 = inttoptr i64 %68 to %struct.task_struct* %70 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %69, i64 0, i32 98, i32 0 %71 = load %struct.sem_undo_list*, %struct.sem_undo_list** %70, align 16 %72 = icmp eq %struct.sem_undo_list* %71, null br i1 %72, label %73, label %88 %74 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %75 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %74, i32 4197824, i64 24) #84 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 regmap_cache_only_write_file ------------- Path:  Function:regmap_cache_only_write_file %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = getelementptr i8, i8* %7, i64 -524 %9 = bitcast i8* %8 to %struct.regmap.603327* %10 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %64 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %14 = load %struct.dentry*, %struct.dentry** %13, align 8 %15 = call i32 @debugfs_file_get(%struct.dentry* %14) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 regmap_cache_bypass_write_file ------------- Path:  Function:regmap_cache_bypass_write_file %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %45 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %12 = load %struct.dentry*, %struct.dentry** %11, align 8 %13 = call i32 @debugfs_file_get(%struct.dentry* %12) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_read_file_str ------------- Path:  Function:debugfs_read_file_str %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_read_file_str ------------- Path:  Function:debugfs_read_file_str %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 read_file_blob ------------- Path:  Function:read_file_blob %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.iovec** %7 = load %struct.iovec*, %struct.iovec** %6, align 8 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %9 = load %struct.dentry*, %struct.dentry** %8, align 8 %10 = tail call i32 @debugfs_file_get(%struct.dentry* %9) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_read ------------- Path:  Function:debugfs_attr_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_attr_write ------------- Path:  Function:debugfs_attr_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = tail call i32 @debugfs_file_get(%struct.dentry* %6) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_read_file_bool ------------- Path:  Function:debugfs_read_file_bool %5 = alloca [2 x i8], align 1 %6 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = tail call i32 @debugfs_file_get(%struct.dentry* %8) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_read_file_bool ------------- Path:  Function:debugfs_read_file_bool %5 = alloca [2 x i8], align 1 %6 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = tail call i32 @debugfs_file_get(%struct.dentry* %8) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_read_file_bool ------------- Path:  Function:debugfs_read_file_bool %5 = alloca [2 x i8], align 1 %6 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = tail call i32 @debugfs_file_get(%struct.dentry* %8) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_read_file_bool ------------- Path:  Function:debugfs_read_file_bool %5 = alloca [2 x i8], align 1 %6 = getelementptr inbounds [2 x i8], [2 x i8]* %5, i64 0, i64 0 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = tail call i32 @debugfs_file_get(%struct.dentry* %8) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_write_file_bool ------------- Path:  Function:debugfs_write_file_bool %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %9 = load %struct.dentry*, %struct.dentry** %8, align 8 %10 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %34 %13 = call i32 @debugfs_file_get(%struct.dentry* %9) #84 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 debugfs_write_file_bool ------------- Path:  Function:debugfs_write_file_bool %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %9 = load %struct.dentry*, %struct.dentry** %8, align 8 %10 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #83 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %34 %13 = call i32 @debugfs_file_get(%struct.dentry* %9) #84 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 full_proxy_open ------------- Path:  Function:full_proxy_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = tail call i32 @debugfs_file_get(%struct.dentry* %4) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_file_get 1 open_proxy_open ------------- Path:  Function:open_proxy_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = tail call i32 @debugfs_file_get(%struct.dentry* %4) #83 Function:debugfs_file_get %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 11 %3 = load volatile i8*, i8** %2, align 8 %4 = ptrtoint i8* %3 to i64 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 br i1 %6, label %26, label %7 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 autofs_new_ino 1 autofs_lookup ------------- Path:  Function:autofs_lookup %4 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.static_call_site* %6 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.inode.257672, %struct.inode.257672* %0, i64 0, i32 8 %11 = load %struct.super_block.257652*, %struct.super_block.257652** %10, align 8 %12 = getelementptr inbounds %struct.super_block.257652, %struct.super_block.257652* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.autofs_sb_info.257683** %14 = load %struct.autofs_sb_info.257683*, %struct.autofs_sb_info.257683** %13, align 16 %15 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 9 %16 = load %struct.super_block.257652*, %struct.super_block.257652** %15, align 8 %17 = getelementptr inbounds %struct.super_block.257652, %struct.super_block.257652* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.autofs_sb_info.257683** %19 = load %struct.autofs_sb_info.257683*, %struct.autofs_sb_info.257683** %18, align 16 %20 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 3 %21 = load %struct.dentry.257676*, %struct.dentry.257676** %20, align 8 %22 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 4 %23 = bitcast %struct.qstr* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %1, i64 0, i32 4, i32 1 %26 = load i8*, i8** %25, align 8 %27 = getelementptr inbounds %struct.autofs_sb_info.257683, %struct.autofs_sb_info.257683* %19, i64 0, i32 17 %28 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %29 = load volatile %struct.list_head*, %struct.list_head** %28, align 8 %30 = icmp eq %struct.list_head* %29, %27 br i1 %30, label %84, label %31 %32 = getelementptr inbounds %struct.autofs_sb_info.257683, %struct.autofs_sb_info.257683* %19, i64 0, i32 16, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %32) #83 %33 = load %struct.list_head*, %struct.list_head** %28, align 8 %34 = icmp eq %struct.list_head* %33, %27 br i1 %34, label %83, label %35 %36 = zext i32 %7 to i64 br label %37 %38 = phi %struct.list_head* [ %33, %35 ], [ %80, %78 ] %39 = getelementptr %struct.list_head, %struct.list_head* %38, i64 -4, i32 1 %40 = bitcast %struct.list_head** %39 to %struct.dentry.257676** %41 = load %struct.dentry.257676*, %struct.dentry.257676** %40, align 8 %42 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 7, i32 0 %43 = bitcast %struct.anon.1* %42 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %43) #83 %44 = bitcast %struct.anon.1* %42 to %struct.swap_cluster_info* %45 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %44, i64 0, i32 1 %46 = load i32, i32* %45, align 4 %47 = icmp slt i32 %46, 1 br i1 %47, label %78, label %48 %49 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 4 %50 = bitcast %struct.qstr* %49 to %struct.static_call_site* %51 = bitcast %struct.qstr* %49 to i32* %52 = load i32, i32* %51, align 8 %53 = icmp eq i32 %52, %24 br i1 %53, label %54, label %78 %55 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 3 %56 = load %struct.dentry.257676*, %struct.dentry.257676** %55, align 8 %57 = icmp eq %struct.dentry.257676* %56, %21 br i1 %57, label %58, label %78 %59 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %50, i64 0, i32 1 %60 = load i32, i32* %59, align 4 %61 = icmp eq i32 %60, %7 br i1 %61, label %62, label %78 %63 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 4, i32 1 %64 = load i8*, i8** %63, align 8 %65 = tail call i32 @bcmp(i8* %64, i8* %26, i64 %36) #6 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.dentry.257676, %struct.dentry.257676* %41, i64 0, i32 2, i32 1 %69 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %68, align 8 %70 = icmp eq %struct.hlist_bl_node** %69, null br i1 %70, label %71, label %78 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %43) #83 %79 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 0 %80 = load %struct.list_head*, %struct.list_head** %79, align 8 %81 = icmp eq %struct.list_head* %80, %27 br i1 %81, label %83, label %37 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %32) #83 br label %84 %85 = getelementptr inbounds %struct.autofs_sb_info.257683, %struct.autofs_sb_info.257683* %14, i64 0, i32 8 %86 = load i32, i32* %85, align 8 %87 = and i32 %86, 1 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %104 %90 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.257640** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.257640**)) #11, !srcloc !4 %91 = inttoptr i64 %90 to %struct.task_struct.257640* %92 = getelementptr inbounds %struct.task_struct.257640, %struct.task_struct.257640* %91, i64 0, i32 104 %93 = load %struct.signal_struct.257569*, %struct.signal_struct.257569** %92, align 8 %94 = getelementptr %struct.signal_struct.257569, %struct.signal_struct.257569* %93, i64 0, i32 22, i64 2 %95 = load %struct.pid*, %struct.pid** %94, align 8 %96 = getelementptr inbounds %struct.autofs_sb_info.257683, %struct.autofs_sb_info.257683* %14, i64 0, i32 3 %97 = load %struct.pid*, %struct.pid** %96, align 8 %98 = icmp eq %struct.pid* %95, %97 br i1 %98, label %104, label %99 %105 = tail call %struct.autofs_info.257684* bitcast (%struct.autofs_info* (%struct.autofs_sb_info*)* @autofs_new_ino to %struct.autofs_info.257684* (%struct.autofs_sb_info.257683*)*)(%struct.autofs_sb_info.257683* %14) #83 Function:autofs_new_ino %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 3520, i64 136) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_alloc_slot 1 nfs4_setup_sequence 2 nfs4_proc_unlink_rpc_prepare ------------- Path:  Function:nfs4_proc_unlink_rpc_prepare %3 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %1, i64 0, i32 2 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 9 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 0 %11 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %10, align 8 %12 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %1, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %1, i64 0, i32 1, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.233190* %11, %struct.nfs4_sequence_args.233141* %12, %struct.nfs4_sequence_res.233143* %13, %struct.rpc_task* %0) #83 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 36 %6 = load %struct.nfs4_session.233138*, %struct.nfs4_session.233138** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.233143, %struct.nfs4_sequence_res.233143* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %10, label %66 %11 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 33 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = icmp eq %struct.nfs4_session.233138* %6, null %14 = getelementptr inbounds %struct.nfs4_session.233138, %struct.nfs4_session.233138* %6, i64 0, i32 6 %15 = select i1 %13, %struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot_table.233139* %14 %16 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %16) #83 %17 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 15 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 1 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %27 = tail call %struct.nfs4_slot.233140* @nfs4_alloc_slot(%struct.nfs4_slot_table.233139* %15) #83 Function:nfs4_alloc_slot %2 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 2, i64 0 %3 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %4 = load i32, i32* %3, align 4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = tail call i64 @_find_first_zero_bit(i64* %2, i64 %6) #83 %8 = load i32, i32* %3, align 4 %9 = trunc i64 %7 to i32 %10 = icmp ult i32 %8, %9 br i1 %10, label %62, label %11 %12 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 6 br label %14 %15 = phi %struct.nfs4_slot.233140** [ %12, %11 ], [ %45, %44 ] %16 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %15, align 8 %17 = icmp eq %struct.nfs4_slot.233140* %16, null br i1 %17, label %18, label %39 %19 = load i32, i32* %13, align 8 %20 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %21 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %20, i32 2304, i64 48) #84 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_alloc_slot 1 nfs4_setup_sequence 2 nfs4_proc_rename_rpc_prepare ------------- Path:  Function:nfs4_proc_rename_rpc_prepare %3 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %1, i64 0, i32 3 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 0 %11 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %10, align 8 %12 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %1, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %1, i64 0, i32 1, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.233190* %11, %struct.nfs4_sequence_args.233141* %12, %struct.nfs4_sequence_res.233143* %13, %struct.rpc_task* %0) #83 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 36 %6 = load %struct.nfs4_session.233138*, %struct.nfs4_session.233138** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.233143, %struct.nfs4_sequence_res.233143* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %10, label %66 %11 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 33 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = icmp eq %struct.nfs4_session.233138* %6, null %14 = getelementptr inbounds %struct.nfs4_session.233138, %struct.nfs4_session.233138* %6, i64 0, i32 6 %15 = select i1 %13, %struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot_table.233139* %14 %16 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %16) #83 %17 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 15 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 1 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %27 = tail call %struct.nfs4_slot.233140* @nfs4_alloc_slot(%struct.nfs4_slot_table.233139* %15) #83 Function:nfs4_alloc_slot %2 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 2, i64 0 %3 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %4 = load i32, i32* %3, align 4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = tail call i64 @_find_first_zero_bit(i64* %2, i64 %6) #83 %8 = load i32, i32* %3, align 4 %9 = trunc i64 %7 to i32 %10 = icmp ult i32 %8, %9 br i1 %10, label %62, label %11 %12 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 6 br label %14 %15 = phi %struct.nfs4_slot.233140** [ %12, %11 ], [ %45, %44 ] %16 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %15, align 8 %17 = icmp eq %struct.nfs4_slot.233140* %16, null br i1 %17, label %18, label %39 %19 = load i32, i32* %13, align 8 %20 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %21 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %20, i32 2304, i64 48) #84 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_alloc_slot 1 nfs4_setup_sequence 2 nfs4_proc_pgio_rpc_prepare ------------- Path:  Function:nfs4_proc_pgio_rpc_prepare %3 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 0 %11 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %10, align 8 %12 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 0 %13 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.233190* %11, %struct.nfs4_sequence_args.233141* %12, %struct.nfs4_sequence_res.233143* %13, %struct.rpc_task* %0) #83 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 36 %6 = load %struct.nfs4_session.233138*, %struct.nfs4_session.233138** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.233143, %struct.nfs4_sequence_res.233143* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %10, label %66 %11 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 33 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = icmp eq %struct.nfs4_session.233138* %6, null %14 = getelementptr inbounds %struct.nfs4_session.233138, %struct.nfs4_session.233138* %6, i64 0, i32 6 %15 = select i1 %13, %struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot_table.233139* %14 %16 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %16) #83 %17 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 15 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 1 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %27 = tail call %struct.nfs4_slot.233140* @nfs4_alloc_slot(%struct.nfs4_slot_table.233139* %15) #83 Function:nfs4_alloc_slot %2 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 2, i64 0 %3 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %4 = load i32, i32* %3, align 4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = tail call i64 @_find_first_zero_bit(i64* %2, i64 %6) #83 %8 = load i32, i32* %3, align 4 %9 = trunc i64 %7 to i32 %10 = icmp ult i32 %8, %9 br i1 %10, label %62, label %11 %12 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 6 br label %14 %15 = phi %struct.nfs4_slot.233140** [ %12, %11 ], [ %45, %44 ] %16 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %15, align 8 %17 = icmp eq %struct.nfs4_slot.233140* %16, null br i1 %17, label %18, label %39 %19 = load i32, i32* %13, align 8 %20 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %21 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %20, i32 2304, i64 48) #84 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_alloc_slot 1 nfs4_setup_sequence 2 nfs4_proc_commit_rpc_prepare ------------- Path:  Function:nfs4_proc_commit_rpc_prepare %3 = getelementptr inbounds %struct.nfs_commit_data.233181, %struct.nfs_commit_data.233181* %1, i64 0, i32 1 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 0 %11 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %10, align 8 %12 = getelementptr inbounds %struct.nfs_commit_data.233181, %struct.nfs_commit_data.233181* %1, i64 0, i32 8, i32 0 %13 = getelementptr inbounds %struct.nfs_commit_data.233181, %struct.nfs_commit_data.233181* %1, i64 0, i32 9, i32 0 %14 = tail call i32 @nfs4_setup_sequence(%struct.nfs_client.233190* %11, %struct.nfs4_sequence_args.233141* %12, %struct.nfs4_sequence_res.233143* %13, %struct.rpc_task* %0) #83 Function:nfs4_setup_sequence %5 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 36 %6 = load %struct.nfs4_session.233138*, %struct.nfs4_session.233138** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_sequence_res.233143, %struct.nfs4_sequence_res.233143* %2, i64 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %10, label %66 %11 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %0, i64 0, i32 33 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = icmp eq %struct.nfs4_session.233138* %6, null %14 = getelementptr inbounds %struct.nfs4_session.233138, %struct.nfs4_session.233138* %6, i64 0, i32 6 %15 = select i1 %13, %struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot_table.233139* %14 %16 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %16) #83 %17 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %15, i64 0, i32 15 %18 = load volatile i64, i64* %17, align 8 %19 = and i64 %18, 1 %20 = icmp eq i64 %19, 0 br i1 %20, label %26, label %21 %27 = tail call %struct.nfs4_slot.233140* @nfs4_alloc_slot(%struct.nfs4_slot_table.233139* %15) #83 Function:nfs4_alloc_slot %2 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 2, i64 0 %3 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %4 = load i32, i32* %3, align 4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = tail call i64 @_find_first_zero_bit(i64* %2, i64 %6) #83 %8 = load i32, i32* %3, align 4 %9 = trunc i64 %7 to i32 %10 = icmp ult i32 %8, %9 br i1 %10, label %62, label %11 %12 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 6 br label %14 %15 = phi %struct.nfs4_slot.233140** [ %12, %11 ], [ %45, %44 ] %16 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %15, align 8 %17 = icmp eq %struct.nfs4_slot.233140* %16, null br i1 %17, label %18, label %39 %19 = load i32, i32* %13, align 8 %20 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %21 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %20, i32 2304, i64 48) #84 ------------- Use: =BAD PATH= Call Stack: 0 nfs40_init_client 1 nfs4_init_client ------------- Path:  Function:nfs4_init_client %3 = alloca %struct.__kernel_sockaddr_storage, align 8 %4 = alloca %struct.__kernel_sockaddr_storage, align 8 %5 = alloca %struct.xprt_create, align 8 %6 = alloca %struct.nfs_client.243389*, align 8 %7 = bitcast %struct.nfs_client.243389** %6 to i8* %8 = getelementptr inbounds %struct.nfs_client.243389, %struct.nfs_client.243389* %0, i64 0, i32 2 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %99, label %11 %12 = getelementptr inbounds %struct.nfs_client.243389, %struct.nfs_client.243389* %0, i64 0, i32 31 %13 = load %struct.nfs4_minor_version_ops.243398*, %struct.nfs4_minor_version_ops.243398** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_minor_version_ops.243398, %struct.nfs4_minor_version_ops.243398* %13, i64 0, i32 2 %15 = load i32 (%struct.nfs_client.243389*)*, i32 (%struct.nfs_client.243389*)** %14, align 8 %16 = tail call i32 %15(%struct.nfs_client.243389* %0) #83 Function:nfs40_init_client %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 3392, i64 456) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_set_lock_state 1 nfs4_proc_unlck 2 nfs4_proc_lock ------------- Path:  Function:nfs4_proc_lock %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.nfs_open_context.233158** %7 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %6, align 8 %8 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %7, i64 0, i32 5 %9 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %8, align 8 %10 = icmp eq i32 %1, 5 br i1 %10, label %11, label %15 %16 = and i32 %1, -2 %17 = icmp eq i32 %16, 6 br i1 %17, label %18, label %143 %19 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %2, i64 0, i32 7 %20 = load i8, i8* %19, align 4 %21 = icmp eq i8 %20, 2 %22 = icmp eq %struct.nfs4_state.233157* %9, null br i1 %21, label %23, label %26 br i1 %22, label %143, label %24 %25 = tail call fastcc i32 @nfs4_proc_unlck(%struct.nfs4_state.233157* nonnull %9, %struct.file_lock* %2) #83 Function:nfs4_proc_unlck %3 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %0, i64 0, i32 4 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.233154*, %struct.nfs4_state_owner.233154** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 24, i32 4 %8 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.nfs4_state.234728*, %struct.file_lock*)* @nfs4_set_lock_state to i32 (%struct.nfs4_state.233157*, %struct.file_lock*)*)(%struct.nfs4_state.233157* %0, %struct.file_lock* %1) #83 Function:nfs4_set_lock_state %3 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 17 %4 = load %struct.file_lock_operations*, %struct.file_lock_operations** %3, align 8 %5 = icmp eq %struct.file_lock_operations* %4, null br i1 %5, label %6, label %112 %7 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 5 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 6, i32 0, i32 0 %10 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 2 %11 = bitcast %struct.list_head* %10 to %struct.nfs4_lock_state.234758** %12 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 3 br label %13 %14 = phi %struct.nfs4_lock_state.234758* [ null, %6 ], [ %59, %90 ] tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %15 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %11, align 8 %16 = getelementptr %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %15, i64 0, i32 0 %17 = icmp eq %struct.list_head* %16, %10 br i1 %17, label %43, label %18 %19 = phi %struct.nfs4_lock_state.234758* [ %28, %24 ], [ %15, %13 ] %20 = phi %struct.nfs4_lock_state.234758* [ %26, %24 ], [ null, %13 ] %21 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %19, i64 0, i32 6 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, %8 br i1 %23, label %31, label %24 %25 = icmp eq i8* %22, null %26 = select i1 %25, %struct.nfs4_lock_state.234758* %19, %struct.nfs4_lock_state.234758* %20 %27 = bitcast %struct.nfs4_lock_state.234758* %19 to %struct.nfs4_lock_state.234758** %28 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %28, i64 0, i32 0 %30 = icmp eq %struct.list_head* %29, %10 br i1 %30, label %31, label %18 %32 = phi %struct.nfs4_lock_state.234758* [ %26, %24 ], [ %19, %18 ] %33 = icmp eq %struct.nfs4_lock_state.234758* %32, null br i1 %33, label %43, label %34 %44 = icmp eq %struct.nfs4_lock_state.234758* %14, null br i1 %44, label %53, label %45 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %54 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %12, align 8 %55 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %54, i64 0, i32 0 %56 = load %struct.nfs_server.234701*, %struct.nfs_server.234701** %55, align 8 %57 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 9), align 8 %58 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %57, i32 3392, i64 304) #84 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_get_state_owner 1 nfs4_do_open 2 nfs4_atomic_open ------------- Path:  Function:nfs4_atomic_open %6 = tail call fastcc %struct.nfs4_state.233157* @nfs4_do_open(%struct.inode* %0, %struct.nfs_open_context.233158* %1, i32 %2, %struct.iattr* %3, i32* %4) #83 Function:nfs4_do_open %6 = alloca %struct.nfs_access_entry, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = alloca %struct.nfs4_open_createattrs, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.233131** %13 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %12, align 16 %14 = bitcast %struct.nfs4_exception* %7 to i8* %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %15, align 1 %16 = bitcast %struct.nfs4_open_createattrs* %8 to i8* %17 = getelementptr inbounds %struct.nfs4_open_createattrs, %struct.nfs4_open_createattrs* %8, i64 0, i32 0 store %struct.nfs4_label* null, %struct.nfs4_label** %17, align 8 %18 = getelementptr inbounds %struct.nfs4_open_createattrs, %struct.nfs4_open_createattrs* %8, i64 0, i32 1 store %struct.iattr* %3, %struct.iattr** %18, align 8 %19 = getelementptr inbounds %struct.nfs4_open_createattrs, %struct.nfs4_open_createattrs* %8, i64 0, i32 2, i64 0 %20 = load volatile i64, i64* @jiffies, align 64 %21 = trunc i64 %20 to i32 store i32 %21, i32* %19, align 8 %22 = getelementptr inbounds %struct.nfs4_open_createattrs, %struct.nfs4_open_createattrs* %8, i64 0, i32 2, i64 1 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %24 = inttoptr i64 %23 to %struct.task_struct* %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %24, i64 0, i32 62 %26 = load i32, i32* %25, align 32 store i32 %26, i32* %22, align 4 %27 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %1, i64 0, i32 2 %28 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %1, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %1, i64 0, i32 6 %30 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %1, i64 0, i32 5 %31 = bitcast %struct.nfs_access_entry* %6 to i8* %32 = and i32 %2, 32 %33 = icmp eq i32 %32, 0 %34 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %6, i64 0, i32 2 %35 = bitcast %struct.cred** %34 to i64* %36 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %6, i64 0, i32 3 %37 = icmp eq i32* %4, null %38 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %13, i64 0, i32 10 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 %40 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %13, i64 0, i32 0 br label %41 %42 = phi %struct.nfs4_label* [ %506, %500 ], [ null, %5 ] %43 = phi %struct.iattr* [ %505, %500 ], [ %3, %5 ] %44 = phi %struct.nfs_server.233131* [ %504, %500 ], [ %13, %5 ] %45 = load %struct.dentry*, %struct.dentry** %27, align 8 %46 = load %struct.cred*, %struct.cred** %28, align 8 %47 = load i32, i32* %29, align 8 %48 = and i32 %47, 3 %49 = lshr i32 %47, 5 %50 = and i32 %49, 1 %51 = or i32 %50, %48 %52 = call %struct.nfs4_state_owner.233154* bitcast (%struct.nfs4_state_owner.234724* (%struct.nfs_server.234701*, %struct.cred*, i32)* @nfs4_get_state_owner to %struct.nfs4_state_owner.233154* (%struct.nfs_server.233131*, %struct.cred*, i32)*)(%struct.nfs_server.233131* %44, %struct.cred* %46, i32 3264) #83 %55 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %44, i64 0, i32 0 %56 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %55, align 8 %57 = call i32 bitcast (i32 (%struct.nfs_client.234770*)* @nfs4_client_recover_expired_lease to i32 (%struct.nfs_client.233190*)*)(%struct.nfs_client.233190* %56) #83 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %430 %431 = phi i32 [ 0, %427 ], [ %57, %54 ], [ -12, %74 ], [ %429, %428 ] call void bitcast (void (%struct.nfs4_state_owner.234724*)* @nfs4_put_state_owner to void (%struct.nfs4_state_owner.233154*)*)(%struct.nfs4_state_owner.233154* nonnull %52) #83 br label %432 %433 = phi i32 [ -12, %41 ], [ %431, %430 ] %434 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %30, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_open_file to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_do_open, %435)) #6 to label %455 [label %435], !srcloc !9 switch i32 %433, label %490 [ i32 0, label %507 i32 -10026, label %456 i32 -10025, label %472 i32 -10011, label %475 i32 -11, label %479 i32 -22, label %482 ] %483 = load i32, i32* %38, align 8 %484 = and i32 %483, 131072 %485 = icmp eq i32 %484, 0 br i1 %485, label %490, label %486 %487 = and i32 %483, -131073 store i32 %487, i32* %38, align 8 %488 = load i8, i8* %39, align 8 %489 = or i8 %488, 8 store i8 %489, i8* %39, align 8 br label %495 %496 = phi i8 [ %471, %469 ], [ %474, %472 ], [ %478, %475 ], [ %481, %479 ], [ %489, %486 ], [ %494, %490 ] %497 = phi %struct.nfs4_state.233157* [ %434, %469 ], [ %434, %472 ], [ %434, %475 ], [ %434, %479 ], [ %434, %486 ], [ %493, %490 ] %498 = and i8 %496, 8 %499 = icmp eq i8 %498, 0 br i1 %499, label %507, label %500 %501 = load %struct.super_block*, %struct.super_block** %9, align 8 %502 = getelementptr inbounds %struct.super_block, %struct.super_block* %501, i64 0, i32 28 %503 = bitcast i8** %502 to %struct.nfs_server.233131** %504 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %503, align 16 %505 = load %struct.iattr*, %struct.iattr** %18, align 8 %506 = load %struct.nfs4_label*, %struct.nfs4_label** %17, align 8 br label %41 %42 = phi %struct.nfs4_label* [ %506, %500 ], [ null, %5 ] %43 = phi %struct.iattr* [ %505, %500 ], [ %3, %5 ] %44 = phi %struct.nfs_server.233131* [ %504, %500 ], [ %13, %5 ] %45 = load %struct.dentry*, %struct.dentry** %27, align 8 %46 = load %struct.cred*, %struct.cred** %28, align 8 %47 = load i32, i32* %29, align 8 %48 = and i32 %47, 3 %49 = lshr i32 %47, 5 %50 = and i32 %49, 1 %51 = or i32 %50, %48 %52 = call %struct.nfs4_state_owner.233154* bitcast (%struct.nfs4_state_owner.234724* (%struct.nfs_server.234701*, %struct.cred*, i32)* @nfs4_get_state_owner to %struct.nfs4_state_owner.233154* (%struct.nfs_server.233131*, %struct.cred*, i32)*)(%struct.nfs_server.233131* %44, %struct.cred* %46, i32 3264) #83 Function:nfs4_get_state_owner %4 = alloca %struct.list_head, align 8 %5 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %0, i64 0, i32 0 %6 = load %struct.nfs_client.234770*, %struct.nfs_client.234770** %5, align 8 %7 = getelementptr inbounds %struct.nfs_client.234770, %struct.nfs_client.234770* %6, i64 0, i32 23, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #83 %8 = getelementptr inbounds %struct.nfs_server.234701, %struct.nfs_server.234701* %0, i64 0, i32 44, i32 0 %9 = load %struct.rb_node*, %struct.rb_node** %8, align 8 %10 = icmp eq %struct.rb_node* %9, null br i1 %10, label %43, label %11 %12 = phi %struct.rb_node* [ %41, %39 ], [ %9, %3 ] %13 = getelementptr %struct.rb_node, %struct.rb_node* %12, i64 -2, i32 2 %14 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %13, i64 7 %15 = bitcast %struct.rb_node** %14 to %struct.cred** %16 = load %struct.cred*, %struct.cred** %15, align 8 %17 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %16) #83 %18 = icmp slt i32 %17, 0 br i1 %18, label %19, label %21 %22 = icmp eq i32 %17, 0 br i1 %22, label %25, label %23 %24 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %12, i64 0, i32 1 br label %39 %40 = phi %struct.rb_node** [ %20, %19 ], [ %24, %23 ] %41 = load %struct.rb_node*, %struct.rb_node** %40, align 8 %42 = icmp eq %struct.rb_node* %41, null br i1 %42, label %43, label %11 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %7) #83 br label %47 %48 = or i32 %2, 256 %49 = and i32 %2, 17 %50 = icmp eq i32 %49, 0 %51 = and i32 %2, 1 %52 = icmp eq i32 %51, 0 %53 = select i1 %52, i64 1, i64 2 %54 = select i1 %50, i64 0, i64 %53 %55 = getelementptr [3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 %54, i64 9 %56 = load %struct.kmem_cache*, %struct.kmem_cache** %55, align 8 %57 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %56, i32 %48, i64 376) #84 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_delegreturn 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_inode_make_writeable 4 _nfs4_do_setattr 5 nfs4_do_setattr 6 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 Function:nfs4_proc_delegreturn %5 = alloca %struct.rpc_message, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.233131** %12 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %11, align 16 %13 = bitcast %struct.nfs4_exception* %7 to i8* %14 = bitcast %struct.rpc_message* %5 to i8* %15 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 0 %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 1 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 3 %19 = bitcast i8** %16 to i8* %20 = bitcast %struct.rpc_task_setup* %6 to i8* %21 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 0 %22 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_clnt** %22 to i64* %24 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %25 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %26 = bitcast %struct.rpc_xprt** %24 to i8* %27 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %28 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %29 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %30 = bitcast i8** %28 to i8* %31 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 9 %32 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %33 = bitcast %struct.list_head** %32 to %struct.nfs_fh* %34 = bitcast %struct.list_head** %32 to i16* %35 = getelementptr inbounds %struct.nfs_fh, %struct.nfs_fh* %33, i64 0, i32 1, i64 0 %36 = bitcast %struct.nfs4_stateid_struct* %2 to i8* %37 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %2, i64 0, i32 1 %38 = icmp ne i32 %3, 0 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %40 %41 = phi %struct.nfs_server.233131* [ %161, %157 ], [ %12, %4 ] store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 31), %struct.rpc_procinfo** %15, align 8 store %struct.cred* %1, %struct.cred** %18, align 8 store %struct.rpc_task* null, %struct.rpc_task** %21, align 8 %42 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %41, i64 0, i32 3 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = load i64, i64* %43, align 8 store i64 %44, i64* %23, align 8 store %struct.rpc_message* %5, %struct.rpc_message** %25, align 8 store %struct.rpc_call_ops* @nfs4_delegreturn_ops, %struct.rpc_call_ops** %27, align 8 store i16 4101, i16* %29, align 8 store i8 0, i8* %31, align 2 %45 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %46 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %45, i32 3392, i64 696) #83 %130 = phi i32 [ %120, %118 ], [ %128, %127 ], [ -12, %40 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_delegreturn to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_delegreturn, %131)) #6 to label %151 [label %131], !srcloc !4 switch i32 %130, label %152 [ i32 -10023, label %162 i32 -10011, label %162 i32 0, label %162 ] %153 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %12, i32 %130, %struct.nfs4_exception* nonnull %7) #85 %154 = load i8, i8* %39, align 8 %155 = and i8 %154, 8 %156 = icmp eq i8 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.super_block*, %struct.super_block** %8, align 8 %159 = getelementptr inbounds %struct.super_block, %struct.super_block* %158, i64 0, i32 28 %160 = bitcast i8** %159 to %struct.nfs_server.233131** %161 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %160, align 16 br label %40 %41 = phi %struct.nfs_server.233131* [ %161, %157 ], [ %12, %4 ] store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 31), %struct.rpc_procinfo** %15, align 8 store %struct.cred* %1, %struct.cred** %18, align 8 store %struct.rpc_task* null, %struct.rpc_task** %21, align 8 %42 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %41, i64 0, i32 3 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = load i64, i64* %43, align 8 store i64 %44, i64* %23, align 8 store %struct.rpc_message* %5, %struct.rpc_message** %25, align 8 store %struct.rpc_call_ops* @nfs4_delegreturn_ops, %struct.rpc_call_ops** %27, align 8 store i16 4101, i16* %29, align 8 store i8 0, i8* %31, align 2 %45 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %46 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %45, i32 3392, i64 696) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_delegreturn 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_inode_make_writeable 4 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.233146** %6 = load %struct.nfs_renameargs.233146*, %struct.nfs_renameargs.233146** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.233147** %9 = load %struct.nfs_renameres.233147*, %struct.nfs_renameres.233147** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 Function:nfs4_proc_delegreturn %5 = alloca %struct.rpc_message, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.233131** %12 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %11, align 16 %13 = bitcast %struct.nfs4_exception* %7 to i8* %14 = bitcast %struct.rpc_message* %5 to i8* %15 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 0 %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 1 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 3 %19 = bitcast i8** %16 to i8* %20 = bitcast %struct.rpc_task_setup* %6 to i8* %21 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 0 %22 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_clnt** %22 to i64* %24 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %25 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %26 = bitcast %struct.rpc_xprt** %24 to i8* %27 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %28 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %29 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %30 = bitcast i8** %28 to i8* %31 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 9 %32 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %33 = bitcast %struct.list_head** %32 to %struct.nfs_fh* %34 = bitcast %struct.list_head** %32 to i16* %35 = getelementptr inbounds %struct.nfs_fh, %struct.nfs_fh* %33, i64 0, i32 1, i64 0 %36 = bitcast %struct.nfs4_stateid_struct* %2 to i8* %37 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %2, i64 0, i32 1 %38 = icmp ne i32 %3, 0 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %40 %41 = phi %struct.nfs_server.233131* [ %161, %157 ], [ %12, %4 ] store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 31), %struct.rpc_procinfo** %15, align 8 store %struct.cred* %1, %struct.cred** %18, align 8 store %struct.rpc_task* null, %struct.rpc_task** %21, align 8 %42 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %41, i64 0, i32 3 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = load i64, i64* %43, align 8 store i64 %44, i64* %23, align 8 store %struct.rpc_message* %5, %struct.rpc_message** %25, align 8 store %struct.rpc_call_ops* @nfs4_delegreturn_ops, %struct.rpc_call_ops** %27, align 8 store i16 4101, i16* %29, align 8 store i8 0, i8* %31, align 2 %45 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %46 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %45, i32 3392, i64 696) #83 %130 = phi i32 [ %120, %118 ], [ %128, %127 ], [ -12, %40 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_delegreturn to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_delegreturn, %131)) #6 to label %151 [label %131], !srcloc !4 switch i32 %130, label %152 [ i32 -10023, label %162 i32 -10011, label %162 i32 0, label %162 ] %153 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %12, i32 %130, %struct.nfs4_exception* nonnull %7) #85 %154 = load i8, i8* %39, align 8 %155 = and i8 %154, 8 %156 = icmp eq i8 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.super_block*, %struct.super_block** %8, align 8 %159 = getelementptr inbounds %struct.super_block, %struct.super_block* %158, i64 0, i32 28 %160 = bitcast i8** %159 to %struct.nfs_server.233131** %161 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %160, align 16 br label %40 %41 = phi %struct.nfs_server.233131* [ %161, %157 ], [ %12, %4 ] store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 31), %struct.rpc_procinfo** %15, align 8 store %struct.cred* %1, %struct.cred** %18, align 8 store %struct.rpc_task* null, %struct.rpc_task** %21, align 8 %42 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %41, i64 0, i32 3 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = load i64, i64* %43, align 8 store i64 %44, i64* %23, align 8 store %struct.rpc_message* %5, %struct.rpc_message** %25, align 8 store %struct.rpc_call_ops* @nfs4_delegreturn_ops, %struct.rpc_call_ops** %27, align 8 store i16 4101, i16* %29, align 8 store i8 0, i8* %31, align 2 %45 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %46 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %45, i32 3392, i64 696) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_delegreturn 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_inode_make_writeable 4 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #83 Function:nfs4_inode_make_writeable tail call void @__rcu_read_lock() #83 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void @__rcu_read_unlock() #83 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #84 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 Function:nfs4_proc_delegreturn %5 = alloca %struct.rpc_message, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.233131** %12 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %11, align 16 %13 = bitcast %struct.nfs4_exception* %7 to i8* %14 = bitcast %struct.rpc_message* %5 to i8* %15 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 0 %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 1 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 3 %19 = bitcast i8** %16 to i8* %20 = bitcast %struct.rpc_task_setup* %6 to i8* %21 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 0 %22 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_clnt** %22 to i64* %24 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %25 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %26 = bitcast %struct.rpc_xprt** %24 to i8* %27 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %28 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %29 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %30 = bitcast i8** %28 to i8* %31 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 9 %32 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %33 = bitcast %struct.list_head** %32 to %struct.nfs_fh* %34 = bitcast %struct.list_head** %32 to i16* %35 = getelementptr inbounds %struct.nfs_fh, %struct.nfs_fh* %33, i64 0, i32 1, i64 0 %36 = bitcast %struct.nfs4_stateid_struct* %2 to i8* %37 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %2, i64 0, i32 1 %38 = icmp ne i32 %3, 0 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %40 %41 = phi %struct.nfs_server.233131* [ %161, %157 ], [ %12, %4 ] store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 31), %struct.rpc_procinfo** %15, align 8 store %struct.cred* %1, %struct.cred** %18, align 8 store %struct.rpc_task* null, %struct.rpc_task** %21, align 8 %42 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %41, i64 0, i32 3 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = load i64, i64* %43, align 8 store i64 %44, i64* %23, align 8 store %struct.rpc_message* %5, %struct.rpc_message** %25, align 8 store %struct.rpc_call_ops* @nfs4_delegreturn_ops, %struct.rpc_call_ops** %27, align 8 store i16 4101, i16* %29, align 8 store i8 0, i8* %31, align 2 %45 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %46 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %45, i32 3392, i64 696) #83 %130 = phi i32 [ %120, %118 ], [ %128, %127 ], [ -12, %40 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_delegreturn to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_delegreturn, %131)) #6 to label %151 [label %131], !srcloc !4 switch i32 %130, label %152 [ i32 -10023, label %162 i32 -10011, label %162 i32 0, label %162 ] %153 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %12, i32 %130, %struct.nfs4_exception* nonnull %7) #85 %154 = load i8, i8* %39, align 8 %155 = and i8 %154, 8 %156 = icmp eq i8 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.super_block*, %struct.super_block** %8, align 8 %159 = getelementptr inbounds %struct.super_block, %struct.super_block* %158, i64 0, i32 28 %160 = bitcast i8** %159 to %struct.nfs_server.233131** %161 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %160, align 16 br label %40 %41 = phi %struct.nfs_server.233131* [ %161, %157 ], [ %12, %4 ] store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 31), %struct.rpc_procinfo** %15, align 8 store %struct.cred* %1, %struct.cred** %18, align 8 store %struct.rpc_task* null, %struct.rpc_task** %21, align 8 %42 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %41, i64 0, i32 3 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = load i64, i64* %43, align 8 store i64 %44, i64* %23, align 8 store %struct.rpc_message* %5, %struct.rpc_message** %25, align 8 store %struct.rpc_call_ops* @nfs4_delegreturn_ops, %struct.rpc_call_ops** %27, align 8 store i16 4101, i16* %29, align 8 store i8 0, i8* %31, align 2 %45 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %46 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %45, i32 3392, i64 696) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_delegreturn 1 nfs_end_delegation_return 2 nfs4_inode_return_delegation 3 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.233142** %6 = load %struct.nfs_removeargs.233142*, %struct.nfs_removeargs.233142** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.233144** %9 = load %struct.nfs_removeres.233144*, %struct.nfs_removeres.233144** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.233131** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.233142, %struct.nfs_removeargs.233142* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.233140* null, %struct.nfs4_slot.233140** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.233144, %struct.nfs_removeres.233144* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #83 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 21, i32 1 %4 = bitcast %struct.list_head** %3 to %struct.nfs_delegation.233205** %5 = load volatile %struct.nfs_delegation.233205*, %struct.nfs_delegation.233205** %4, align 8 %6 = icmp eq %struct.nfs_delegation.233205* %5, null br i1 %6, label %25, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %9 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 7 %10 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 4, i64* %9) #6, !srcloc !4 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %14, label %13 %15 = bitcast i64* %9 to i8* %16 = getelementptr i8, i8* %15, i64 1 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 -2, i8* %16) #6, !srcloc !5 %17 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %5, i64 0, i32 8 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !6 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21, !prof !7, !misexpect !8 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %26, !prof !9, !misexpect !8 %27 = phi i32 [ 2, %14 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %27) #83 br label %28 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 26 %30 = bitcast %struct.list_head* %29 to %struct.inode* tail call void @nfs_clear_verifier_delegated(%struct.inode* %30) #83 tail call void @__rcu_read_unlock() #83 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %32 = load %struct.file_lock_context*, %struct.file_lock_context** %31, align 8 %33 = icmp eq %struct.file_lock_context* %32, null br i1 %33, label %45, label %34 %46 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %47 = load i16, i16* %46, align 8 %48 = and i16 %47, -4096 %49 = icmp eq i16 %48, -32768 br i1 %49, label %50, label %52 %51 = tail call i32 @nfs_wb_all(%struct.inode* %0) #83 br label %52 %53 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.233205* nonnull %5, i32 1) #84 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.237801** %8 = load %struct.nfs_server.237801*, %struct.nfs_server.237801** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.237801, %struct.nfs_server.237801* %8, i64 0, i32 0 %10 = load %struct.nfs_client.237866*, %struct.nfs_client.237866** %9, align 8 %11 = icmp eq %struct.nfs_delegation.233205* %1, null br i1 %11, label %205, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 19 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 3, i32 1 %37 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %38 %39 = load volatile i64, i64* %31, align 8 %40 = and i64 %39, 32 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %161 %162 = load volatile i64, i64* %31, align 8 %163 = and i64 %162, 32 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %182 %166 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 9, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %166) #83 %167 = getelementptr inbounds %struct.nfs_delegation.233205, %struct.nfs_delegation.233205* %1, i64 0, i32 1 %168 = load %struct.cred*, %struct.cred** %167, align 8 %169 = icmp eq %struct.cred* %168, null br i1 %169, label %174, label %170 %171 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 25 %172 = bitcast %union.anon.26* %171 to i32* store i32 0, i32* %172, align 8 %173 = getelementptr inbounds %struct.cred, %struct.cred* %168, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %173, i32* %173) #6, !srcloc !10 br label %174 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %166) #83 %175 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %168, %struct.nfs4_stateid_struct* %32, i32 %2) #83 Function:nfs4_proc_delegreturn %5 = alloca %struct.rpc_message, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.233131** %12 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %11, align 16 %13 = bitcast %struct.nfs4_exception* %7 to i8* %14 = bitcast %struct.rpc_message* %5 to i8* %15 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 0 %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 1 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %5, i64 0, i32 3 %19 = bitcast i8** %16 to i8* %20 = bitcast %struct.rpc_task_setup* %6 to i8* %21 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 0 %22 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_clnt** %22 to i64* %24 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %25 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %26 = bitcast %struct.rpc_xprt** %24 to i8* %27 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %28 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %29 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %30 = bitcast i8** %28 to i8* %31 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 9 %32 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %33 = bitcast %struct.list_head** %32 to %struct.nfs_fh* %34 = bitcast %struct.list_head** %32 to i16* %35 = getelementptr inbounds %struct.nfs_fh, %struct.nfs_fh* %33, i64 0, i32 1, i64 0 %36 = bitcast %struct.nfs4_stateid_struct* %2 to i8* %37 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %2, i64 0, i32 1 %38 = icmp ne i32 %3, 0 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %40 %41 = phi %struct.nfs_server.233131* [ %161, %157 ], [ %12, %4 ] store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 31), %struct.rpc_procinfo** %15, align 8 store %struct.cred* %1, %struct.cred** %18, align 8 store %struct.rpc_task* null, %struct.rpc_task** %21, align 8 %42 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %41, i64 0, i32 3 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = load i64, i64* %43, align 8 store i64 %44, i64* %23, align 8 store %struct.rpc_message* %5, %struct.rpc_message** %25, align 8 store %struct.rpc_call_ops* @nfs4_delegreturn_ops, %struct.rpc_call_ops** %27, align 8 store i16 4101, i16* %29, align 8 store i8 0, i8* %31, align 2 %45 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %46 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %45, i32 3392, i64 696) #83 %130 = phi i32 [ %120, %118 ], [ %128, %127 ], [ -12, %40 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_delegreturn to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_delegreturn, %131)) #6 to label %151 [label %131], !srcloc !4 switch i32 %130, label %152 [ i32 -10023, label %162 i32 -10011, label %162 i32 0, label %162 ] %153 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %12, i32 %130, %struct.nfs4_exception* nonnull %7) #85 %154 = load i8, i8* %39, align 8 %155 = and i8 %154, 8 %156 = icmp eq i8 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.super_block*, %struct.super_block** %8, align 8 %159 = getelementptr inbounds %struct.super_block, %struct.super_block* %158, i64 0, i32 28 %160 = bitcast i8** %159 to %struct.nfs_server.233131** %161 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %160, align 16 br label %40 %41 = phi %struct.nfs_server.233131* [ %161, %157 ], [ %12, %4 ] store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 31), %struct.rpc_procinfo** %15, align 8 store %struct.cred* %1, %struct.cred** %18, align 8 store %struct.rpc_task* null, %struct.rpc_task** %21, align 8 %42 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %41, i64 0, i32 3 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = load i64, i64* %43, align 8 store i64 %44, i64* %23, align 8 store %struct.rpc_message* %5, %struct.rpc_message** %25, align 8 store %struct.rpc_call_ops* @nfs4_delegreturn_ops, %struct.rpc_call_ops** %27, align 8 store i16 4101, i16* %29, align 8 store i8 0, i8* %31, align 2 %45 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %46 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %45, i32 3392, i64 696) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_do_close 1 __nfs4_close 2 nfs4_close_sync 3 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %0, i64 0, i32 5 %4 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %3, align 8 %5 = icmp eq %struct.nfs4_state.233157* %4, null br i1 %5, label %16, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3 %11 = lshr i32 %9, 5 %12 = and i32 %11, 1 %13 = or i32 %12, %10 br i1 %7, label %15, label %14 tail call void bitcast (void (%struct.nfs4_state.234728*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.233157*, i32)*)(%struct.nfs4_state.233157* nonnull %4, i32 %13) #83 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.234728* %0, i32 %1, i32 3264, i32 1) #83 Function:__nfs4_close %5 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %6, i64 0, i32 6 %8 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %7, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %6, i64 0, i32 5, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = and i32 %1, 3 switch i32 %10, label %23 [ i32 1, label %11 i32 2, label %15 i32 3, label %19 ] %20 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 12 %21 = load i32, i32* %20, align 4 %22 = add i32 %21, -1 store i32 %22, i32* %20, align 4 br label %23 %24 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 12 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %62 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 10 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %40 %32 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 5 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = load volatile i64, i64* %32, align 8 %36 = and i64 %35, 32 %37 = or i64 %36, %34 %38 = icmp ne i64 %37, 0 %39 = zext i1 %38 to i32 br label %40 %41 = phi i32 [ %39, %31 ], [ 0, %27 ] %42 = phi i32 [ 2, %31 ], [ 3, %27 ] %43 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 11 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %62 %63 = phi i32 [ %58, %60 ], [ %58, %46 ], [ 0, %23 ], [ %41, %40 ] %64 = phi i32 [ 0, %60 ], [ 1, %46 ], [ 3, %23 ], [ %42, %40 ] %65 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 13 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, %64 br i1 %67, label %94, label %68 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %95 = icmp eq i32 %63, 0 br i1 %95, label %96, label %115 %116 = tail call i32 bitcast (i32 (%struct.nfs4_state.233157*, i32, i32)* @nfs4_do_close to i32 (%struct.nfs4_state.234728*, i32, i32)*)(%struct.nfs4_state.234728* %0, i32 %2, i32 %3) #83 Function:nfs4_do_close %4 = alloca %struct.rpc_message, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %0, i64 0, i32 4 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.233131** %12 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %11, align 16 %13 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %0, i64 0, i32 3 %14 = load %struct.nfs4_state_owner.233154*, %struct.nfs4_state_owner.233154** %13, align 8 %15 = bitcast %struct.rpc_message* %4 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %4, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 8), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %4, i64 0, i32 1 %18 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %4, i64 0, i32 2 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %4, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs4_state_owner.233154, %struct.nfs4_state_owner.233154* %14, i64 0, i32 4 %21 = bitcast %struct.cred** %20 to i64* %22 = bitcast i8** %17 to i8* %23 = load i64, i64* %21, align 8 %24 = bitcast %struct.cred** %19 to i64* store i64 %23, i64* %24, align 8 %25 = bitcast %struct.rpc_task_setup* %5 to i8* %26 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 store %struct.rpc_task* null, %struct.rpc_task** %26, align 8 %27 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %28 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %12, i64 0, i32 3 %29 = bitcast %struct.rpc_clnt** %28 to i64* %30 = load i64, i64* %29, align 8 %31 = bitcast %struct.rpc_clnt** %27 to i64* store i64 %30, i64* %31, align 8 %32 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %33 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %34 = bitcast %struct.rpc_xprt** %32 to i8* store %struct.rpc_message* %4, %struct.rpc_message** %33, align 8 %35 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 store %struct.rpc_call_ops* @nfs4_close_ops, %struct.rpc_call_ops** %35, align 8 %36 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 store i8* null, i8** %36, align 8 %37 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %38 = load i64, i64* bitcast (%struct.workqueue_struct** @nfsiod_workqueue to i64*), align 8 %39 = bitcast %struct.workqueue_struct** %37 to i64* store i64 %38, i64* %39, align 8 %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 store i16 -32767, i16* %40, align 8 %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 store i8 0, i8* %41, align 2 %42 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %12, i64 0, i32 0 %43 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %42, align 8 %44 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %43, i64 0, i32 15 %45 = load i32, i32* %44, align 8 %46 = icmp eq i32 %45, 0 br i1 %46, label %48, label %47 %49 = or i32 %1, 256 %50 = and i32 %1, 17 %51 = icmp eq i32 %50, 0 %52 = and i32 %1, 1 %53 = icmp eq i32 %52, 0 %54 = select i1 %53, i64 1, i64 2 %55 = select i1 %51, i64 0, i64 %54 %56 = getelementptr [3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 %55, i64 10 %57 = load %struct.kmem_cache*, %struct.kmem_cache** %56, align 16 %58 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %57, i32 %49, i64 608) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %15 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %16 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %69, label %17 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %19 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 3520, i64 568) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_mkdir ------------- Path:  Function:nfs4_proc_mkdir %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = bitcast %struct.nfs4_exception* %4 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = getelementptr %struct.nfs_server.233131, %struct.nfs_server.233131* %9, i64 0, i32 35, i64 2 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 131072 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %23 %24 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 4 br label %27 %28 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %29 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %28, i32 3520, i64 568) #84 %76 = phi i32 [ %74, %31 ], [ -12, %27 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_mkdir to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_mkdir, %77)) #6 to label %97 [label %77], !srcloc !4 %98 = load %struct.super_block*, %struct.super_block** %5, align 8 %99 = getelementptr inbounds %struct.super_block, %struct.super_block* %98, i64 0, i32 28 %100 = bitcast i8** %99 to %struct.nfs_server.233131** %101 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %100, align 16 %102 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %101, i32 %76, %struct.nfs4_exception* nonnull %4) #85 %103 = load i8, i8* %26, align 8 %104 = and i8 %103, 8 %105 = icmp eq i8 %104, 0 br i1 %105, label %106, label %27 %28 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %29 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %28, i32 3520, i64 568) #84 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_mknod ------------- Path:  Function:nfs4_proc_mknod %5 = alloca %struct.nfs4_exception, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.233131** %10 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %9, align 16 %11 = bitcast %struct.nfs4_exception* %5 to i8* %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %5, i64 0, i32 5 store i8 1, i8* %12, align 1 %13 = getelementptr %struct.nfs_server.233131, %struct.nfs_server.233131* %10, i64 0, i32 35, i64 2 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 131072 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %24 %25 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 1 %26 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %27 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %28 = lshr i32 %3, 20 %29 = and i32 %3, 1048575 %30 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %5, i64 0, i32 4 br label %31 %32 = load i16, i16* %25, align 4 %33 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %34 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %33, i32 3520, i64 568) #84 %96 = phi i32 [ %94, %93 ], [ -12, %31 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_mknod to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_mknod, %97)) #6 to label %117 [label %97], !srcloc !4 %118 = load %struct.super_block*, %struct.super_block** %6, align 8 %119 = getelementptr inbounds %struct.super_block, %struct.super_block* %118, i64 0, i32 28 %120 = bitcast i8** %119 to %struct.nfs_server.233131** %121 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %120, align 16 %122 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %121, i32 %96, %struct.nfs4_exception* nonnull %5) #85 %123 = load i8, i8* %30, align 8 %124 = and i8 %123, 8 %125 = icmp eq i8 %124, 0 br i1 %125, label %126, label %31 %32 = load i16, i16* %25, align 4 %33 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %34 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %33, i32 3520, i64 568) #84 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_rename 1 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %62 = phi %struct.inode* [ %10, %35 ], [ %10, %45 ], [ null, %33 ], [ null, %58 ] %63 = phi %struct.dentry* [ null, %35 ], [ null, %45 ], [ null, %33 ], [ %56, %58 ] %64 = phi %struct.dentry* [ null, %35 ], [ %46, %45 ], [ null, %33 ], [ null, %58 ] %65 = phi %struct.dentry* [ %4, %35 ], [ %4, %45 ], [ %4, %33 ], [ %56, %58 ] %66 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.220177* (%struct.inode.220132*, %struct.inode.220132*, %struct.dentry.220135*, %struct.dentry.220135*, void (%struct.rpc_task.220177*, %struct.nfs_renamedata.220258*)*)* @nfs_async_rename to %struct.rpc_task* (%struct.inode*, %struct.inode*, %struct.dentry*, %struct.dentry*, void (%struct.rpc_task*, %struct.nfs_renamedata.212594*)*)*)(%struct.inode* %1, %struct.inode* %3, %struct.dentry* %2, %struct.dentry* %65, void (%struct.rpc_task*, %struct.nfs_renamedata.212594*)* null) #83 Function:nfs_async_rename %6 = alloca %struct.rpc_message.220176, align 8 %7 = alloca %struct.rpc_task_setup.220214, align 8 %8 = bitcast %struct.rpc_message.220176* %6 to i8* %9 = bitcast %struct.rpc_task_setup.220214* %7 to i8* %10 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 0 store %struct.rpc_task.220177* null, %struct.rpc_task.220177** %10, align 8 %11 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 1 %12 = getelementptr inbounds %struct.inode.220132, %struct.inode.220132* %0, i64 0, i32 8 %13 = load %struct.super_block.220120*, %struct.super_block.220120** %12, align 8 %14 = getelementptr inbounds %struct.super_block.220120, %struct.super_block.220120* %13, i64 0, i32 28 %15 = bitcast i8** %14 to %struct.nfs_server.220256** %16 = load %struct.nfs_server.220256*, %struct.nfs_server.220256** %15, align 16 %17 = getelementptr inbounds %struct.nfs_server.220256, %struct.nfs_server.220256* %16, i64 0, i32 3 %18 = bitcast %struct.rpc_clnt.220164** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = bitcast %struct.rpc_clnt.220164** %11 to i64* store i64 %19, i64* %20, align 8 %21 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 2 %22 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 4 %23 = bitcast %struct.rpc_xprt.220153** %21 to i8* store %struct.rpc_message.220176* %6, %struct.rpc_message.220176** %22, align 8 %24 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 5 store %struct.rpc_call_ops.220178* @nfs_rename_ops, %struct.rpc_call_ops.220178** %24, align 8 %25 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 6 store i8* null, i8** %25, align 8 %26 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 7 %27 = load i64, i64* bitcast (%struct.workqueue_struct** @nfsiod_workqueue to i64*), align 8 %28 = bitcast %struct.workqueue_struct** %26 to i64* store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 8 store i16 -32767, i16* %29, align 8 %30 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 9 store i8 0, i8* %30, align 2 %31 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %32 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %31, i32 3520, i64 664) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_rename 1 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %62 = phi %struct.inode* [ %10, %35 ], [ %10, %45 ], [ null, %33 ], [ null, %58 ] %63 = phi %struct.dentry* [ null, %35 ], [ null, %45 ], [ null, %33 ], [ %56, %58 ] %64 = phi %struct.dentry* [ null, %35 ], [ %46, %45 ], [ null, %33 ], [ null, %58 ] %65 = phi %struct.dentry* [ %4, %35 ], [ %4, %45 ], [ %4, %33 ], [ %56, %58 ] %66 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.220177* (%struct.inode.220132*, %struct.inode.220132*, %struct.dentry.220135*, %struct.dentry.220135*, void (%struct.rpc_task.220177*, %struct.nfs_renamedata.220258*)*)* @nfs_async_rename to %struct.rpc_task* (%struct.inode*, %struct.inode*, %struct.dentry*, %struct.dentry*, void (%struct.rpc_task*, %struct.nfs_renamedata.212594*)*)*)(%struct.inode* %1, %struct.inode* %3, %struct.dentry* %2, %struct.dentry* %65, void (%struct.rpc_task*, %struct.nfs_renamedata.212594*)* null) #83 Function:nfs_async_rename %6 = alloca %struct.rpc_message.220176, align 8 %7 = alloca %struct.rpc_task_setup.220214, align 8 %8 = bitcast %struct.rpc_message.220176* %6 to i8* %9 = bitcast %struct.rpc_task_setup.220214* %7 to i8* %10 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 0 store %struct.rpc_task.220177* null, %struct.rpc_task.220177** %10, align 8 %11 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 1 %12 = getelementptr inbounds %struct.inode.220132, %struct.inode.220132* %0, i64 0, i32 8 %13 = load %struct.super_block.220120*, %struct.super_block.220120** %12, align 8 %14 = getelementptr inbounds %struct.super_block.220120, %struct.super_block.220120* %13, i64 0, i32 28 %15 = bitcast i8** %14 to %struct.nfs_server.220256** %16 = load %struct.nfs_server.220256*, %struct.nfs_server.220256** %15, align 16 %17 = getelementptr inbounds %struct.nfs_server.220256, %struct.nfs_server.220256* %16, i64 0, i32 3 %18 = bitcast %struct.rpc_clnt.220164** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = bitcast %struct.rpc_clnt.220164** %11 to i64* store i64 %19, i64* %20, align 8 %21 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 2 %22 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 4 %23 = bitcast %struct.rpc_xprt.220153** %21 to i8* store %struct.rpc_message.220176* %6, %struct.rpc_message.220176** %22, align 8 %24 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 5 store %struct.rpc_call_ops.220178* @nfs_rename_ops, %struct.rpc_call_ops.220178** %24, align 8 %25 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 6 store i8* null, i8** %25, align 8 %26 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 7 %27 = load i64, i64* bitcast (%struct.workqueue_struct** @nfsiod_workqueue to i64*), align 8 %28 = bitcast %struct.workqueue_struct** %26 to i64* store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 8 store i16 -32767, i16* %29, align 8 %30 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 9 store i8 0, i8* %30, align 2 %31 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %32 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %31, i32 3520, i64 664) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_rename 1 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %62 = phi %struct.inode* [ %10, %35 ], [ %10, %45 ], [ null, %33 ], [ null, %58 ] %63 = phi %struct.dentry* [ null, %35 ], [ null, %45 ], [ null, %33 ], [ %56, %58 ] %64 = phi %struct.dentry* [ null, %35 ], [ %46, %45 ], [ null, %33 ], [ null, %58 ] %65 = phi %struct.dentry* [ %4, %35 ], [ %4, %45 ], [ %4, %33 ], [ %56, %58 ] %66 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.220177* (%struct.inode.220132*, %struct.inode.220132*, %struct.dentry.220135*, %struct.dentry.220135*, void (%struct.rpc_task.220177*, %struct.nfs_renamedata.220258*)*)* @nfs_async_rename to %struct.rpc_task* (%struct.inode*, %struct.inode*, %struct.dentry*, %struct.dentry*, void (%struct.rpc_task*, %struct.nfs_renamedata.212594*)*)*)(%struct.inode* %1, %struct.inode* %3, %struct.dentry* %2, %struct.dentry* %65, void (%struct.rpc_task*, %struct.nfs_renamedata.212594*)* null) #83 Function:nfs_async_rename %6 = alloca %struct.rpc_message.220176, align 8 %7 = alloca %struct.rpc_task_setup.220214, align 8 %8 = bitcast %struct.rpc_message.220176* %6 to i8* %9 = bitcast %struct.rpc_task_setup.220214* %7 to i8* %10 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 0 store %struct.rpc_task.220177* null, %struct.rpc_task.220177** %10, align 8 %11 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 1 %12 = getelementptr inbounds %struct.inode.220132, %struct.inode.220132* %0, i64 0, i32 8 %13 = load %struct.super_block.220120*, %struct.super_block.220120** %12, align 8 %14 = getelementptr inbounds %struct.super_block.220120, %struct.super_block.220120* %13, i64 0, i32 28 %15 = bitcast i8** %14 to %struct.nfs_server.220256** %16 = load %struct.nfs_server.220256*, %struct.nfs_server.220256** %15, align 16 %17 = getelementptr inbounds %struct.nfs_server.220256, %struct.nfs_server.220256* %16, i64 0, i32 3 %18 = bitcast %struct.rpc_clnt.220164** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = bitcast %struct.rpc_clnt.220164** %11 to i64* store i64 %19, i64* %20, align 8 %21 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 2 %22 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 4 %23 = bitcast %struct.rpc_xprt.220153** %21 to i8* store %struct.rpc_message.220176* %6, %struct.rpc_message.220176** %22, align 8 %24 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 5 store %struct.rpc_call_ops.220178* @nfs_rename_ops, %struct.rpc_call_ops.220178** %24, align 8 %25 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 6 store i8* null, i8** %25, align 8 %26 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 7 %27 = load i64, i64* bitcast (%struct.workqueue_struct** @nfsiod_workqueue to i64*), align 8 %28 = bitcast %struct.workqueue_struct** %26 to i64* store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 8 store i16 -32767, i16* %29, align 8 %30 = getelementptr inbounds %struct.rpc_task_setup.220214, %struct.rpc_task_setup.220214* %7, i64 0, i32 9 store i8 0, i8* %30, align 2 %31 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %32 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %31, i32 3520, i64 664) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_alloc_fattr 1 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %16 = bitcast %struct.nfs_fh** %14 to %struct.list_head*** %17 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %19 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %20 = bitcast %struct.nfs4_accessres* %6 to i8* %21 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %22 = bitcast %struct.rpc_message* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_accessargs** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_accessres** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %29 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %30 = bitcast %struct.cred** %29 to i64* %31 = bitcast %struct.cred** %28 to i64* %32 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %32 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.233131** %62 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %61, align 16 store %struct.list_head** %15, %struct.list_head*** %16, align 8 store i32* null, i32** %17, align 8 %63 = load i32, i32* %19, align 8 store i32 %63, i32* %18, align 8 store %struct.nfs_server.233131* %62, %struct.nfs_server.233131** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %25, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %27, align 8 %64 = load i64, i64* %30, align 8 store i64 %64, i64* %31, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #83 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #83 Function:nfs_alloc_fattr %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3136, i64 224) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_alloc_fattr 1 __nfs3_proc_setacls 2 nfs3_set_acl ------------- Path:  Function:nfs3_set_acl %5 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %1, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, -4096 %8 = icmp eq i16 %7, 16384 br i1 %8, label %9, label %16 switch i32 %3, label %16 [ i32 32768, label %10 i32 16384, label %13 ] %14 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.232196*, i32)*)(%struct.inode.232196* %1, i32 32768) #83 %15 = icmp ugt %struct.posix_acl* %14, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %15, label %63, label %16 %17 = phi %struct.posix_acl* [ %2, %9 ], [ %2, %4 ], [ %2, %10 ], [ %14, %13 ] %18 = phi %struct.posix_acl* [ null, %9 ], [ null, %4 ], [ %11, %10 ], [ %2, %13 ] %19 = icmp eq %struct.posix_acl* %17, null br i1 %19, label %20, label %24 %21 = load i16, i16* %5, align 8 %22 = tail call %struct.posix_acl* @posix_acl_from_mode(i16 zeroext %21, i32 3264) #83 %23 = icmp ugt %struct.posix_acl* %22, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %23, label %63, label %24 %25 = phi %struct.posix_acl* [ %17, %16 ], [ %22, %20 ] %26 = tail call fastcc i32 @__nfs3_proc_setacls(%struct.inode.232196* %1, %struct.posix_acl* %25, %struct.posix_acl* %18) #84 Function:__nfs3_proc_setacls %4 = alloca %struct.nfs_fattr*, align 8 %5 = alloca [7 x %struct.page.232204*], align 16 %6 = alloca %struct.nfs3_setaclargs, align 8 %7 = alloca %struct.rpc_message.232335, align 8 %8 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %0, i64 0, i32 8 %9 = load %struct.super_block.232179*, %struct.super_block.232179** %8, align 8 %10 = getelementptr inbounds %struct.super_block.232179, %struct.super_block.232179* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.232431** %12 = load %struct.nfs_server.232431*, %struct.nfs_server.232431** %11, align 16 %13 = bitcast %struct.nfs_fattr** %4 to i8* %14 = bitcast [7 x %struct.page.232204*]* %5 to i8* %15 = bitcast %struct.nfs3_setaclargs* %6 to i8* %16 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 0 store %struct.inode.232196* %0, %struct.inode.232196** %16, align 8 %17 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 1 store i32 1, i32* %17, align 8 %18 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 2 store %struct.posix_acl* %1, %struct.posix_acl** %18, align 8 %19 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 4 %21 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 5 %22 = getelementptr inbounds %struct.nfs3_setaclargs, %struct.nfs3_setaclargs* %6, i64 0, i32 6 %23 = getelementptr inbounds [7 x %struct.page.232204*], [7 x %struct.page.232204*]* %5, i64 0, i64 0 %24 = bitcast %struct.posix_acl** %19 to i8* store %struct.page.232204** %23, %struct.page.232204*** %22, align 8 %25 = bitcast %struct.rpc_message.232335* %7 to i8* %26 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 0 store %struct.rpc_procinfo.232334* null, %struct.rpc_procinfo.232334** %26, align 8 %27 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 1 %28 = bitcast i8** %27 to %struct.nfs3_setaclargs** store %struct.nfs3_setaclargs* %6, %struct.nfs3_setaclargs** %28, align 8 %29 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 2 %30 = bitcast i8** %29 to %struct.nfs_fattr*** store %struct.nfs_fattr** %4, %struct.nfs_fattr*** %30, align 8 %31 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 3 store %struct.cred* null, %struct.cred** %31, align 8 %32 = icmp eq %struct.posix_acl* %1, null br i1 %32, label %33, label %45 %46 = getelementptr inbounds %struct.nfs_server.232431, %struct.nfs_server.232431* %12, i64 0, i32 10 %47 = load i32, i32* %46, align 8 %48 = and i32 %47, 8 %49 = icmp eq i32 %48, 0 br i1 %49, label %153, label %50 %51 = getelementptr inbounds %struct.posix_acl, %struct.posix_acl* %1, i64 0, i32 2 %52 = load i32, i32* %51, align 8 %53 = icmp ugt i32 %52, 1024 br i1 %53, label %153, label %54 %55 = icmp eq %struct.posix_acl* %2, null br i1 %55, label %65, label %56 %66 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %0, i64 0, i32 0 %67 = load i16, i16* %66, align 8 %68 = and i16 %67, -4096 %69 = icmp eq i16 %68, 16384 br i1 %69, label %70, label %84 %85 = phi i32 [ %52, %70 ], [ %58, %71 ], [ %58, %72 ], [ %82, %80 ], [ %52, %65 ] %86 = phi i32 [ 16, %70 ], [ 64, %71 ], [ %78, %72 ], [ 16, %80 ], [ 16, %65 ] %87 = icmp sgt i32 %85, 4 %88 = select i1 %87, i32 %85, i32 4 %89 = mul i32 %88, 12 %90 = add i32 %89, %86 %91 = zext i32 %90 to i64 store i64 %91, i64* %20, align 8 %92 = icmp ugt i32 %90, 136 br i1 %92, label %93, label %113 %94 = add nuw nsw i64 %91, 17592186044415 %95 = lshr i64 %94, 12 %96 = trunc i64 %95 to i32 %97 = add nsw i32 %96, 1 br label %98 %99 = call %struct.page.232204* bitcast (%struct.page* (i32, i32)* @alloc_pages to %struct.page.232204* (i32, i32)*)(i32 3264, i32 0) #83 %100 = load %struct.page.232204**, %struct.page.232204*** %22, align 8 %101 = load i32, i32* %21, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr %struct.page.232204*, %struct.page.232204** %100, i64 %102 store %struct.page.232204* %99, %struct.page.232204** %103, align 8 %104 = load %struct.page.232204**, %struct.page.232204*** %22, align 8 %105 = load i32, i32* %21, align 8 %106 = zext i32 %105 to i64 %107 = getelementptr %struct.page.232204*, %struct.page.232204** %104, i64 %106 %108 = load %struct.page.232204*, %struct.page.232204** %107, align 8 %109 = icmp eq %struct.page.232204* %108, null br i1 %109, label %140, label %110 %111 = add i32 %105, 1 store i32 %111, i32* %21, align 8 %112 = icmp ult i32 %111, %97 br i1 %112, label %98, label %113 %114 = call %struct.nfs_fattr* @nfs_alloc_fattr() #83 Function:nfs_alloc_fattr %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3136, i64 224) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_alloc_fattr_with_label 1 nfs4_proc_link ------------- Path:  Function:nfs4_proc_link %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [3 x i32], align 4 %7 = alloca %struct.nfs4_link_arg, align 8 %8 = alloca %struct.nfs4_link_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 1, i8* %12, align 1 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = bitcast [3 x i32]* %6 to i8* %15 = bitcast %struct.nfs4_link_arg* %7 to i8* %16 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %18 = bitcast %struct.nfs_fh** %16 to %struct.list_head*** %19 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 2 %20 = getelementptr %struct.inode, %struct.inode* %1, i64 -1, i32 24, i32 4, i32 1 %21 = bitcast %struct.nfs_fh** %19 to %struct.list_head*** %22 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 3 %23 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 4 %24 = getelementptr inbounds [3 x i32], [3 x i32]* %6, i64 0, i64 0 %25 = bitcast %struct.nfs4_link_res* %8 to i8* %26 = getelementptr inbounds %struct.nfs4_link_res, %struct.nfs4_link_res* %8, i64 0, i32 1 %27 = bitcast %struct.rpc_message* %9 to i8* %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %30 = bitcast i8** %29 to %struct.nfs4_link_arg** %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %32 = bitcast i8** %31 to %struct.nfs4_link_res** %33 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %34 = getelementptr inbounds %struct.nfs4_link_res, %struct.nfs4_link_res* %8, i64 0, i32 2 %35 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 0 %36 = icmp eq %struct.inode* %0, null %37 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 9, i32 1 %39 = bitcast %struct.list_head** %38 to i64* %40 = getelementptr inbounds [3 x i32], [3 x i32]* %6, i64 0, i64 1 %41 = getelementptr inbounds %struct.nfs4_link_res, %struct.nfs4_link_res* %8, i64 0, i32 0 %42 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 0, i32 0 %43 = getelementptr inbounds %struct.nfs4_link_arg, %struct.nfs4_link_arg* %7, i64 0, i32 0, i32 1 %44 = getelementptr inbounds %struct.nfs4_link_res, %struct.nfs4_link_res* %8, i64 0, i32 0, i32 0 %45 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %47 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %49 = bitcast %struct.rpc_task_setup* %5 to i8* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 0 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %52 = bitcast %struct.rpc_clnt** %51 to i64* %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %55 = bitcast %struct.rpc_xprt** %53 to i8* %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %57 = bitcast %struct.rpc_call_ops** %56 to i64* %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %59 = bitcast i8** %58 to %struct.nfs4_call_sync_data** %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %61 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %63 = getelementptr inbounds %struct.nfs4_link_res, %struct.nfs4_link_res* %8, i64 0, i32 3 %64 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18, i32 0, i32 0 %65 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 %66 = bitcast %struct.nfs_fattr** %34 to i8** %67 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %68 %69 = load %struct.super_block*, %struct.super_block** %13, align 8 %70 = getelementptr inbounds %struct.super_block, %struct.super_block* %69, i64 0, i32 28 %71 = bitcast i8** %70 to %struct.nfs_server.233131** %72 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %71, align 16 store %struct.list_head** %17, %struct.list_head*** %18, align 8 store %struct.list_head** %20, %struct.list_head*** %21, align 8 store %struct.qstr* %2, %struct.qstr** %22, align 8 store i32* %24, i32** %23, align 8 store %struct.nfs_server.233131* %72, %struct.nfs_server.233131** %26, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 23), %struct.rpc_procinfo** %28, align 8 store %struct.nfs4_link_arg* %7, %struct.nfs4_link_arg** %30, align 8 store %struct.nfs4_link_res* %8, %struct.nfs4_link_res** %32, align 8 store %struct.cred* null, %struct.cred** %33, align 8 %73 = call %struct.nfs_fattr* bitcast (%struct.nfs_fattr* (%struct.nfs_server.214962*)* @nfs_alloc_fattr_with_label to %struct.nfs_fattr* (%struct.nfs_server.233131*)*)(%struct.nfs_server.233131* %72) #83 %142 = phi i32 [ -12, %68 ], [ %130, %129 ], [ %137, %132 ], [ 0, %139 ] %143 = load i8*, i8** %66, align 8 call void @kfree(i8* %143) #83 %144 = call i32 @nfs4_handle_exception(%struct.nfs_server.233131* %72, i32 %142, %struct.nfs4_exception* nonnull %10) #84 %145 = load i8, i8* %67, align 8 %146 = and i8 %145, 8 %147 = icmp eq i8 %146, 0 br i1 %147, label %148, label %68 %69 = load %struct.super_block*, %struct.super_block** %13, align 8 %70 = getelementptr inbounds %struct.super_block, %struct.super_block* %69, i64 0, i32 28 %71 = bitcast i8** %70 to %struct.nfs_server.233131** %72 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %71, align 16 store %struct.list_head** %17, %struct.list_head*** %18, align 8 store %struct.list_head** %20, %struct.list_head*** %21, align 8 store %struct.qstr* %2, %struct.qstr** %22, align 8 store i32* %24, i32** %23, align 8 store %struct.nfs_server.233131* %72, %struct.nfs_server.233131** %26, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 23), %struct.rpc_procinfo** %28, align 8 store %struct.nfs4_link_arg* %7, %struct.nfs4_link_arg** %30, align 8 store %struct.nfs4_link_res* %8, %struct.nfs4_link_res** %32, align 8 store %struct.cred* null, %struct.cred** %33, align 8 %73 = call %struct.nfs_fattr* bitcast (%struct.nfs_fattr* (%struct.nfs_server.214962*)* @nfs_alloc_fattr_with_label to %struct.nfs_fattr* (%struct.nfs_server.233131*)*)(%struct.nfs_server.233131* %72) #83 Function:nfs_alloc_fattr_with_label %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 3136, i64 224) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_alloc_fhandle 1 nfs_lookup ------------- Path:  Function:nfs_lookup %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.212651** %8 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %8, i64 0, i32 6 %10 = load %struct.nfs_iostats*, %struct.nfs_iostats** %9, align 8 %11 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %10, i64 0, i32 1, i64 5 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64* %11) #6, !srcloc !4 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %13 = bitcast %struct.anon.1* %12 to %struct.static_call_site* %14 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %13, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = load %struct.super_block*, %struct.super_block** %4, align 8 %17 = getelementptr inbounds %struct.super_block, %struct.super_block* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.212651** %19 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %19, i64 0, i32 23 %21 = load i32, i32* %20, align 4 %22 = icmp ugt i32 %15, %21 br i1 %22, label %187, label %23, !prof !5, !misexpect !6 %24 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %19, i64 0, i32 0 %25 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %24, align 8 %26 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %25, i64 0, i32 12 %27 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %26, align 8 %28 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 2 %31 = and i32 %2, 1024 %32 = icmp eq i32 %31, 0 %33 = or i1 %32, %30 %34 = and i32 %2, 2048 %35 = icmp eq i32 %34, 0 %36 = and i1 %35, %33 br i1 %36, label %37, label %187 %38 = tail call %struct.nfs_fh* @nfs_alloc_fhandle() #83 Function:nfs_alloc_fhandle %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3136, i64 130) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_alloc_fhandle 1 nfs_lookup ------------- Path:  Function:nfs_lookup %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.212651** %8 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %8, i64 0, i32 6 %10 = load %struct.nfs_iostats*, %struct.nfs_iostats** %9, align 8 %11 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %10, i64 0, i32 1, i64 5 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64* %11) #6, !srcloc !4 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %13 = bitcast %struct.anon.1* %12 to %struct.static_call_site* %14 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %13, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = load %struct.super_block*, %struct.super_block** %4, align 8 %17 = getelementptr inbounds %struct.super_block, %struct.super_block* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.212651** %19 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %19, i64 0, i32 23 %21 = load i32, i32* %20, align 4 %22 = icmp ugt i32 %15, %21 br i1 %22, label %187, label %23, !prof !5, !misexpect !6 %24 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %19, i64 0, i32 0 %25 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %24, align 8 %26 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %25, i64 0, i32 12 %27 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %26, align 8 %28 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 2 %31 = and i32 %2, 1024 %32 = icmp eq i32 %31, 0 %33 = or i1 %32, %30 %34 = and i32 %2, 2048 %35 = icmp eq i32 %34, 0 %36 = and i1 %35, %33 br i1 %36, label %37, label %187 %38 = tail call %struct.nfs_fh* @nfs_alloc_fhandle() #83 Function:nfs_alloc_fhandle %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3136, i64 130) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_alloc_fhandle 1 nfs_lookup ------------- Path:  Function:nfs_lookup %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.212651** %8 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %8, i64 0, i32 6 %10 = load %struct.nfs_iostats*, %struct.nfs_iostats** %9, align 8 %11 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %10, i64 0, i32 1, i64 5 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %11, i64* %11) #6, !srcloc !4 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %13 = bitcast %struct.anon.1* %12 to %struct.static_call_site* %14 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %13, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = load %struct.super_block*, %struct.super_block** %4, align 8 %17 = getelementptr inbounds %struct.super_block, %struct.super_block* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.212651** %19 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %19, i64 0, i32 23 %21 = load i32, i32* %20, align 4 %22 = icmp ugt i32 %15, %21 br i1 %22, label %187, label %23, !prof !5, !misexpect !6 %24 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %19, i64 0, i32 0 %25 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %24, align 8 %26 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %25, i64 0, i32 12 %27 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %26, align 8 %28 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 2 %31 = and i32 %2, 1024 %32 = icmp eq i32 %31, 0 %33 = or i1 %32, %30 %34 = and i32 %2, 2048 %35 = icmp eq i32 %34, 0 %36 = and i1 %35, %33 br i1 %36, label %37, label %187 %38 = tail call %struct.nfs_fh* @nfs_alloc_fhandle() #83 Function:nfs_alloc_fhandle %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3136, i64 130) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_get_lock_context 1 _nfs4_do_setattr 2 nfs4_do_setattr 3 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #83 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.233158** %24 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %23, align 8 %25 = icmp eq %struct.nfs_open_context.233158* %24, null br i1 %25, label %29, label %26 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.233158* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.233158* %31, %struct.nfs4_label* null) #84 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.233131** %15 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.233157* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4, i32 1 %26 = bitcast %struct.nfs_fh** %24 to %struct.list_head*** store %struct.list_head** %25, %struct.list_head*** %26, align 8 %27 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %28 = bitcast %struct.nfs4_stateid_struct* %27 to i8* %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %29, align 8 %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %32 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %32, i32** %31, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %33, align 8 %34 = bitcast %struct.nfs_setattrres* %9 to i8* %35 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %35, align 8 %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs_server.233131* %15, %struct.nfs_server.233131** %36, align 8 %37 = bitcast %struct.nfs4_exception* %10 to i8* %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.233157* %22, %struct.nfs4_state.233157** %38, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %27, %struct.nfs4_stateid_struct** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %43, align 1 %44 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 6145 %47 = icmp eq i32 %46, 0 %48 = select i1 %47, i64 256, i64 131328 %49 = and i32 %45, 6 %50 = icmp eq i32 %49, 0 %51 = or i64 %48, 4096 %52 = select i1 %50, i64 %48, i64 %51 %53 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 35, i64 0 %54 = bitcast i32* %53 to i8* %55 = icmp eq %struct.inode* %0, null %56 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %57 = getelementptr inbounds %struct.list_head, %struct.list_head* %56, i64 9, i32 1 %58 = bitcast %struct.list_head** %57 to i64* %59 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %60 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %15, i64 0, i32 0 %61 = icmp eq %struct.nfs4_state.233157* %22, null %62 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %22, i64 0, i32 13 br label %63 br i1 %55, label %89, label %64 %90 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.233158* %4) #84 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.233131** %14 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #83 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 2 %36 = call zeroext i1 @nfs4_copy_delegation_stateid(%struct.inode* %0, i32 2, %struct.nfs4_stateid_struct* %35, %struct.cred** nonnull %9) #83 br i1 %36, label %62, label %37 %38 = icmp eq %struct.nfs_open_context.233158* %4, null br i1 %38, label %57, label %39 %40 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %4, i64 0, i32 5 %41 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %40, align 8 %42 = icmp eq %struct.nfs4_state.233157* %41, null br i1 %42, label %57, label %43 %44 = getelementptr inbounds %struct.nfs4_state.233157, %struct.nfs4_state.233157* %41, i64 0, i32 5 %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 512 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %160 %49 = call %struct.nfs_lock_context.233159* bitcast (%struct.nfs_lock_context.214916* (%struct.nfs_open_context.214915*)* @nfs_get_lock_context to %struct.nfs_lock_context.233159* (%struct.nfs_open_context.233158*)*)(%struct.nfs_open_context.233158* nonnull %4) #83 Function:nfs_get_lock_context %2 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 2 %3 = load %struct.dentry.214823*, %struct.dentry.214823** %2, align 8 %4 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %3, i64 0, i32 5 %5 = load %struct.inode.214835*, %struct.inode.214835** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.nfs_open_context.214915, %struct.nfs_open_context.214915* %0, i64 0, i32 0, i32 1 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 %8 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %9 = getelementptr %struct.list_head, %struct.list_head* %8, i64 -1, i32 1 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %9, i64 1 %11 = bitcast %struct.list_head** %10 to %struct.list_head* %12 = icmp eq %struct.list_head* %6, %11 br i1 %12, label %56, label %13 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.214809** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.214809**)) #11, !srcloc !4 %15 = inttoptr i64 %14 to %struct.task_struct.214809* %16 = getelementptr inbounds %struct.task_struct.214809, %struct.task_struct.214809* %15, i64 0, i32 101 %17 = bitcast %struct.files_struct** %16 to i8** br label %18 %19 = phi %struct.list_head* [ %11, %13 ], [ %54, %49 ] %20 = phi %struct.list_head** [ %9, %13 ], [ %52, %49 ] %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %20, i64 4 %22 = bitcast %struct.list_head** %21 to i8** %23 = load i8*, i8** %22, align 8 %24 = load i8*, i8** %17, align 16 %25 = icmp eq i8* %23, %24 br i1 %25, label %26, label %49 %27 = bitcast %struct.list_head** %20 to %struct.seqcount_spinlock* %28 = bitcast %struct.list_head** %20 to i32* %29 = load volatile i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %41, label %31 %32 = phi i32 [ %39, %38 ], [ %29, %26 ] %33 = add i32 %32, 1 %34 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 %33, i32* %28, i32 %32) #6, !srcloc !5 %35 = extractvalue { i8, i32 } %34, 0 %36 = and i8 %35, 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %38, label %41, !prof !6, !misexpect !7 %39 = extractvalue { i8, i32 } %34, 1 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %31 %42 = phi i32 [ 0, %26 ], [ 0, %38 ], [ %32, %31 ] %43 = add i32 %42, 1 %44 = or i32 %43, %42 %45 = icmp sgt i32 %44, -1 br i1 %45, label %47, label %46, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %27, i32 0) #83 br label %47 %48 = icmp eq i32 %42, 0 br i1 %48, label %49, label %57 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %51 = load volatile %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -1, i32 1 %53 = getelementptr inbounds %struct.list_head*, %struct.list_head** %52, i64 1 %54 = bitcast %struct.list_head** %53 to %struct.list_head* %55 = icmp eq %struct.list_head* %6, %54 br i1 %55, label %56, label %18 tail call void @__rcu_read_unlock() #83 br label %60 %61 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %62 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %61, i32 3264, i64 64) #84 ------------- Use: =BAD PATH= Call Stack: 0 alloc_nfs_open_context 1 nfs_open 2 nfs4_file_open ------------- Path:  Function:nfs4_file_open %3 = alloca %struct.iattr, align 8 %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %5 = load %struct.dentry*, %struct.dentry** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 67108864 %9 = icmp eq i32 %8, 0 br i1 %9, label %18, label %10, !prof !4, !misexpect !5 %19 = phi %struct.dentry* [ %17, %10 ], [ %5, %2 ] %20 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 7 %21 = load i32, i32* %20, align 8 %22 = bitcast %struct.iattr* %3 to i8* %23 = tail call i32 @nfs_check_flags(i32 %21) #83 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = and i32 %21, 3 %27 = icmp eq i32 %26, 3 br i1 %27, label %28, label %30 %29 = tail call i32 bitcast (i32 (%struct.inode.214835*, %struct.file.214359*)* @nfs_open to i32 (%struct.inode*, %struct.file*)*)(%struct.inode* %0, %struct.file* %1) #83 Function:nfs_open %3 = getelementptr inbounds %struct.file.214359, %struct.file.214359* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry.214823*, %struct.dentry.214823** %3, align 8 %5 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.214823* [ %16, %9 ], [ %4, %2 ] %19 = getelementptr inbounds %struct.file.214359, %struct.file.214359* %1, i64 0, i32 8 %20 = load i32, i32* %19, align 4 %21 = tail call %struct.nfs_open_context.214915* @alloc_nfs_open_context(%struct.dentry.214823* %18, i32 %20, %struct.file.214359* %1) #84 Function:alloc_nfs_open_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3264, i64 168) #83 ------------- Use: =BAD PATH= Call Stack: 0 alloc_nfs_open_context 1 nfs4_proc_create ------------- Path:  Function:nfs4_proc_create %5 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.233131** %9 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %8, align 16 %10 = tail call %struct.nfs_open_context.233158* bitcast (%struct.nfs_open_context.214915* (%struct.dentry.214823*, i32, %struct.file.214359*)* @alloc_nfs_open_context to %struct.nfs_open_context.233158* (%struct.dentry*, i32, %struct.file*)*)(%struct.dentry* %1, i32 1, %struct.file* null) #83 Function:alloc_nfs_open_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3264, i64 168) #83 ------------- Use: =BAD PATH= Call Stack: 0 alloc_nfs_open_context 1 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr* %7 to i8* %15 = getelementptr inbounds %struct.iattr, %struct.iattr* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.inode* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #83 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %288 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %34, label %27 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %36 = bitcast %struct.qstr* %35 to %struct.static_call_site* %37 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %36, i64 0, i32 1 %38 = load i32, i32* %37, align 4 %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %40 = load %struct.super_block*, %struct.super_block** %39, align 8 %41 = getelementptr inbounds %struct.super_block, %struct.super_block* %40, i64 0, i32 28 %42 = bitcast i8** %41 to %struct.nfs_server.212651** %43 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %42, align 16 %44 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %43, i64 0, i32 23 %45 = load i32, i32* %44, align 4 %46 = icmp ugt i32 %38, %45 br i1 %46, label %288, label %47 %48 = and i32 %3, 64 %49 = icmp eq i32 %48, 0 br i1 %49, label %65, label %50 %66 = and i32 %3, 512 %67 = icmp eq i32 %66, 0 br i1 %67, label %72, label %68 br i1 %49, label %73, label %93 %74 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 0 %75 = load i32, i32* %74, align 8 %76 = and i32 %75, 268435456 %77 = icmp eq i32 %76, 0 br i1 %77, label %78, label %93 %94 = phi %struct.dentry* [ %1, %72 ], [ %1, %73 ], [ %81, %86 ] %95 = phi i1 [ true, %72 ], [ true, %73 ], [ false, %86 ] %96 = and i32 %3, 32 %97 = and i32 %3, 3 %98 = icmp ne i32 %97, 1 %99 = zext i1 %98 to i32 %100 = or i32 %96, %99 %101 = icmp eq i32 %97, 0 %102 = or i32 %100, 2 %103 = select i1 %101, i32 %100, i32 %102 %104 = call %struct.nfs_open_context.212604* bitcast (%struct.nfs_open_context.214915* (%struct.dentry.214823*, i32, %struct.file.214359*)* @alloc_nfs_open_context to %struct.nfs_open_context.212604* (%struct.dentry*, i32, %struct.file*)*)(%struct.dentry* %94, i32 %103, %struct.file* %2) #83 Function:alloc_nfs_open_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3264, i64 168) #83 ------------- Use: =BAD PATH= Call Stack: 0 __nfs_revalidate_inode 1 nfs_revalidate_mapping 2 nfs_readdir ------------- Path:  Function:nfs_readdir %3 = alloca [2 x i32], align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 67108864 %10 = icmp eq i32 %9, 0 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = phi %struct.dentry* [ %18, %11 ], [ %6, %2 ] %21 = getelementptr inbounds %struct.dentry, %struct.dentry* %20, i64 0, i32 5 %22 = load %struct.inode*, %struct.inode** %21, align 8 %23 = getelementptr %struct.inode, %struct.inode* %22, i64 -1, i32 24, i32 4 %24 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.nfs_open_dir_context** %26 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %22, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 28 %30 = bitcast i8** %29 to %struct.nfs_server.212651** %31 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %30, align 16 %32 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %31, i64 0, i32 6 %33 = load %struct.nfs_iostats*, %struct.nfs_iostats** %32, align 8 %34 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %33, i64 0, i32 1, i64 12 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !6 %35 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %41, label %38 %39 = tail call i32 bitcast (i32 (%struct.inode.214835*)* @nfs_attribute_cache_expired to i32 (%struct.inode*)*)(%struct.inode* %22) #83 %40 = icmp eq i32 %39, 0 br i1 %40, label %46, label %41 %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %43 = load %struct.address_space*, %struct.address_space** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.inode.214835*, %struct.address_space.214836*)* @nfs_revalidate_mapping to i32 (%struct.inode*, %struct.address_space*)*)(%struct.inode* %22, %struct.address_space* %43) #83 Function:nfs_revalidate_mapping %3 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 256 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %59 %8 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 9, i32 1 %10 = bitcast %struct.list_head** %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 256 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %49 %15 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %16 = load %struct.super_block.214819*, %struct.super_block.214819** %15, align 8 %17 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.214962** %19 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %19, i64 0, i32 0 %21 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %20, align 8 %22 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %21, i64 0, i32 12 %23 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %22, align 8 %24 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %23, i64 0, i32 47 %25 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %24, align 8 %26 = tail call i32 %25(%struct.inode.214835* %0, i32 1) #83 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %43 %44 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 9 %45 = bitcast %struct.list_head* %44 to i64* %46 = load volatile i64, i64* %45, align 8 %47 = and i64 %46, 2 %48 = icmp eq i64 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %51 = load %struct.super_block.214819*, %struct.super_block.214819** %50, align 8 %52 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %51, i64 0, i32 28 %53 = bitcast i8** %52 to %struct.nfs_server.214962** %54 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %53, align 16 %55 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %54, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 __nfs_revalidate_inode 1 nfs_getattr ------------- Path:  Function:nfs_getattr %6 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 1 %7 = load %struct.dentry.214823*, %struct.dentry.214823** %6, align 8 %8 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %7, i64 0, i32 5 %9 = load %struct.inode.214835*, %struct.inode.214835** %8, align 8 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %37 [label %17], !srcloc !4 %38 = and i32 %3, 2047 %39 = and i32 %4, 16384 %40 = icmp eq i32 %39, 0 %41 = xor i1 %16, true %42 = or i1 %40, %41 br i1 %42, label %60, label %43 %61 = and i32 %3, 192 %62 = icmp eq i32 %61, 0 br i1 %62, label %73, label %63 %64 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 0 %65 = load i16, i16* %64, align 8 %66 = and i16 %65, -4096 %67 = icmp eq i16 %66, -32768 br i1 %67, label %68, label %73 %69 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 9 %70 = load %struct.address_space.214836*, %struct.address_space.214836** %69, align 8 %71 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.214836*, i64, i64)*)(%struct.address_space.214836* %70, i64 0, i64 9223372036854775807) #83 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %297 %74 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 0 %75 = load %struct.vfsmount.214820*, %struct.vfsmount.214820** %74, align 8 %76 = getelementptr inbounds %struct.vfsmount.214820, %struct.vfsmount.214820* %75, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = and i32 %77, 8 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %88 %81 = and i32 %77, 16 %82 = icmp eq i32 %81, 0 br i1 %82, label %90, label %83 %91 = phi i32 [ %89, %88 ], [ %38, %83 ], [ %38, %80 ] %92 = and i32 %91, 1790 %93 = icmp eq i32 %92, 0 br i1 %93, label %237, label %94 br i1 %16, label %95, label %125 %96 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %97 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %96, i64 0, i32 28 %98 = bitcast i8** %97 to %struct.nfs_server.214962** %99 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %98, align 16 %100 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %99, i64 0, i32 0 %101 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %100, align 8 %102 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %101, i64 0, i32 12 %103 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %102, align 8 %104 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %103, i64 0, i32 47 %105 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %104, align 8 %106 = tail call i32 %105(%struct.inode.214835* %9, i32 1) #83 %107 = icmp eq i32 %106, 0 br i1 %107, label %108, label %125 %109 = getelementptr %struct.inode.214835, %struct.inode.214835* %9, i64 -1, i32 24, i32 4 %110 = load volatile i64, i64* @jiffies, align 64 %111 = getelementptr inbounds %struct.list_head, %struct.list_head* %109, i64 10 %112 = bitcast %struct.list_head* %111 to i64* %113 = load i64, i64* %112, align 8 %114 = sub i64 %110, %113 %115 = icmp sgt i64 %114, -1 br i1 %115, label %116, label %125 %117 = load volatile i64, i64* @jiffies, align 64 %118 = getelementptr inbounds %struct.list_head, %struct.list_head* %109, i64 10, i32 1 %119 = bitcast %struct.list_head** %118 to i64* %120 = load i64, i64* %119, align 8 %121 = sub i64 %117, %113 %122 = sub i64 %121, %120 %123 = lshr i64 %122, 63 %124 = xor i64 %123, 1 br label %125 %126 = phi i64 [ 1, %94 ], [ 0, %95 ], [ 1, %108 ], [ %124, %116 ] %127 = getelementptr %struct.inode.214835, %struct.inode.214835* %9, i64 -1, i32 24, i32 4 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %127, i64 9, i32 1 %129 = bitcast %struct.list_head** %128 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = and i64 %130, 256 %132 = or i64 %131, %126 %133 = icmp ne i64 %132, 0 %134 = and i32 %91, 32 %135 = icmp eq i32 %134, 0 %136 = and i64 %130, 4 %137 = zext i1 %133 to i64 %138 = or i64 %136, %137 %139 = icmp ne i64 %138, 0 %140 = select i1 %135, i1 %133, i1 %139 %141 = trunc i32 %91 to i8 %142 = icmp sgt i8 %141, -1 %143 = and i64 %130, 512 %144 = zext i1 %140 to i64 %145 = or i64 %143, %144 %146 = icmp ne i64 %145, 0 %147 = select i1 %142, i1 %140, i1 %146 %148 = and i32 %91, 64 %149 = icmp eq i32 %148, 0 %150 = and i64 %130, 1024 %151 = zext i1 %147 to i64 %152 = or i64 %150, %151 %153 = icmp ne i64 %152, 0 %154 = select i1 %149, i1 %147, i1 %153 %155 = and i32 %91, 512 %156 = icmp eq i32 %155, 0 %157 = and i64 %130, 2048 %158 = zext i1 %154 to i64 %159 = or i64 %157, %158 %160 = icmp ne i64 %159, 0 %161 = select i1 %156, i1 %154, i1 %160 %162 = and i32 %91, 4 %163 = icmp eq i32 %162, 0 %164 = and i64 %130, 65536 %165 = zext i1 %161 to i64 %166 = or i64 %164, %165 %167 = icmp ne i64 %166, 0 %168 = select i1 %163, i1 %161, i1 %167 %169 = and i32 %91, 2 %170 = icmp eq i32 %169, 0 %171 = and i64 %130, 131072 %172 = zext i1 %168 to i64 %173 = or i64 %171, %172 %174 = icmp ne i64 %173, 0 %175 = select i1 %170, i1 %168, i1 %174 %176 = and i32 %91, 24 %177 = icmp eq i32 %176, 0 %178 = and i64 %130, 4096 %179 = zext i1 %175 to i64 %180 = or i64 %178, %179 %181 = icmp ne i64 %180, 0 %182 = select i1 %177, i1 %175, i1 %181 %183 = and i32 %91, 1024 %184 = icmp eq i32 %183, 0 %185 = and i64 %130, 16384 %186 = zext i1 %182 to i64 %187 = or i64 %185, %186 %188 = icmp ne i64 %187, 0 %189 = select i1 %184, i1 %182, i1 %188 br i1 %189, label %190, label %220 %191 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 8 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 32 %194 = icmp eq i32 %193, 0 %195 = load %struct.dentry.214823*, %struct.dentry.214823** %6, align 8 %196 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %195, i64 0, i32 5 %197 = load %struct.inode.214835*, %struct.inode.214835** %196, align 8 %198 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %197, i64 0, i32 8 %199 = load %struct.super_block.214819*, %struct.super_block.214819** %198, align 8 %200 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %199, i64 0, i32 28 %201 = bitcast i8** %200 to %struct.nfs_server.214962** %202 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %201, align 16 %203 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %202, i64 0, i32 10 %204 = load i32, i32* %203, align 8 %205 = and i32 %204, 1 %206 = icmp eq i32 %205, 0 br i1 %194, label %207, label %212 br i1 %206, label %217, label %213 %214 = tail call %struct.dentry.214823* bitcast (%struct.dentry.148048* (%struct.dentry.148048*)* @dget_parent to %struct.dentry.214823* (%struct.dentry.214823*)*)(%struct.dentry.214823* %195) #83 %215 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %214, i64 0, i32 5 %216 = load %struct.inode.214835*, %struct.inode.214835** %215, align 8 tail call void bitcast (void (%struct.inode*)* @nfs_advise_use_readdirplus to void (%struct.inode.214835*)*)(%struct.inode.214835* %216) #83 tail call void bitcast (void (%struct.dentry.148048*)* @dput to void (%struct.dentry.214823*)*)(%struct.dentry.214823* %214) #83 br label %217 %218 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %14, %struct.inode.214835* %9) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 __nfs_revalidate_inode 1 nfs_getattr 2 nfs_namespace_getattr ------------- Path:  Function:nfs_namespace_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %9, i64 -1, i32 24, i32 4, i32 1 %11 = bitcast %struct.list_head** %10 to i16* %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.path.214263*, %struct.kstat*, i32, i32)* @nfs_getattr to i32 (%struct.user_namespace*, %struct.path*, %struct.kstat*, i32, i32)*)(%struct.user_namespace* %0, %struct.path* %1, %struct.kstat* %2, i32 %3, i32 %4) #83 Function:nfs_getattr %6 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 1 %7 = load %struct.dentry.214823*, %struct.dentry.214823** %6, align 8 %8 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %7, i64 0, i32 5 %9 = load %struct.inode.214835*, %struct.inode.214835** %8, align 8 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %37 [label %17], !srcloc !4 %38 = and i32 %3, 2047 %39 = and i32 %4, 16384 %40 = icmp eq i32 %39, 0 %41 = xor i1 %16, true %42 = or i1 %40, %41 br i1 %42, label %60, label %43 %61 = and i32 %3, 192 %62 = icmp eq i32 %61, 0 br i1 %62, label %73, label %63 %64 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 0 %65 = load i16, i16* %64, align 8 %66 = and i16 %65, -4096 %67 = icmp eq i16 %66, -32768 br i1 %67, label %68, label %73 %69 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 9 %70 = load %struct.address_space.214836*, %struct.address_space.214836** %69, align 8 %71 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.214836*, i64, i64)*)(%struct.address_space.214836* %70, i64 0, i64 9223372036854775807) #83 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %297 %74 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 0 %75 = load %struct.vfsmount.214820*, %struct.vfsmount.214820** %74, align 8 %76 = getelementptr inbounds %struct.vfsmount.214820, %struct.vfsmount.214820* %75, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = and i32 %77, 8 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %88 %81 = and i32 %77, 16 %82 = icmp eq i32 %81, 0 br i1 %82, label %90, label %83 %91 = phi i32 [ %89, %88 ], [ %38, %83 ], [ %38, %80 ] %92 = and i32 %91, 1790 %93 = icmp eq i32 %92, 0 br i1 %93, label %237, label %94 br i1 %16, label %95, label %125 %96 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %97 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %96, i64 0, i32 28 %98 = bitcast i8** %97 to %struct.nfs_server.214962** %99 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %98, align 16 %100 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %99, i64 0, i32 0 %101 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %100, align 8 %102 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %101, i64 0, i32 12 %103 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %102, align 8 %104 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %103, i64 0, i32 47 %105 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %104, align 8 %106 = tail call i32 %105(%struct.inode.214835* %9, i32 1) #83 %107 = icmp eq i32 %106, 0 br i1 %107, label %108, label %125 %109 = getelementptr %struct.inode.214835, %struct.inode.214835* %9, i64 -1, i32 24, i32 4 %110 = load volatile i64, i64* @jiffies, align 64 %111 = getelementptr inbounds %struct.list_head, %struct.list_head* %109, i64 10 %112 = bitcast %struct.list_head* %111 to i64* %113 = load i64, i64* %112, align 8 %114 = sub i64 %110, %113 %115 = icmp sgt i64 %114, -1 br i1 %115, label %116, label %125 %117 = load volatile i64, i64* @jiffies, align 64 %118 = getelementptr inbounds %struct.list_head, %struct.list_head* %109, i64 10, i32 1 %119 = bitcast %struct.list_head** %118 to i64* %120 = load i64, i64* %119, align 8 %121 = sub i64 %117, %113 %122 = sub i64 %121, %120 %123 = lshr i64 %122, 63 %124 = xor i64 %123, 1 br label %125 %126 = phi i64 [ 1, %94 ], [ 0, %95 ], [ 1, %108 ], [ %124, %116 ] %127 = getelementptr %struct.inode.214835, %struct.inode.214835* %9, i64 -1, i32 24, i32 4 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %127, i64 9, i32 1 %129 = bitcast %struct.list_head** %128 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = and i64 %130, 256 %132 = or i64 %131, %126 %133 = icmp ne i64 %132, 0 %134 = and i32 %91, 32 %135 = icmp eq i32 %134, 0 %136 = and i64 %130, 4 %137 = zext i1 %133 to i64 %138 = or i64 %136, %137 %139 = icmp ne i64 %138, 0 %140 = select i1 %135, i1 %133, i1 %139 %141 = trunc i32 %91 to i8 %142 = icmp sgt i8 %141, -1 %143 = and i64 %130, 512 %144 = zext i1 %140 to i64 %145 = or i64 %143, %144 %146 = icmp ne i64 %145, 0 %147 = select i1 %142, i1 %140, i1 %146 %148 = and i32 %91, 64 %149 = icmp eq i32 %148, 0 %150 = and i64 %130, 1024 %151 = zext i1 %147 to i64 %152 = or i64 %150, %151 %153 = icmp ne i64 %152, 0 %154 = select i1 %149, i1 %147, i1 %153 %155 = and i32 %91, 512 %156 = icmp eq i32 %155, 0 %157 = and i64 %130, 2048 %158 = zext i1 %154 to i64 %159 = or i64 %157, %158 %160 = icmp ne i64 %159, 0 %161 = select i1 %156, i1 %154, i1 %160 %162 = and i32 %91, 4 %163 = icmp eq i32 %162, 0 %164 = and i64 %130, 65536 %165 = zext i1 %161 to i64 %166 = or i64 %164, %165 %167 = icmp ne i64 %166, 0 %168 = select i1 %163, i1 %161, i1 %167 %169 = and i32 %91, 2 %170 = icmp eq i32 %169, 0 %171 = and i64 %130, 131072 %172 = zext i1 %168 to i64 %173 = or i64 %171, %172 %174 = icmp ne i64 %173, 0 %175 = select i1 %170, i1 %168, i1 %174 %176 = and i32 %91, 24 %177 = icmp eq i32 %176, 0 %178 = and i64 %130, 4096 %179 = zext i1 %175 to i64 %180 = or i64 %178, %179 %181 = icmp ne i64 %180, 0 %182 = select i1 %177, i1 %175, i1 %181 %183 = and i32 %91, 1024 %184 = icmp eq i32 %183, 0 %185 = and i64 %130, 16384 %186 = zext i1 %182 to i64 %187 = or i64 %185, %186 %188 = icmp ne i64 %187, 0 %189 = select i1 %184, i1 %182, i1 %188 br i1 %189, label %190, label %220 %191 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 8 %192 = load i32, i32* %191, align 8 %193 = and i32 %192, 32 %194 = icmp eq i32 %193, 0 %195 = load %struct.dentry.214823*, %struct.dentry.214823** %6, align 8 %196 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %195, i64 0, i32 5 %197 = load %struct.inode.214835*, %struct.inode.214835** %196, align 8 %198 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %197, i64 0, i32 8 %199 = load %struct.super_block.214819*, %struct.super_block.214819** %198, align 8 %200 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %199, i64 0, i32 28 %201 = bitcast i8** %200 to %struct.nfs_server.214962** %202 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %201, align 16 %203 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %202, i64 0, i32 10 %204 = load i32, i32* %203, align 8 %205 = and i32 %204, 1 %206 = icmp eq i32 %205, 0 br i1 %194, label %207, label %212 br i1 %206, label %217, label %213 %214 = tail call %struct.dentry.214823* bitcast (%struct.dentry.148048* (%struct.dentry.148048*)* @dget_parent to %struct.dentry.214823* (%struct.dentry.214823*)*)(%struct.dentry.214823* %195) #83 %215 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %214, i64 0, i32 5 %216 = load %struct.inode.214835*, %struct.inode.214835** %215, align 8 tail call void bitcast (void (%struct.inode*)* @nfs_advise_use_readdirplus to void (%struct.inode.214835*)*)(%struct.inode.214835* %216) #83 tail call void bitcast (void (%struct.dentry.148048*)* @dput to void (%struct.dentry.214823*)*)(%struct.dentry.214823* %214) #83 br label %217 %218 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %14, %struct.inode.214835* %9) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 __nfs_revalidate_inode 1 nfs_revalidate_inode 2 nfs4_xattr_get_nfs4_acl ------------- Path:  Function:nfs4_xattr_get_nfs4_acl %7 = getelementptr inbounds %struct.inode, %struct.inode* %2, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.233131** %11 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %11, i64 0, i32 10 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %58, label %16 %17 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %2, i64 256) #83 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 __nfs_revalidate_inode 1 nfs_revalidate_inode 2 nfs3_get_acl ------------- Path:  Function:nfs3_get_acl %4 = alloca [7 x %struct.page.232204*], align 16 %5 = alloca %struct.nfs3_getaclargs, align 8 %6 = alloca %struct.nfs3_getaclres, align 8 %7 = alloca %struct.rpc_message.232335, align 8 %8 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %0, i64 0, i32 8 %9 = load %struct.super_block.232179*, %struct.super_block.232179** %8, align 8 %10 = getelementptr inbounds %struct.super_block.232179, %struct.super_block.232179* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.232431** %12 = load %struct.nfs_server.232431*, %struct.nfs_server.232431** %11, align 16 %13 = bitcast [7 x %struct.page.232204*]* %4 to i8* %14 = bitcast %struct.nfs3_getaclargs* %5 to i8* %15 = getelementptr %struct.inode.232196, %struct.inode.232196* %0, i64 -1, i32 24, i32 4, i32 1 %16 = bitcast %struct.nfs3_getaclargs* %5 to %struct.list_head*** store %struct.list_head** %15, %struct.list_head*** %16, align 8 %17 = getelementptr inbounds %struct.nfs3_getaclargs, %struct.nfs3_getaclargs* %5, i64 0, i32 1 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.nfs3_getaclargs, %struct.nfs3_getaclargs* %5, i64 0, i32 2 %19 = getelementptr inbounds [7 x %struct.page.232204*], [7 x %struct.page.232204*]* %4, i64 0, i64 0 store %struct.page.232204** %19, %struct.page.232204*** %18, align 8 %20 = bitcast %struct.nfs3_getaclres* %6 to i8* %21 = bitcast %struct.rpc_message.232335* %7 to i8* %22 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 0 store %struct.rpc_procinfo.232334* null, %struct.rpc_procinfo.232334** %22, align 8 %23 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs3_getaclargs** store %struct.nfs3_getaclargs* %5, %struct.nfs3_getaclargs** %24, align 8 %25 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs3_getaclres** store %struct.nfs3_getaclres* %6, %struct.nfs3_getaclres** %26, align 8 %27 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 3 store %struct.cred* null, %struct.cred** %27, align 8 br i1 %2, label %243, label %28 %29 = getelementptr inbounds %struct.nfs_server.232431, %struct.nfs_server.232431* %12, i64 0, i32 10 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 8 %32 = icmp eq i32 %31, 0 br i1 %32, label %243, label %33 %34 = call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode.232196*, i64)*)(%struct.inode.232196* %0, i64 256) #83 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 __nfs_revalidate_inode 1 nfs_revalidate_inode 2 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 __nfs_revalidate_inode 1 nfs_revalidate_inode 2 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 __nfs_revalidate_inode 1 nfs_revalidate_inode 2 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 __nfs_revalidate_inode 1 nfs_revalidate_inode 2 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 __nfs_revalidate_inode 1 nfs_revalidate_inode 2 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 __nfs_revalidate_inode 1 nfs_revalidate_inode 2 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %38 %24 = load volatile i64, i64* @jiffies, align 64 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 10 %26 = bitcast %struct.list_head* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %24, %27 %29 = icmp sgt i64 %28, -1 br i1 %29, label %30, label %45 %46 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %47 = load %struct.super_block.214819*, %struct.super_block.214819** %46, align 8 %48 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %47, i64 0, i32 28 %49 = bitcast i8** %48 to %struct.nfs_server.214962** %50 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %49, align 16 %51 = tail call i32 @__nfs_revalidate_inode(%struct.nfs_server.214962* %50, %struct.inode.214835* %0) #84 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 __nfs_revalidate_inode 1 nfs_file_llseek ------------- Path:  Function:nfs_file_llseek %4 = icmp ult i32 %2, 2 br i1 %4, label %25, label %5 %6 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %0, i64 0, i32 18 %7 = load %struct.address_space.212830*, %struct.address_space.212830** %6, align 8 %8 = getelementptr inbounds %struct.address_space.212830, %struct.address_space.212830* %7, i64 0, i32 0 %9 = load %struct.inode.213279*, %struct.inode.213279** %8, align 8 %10 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %9, i64 0, i32 8 %11 = load %struct.super_block.213267*, %struct.super_block.213267** %10, align 8 %12 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.213423** %14 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %13, align 16 %15 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %0, i64 0, i32 7 %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 16384 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %21 %22 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.213423*, %struct.inode.213279*)*)(%struct.nfs_server.213423* %14, %struct.inode.213279* %9) #83 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 __nfs_revalidate_inode 1 nfs_weak_revalidate ------------- Path:  Function:nfs_weak_revalidate %3 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = icmp eq %struct.inode* %4, null br i1 %5, label %53, label %6 %7 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode*)*)(%struct.inode* nonnull %4) #83 br i1 %7, label %53, label %8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.212651** %13 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %12, align 16 %14 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2048 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %49 %19 = and i32 %1, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %35, label %21 %22 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %35 [ i16 -32768, label %25 i16 16384, label %30 ] %26 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %13, i64 0, i32 10 %27 = load i32, i32* %26, align 8 %28 = and i32 %27, 16 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %38 %31 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %13, i64 0, i32 8 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 16 %34 = icmp eq i32 %33, 0 br i1 %34, label %43, label %35 %36 = and i32 %1, 32 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = and i32 %1, 64 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %49 %47 = tail call i32 bitcast (i32 (%struct.nfs_server.214962*, %struct.inode.214835*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.212651*, %struct.inode*)*)(%struct.nfs_server.212651* %13, %struct.inode* nonnull %4) #83 Function:__nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %1, i64 -1, i32 24, i32 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_revalidate_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__nfs_revalidate_inode, %4)) #6 to label %24 [label %4], !srcloc !4 %25 = tail call zeroext i1 bitcast (i1 (%struct.inode.149148*)* @is_bad_inode to i1 (%struct.inode.214835*)*)(%struct.inode.214835* %1) #83 br i1 %25, label %116, label %26 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = and i64 %29, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %116 %33 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %1, i64 0, i32 0 %34 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %35 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %34, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 nfs_setattr ------------- Path:  Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %1, i64 0, i32 5 %5 = load %struct.inode.214835*, %struct.inode.214835** %4, align 8 %6 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 8 %7 = load %struct.super_block.214819*, %struct.super_block.214819** %6, align 8 %8 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.214962** %10 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.214825, %struct.iattr.214825* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.214825, %struct.iattr.214825* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.148792*, i64)* @inode_newsize_ok to i32 (%struct.inode.214835*, i64)*)(%struct.inode.214835* %5, i64 %32) #83 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %136 %36 = load i64, i64* %31, align 8 %37 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 14 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 %40 = load i32, i32* %14, align 8 br i1 %39, label %41, label %43 %44 = phi i32 [ %21, %20 ], [ %42, %41 ], [ %40, %35 ] %45 = and i32 %44, 447 %46 = icmp eq i32 %45, 0 br i1 %46, label %136, label %47 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_setattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_setattr, %48)) #6 to label %68 [label %48], !srcloc !9 %69 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 0 %70 = load i16, i16* %69, align 8 %71 = and i16 %70, -4096 %72 = icmp eq i16 %71, -32768 br i1 %72, label %73, label %75 tail call void bitcast (void (%struct.inode.148552*)* @inode_dio_wait to void (%struct.inode.214835*)*)(%struct.inode.214835* %5) #83 %74 = tail call i32 bitcast (i32 (%struct.inode*)* @nfs_wb_all to i32 (%struct.inode.214835*)*)(%struct.inode.214835* %5) #83 br label %75 %76 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %77 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %76, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 nfs_setattr 1 nfs_namespace_setattr ------------- Path:  Function:nfs_namespace_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 24, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to i16* %8 = load i16, i16* %7, align 2 %9 = icmp eq i16 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.214823*, %struct.iattr.214825*)* @nfs_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #83 Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %1, i64 0, i32 5 %5 = load %struct.inode.214835*, %struct.inode.214835** %4, align 8 %6 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 8 %7 = load %struct.super_block.214819*, %struct.super_block.214819** %6, align 8 %8 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.214962** %10 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.214825, %struct.iattr.214825* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.214825, %struct.iattr.214825* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.148792*, i64)* @inode_newsize_ok to i32 (%struct.inode.214835*, i64)*)(%struct.inode.214835* %5, i64 %32) #83 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %136 %36 = load i64, i64* %31, align 8 %37 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 14 %38 = load i64, i64* %37, align 8 %39 = icmp eq i64 %36, %38 %40 = load i32, i32* %14, align 8 br i1 %39, label %41, label %43 %44 = phi i32 [ %21, %20 ], [ %42, %41 ], [ %40, %35 ] %45 = and i32 %44, 447 %46 = icmp eq i32 %45, 0 br i1 %46, label %136, label %47 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_setattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_setattr, %48)) #6 to label %68 [label %48], !srcloc !9 %69 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %5, i64 0, i32 0 %70 = load i16, i16* %69, align 8 %71 = and i16 %70, -4096 %72 = icmp eq i16 %71, -32768 br i1 %72, label %73, label %75 tail call void bitcast (void (%struct.inode.148552*)* @inode_dio_wait to void (%struct.inode.214835*)*)(%struct.inode.214835* %5) #83 %74 = tail call i32 bitcast (i32 (%struct.inode*)* @nfs_wb_all to i32 (%struct.inode.214835*)*)(%struct.inode.214835* %5) #83 br label %75 %76 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %77 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %76, i32 3136, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 nfs_readdir ------------- Path:  Function:nfs_readdir %3 = alloca [2 x i32], align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 67108864 %10 = icmp eq i32 %9, 0 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = phi %struct.dentry* [ %18, %11 ], [ %6, %2 ] %21 = getelementptr inbounds %struct.dentry, %struct.dentry* %20, i64 0, i32 5 %22 = load %struct.inode*, %struct.inode** %21, align 8 %23 = getelementptr %struct.inode, %struct.inode* %22, i64 -1, i32 24, i32 4 %24 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.nfs_open_dir_context** %26 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %22, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 28 %30 = bitcast i8** %29 to %struct.nfs_server.212651** %31 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %30, align 16 %32 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %31, i64 0, i32 6 %33 = load %struct.nfs_iostats*, %struct.nfs_iostats** %32, align 8 %34 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %33, i64 0, i32 1, i64 12 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !6 %35 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %41, label %38 %39 = tail call i32 bitcast (i32 (%struct.inode.214835*)* @nfs_attribute_cache_expired to i32 (%struct.inode*)*)(%struct.inode* %22) #83 %40 = icmp eq i32 %39, 0 br i1 %40, label %46, label %41 %47 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %48 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %47, i32 3520, i64 120) #84 ------------- Use: =BAD PATH= Call Stack: 0 nfs_opendir ------------- Path:  Function:nfs_opendir %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.212651** %7 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %7, i64 0, i32 6 %9 = load %struct.nfs_iostats*, %struct.nfs_iostats** %8, align 8 %10 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %9, i64 0, i32 1, i64 4 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %10, i64* %10) #6, !srcloc !4 %11 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %12 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %13 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %12, i32 3264, i64 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_alloc_client 1 nfs4_alloc_client ------------- Path:  Function:nfs4_alloc_client %2 = alloca [49 x i8], align 16 %3 = alloca %struct.__kernel_sockaddr_storage, align 8 %4 = getelementptr inbounds [49 x i8], [49 x i8]* %2, i64 0, i64 0 %5 = getelementptr inbounds %struct.nfs_client_initdata.236306, %struct.nfs_client_initdata.236306* %0, i64 0, i32 4 %6 = load i8*, i8** %5, align 8 %7 = tail call %struct.nfs_client.243389* bitcast (%struct.nfs_client* (%struct.nfs_client_initdata*)* @nfs_alloc_client to %struct.nfs_client.243389* (%struct.nfs_client_initdata.236306*)*)(%struct.nfs_client_initdata.236306* %0) #83 Function:nfs_alloc_client %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 3520, i64 800) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_alloc_server 1 nfs_clone_server ------------- Path:  Function:nfs_clone_server %5 = alloca %struct.nlmclnt_initdata, align 8 %6 = tail call %struct.nfs_server* @nfs_alloc_server() #83 Function:nfs_alloc_server %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3520, i64 1056) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_alloc_server 1 nfs4_create_server ------------- Path:  Function:nfs4_create_server %2 = alloca %struct.rpc_timeout, align 8 %3 = getelementptr inbounds %struct.fs_context, %struct.fs_context* %0, i64 0, i32 3 %4 = bitcast i8** %3 to %struct.nfs_fs_context.243405** %5 = load %struct.nfs_fs_context.243405*, %struct.nfs_fs_context.243405** %4, align 8 %6 = tail call %struct.nfs_server.243328* bitcast (%struct.nfs_server* ()* @nfs_alloc_server to %struct.nfs_server.243328* ()*)() #83 Function:nfs_alloc_server %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3520, i64 1056) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_alloc_server 1 nfs4_create_server 2 nfs4_try_get_tree ------------- Path:  Function:nfs4_try_get_tree %2 = getelementptr inbounds %struct.fs_context, %struct.fs_context* %0, i64 0, i32 3 %3 = bitcast i8** %2 to %struct.nfs_fs_context.236310** %4 = load %struct.nfs_fs_context.236310*, %struct.nfs_fs_context.236310** %3, align 8 %5 = tail call %struct.nfs_server.236267* bitcast (%struct.nfs_server.243328* (%struct.fs_context*)* @nfs4_create_server to %struct.nfs_server.236267* (%struct.fs_context*)*)(%struct.fs_context* %0) #83 Function:nfs4_create_server %2 = alloca %struct.rpc_timeout, align 8 %3 = getelementptr inbounds %struct.fs_context, %struct.fs_context* %0, i64 0, i32 3 %4 = bitcast i8** %3 to %struct.nfs_fs_context.243405** %5 = load %struct.nfs_fs_context.243405*, %struct.nfs_fs_context.243405** %4, align 8 %6 = tail call %struct.nfs_server.243328* bitcast (%struct.nfs_server* ()* @nfs_alloc_server to %struct.nfs_server.243328* ()*)() #83 Function:nfs_alloc_server %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3520, i64 1056) #83 ------------- Use: =BAD PATH= Call Stack: 0 jbd2_seq_info_open ------------- Path:  Function:jbd2_seq_info_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #83 %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 3264, i64 24) #84 ------------- Use: =BAD PATH= Call Stack: 0 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca %struct.readahead_control.189108, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.hw_perf_event_extra, align 8 %6 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 2 %7 = load %struct.inode.189107*, %struct.inode.189107** %6, align 8 %8 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 8 %9 = load %struct.super_block.189089*, %struct.super_block.189089** %8, align 8 %10 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 4 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 16384 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %853 %15 = getelementptr inbounds %struct.super_block.189089, %struct.super_block.189089* %9, i64 0, i32 28 %16 = bitcast i8** %15 to %struct.ext4_sb_info.189208** %17 = load %struct.ext4_sb_info.189208*, %struct.ext4_sb_info.189208** %16, align 16 %18 = getelementptr inbounds %struct.ext4_sb_info.189208, %struct.ext4_sb_info.189208* %17, i64 0, i32 15 %19 = load %struct.ext4_super_block*, %struct.ext4_super_block** %18, align 8 %20 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %19, i64 0, i32 28 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 32 %23 = icmp eq i32 %22, 0 br i1 %23, label %540, label %24 %25 = getelementptr %struct.inode.189107, %struct.inode.189107* %7, i64 -1, i32 34 %26 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %25, i64 10, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = and i64 %27, 4096 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %47 %31 = getelementptr inbounds %struct.inode.189107, %struct.inode.189107* %7, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.super_block.189089, %struct.super_block.189089* %9, i64 0, i32 2 %34 = load i8, i8* %33, align 4 %35 = zext i8 %34 to i64 %36 = ashr i64 %32, %35 %37 = icmp eq i64 %36, 1 br i1 %37, label %47, label %38 %39 = load volatile i64, i64* %26, align 8 %40 = and i64 %39, 268435456 %41 = icmp eq i64 %40, 0 br i1 %41, label %540, label %42 %43 = bitcast %struct.anon.1* %25 to %struct.ext4_inode_info* %44 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %43, i64 0, i32 33 %45 = load i16, i16* %44, align 2 %46 = icmp eq i16 %45, 0 br i1 %46, label %540, label %47 %48 = getelementptr inbounds %struct.file.188978, %struct.file.188978* %0, i64 0, i32 16 %49 = bitcast i8** %48 to %struct.dir_private_info** %50 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %51 = icmp eq %struct.dir_private_info* %50, null br i1 %51, label %55, label %52 %56 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 kernfs_iop_get_link ------------- Path:  Function:kernfs_iop_get_link %4 = icmp eq %struct.dentry* %0, null br i1 %4, label %113, label %5 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 kernfs_fop_open ------------- Path:  Function:kernfs_fop_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.kernfs_node** %5 = load %struct.kernfs_node*, %struct.kernfs_node** %4, align 8 %6 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %5, i64 0, i32 2 %7 = load %struct.kernfs_node*, %struct.kernfs_node** %6, align 8 %8 = icmp eq %struct.kernfs_node* %7, null %9 = select i1 %8, %struct.kernfs_node* %5, %struct.kernfs_node* %7 %10 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %9, i64 0, i32 7, i32 0, i32 2 %11 = load %struct.kernfs_root*, %struct.kernfs_root** %10, align 8 %12 = tail call %struct.kernfs_node* @kernfs_get_active(%struct.kernfs_node* %5) #83 %13 = icmp eq %struct.kernfs_node* %12, null br i1 %13, label %191, label %14 %15 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %5, i64 0, i32 7 %16 = bitcast %union.anon.31* %15 to %struct.kernfs_ops** %17 = load %struct.kernfs_ops*, %struct.kernfs_ops** %16, align 8 %18 = getelementptr inbounds %struct.kernfs_ops, %struct.kernfs_ops* %17, i64 0, i32 2 %19 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %18, align 8 %20 = icmp eq i32 (%struct.seq_file*, i8*)* %19, null br i1 %20, label %21, label %29 %22 = getelementptr inbounds %struct.kernfs_ops, %struct.kernfs_ops* %17, i64 0, i32 6 %23 = load i64 (%struct.kernfs_open_file*, i8*, i64, i64)*, i64 (%struct.kernfs_open_file*, i8*, i64, i64)** %22, align 8 %24 = icmp eq i64 (%struct.kernfs_open_file*, i8*, i64, i64)* %23, null br i1 %24, label %25, label %29 %30 = phi i1 [ false, %21 ], [ false, %14 ], [ %28, %25 ] %31 = getelementptr inbounds %struct.kernfs_ops, %struct.kernfs_ops* %17, i64 0, i32 9 %32 = load i64 (%struct.kernfs_open_file*, i8*, i64, i64)*, i64 (%struct.kernfs_open_file*, i8*, i64, i64)** %31, align 8 %33 = icmp eq i64 (%struct.kernfs_open_file*, i8*, i64, i64)* %32, null %34 = getelementptr inbounds %struct.kernfs_ops, %struct.kernfs_ops* %17, i64 0, i32 11 %35 = load i32 (%struct.kernfs_open_file*, %struct.vm_area_struct*)*, i32 (%struct.kernfs_open_file*, %struct.vm_area_struct*)** %34, align 8 %36 = icmp eq i32 (%struct.kernfs_open_file*, %struct.vm_area_struct*)* %35, null %37 = icmp eq i32 (%struct.kernfs_open_file*, %struct.vm_area_struct*)* %35, null %38 = getelementptr inbounds %struct.kernfs_root, %struct.kernfs_root* %11, i64 0, i32 1 %39 = load i32, i32* %38, align 8 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %63, label %42 %43 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 8 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 2 %46 = icmp eq i32 %45, 0 br i1 %46, label %54, label %47 %48 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %49 = load i16, i16* %48, align 8 %50 = and i16 %49, 146 %51 = icmp eq i16 %50, 0 %52 = and i1 %33, %36 %53 = or i1 %51, %52 br i1 %53, label %189, label %54 %55 = and i32 %44, 1 %56 = icmp eq i32 %55, 0 br i1 %56, label %63, label %57 %58 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %59 = load i16, i16* %58, align 8 %60 = and i16 %59, 292 %61 = icmp eq i16 %60, 0 %62 = or i1 %61, %30 br i1 %62, label %189, label %63 %64 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %65 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %64, i32 3520, i64 152) #84 ------------- Use: =BAD PATH= Call Stack: 0 proc_thread_self_get_link ------------- Path:  Function:proc_thread_self_get_link %4 = getelementptr inbounds %struct.inode.181547, %struct.inode.181547* %1, i64 0, i32 8 %5 = load %struct.super_block.181541*, %struct.super_block.181541** %4, align 8 %6 = getelementptr inbounds %struct.super_block.181541, %struct.super_block.181541* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.proc_fs_info.181558** %8 = load %struct.proc_fs_info.181558*, %struct.proc_fs_info.181558** %7, align 16 %9 = getelementptr inbounds %struct.proc_fs_info.181558, %struct.proc_fs_info.181558* %8, i64 0, i32 0 %10 = load %struct.pid_namespace.181416*, %struct.pid_namespace.181416** %9, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.181529** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.181529**)) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct.181529* %13 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.181529*, i32, %struct.pid_namespace.181416*)*)(%struct.task_struct.181529* %12, i32 1, %struct.pid_namespace.181416* %10) #83 %14 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.181529*, i32, %struct.pid_namespace.181416*)*)(%struct.task_struct.181529* %12, i32 0, %struct.pid_namespace.181416* %10) #83 %15 = icmp eq i32 %14, 0 br i1 %15, label %28, label %16 %17 = icmp eq %struct.dentry.181551* %0, null %18 = select i1 %17, i32 2592, i32 3264 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 %18, i64 27) #84 ------------- Use: =BAD PATH= Call Stack: 0 proc_self_get_link ------------- Path:  Function:proc_self_get_link %4 = getelementptr inbounds %struct.inode.181547, %struct.inode.181547* %1, i64 0, i32 8 %5 = load %struct.super_block.181541*, %struct.super_block.181541** %4, align 8 %6 = getelementptr inbounds %struct.super_block.181541, %struct.super_block.181541* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.proc_fs_info.181558** %8 = load %struct.proc_fs_info.181558*, %struct.proc_fs_info.181558** %7, align 16 %9 = getelementptr inbounds %struct.proc_fs_info.181558, %struct.proc_fs_info.181558* %8, i64 0, i32 0 %10 = load %struct.pid_namespace.181416*, %struct.pid_namespace.181416** %9, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.181529** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.181529**)) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct.181529* %13 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.181529*, i32, %struct.pid_namespace.181416*)*)(%struct.task_struct.181529* %12, i32 1, %struct.pid_namespace.181416* %10) #83 %14 = icmp eq i32 %13, 0 br i1 %14, label %27, label %15 %16 = icmp eq %struct.dentry.181551* %0, null %17 = select i1 %16, i32 2592, i32 3264 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 4), align 16 %19 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 %17, i64 11) #84 ------------- Use: =BAD PATH= Call Stack: 0 smaps_rollup_open ------------- Path:  Function:smaps_rollup_open %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 4197824, i64 40) #83 ------------- Use: =BAD PATH= Call Stack: 0 posix_acl_from_mode 1 nfs3_set_acl ------------- Path:  Function:nfs3_set_acl %5 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %1, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, -4096 %8 = icmp eq i16 %7, 16384 br i1 %8, label %9, label %16 switch i32 %3, label %16 [ i32 32768, label %10 i32 16384, label %13 ] %14 = tail call %struct.posix_acl* bitcast (%struct.posix_acl* (%struct.inode*, i32)* @get_acl to %struct.posix_acl* (%struct.inode.232196*, i32)*)(%struct.inode.232196* %1, i32 32768) #83 %15 = icmp ugt %struct.posix_acl* %14, inttoptr (i64 -4096 to %struct.posix_acl*) br i1 %15, label %63, label %16 %17 = phi %struct.posix_acl* [ %2, %9 ], [ %2, %4 ], [ %2, %10 ], [ %14, %13 ] %18 = phi %struct.posix_acl* [ null, %9 ], [ null, %4 ], [ %11, %10 ], [ %2, %13 ] %19 = icmp eq %struct.posix_acl* %17, null br i1 %19, label %20, label %24 %21 = load i16, i16* %5, align 8 %22 = tail call %struct.posix_acl* @posix_acl_from_mode(i16 zeroext %21, i32 3264) #83 Function:posix_acl_from_mode %3 = and i32 %1, 17 %4 = icmp eq i32 %3, 0 %5 = and i32 %1, 1 %6 = icmp eq i32 %5, 0 %7 = select i1 %6, i64 1, i64 2 %8 = select i1 %4, i64 0, i64 %7 %9 = getelementptr [3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 %8, i64 6 %10 = load %struct.kmem_cache*, %struct.kmem_cache** %9, align 16 %11 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %10, i32 %1, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 io_ring_ctx_alloc 1 io_uring_create 2 __ia32_sys_io_uring_setup ------------- Path:  Function:__ia32_sys_io_uring_setup %2 = alloca %struct.io_uring_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.io_uring_params* %10 = bitcast %struct.io_uring_params* %2 to i8* %11 = inttoptr i64 %7 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %10, i8* %11, i64 120) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %33 %15 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %2, i64 0, i32 7, i64 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %33 %19 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %2, i64 0, i32 7, i64 1 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %25, label %33 %26 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %2, i64 0, i32 7, i64 2 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %33 %30 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %2, i64 0, i32 2 %31 = load i32, i32* %30, align 8 %32 = icmp ult i32 %31, 128 br i1 %32, label %22, label %33 %23 = call fastcc i32 @io_uring_create(i32 %8, %struct.io_uring_params* nonnull %2, %struct.io_uring_params* %9) #84 Function:io_uring_create %4 = icmp eq i32 %0, 0 br i1 %4, label %190, label %5 %6 = icmp ugt i32 %0, 32768 br i1 %6, label %7, label %12 %8 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 16 %11 = icmp eq i32 %10, 0 br i1 %11, label %190, label %12 %13 = phi i32 [ %0, %5 ], [ 32768, %7 ] %14 = zext i32 %13 to i64 %15 = add nsw i64 %14, -1 %16 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %15, i32 -1) #4, !srcloc !4 %17 = add i32 %16, 1 %18 = zext i32 %17 to i64 %19 = shl nuw i64 1, %18 %20 = trunc i64 %19 to i32 %21 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %1, i64 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %1, i64 0, i32 2 %23 = load i32, i32* %22, align 8 %24 = and i32 %23, 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %46, label %26 %27 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %1, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %190, label %30 %31 = icmp ugt i32 %28, 65536 br i1 %31, label %32, label %36 %33 = and i32 %23, 16 %34 = icmp eq i32 %33, 0 br i1 %34, label %190, label %35 store i32 65536, i32* %27, align 4 br label %36 %37 = phi i32 [ 65536, %35 ], [ %28, %30 ] %38 = zext i32 %37 to i64 %39 = add nsw i64 %38, -1 %40 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %39, i32 -1) #4, !srcloc !4 %41 = add i32 %40, 1 %42 = zext i32 %41 to i64 %43 = shl nuw i64 1, %42 %44 = trunc i64 %43 to i32 store i32 %44, i32* %27, align 4 %45 = icmp ugt i32 %20, %44 br i1 %45, label %190, label %49 %50 = tail call fastcc %struct.io_ring_ctx* @io_ring_ctx_alloc(%struct.io_uring_params* %1) #83 Function:io_ring_ctx_alloc %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 3520, i64 1088) #83 ------------- Use: =BAD PATH= Call Stack: 0 io_ring_ctx_alloc 1 io_uring_create 2 __x64_sys_io_uring_setup ------------- Path:  Function:__x64_sys_io_uring_setup %2 = alloca %struct.io_uring_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = inttoptr i64 %6 to %struct.io_uring_params* %9 = bitcast %struct.io_uring_params* %2 to i8* %10 = inttoptr i64 %6 to i8* %11 = call i64 @_copy_from_user(i8* nonnull %9, i8* %10, i64 120) #83 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %32 %14 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %2, i64 0, i32 7, i64 0 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %32 %18 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %2, i64 0, i32 7, i64 1 %19 = load i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %24, label %32 %25 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %2, i64 0, i32 7, i64 2 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %29 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %2, i64 0, i32 2 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, 128 br i1 %31, label %21, label %32 %22 = call fastcc i32 @io_uring_create(i32 %7, %struct.io_uring_params* nonnull %2, %struct.io_uring_params* %8) #84 Function:io_uring_create %4 = icmp eq i32 %0, 0 br i1 %4, label %190, label %5 %6 = icmp ugt i32 %0, 32768 br i1 %6, label %7, label %12 %8 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %1, i64 0, i32 2 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 16 %11 = icmp eq i32 %10, 0 br i1 %11, label %190, label %12 %13 = phi i32 [ %0, %5 ], [ 32768, %7 ] %14 = zext i32 %13 to i64 %15 = add nsw i64 %14, -1 %16 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %15, i32 -1) #4, !srcloc !4 %17 = add i32 %16, 1 %18 = zext i32 %17 to i64 %19 = shl nuw i64 1, %18 %20 = trunc i64 %19 to i32 %21 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %1, i64 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %1, i64 0, i32 2 %23 = load i32, i32* %22, align 8 %24 = and i32 %23, 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %46, label %26 %27 = getelementptr inbounds %struct.io_uring_params, %struct.io_uring_params* %1, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %190, label %30 %31 = icmp ugt i32 %28, 65536 br i1 %31, label %32, label %36 %33 = and i32 %23, 16 %34 = icmp eq i32 %33, 0 br i1 %34, label %190, label %35 store i32 65536, i32* %27, align 4 br label %36 %37 = phi i32 [ 65536, %35 ], [ %28, %30 ] %38 = zext i32 %37 to i64 %39 = add nsw i64 %38, -1 %40 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %39, i32 -1) #4, !srcloc !4 %41 = add i32 %40, 1 %42 = zext i32 %41 to i64 %43 = shl nuw i64 1, %42 %44 = trunc i64 %43 to i32 store i32 %44, i32* %27, align 4 %45 = icmp ugt i32 %20, %44 br i1 %45, label %190, label %49 %50 = tail call fastcc %struct.io_ring_ctx* @io_ring_ctx_alloc(%struct.io_uring_params* %1) #83 Function:io_ring_ctx_alloc %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 3520, i64 1088) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_eventfd 1 __ia32_sys_eventfd ------------- Path:  Function:__ia32_sys_eventfd %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i32 @do_eventfd(i32 %4, i32 0) #83 Function:do_eventfd %3 = and i32 %1, -526338 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %41 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_eventfd 1 __ia32_sys_eventfd2 ------------- Path:  Function:__ia32_sys_eventfd2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i32 %8 = tail call fastcc i32 @do_eventfd(i32 %6, i32 %7) #83 Function:do_eventfd %3 = and i32 %1, -526338 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %41 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_eventfd 1 __x64_sys_eventfd ------------- Path:  Function:__x64_sys_eventfd %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i32 @do_eventfd(i32 %4, i32 0) #83 Function:do_eventfd %3 = and i32 %1, -526338 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %41 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_eventfd 1 __x64_sys_eventfd2 ------------- Path:  Function:__x64_sys_eventfd2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i32 %8 = tail call fastcc i32 @do_eventfd(i32 %6, i32 %7) #83 Function:do_eventfd %3 = and i32 %1, -526338 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %41 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_timerfd_create 1 __ia32_sys_timerfd_create ------------- Path:  Function:__ia32_sys_timerfd_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_timerfd_create(i64 %4, i64 %7) #83 Function:__se_sys_timerfd_create %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = and i32 %4, -526337 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %41 switch i32 %3, label %41 [ i32 9, label %8 i32 8, label %8 i32 7, label %8 i32 1, label %8 i32 0, label %8 ] %9 = and i32 %3, -2 %10 = icmp eq i32 %9, 8 br i1 %10, label %11, label %13 %12 = tail call zeroext i1 @capable(i32 35) #83 br i1 %12, label %13, label %41 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %15 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 3520, i64 216) #84 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_timerfd_create 1 __x64_sys_timerfd_create ------------- Path:  Function:__x64_sys_timerfd_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_timerfd_create(i64 %3, i64 %5) #83 Function:__se_sys_timerfd_create %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = and i32 %4, -526337 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %41 switch i32 %3, label %41 [ i32 9, label %8 i32 8, label %8 i32 7, label %8 i32 1, label %8 i32 0, label %8 ] %9 = and i32 %3, -2 %10 = icmp eq i32 %9, 8 br i1 %10, label %11, label %13 %12 = tail call zeroext i1 @capable(i32 35) #83 br i1 %12, label %13, label %41 %14 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %15 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %14, i32 3520, i64 216) #84 ------------- Use: =BAD PATH= Call Stack: 0 do_signalfd4 1 __ia32_compat_sys_signalfd ------------- Path:  Function:__ia32_compat_sys_signalfd %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %8 to i32 %11 = bitcast %struct.cpumask* %2 to i8* %12 = icmp eq i32 %10, 8 br i1 %12, label %13, label %21 %14 = and i64 %6, 4294967295 %15 = inttoptr i64 %14 to %struct.kernel_cap_struct* %16 = call i32 @get_compat_sigset(%struct.cpumask* nonnull %2, %struct.kernel_cap_struct* %15) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21 %19 = call fastcc i32 @do_signalfd4(i32 %9, %struct.cpumask* nonnull %2, i32 0) #83 Function:do_signalfd4 %4 = and i32 %2, -526337 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %55 %7 = getelementptr %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -262401 %10 = xor i64 %9, -1 store i64 %10, i64* %7, align 8 %11 = icmp eq i32 %0, -1 br i1 %11, label %12, label %24 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_signalfd4 1 __ia32_compat_sys_signalfd4 ------------- Path:  Function:__ia32_compat_sys_signalfd4 %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %4 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i32 %14 = bitcast %struct.cpumask* %2 to i8* %15 = icmp eq i32 %12, 8 br i1 %15, label %16, label %24 %17 = and i64 %6, 4294967295 %18 = inttoptr i64 %17 to %struct.kernel_cap_struct* %19 = call i32 @get_compat_sigset(%struct.cpumask* nonnull %2, %struct.kernel_cap_struct* %18) #83 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %24 %22 = call fastcc i32 @do_signalfd4(i32 %11, %struct.cpumask* nonnull %2, i32 %13) #83 Function:do_signalfd4 %4 = and i32 %2, -526337 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %55 %7 = getelementptr %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -262401 %10 = xor i64 %9, -1 store i64 %10, i64* %7, align 8 %11 = icmp eq i32 %0, -1 br i1 %11, label %12, label %24 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_signalfd4 1 __ia32_sys_signalfd ------------- Path:  Function:__ia32_sys_signalfd %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = bitcast %struct.cpumask* %2 to i8* %12 = icmp eq i64 %9, 8 br i1 %12, label %13, label %21 %14 = and i64 %6, 4294967295 %15 = inttoptr i64 %14 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %11, i8* %15, i64 8) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %21 %19 = call fastcc i32 @do_signalfd4(i32 %10, %struct.cpumask* nonnull %2, i32 0) #83 Function:do_signalfd4 %4 = and i32 %2, -526337 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %55 %7 = getelementptr %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -262401 %10 = xor i64 %9, -1 store i64 %10, i64* %7, align 8 %11 = icmp eq i32 %0, -1 br i1 %11, label %12, label %24 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_signalfd4 1 __ia32_sys_signalfd4 ------------- Path:  Function:__ia32_sys_signalfd4 %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %11 to i32 %14 = bitcast %struct.cpumask* %2 to i8* %15 = icmp eq i64 %9, 8 br i1 %15, label %16, label %24 %17 = and i64 %6, 4294967295 %18 = inttoptr i64 %17 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %14, i8* %18, i64 8) #83 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %24 %22 = call fastcc i32 @do_signalfd4(i32 %12, %struct.cpumask* nonnull %2, i32 %13) #83 Function:do_signalfd4 %4 = and i32 %2, -526337 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %55 %7 = getelementptr %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -262401 %10 = xor i64 %9, -1 store i64 %10, i64* %7, align 8 %11 = icmp eq i32 %0, -1 br i1 %11, label %12, label %24 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_signalfd4 1 __x64_sys_signalfd ------------- Path:  Function:__x64_sys_signalfd %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = bitcast %struct.cpumask* %2 to i8* %12 = icmp eq i64 %9, 8 br i1 %12, label %13, label %19 %14 = call i64 @_copy_from_user(i8* nonnull %11, i8* %7, i64 8) #83 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %19 %17 = call fastcc i32 @do_signalfd4(i32 %10, %struct.cpumask* nonnull %2, i32 0) #83 Function:do_signalfd4 %4 = and i32 %2, -526337 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %55 %7 = getelementptr %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -262401 %10 = xor i64 %9, -1 store i64 %10, i64* %7, align 8 %11 = icmp eq i32 %0, -1 br i1 %11, label %12, label %24 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_signalfd4 1 __x64_sys_signalfd4 ------------- Path:  Function:__x64_sys_signalfd4 %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %11 to i32 %14 = bitcast %struct.cpumask* %2 to i8* %15 = icmp eq i64 %9, 8 br i1 %15, label %16, label %22 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %7, i64 8) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %22 %20 = call fastcc i32 @do_signalfd4(i32 %12, %struct.cpumask* nonnull %2, i32 %13) #83 Function:do_signalfd4 %4 = and i32 %2, -526337 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %55 %7 = getelementptr %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, -262401 %10 = xor i64 %9, -1 store i64 %10, i64* %7, align 8 %11 = icmp eq i32 %0, -1 br i1 %11, label %12, label %24 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 3), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 8) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_epoll_create 1 __ia32_sys_epoll_create ------------- Path:  Function:__ia32_sys_epoll_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 1 br i1 %5, label %9, label %6 %7 = tail call fastcc i32 @do_epoll_create(i32 0) #83 Function:do_epoll_create %2 = and i32 %0, -524289 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %62 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.162711** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.162711**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.162711* %7 = getelementptr inbounds %struct.task_struct.162711, %struct.task_struct.162711* %6, i64 0, i32 94 %8 = load %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 21 %10 = load %struct.user_struct*, %struct.user_struct** %9, align 8 %11 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !5 %14 = icmp eq i32 %13, 0 br i1 %14, label %19, label %15, !prof !6, !misexpect !7 %16 = add i32 %13, 1 %17 = or i32 %16, %13 %18 = icmp sgt i32 %17, -1 br i1 %18, label %21, label %19, !prof !8, !misexpect !7 %20 = phi i32 [ 2, %4 ], [ 1, %15 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 %20) #83 br label %21 %22 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %23 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %22, i32 3520, i64 176) #84 ------------- Use: =BAD PATH= Call Stack: 0 do_epoll_create 1 __ia32_sys_epoll_create1 ------------- Path:  Function:__ia32_sys_epoll_create1 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i32 @do_epoll_create(i32 %4) #83 Function:do_epoll_create %2 = and i32 %0, -524289 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %62 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.162711** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.162711**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.162711* %7 = getelementptr inbounds %struct.task_struct.162711, %struct.task_struct.162711* %6, i64 0, i32 94 %8 = load %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 21 %10 = load %struct.user_struct*, %struct.user_struct** %9, align 8 %11 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !5 %14 = icmp eq i32 %13, 0 br i1 %14, label %19, label %15, !prof !6, !misexpect !7 %16 = add i32 %13, 1 %17 = or i32 %16, %13 %18 = icmp sgt i32 %17, -1 br i1 %18, label %21, label %19, !prof !8, !misexpect !7 %20 = phi i32 [ 2, %4 ], [ 1, %15 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 %20) #83 br label %21 %22 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %23 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %22, i32 3520, i64 176) #84 ------------- Use: =BAD PATH= Call Stack: 0 do_epoll_create 1 __x64_sys_epoll_create ------------- Path:  Function:__x64_sys_epoll_create %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 1 br i1 %5, label %9, label %6 %7 = tail call fastcc i32 @do_epoll_create(i32 0) #83 Function:do_epoll_create %2 = and i32 %0, -524289 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %62 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.162711** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.162711**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.162711* %7 = getelementptr inbounds %struct.task_struct.162711, %struct.task_struct.162711* %6, i64 0, i32 94 %8 = load %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 21 %10 = load %struct.user_struct*, %struct.user_struct** %9, align 8 %11 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !5 %14 = icmp eq i32 %13, 0 br i1 %14, label %19, label %15, !prof !6, !misexpect !7 %16 = add i32 %13, 1 %17 = or i32 %16, %13 %18 = icmp sgt i32 %17, -1 br i1 %18, label %21, label %19, !prof !8, !misexpect !7 %20 = phi i32 [ 2, %4 ], [ 1, %15 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 %20) #83 br label %21 %22 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %23 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %22, i32 3520, i64 176) #84 ------------- Use: =BAD PATH= Call Stack: 0 do_epoll_create 1 __x64_sys_epoll_create1 ------------- Path:  Function:__x64_sys_epoll_create1 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i32 @do_epoll_create(i32 %4) #83 Function:do_epoll_create %2 = and i32 %0, -524289 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %62 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.162711** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.162711**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.162711* %7 = getelementptr inbounds %struct.task_struct.162711, %struct.task_struct.162711* %6, i64 0, i32 94 %8 = load %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 21 %10 = load %struct.user_struct*, %struct.user_struct** %9, align 8 %11 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0 %12 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %10, i64 0, i32 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 1, i32* %12) #6, !srcloc !5 %14 = icmp eq i32 %13, 0 br i1 %14, label %19, label %15, !prof !6, !misexpect !7 %16 = add i32 %13, 1 %17 = or i32 %16, %13 %18 = icmp sgt i32 %17, -1 br i1 %18, label %21, label %19, !prof !8, !misexpect !7 %20 = phi i32 [ 2, %4 ], [ 1, %15 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %11, i32 %20) #83 br label %21 %22 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %23 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %22, i32 3520, i64 176) #84 ------------- Use: =BAD PATH= Call Stack: 0 fsnotify_alloc_user_group 1 do_inotify_init 2 __ia32_sys_inotify_init1 ------------- Path:  Function:__ia32_sys_inotify_init1 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i32 @do_inotify_init(i32 %4) #83 Function:do_inotify_init %2 = and i32 %0, -526337 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %56 %5 = load i32, i32* @inotify_max_queued_events, align 4 %6 = tail call %struct.fsnotify_group.162128* bitcast (%struct.fsnotify_group.160442* (%struct.fsnotify_ops.160439*)* @fsnotify_alloc_user_group to %struct.fsnotify_group.162128* (%struct.fsnotify_ops.162131*)*)(%struct.fsnotify_ops.162131* nonnull bitcast ({ i32 (%struct.fsnotify_group.161697*, i32, i8*, i32, %struct.inode*, %struct.qstr*, i32, %struct.fsnotify_iter_info.161692*)*, i32 (%struct.fsnotify_mark.161691*, i32, %struct.inode*, %struct.inode*, %struct.qstr*, i32)*, void (%struct.fsnotify_group.161697*)*, void (%struct.fsnotify_mark.161691*, %struct.fsnotify_group.161697*)*, void (%struct.fsnotify_group.161697*, %struct.sysv_shm*)*, void (%struct.fsnotify_mark.161691*)* }* @inotify_fsnotify_ops to %struct.fsnotify_ops.162131*)) #83 Function:fsnotify_alloc_user_group %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 4197824, i64 192) #83 ------------- Use: =BAD PATH= Call Stack: 0 fsnotify_alloc_user_group 1 do_inotify_init 2 __do_sys_inotify_init ------------- Path:  Function:__do_sys_inotify_init %2 = tail call fastcc i32 @do_inotify_init(i32 0) #83 Function:do_inotify_init %2 = and i32 %0, -526337 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %56 %5 = load i32, i32* @inotify_max_queued_events, align 4 %6 = tail call %struct.fsnotify_group.162128* bitcast (%struct.fsnotify_group.160442* (%struct.fsnotify_ops.160439*)* @fsnotify_alloc_user_group to %struct.fsnotify_group.162128* (%struct.fsnotify_ops.162131*)*)(%struct.fsnotify_ops.162131* nonnull bitcast ({ i32 (%struct.fsnotify_group.161697*, i32, i8*, i32, %struct.inode*, %struct.qstr*, i32, %struct.fsnotify_iter_info.161692*)*, i32 (%struct.fsnotify_mark.161691*, i32, %struct.inode*, %struct.inode*, %struct.qstr*, i32)*, void (%struct.fsnotify_group.161697*)*, void (%struct.fsnotify_mark.161691*, %struct.fsnotify_group.161697*)*, void (%struct.fsnotify_group.161697*, %struct.sysv_shm*)*, void (%struct.fsnotify_mark.161691*)* }* @inotify_fsnotify_ops to %struct.fsnotify_ops.162131*)) #83 Function:fsnotify_alloc_user_group %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 4197824, i64 192) #83 ------------- Use: =BAD PATH= Call Stack: 0 fsnotify_alloc_user_group 1 do_inotify_init 2 __x64_sys_inotify_init1 ------------- Path:  Function:__x64_sys_inotify_init1 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i32 @do_inotify_init(i32 %4) #83 Function:do_inotify_init %2 = and i32 %0, -526337 %3 = icmp eq i32 %2, 0 br i1 %3, label %4, label %56 %5 = load i32, i32* @inotify_max_queued_events, align 4 %6 = tail call %struct.fsnotify_group.162128* bitcast (%struct.fsnotify_group.160442* (%struct.fsnotify_ops.160439*)* @fsnotify_alloc_user_group to %struct.fsnotify_group.162128* (%struct.fsnotify_ops.162131*)*)(%struct.fsnotify_ops.162131* nonnull bitcast ({ i32 (%struct.fsnotify_group.161697*, i32, i8*, i32, %struct.inode*, %struct.qstr*, i32, %struct.fsnotify_iter_info.161692*)*, i32 (%struct.fsnotify_mark.161691*, i32, %struct.inode*, %struct.inode*, %struct.qstr*, i32)*, void (%struct.fsnotify_group.161697*)*, void (%struct.fsnotify_mark.161691*, %struct.fsnotify_group.161697*)*, void (%struct.fsnotify_group.161697*, %struct.sysv_shm*)*, void (%struct.fsnotify_mark.161691*)* }* @inotify_fsnotify_ops to %struct.fsnotify_ops.162131*)) #83 Function:fsnotify_alloc_user_group %2 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %3 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %2, i32 4197824, i64 192) #83 ------------- Use: =BAD PATH= Call Stack: 0 alloc_fs_context 1 fs_context_for_submount 2 nfs_d_automount ------------- Path:  Function:nfs_d_automount %2 = getelementptr inbounds %struct.path, %struct.path* %0, i64 0, i32 1 %3 = load %struct.dentry*, %struct.dentry** %2, align 8 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %3, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.221813** %10 = load %struct.nfs_server.221813*, %struct.nfs_server.221813** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.221813, %struct.nfs_server.221813* %10, i64 0, i32 0 %12 = load %struct.nfs_client.221807*, %struct.nfs_client.221807** %11, align 8 %13 = load volatile i32, i32* @nfs_mountpoint_expiry_timeout, align 4 %14 = getelementptr inbounds %struct.dentry, %struct.dentry* %3, i64 0, i32 3 %15 = load %struct.dentry*, %struct.dentry** %14, align 8 %16 = icmp eq %struct.dentry* %3, %15 br i1 %16, label %126, label %17 %18 = getelementptr inbounds %struct.path, %struct.path* %0, i64 0, i32 0 %19 = load %struct.vfsmount*, %struct.vfsmount** %18, align 8 %20 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %19, i64 0, i32 1 %21 = load %struct.super_block*, %struct.super_block** %20, align 8 %22 = getelementptr inbounds %struct.super_block, %struct.super_block* %21, i64 0, i32 5 %23 = load %struct.file_system_type*, %struct.file_system_type** %22, align 8 %24 = tail call %struct.fs_context* bitcast (%struct.fs_context.156180* (%struct.file_system_type.156179*, %struct.dentry.156117*)* @fs_context_for_submount to %struct.fs_context* (%struct.file_system_type*, %struct.dentry*)*)(%struct.file_system_type* %23, %struct.dentry* %3) #83 Function:fs_context_for_submount %3 = tail call fastcc %struct.fs_context.156180* @alloc_fs_context(%struct.file_system_type.156179* %0, %struct.dentry.156117* %1, i32 0, i32 0, i32 1) #83 Function:alloc_fs_context %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 4197824, i64 160) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 guc_log_level_fops_open ------------- Path:  Function:guc_log_level_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @guc_log_level_get, i32 (i8*, i64)* nonnull @guc_log_level_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.4.43423, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 reset_fops_open ------------- Path:  Function:reset_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @__intel_gt_debugfs_reset_show, i32 (i8*, i64)* nonnull @__intel_gt_debugfs_reset_store, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.3.41455, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 i915_drrs_ctl_fops_open ------------- Path:  Function:i915_drrs_ctl_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @i915_drrs_ctl_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.25.41024, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 i915_edp_psr_debug_fops_open ------------- Path:  Function:i915_edp_psr_debug_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @i915_edp_psr_debug_get, i32 (i8*, i64)* nonnull @i915_edp_psr_debug_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.25.41024, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 i915_perf_noa_delay_fops_open ------------- Path:  Function:i915_perf_noa_delay_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @i915_perf_noa_delay_get, i32 (i8*, i64)* nonnull @i915_perf_noa_delay_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.34.40788, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 i915_wedged_fops_open ------------- Path:  Function:i915_wedged_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @i915_wedged_get, i32 (i8*, i64)* nonnull @i915_wedged_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.34.40788, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_atomic_t_wo_open ------------- Path:  Function:fops_atomic_t_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_atomic_t_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.12.25239, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_u16_wo_open ------------- Path:  Function:fops_u16_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u16_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 i915_drop_caches_fops_open ------------- Path:  Function:i915_drop_caches_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @i915_drop_caches_get, i32 (i8*, i64)* nonnull @i915_drop_caches_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.35.40786, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_x32_open ------------- Path:  Function:fops_x32_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u32_get, i32 (i8*, i64)* nonnull @debugfs_u32_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.10.25226, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_x32_ro_open ------------- Path:  Function:fops_x32_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u32_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.10.25226, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_x64_wo_open ------------- Path:  Function:fops_x64_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u64_set, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.11.25223, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_atomic_t_open ------------- Path:  Function:fops_atomic_t_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_atomic_t_get, i32 (i8*, i64)* nonnull @debugfs_atomic_t_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.12.25239, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_x64_open ------------- Path:  Function:fops_x64_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u64_get, i32 (i8*, i64)* nonnull @debugfs_u64_set, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.11.25223, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_x64_ro_open ------------- Path:  Function:fops_x64_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u64_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.11.25223, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 clear_warn_once_fops_open ------------- Path:  Function:clear_warn_once_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @clear_warn_once_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.15.5034, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_u64_open ------------- Path:  Function:fops_u64_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u64_get, i32 (i8*, i64)* nonnull @debugfs_u64_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fake_panic_fops_open ------------- Path:  Function:fake_panic_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @fake_panic_get, i32 (i8*, i64)* nonnull @fake_panic_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.96.2951, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_u8_open ------------- Path:  Function:fops_u8_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u8_get, i32 (i8*, i64)* nonnull @debugfs_u8_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_x8_wo_open ------------- Path:  Function:fops_x8_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u8_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.8.25222, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_x8_open ------------- Path:  Function:fops_x8_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u8_get, i32 (i8*, i64)* nonnull @debugfs_u8_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.8.25222, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_u8_ro_open ------------- Path:  Function:fops_u8_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u8_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_size_t_wo_open ------------- Path:  Function:fops_size_t_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_size_t_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fault_around_bytes_fops_open ------------- Path:  Function:fault_around_bytes_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @fault_around_bytes_get, i32 (i8*, i64)* nonnull @fault_around_bytes_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.11.14790, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_u32_ro_open ------------- Path:  Function:fops_u32_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u32_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_x16_ro_open ------------- Path:  Function:fops_x16_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u16_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.9.25229, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_ulong_wo_open ------------- Path:  Function:fops_ulong_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_ulong_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_x32_wo_open ------------- Path:  Function:fops_x32_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u32_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.10.25226, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_x8_ro_open ------------- Path:  Function:fops_x8_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u8_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.8.25222, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_size_t_ro_open ------------- Path:  Function:fops_size_t_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_size_t_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_x16_open ------------- Path:  Function:fops_x16_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u16_get, i32 (i8*, i64)* nonnull @debugfs_u16_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.9.25229, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_size_t_open ------------- Path:  Function:fops_size_t_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_size_t_get, i32 (i8*, i64)* nonnull @debugfs_size_t_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_x16_wo_open ------------- Path:  Function:fops_x16_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u16_set, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.9.25229, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_atomic_t_ro_open ------------- Path:  Function:fops_atomic_t_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_atomic_t_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.12.25239, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_ulong_ro_open ------------- Path:  Function:fops_ulong_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_ulong_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_ulong_open ------------- Path:  Function:fops_ulong_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_ulong_get, i32 (i8*, i64)* nonnull @debugfs_ulong_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_u8_wo_open ------------- Path:  Function:fops_u8_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u8_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_u64_ro_open ------------- Path:  Function:fops_u64_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u64_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_u64_wo_open ------------- Path:  Function:fops_u64_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u64_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 i915_fbc_false_color_fops_open ------------- Path:  Function:i915_fbc_false_color_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @i915_fbc_false_color_get, i32 (i8*, i64)* nonnull @i915_fbc_false_color_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.25.41024, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_u32_open ------------- Path:  Function:fops_u32_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u32_get, i32 (i8*, i64)* nonnull @debugfs_u32_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_u32_wo_open ------------- Path:  Function:fops_u32_wo_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* null, i32 (i8*, i64)* nonnull @debugfs_u32_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_u16_ro_open ------------- Path:  Function:fops_u16_ro_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u16_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 clk_rate_fops_open ------------- Path:  Function:clk_rate_fops_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @clk_rate_get, i32 (i8*, i64)* null, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.76.35399, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 simple_attr_open 1 fops_u16_open ------------- Path:  Function:fops_u16_open %3 = tail call i32 bitcast (i32 (%struct.inode.151779*, %struct.file.151769*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)* @simple_attr_open to i32 (%struct.inode*, %struct.file*, i32 (i8*, i64*)*, i32 (i8*, i64)*, i8*)*)(%struct.inode* %0, %struct.file* %1, i32 (i8*, i64*)* nonnull @debugfs_u16_get, i32 (i8*, i64)* nonnull @debugfs_u16_set, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.7.25232, i64 0, i64 0)) #83 Function:simple_attr_open %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 7), align 8 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 112) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 rpc_proc_open ------------- Path:  Function:rpc_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #83 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_proc_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 rpc_dummy_info_open ------------- Path:  Function:rpc_dummy_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_dummy_info_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 rpc_info_open ------------- Path:  Function:rpc_info_open %3 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_show_info, i8* null) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 pmc_dev_state_open ------------- Path:  Function:pmc_dev_state_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_dev_state_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 pmc_pss_state_open ------------- Path:  Function:pmc_pss_state_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_pss_state_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 pmc_sleep_tmr_open ------------- Path:  Function:pmc_sleep_tmr_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_sleep_tmr_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 hid_debug_rdesc_open ------------- Path:  Function:hid_debug_rdesc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @hid_debug_rdesc_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 xhci_port_open ------------- Path:  Function:xhci_port_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_portsc_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 xhci_context_open ------------- Path:  Function:xhci_context_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry* [ %16, %9 ], [ %4, %2 ] %19 = getelementptr inbounds %struct.dentry, %struct.dentry* %18, i64 0, i32 6, i64 0 %20 = tail call i32 @strcmp(i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.116.57100, i64 0, i64 0), i8* %19) #84 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %23 = tail call i32 @strcmp(i8* dereferenceable(13) getelementptr inbounds ([13 x i8], [13 x i8]* @.str.117.57101, i64 0, i64 0), i8* %19) #84 %24 = icmp eq i32 %23, 0 %25 = select i1 %24, i64 1, i64 2 br label %26 %27 = phi i64 [ 0, %17 ], [ %25, %22 ] %28 = getelementptr [3 x %struct.xhci_file_map], [3 x %struct.xhci_file_map]* @context_files, i64 0, i64 %27, i32 1 %29 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %28, align 8 %30 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %31 = load i8*, i8** %30, align 8 %32 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %29, i8* %31) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 xhci_stream_id_open ------------- Path:  Function:xhci_stream_id_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_stream_id_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 xhci_stream_context_array_open ------------- Path:  Function:xhci_stream_context_array_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_stream_context_array_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 xhci_ring_open ------------- Path:  Function:xhci_ring_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry* [ %16, %9 ], [ %4, %2 ] %19 = getelementptr inbounds %struct.dentry, %struct.dentry* %18, i64 0, i32 6, i64 0 %20 = tail call i32 @strcmp(i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.56988, i64 0, i64 0), i8* %19) #84 %21 = icmp eq i32 %20, 0 br i1 %21, label %25, label %22 %23 = tail call i32 @strcmp(i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.56989, i64 0, i64 0), i8* %19) #84 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %32 %33 = tail call i32 @strcmp(i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.18.56990, i64 0, i64 0), i8* %19) #84 %34 = icmp eq i32 %33, 0 %35 = select i1 %34, i64 2, i64 3 br label %25 %26 = phi i64 [ 0, %17 ], [ 1, %22 ], [ %35, %32 ] %27 = getelementptr [4 x %struct.xhci_file_map], [4 x %struct.xhci_file_map]* @ring_files, i64 0, i64 %26, i32 1 %28 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %30 = load i8*, i8** %29, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %28, i8* %30) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 dma_buf_debug_open ------------- Path:  Function:dma_buf_debug_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @dma_buf_debug_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 regmap_access_open ------------- Path:  Function:regmap_access_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @regmap_access_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 rbtree_open ------------- Path:  Function:rbtree_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rbtree_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 deferred_devs_open ------------- Path:  Function:deferred_devs_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @deferred_devs_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 component_devices_open ------------- Path:  Function:component_devices_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @component_devices_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 huc_info_open ------------- Path:  Function:huc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @huc_info_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 guc_log_dump_open ------------- Path:  Function:guc_log_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_log_dump_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 guc_load_err_log_dump_open ------------- Path:  Function:guc_load_err_log_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_load_err_log_dump_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 guc_info_open ------------- Path:  Function:guc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_info_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 guc_registered_contexts_open ------------- Path:  Function:guc_registered_contexts_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_registered_contexts_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 guc_slpc_info_open ------------- Path:  Function:guc_slpc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_slpc_info_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 uc_usage_open ------------- Path:  Function:uc_usage_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @uc_usage_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 sseu_status_open ------------- Path:  Function:sseu_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @sseu_status_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 rcs_topology_open ------------- Path:  Function:rcs_topology_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rcs_topology_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 drpc_open ------------- Path:  Function:drpc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @drpc_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 frequency_open ------------- Path:  Function:frequency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @frequency_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 fw_domains_open ------------- Path:  Function:fw_domains_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @fw_domains_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 llc_open ------------- Path:  Function:llc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @llc_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 rps_boost_open ------------- Path:  Function:rps_boost_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rps_boost_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 engines_open ------------- Path:  Function:engines_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @engines_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_panel_open ------------- Path:  Function:i915_panel_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_panel_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_psr_sink_status_open ------------- Path:  Function:i915_psr_sink_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_psr_sink_status_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_psr_status_open ------------- Path:  Function:i915_psr_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_psr_status_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_hdcp_sink_capability_open ------------- Path:  Function:i915_hdcp_sink_capability_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hdcp_sink_capability_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_dsc_fec_support_open ------------- Path:  Function:i915_dsc_fec_support_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_dsc_fec_support_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_dsc_bpp_open ------------- Path:  Function:i915_dsc_bpp_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_dsc_bpp_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_lpsp_capability_open ------------- Path:  Function:i915_lpsp_capability_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_lpsp_capability_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 pri_wm_latency_open ------------- Path:  Function:pri_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1731 %6 = load i8, i8* %5, align 1 %7 = icmp ult i8 %6, 5 br i1 %7, label %8, label %14 %9 = getelementptr i8, i8* %4, i64 1828 %10 = bitcast i8* %9 to i32* %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 98304 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pri_wm_latency_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 spr_wm_latency_open ------------- Path:  Function:spr_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 512 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @spr_wm_latency_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 cur_wm_latency_open ------------- Path:  Function:cur_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 512 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @cur_wm_latency_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_displayport_test_data_open ------------- Path:  Function:i915_displayport_test_data_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_data_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_displayport_test_type_open ------------- Path:  Function:i915_displayport_test_type_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_type_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_displayport_test_active_open ------------- Path:  Function:i915_displayport_test_active_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_active_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_hpd_storm_ctl_open ------------- Path:  Function:i915_hpd_storm_ctl_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hpd_storm_ctl_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_hpd_short_storm_ctl_open ------------- Path:  Function:i915_hpd_short_storm_ctl_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hpd_short_storm_ctl_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_ipc_status_open ------------- Path:  Function:i915_ipc_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 8192 %9 = icmp eq i24 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_ipc_status_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_param_charp_open ------------- Path:  Function:i915_param_charp_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_charp_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_param_int_open ------------- Path:  Function:i915_param_int_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_int_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_param_int_open ------------- Path:  Function:i915_param_int_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_int_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 i915_param_uint_open ------------- Path:  Function:i915_param_uint_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_uint_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 ttm_pool_debugfs_globals_open ------------- Path:  Function:ttm_pool_debugfs_globals_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_pool_debugfs_globals_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 ttm_pool_debugfs_shrink_open ------------- Path:  Function:ttm_pool_debugfs_shrink_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_pool_debugfs_shrink_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 ttm_tt_debugfs_shrink_open ------------- Path:  Function:ttm_tt_debugfs_shrink_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_tt_debugfs_shrink_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 crc_control_open ------------- Path:  Function:crc_control_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @crc_control_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 dmaengine_summary_open ------------- Path:  Function:dmaengine_summary_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @dmaengine_summary_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 clk_summary_open ------------- Path:  Function:clk_summary_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_summary_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 clk_dump_open ------------- Path:  Function:clk_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_dump_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 clk_min_rate_open ------------- Path:  Function:clk_min_rate_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_min_rate_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 clk_max_rate_open ------------- Path:  Function:clk_max_rate_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_max_rate_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 clk_flags_open ------------- Path:  Function:clk_flags_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_flags_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 clk_duty_cycle_open ------------- Path:  Function:clk_duty_cycle_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_duty_cycle_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 current_parent_open ------------- Path:  Function:current_parent_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @current_parent_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 possible_parents_open ------------- Path:  Function:possible_parents_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @possible_parents_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 debugfs_devm_entry_open ------------- Path:  Function:debugfs_devm_entry_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.debugfs_devm_entry** %5 = load %struct.debugfs_devm_entry*, %struct.debugfs_devm_entry** %4, align 8 %6 = getelementptr inbounds %struct.debugfs_devm_entry, %struct.debugfs_devm_entry* %5, i64 0, i32 0 %7 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %6, align 8 %8 = getelementptr inbounds %struct.debugfs_devm_entry, %struct.debugfs_devm_entry* %5, i64 0, i32 1 %9 = bitcast %struct.device** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %7, i8* %10) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 debugfs_open_regset32 ------------- Path:  Function:debugfs_open_regset32 %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @debugfs_show_regset32, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 single_open_net ------------- Path:  Function:single_open_net %3 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.proc_dir_entry** %6 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %5, align 8 %7 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 17 %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.net** %11 = load %struct.net*, %struct.net** %10, align 8 %12 = getelementptr inbounds %struct.net, %struct.net* %11, i64 0, i32 14, i32 3 %13 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %12, i64 0, i32 0, i32 0 %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %26, label %16 %17 = phi i32 [ %24, %23 ], [ %14, %2 ] %18 = add i32 %17, 1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %13, i32 %18, i32* %13, i32 %17) #6, !srcloc !4 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %26, !prof !5, !misexpect !6 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %16 %27 = phi i32 [ 0, %2 ], [ 0, %23 ], [ %17, %16 ] %28 = add i32 %27, 1 %29 = or i32 %28, %27 %30 = icmp sgt i32 %29, -1 br i1 %30, label %32, label %31, !prof !7, !misexpect !6 %33 = icmp eq i32 %27, 0 %34 = icmp eq %struct.net* %11, null %35 = or i1 %34, %33 br i1 %35, label %52, label %36 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 8 %38 = bitcast %union.anon.80.175425* %37 to i32 (%struct.seq_file*, i8*)** %39 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %38, align 8 %40 = bitcast %struct.net* %11 to i8* %41 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %39, i8* nonnull %40) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 proc_single_open.19053 ------------- Path:  Function:proc_single_open.19053 %3 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.proc_dir_entry** %6 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %5, align 8 %7 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 8 %8 = bitcast %union.anon.80.175425* %7 to i32 (%struct.seq_file*, i8*)** %9 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %8, align 8 %10 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 10 %11 = load i8*, i8** %10, align 8 %12 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %9, i8* %11) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 suspend_stats_open ------------- Path:  Function:suspend_stats_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @suspend_stats_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 irq_affinity_list_proc_open ------------- Path:  Function:irq_affinity_list_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #83 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @irq_affinity_list_proc_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 irq_affinity_proc_open ------------- Path:  Function:irq_affinity_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #83 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @irq_affinity_proc_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 default_affinity_open ------------- Path:  Function:default_affinity_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #83 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @default_affinity_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 tk_debug_sleep_time_open ------------- Path:  Function:tk_debug_sleep_time_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tk_debug_sleep_time_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 tracing_time_stamp_mode_open ------------- Path:  Function:tracing_time_stamp_mode_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #83 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #83 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_time_stamp_mode_show, i8* %30) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 tracing_clock_open ------------- Path:  Function:tracing_clock_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #83 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #83 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_clock_show, i8* %30) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 tracing_trace_options_open ------------- Path:  Function:tracing_trace_options_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 22) #83 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #83 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #83 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_trace_options_show, i8* %30) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 bdi_debug_stats_open ------------- Path:  Function:bdi_debug_stats_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @bdi_debug_stats_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 sg_proc_single_open_adio ------------- Path:  Function:sg_proc_single_open_adio %3 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.289897*, i32 (%struct.seq_file.289626*, i8*)*, i8*)*)(%struct.file.289897* %1, i32 (%struct.seq_file.289626*, i8*)* nonnull @sg_proc_seq_show_int, i8* bitcast (i32* @sg_allow_dio to i8*)) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 sg_proc_single_open_dressz ------------- Path:  Function:sg_proc_single_open_dressz %3 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.289897*, i32 (%struct.seq_file.289626*, i8*)*, i8*)*)(%struct.file.289897* %1, i32 (%struct.seq_file.289626*, i8*)* nonnull @sg_proc_seq_show_int, i8* bitcast (i32* @sg_big_buff to i8*)) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 proc_single_open ------------- Path:  Function:proc_single_open %3 = bitcast %struct.inode.176051* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.175888*, i32 (%struct.seq_file.175857*, i8*)*, i8*)*)(%struct.file.175888* %1, i32 (%struct.seq_file.175857*, i8*)* nonnull @proc_single_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 timens_offsets_open ------------- Path:  Function:timens_offsets_open %3 = bitcast %struct.inode.176051* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.175888*, i32 (%struct.seq_file.175857*, i8*)*, i8*)*)(%struct.file.175888* %1, i32 (%struct.seq_file.175857*, i8*)* nonnull @timens_offsets_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 vrr_range_open ------------- Path:  Function:vrr_range_open %3 = getelementptr inbounds %struct.inode.399535, %struct.inode.399535* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.399482*, i32 (%struct.seq_file.399483*, i8*)*, i8*)*)(%struct.file.399482* %1, i32 (%struct.seq_file.399483*, i8*)* nonnull @vrr_range_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 edid_open ------------- Path:  Function:edid_open %3 = getelementptr inbounds %struct.inode.399535, %struct.inode.399535* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.399482*, i32 (%struct.seq_file.399483*, i8*)*, i8*)*)(%struct.file.399482* %1, i32 (%struct.seq_file.399483*, i8*)* nonnull @edid_show.39693, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 timerslack_ns_open ------------- Path:  Function:timerslack_ns_open %3 = bitcast %struct.inode.176051* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.175888*, i32 (%struct.seq_file.175857*, i8*)*, i8*)*)(%struct.file.175888* %1, i32 (%struct.seq_file.175857*, i8*)* nonnull @timerslack_ns_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 connector_open ------------- Path:  Function:connector_open %3 = getelementptr inbounds %struct.inode.399535, %struct.inode.399535* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.399482*, i32 (%struct.seq_file.399483*, i8*)*, i8*)*)(%struct.file.399482* %1, i32 (%struct.seq_file.399483*, i8*)* nonnull @connector_show, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 drm_debugfs_open ------------- Path:  Function:drm_debugfs_open %3 = getelementptr inbounds %struct.inode.399535, %struct.inode.399535* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 8 %6 = bitcast i8* %5 to %struct.drm_info_list.399592** %7 = load %struct.drm_info_list.399592*, %struct.drm_info_list.399592** %6, align 8 %8 = getelementptr inbounds %struct.drm_info_list.399592, %struct.drm_info_list.399592* %7, i64 0, i32 1 %9 = load i32 (%struct.seq_file.399483*, i8*)*, i32 (%struct.seq_file.399483*, i8*)** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.399482*, i32 (%struct.seq_file.399483*, i8*)*, i8*)*)(%struct.file.399482* %1, i32 (%struct.seq_file.399483*, i8*)* %9, i8* %4) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 blk_mq_debugfs_open ------------- Path:  Function:blk_mq_debugfs_open %3 = getelementptr inbounds %struct.inode.302593, %struct.inode.302593* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.blk_mq_debugfs_attr.302604** %5 = load %struct.blk_mq_debugfs_attr.302604*, %struct.blk_mq_debugfs_attr.302604** %4, align 8 %6 = getelementptr inbounds %struct.file.302602, %struct.file.302602* %1, i64 0, i32 1, i32 1 %7 = load %struct.dentry.302597*, %struct.dentry.302597** %6, align 8 %8 = getelementptr inbounds %struct.dentry.302597, %struct.dentry.302597* %7, i64 0, i32 3 %9 = load %struct.dentry.302597*, %struct.dentry.302597** %8, align 8 %10 = getelementptr inbounds %struct.dentry.302597, %struct.dentry.302597* %9, i64 0, i32 5 %11 = load %struct.inode.302593*, %struct.inode.302593** %10, align 8 %12 = getelementptr inbounds %struct.inode.302593, %struct.inode.302593* %11, i64 0, i32 47 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.blk_mq_debugfs_attr.302604, %struct.blk_mq_debugfs_attr.302604* %5, i64 0, i32 4 %16 = load %struct.seq_operations.302207*, %struct.seq_operations.302207** %15, align 8 %17 = icmp eq %struct.seq_operations.302207* %16, null %18 = bitcast %struct.blk_mq_debugfs_attr.302604* %5 to i8* br i1 %17, label %28, label %19 %29 = getelementptr inbounds %struct.blk_mq_debugfs_attr.302604, %struct.blk_mq_debugfs_attr.302604* %5, i64 0, i32 2 %30 = load i32 (i8*, %struct.seq_file.302603*)*, i32 (i8*, %struct.seq_file.302603*)** %29, align 8 %31 = icmp eq i32 (i8*, %struct.seq_file.302603*)* %30, null br i1 %31, label %32, label %33, !prof !4, !misexpect !5 %34 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.302602*, i32 (%struct.seq_file.302603*, i8*)*, i8*)*)(%struct.file.302602* %1, i32 (%struct.seq_file.302603*, i8*)* nonnull @blk_mq_debugfs_show, i8* %18) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_open 1 comm_open ------------- Path:  Function:comm_open %3 = bitcast %struct.inode.176051* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.175888*, i32 (%struct.seq_file.175857*, i8*)*, i8*)*)(%struct.file.175888* %1, i32 (%struct.seq_file.175857*, i8*)* nonnull @comm_show, i8* %3) #83 Function:single_open %4 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %5 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %4, i32 4197568, i64 32) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __ia32_sys_mount ------------- Path:  Function:__ia32_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_mount(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #83 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %21 = ptrtoint i8* %20 to i64 %22 = icmp ugt i8* %20, inttoptr (i64 -4096 to i8*) br i1 %22, label %75, label %23 %24 = phi i8* [ %20, %19 ], [ null, %16 ] %25 = icmp eq i64 %4, 0 br i1 %25, label %63, label %26 %27 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %28 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %27, i32 3264, i64 4096) #84 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __x64_sys_mount ------------- Path:  Function:__x64_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_mount(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #83 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %21 = ptrtoint i8* %20 to i64 %22 = icmp ugt i8* %20, inttoptr (i64 -4096 to i8*) br i1 %22, label %75, label %23 %24 = phi i8* [ %20, %19 ], [ null, %16 ] %25 = icmp eq i64 %4, 0 br i1 %25, label %63, label %26 %27 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %28 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %27, i32 3264, i64 4096) #84 ------------- Use: =BAD PATH= Call Stack: 0 alloc_fdtable 1 expand_files 2 ksys_dup3 3 __ia32_sys_dup2 ------------- Path:  Function:__ia32_sys_dup2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = trunc i64 %5 to i32 %9 = icmp eq i32 %8, %7 br i1 %9, label %10, label %32, !prof !4, !misexpect !5 %33 = tail call fastcc i32 @ksys_dup3(i32 %7, i32 %8, i32 0) #83 Function:ksys_dup3 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 101 %7 = load %struct.files_struct*, %struct.files_struct** %6, align 16 %8 = and i32 %2, -524289 %9 = icmp ne i32 %8, 0 %10 = icmp eq i32 %0, %1 %11 = or i1 %10, %9 br i1 %11, label %48, label %12, !prof !5 %13 = zext i32 %1 to i64 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 104 %15 = load %struct.signal_struct*, %struct.signal_struct** %14, align 8 %16 = getelementptr %struct.signal_struct, %struct.signal_struct* %15, i64 0, i32 50, i64 7, i32 0 %17 = load volatile i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %13 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %7, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = tail call fastcc i32 @expand_files(%struct.files_struct* %7, i32 %1) #84 Function:expand_files %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %5 = load volatile %struct.fdtable*, %struct.fdtable** %4, align 32 %6 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp ugt i32 %7, %1 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 6, i32 0, i32 0 %12 = bitcast %struct.wait_queue_entry* %3 to i8* %13 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 2 br label %14 %15 = load i32, i32* @sysctl_nr_open, align 4 %16 = icmp ugt i32 %15, %1 br i1 %16, label %17, label %134 %18 = load i8, i8* %10, align 4, !range !4 %19 = icmp eq i8 %18, 0 br i1 %19, label %38, label %20, !prof !5, !misexpect !6 store i8 1, i8* %10, align 4 call void @_raw_spin_unlock(%struct.raw_spinlock* %11) #83 %39 = call fastcc %struct.fdtable* @alloc_fdtable(i32 %1) #83 Function:alloc_fdtable %2 = lshr i32 %0, 7 %3 = zext i32 %2 to i64 %4 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %3, i32 -1) #4, !srcloc !4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = shl nuw i64 1, %6 %8 = trunc i64 %7 to i32 %9 = shl i32 %8, 7 %10 = load i32, i32* @sysctl_nr_open, align 4 %11 = icmp ugt i32 %9, %10 %12 = add i32 %10, -1 %13 = or i32 %12, 63 %14 = add i32 %13, 1 %15 = select i1 %11, i32 %14, i32 %9, !prof !5 %16 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %17 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %16, i32 4197568, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 alloc_fdtable 1 expand_files 2 ksys_dup3 3 __ia32_sys_dup3 ------------- Path:  Function:__ia32_sys_dup3 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call fastcc i32 @ksys_dup3(i32 %8, i32 %9, i32 %10) #83 Function:ksys_dup3 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 101 %7 = load %struct.files_struct*, %struct.files_struct** %6, align 16 %8 = and i32 %2, -524289 %9 = icmp ne i32 %8, 0 %10 = icmp eq i32 %0, %1 %11 = or i1 %10, %9 br i1 %11, label %48, label %12, !prof !5 %13 = zext i32 %1 to i64 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 104 %15 = load %struct.signal_struct*, %struct.signal_struct** %14, align 8 %16 = getelementptr %struct.signal_struct, %struct.signal_struct* %15, i64 0, i32 50, i64 7, i32 0 %17 = load volatile i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %13 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %7, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = tail call fastcc i32 @expand_files(%struct.files_struct* %7, i32 %1) #84 Function:expand_files %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %5 = load volatile %struct.fdtable*, %struct.fdtable** %4, align 32 %6 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp ugt i32 %7, %1 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 6, i32 0, i32 0 %12 = bitcast %struct.wait_queue_entry* %3 to i8* %13 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 2 br label %14 %15 = load i32, i32* @sysctl_nr_open, align 4 %16 = icmp ugt i32 %15, %1 br i1 %16, label %17, label %134 %18 = load i8, i8* %10, align 4, !range !4 %19 = icmp eq i8 %18, 0 br i1 %19, label %38, label %20, !prof !5, !misexpect !6 store i8 1, i8* %10, align 4 call void @_raw_spin_unlock(%struct.raw_spinlock* %11) #83 %39 = call fastcc %struct.fdtable* @alloc_fdtable(i32 %1) #83 Function:alloc_fdtable %2 = lshr i32 %0, 7 %3 = zext i32 %2 to i64 %4 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %3, i32 -1) #4, !srcloc !4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = shl nuw i64 1, %6 %8 = trunc i64 %7 to i32 %9 = shl i32 %8, 7 %10 = load i32, i32* @sysctl_nr_open, align 4 %11 = icmp ugt i32 %9, %10 %12 = add i32 %10, -1 %13 = or i32 %12, 63 %14 = add i32 %13, 1 %15 = select i1 %11, i32 %14, i32 %9, !prof !5 %16 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %17 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %16, i32 4197568, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 alloc_fdtable 1 expand_files 2 ksys_dup3 3 __x64_sys_dup2 ------------- Path:  Function:__x64_sys_dup2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i32 %8 = icmp eq i32 %7, %6 br i1 %8, label %9, label %32, !prof !4, !misexpect !5 %33 = tail call fastcc i32 @ksys_dup3(i32 %6, i32 %7, i32 0) #83 Function:ksys_dup3 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 101 %7 = load %struct.files_struct*, %struct.files_struct** %6, align 16 %8 = and i32 %2, -524289 %9 = icmp ne i32 %8, 0 %10 = icmp eq i32 %0, %1 %11 = or i1 %10, %9 br i1 %11, label %48, label %12, !prof !5 %13 = zext i32 %1 to i64 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 104 %15 = load %struct.signal_struct*, %struct.signal_struct** %14, align 8 %16 = getelementptr %struct.signal_struct, %struct.signal_struct* %15, i64 0, i32 50, i64 7, i32 0 %17 = load volatile i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %13 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %7, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = tail call fastcc i32 @expand_files(%struct.files_struct* %7, i32 %1) #84 Function:expand_files %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %5 = load volatile %struct.fdtable*, %struct.fdtable** %4, align 32 %6 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp ugt i32 %7, %1 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 6, i32 0, i32 0 %12 = bitcast %struct.wait_queue_entry* %3 to i8* %13 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 2 br label %14 %15 = load i32, i32* @sysctl_nr_open, align 4 %16 = icmp ugt i32 %15, %1 br i1 %16, label %17, label %134 %18 = load i8, i8* %10, align 4, !range !4 %19 = icmp eq i8 %18, 0 br i1 %19, label %38, label %20, !prof !5, !misexpect !6 store i8 1, i8* %10, align 4 call void @_raw_spin_unlock(%struct.raw_spinlock* %11) #83 %39 = call fastcc %struct.fdtable* @alloc_fdtable(i32 %1) #83 Function:alloc_fdtable %2 = lshr i32 %0, 7 %3 = zext i32 %2 to i64 %4 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %3, i32 -1) #4, !srcloc !4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = shl nuw i64 1, %6 %8 = trunc i64 %7 to i32 %9 = shl i32 %8, 7 %10 = load i32, i32* @sysctl_nr_open, align 4 %11 = icmp ugt i32 %9, %10 %12 = add i32 %10, -1 %13 = or i32 %12, 63 %14 = add i32 %13, 1 %15 = select i1 %11, i32 %14, i32 %9, !prof !5 %16 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %17 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %16, i32 4197568, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 alloc_fdtable 1 expand_files 2 ksys_dup3 3 __x64_sys_dup3 ------------- Path:  Function:__x64_sys_dup3 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call fastcc i32 @ksys_dup3(i32 %8, i32 %9, i32 %10) #83 Function:ksys_dup3 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 101 %7 = load %struct.files_struct*, %struct.files_struct** %6, align 16 %8 = and i32 %2, -524289 %9 = icmp ne i32 %8, 0 %10 = icmp eq i32 %0, %1 %11 = or i1 %10, %9 br i1 %11, label %48, label %12, !prof !5 %13 = zext i32 %1 to i64 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 104 %15 = load %struct.signal_struct*, %struct.signal_struct** %14, align 8 %16 = getelementptr %struct.signal_struct, %struct.signal_struct* %15, i64 0, i32 50, i64 7, i32 0 %17 = load volatile i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %13 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %7, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #83 %21 = tail call fastcc i32 @expand_files(%struct.files_struct* %7, i32 %1) #84 Function:expand_files %3 = alloca %struct.wait_queue_entry, align 8 %4 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %5 = load volatile %struct.fdtable*, %struct.fdtable** %4, align 32 %6 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %5, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp ugt i32 %7, %1 br i1 %8, label %134, label %9 %10 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 6, i32 0, i32 0 %12 = bitcast %struct.wait_queue_entry* %3 to i8* %13 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 2 br label %14 %15 = load i32, i32* @sysctl_nr_open, align 4 %16 = icmp ugt i32 %15, %1 br i1 %16, label %17, label %134 %18 = load i8, i8* %10, align 4, !range !4 %19 = icmp eq i8 %18, 0 br i1 %19, label %38, label %20, !prof !5, !misexpect !6 store i8 1, i8* %10, align 4 call void @_raw_spin_unlock(%struct.raw_spinlock* %11) #83 %39 = call fastcc %struct.fdtable* @alloc_fdtable(i32 %1) #83 Function:alloc_fdtable %2 = lshr i32 %0, 7 %3 = zext i32 %2 to i64 %4 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %3, i32 -1) #4, !srcloc !4 %5 = add i32 %4, 1 %6 = zext i32 %5 to i64 %7 = shl nuw i64 1, %6 %8 = trunc i64 %7 to i32 %9 = shl i32 %8, 7 %10 = load i32, i32* @sysctl_nr_open, align 4 %11 = icmp ugt i32 %9, %10 %12 = add i32 %10, -1 %13 = or i32 %12, 63 %14 = add i32 %13, 1 %15 = select i1 %11, i32 %14, i32 %9, !prof !5 %16 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %17 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %16, i32 4197568, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 alloc_pipe_info 1 fifo_open ------------- Path:  Function:fifo_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 12 %6 = load i64, i64* %5, align 32 %7 = icmp eq i64 %6, 1346981957 %8 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 14 store i64 0, i64* %8, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 43, i32 0 %11 = load %struct.pipe_inode_info*, %struct.pipe_inode_info** %10, align 8 %12 = icmp eq %struct.pipe_inode_info* %11, null br i1 %12, label %17, label %13 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %18 = tail call %struct.pipe_inode_info* @alloc_pipe_info() #84 Function:alloc_pipe_info %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 94 %4 = load %struct.cred*, %struct.cred** %3, align 8 %5 = getelementptr inbounds %struct.cred, %struct.cred* %4, i64 0, i32 21 %6 = load %struct.user_struct*, %struct.user_struct** %5, align 8 %7 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %6, i64 0, i32 0 %8 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %6, i64 0, i32 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 1, i32* %8) #6, !srcloc !5 %10 = icmp eq i32 %9, 0 br i1 %10, label %15, label %11, !prof !6, !misexpect !7 %12 = add i32 %9, 1 %13 = or i32 %12, %9 %14 = icmp sgt i32 %13, -1 br i1 %14, label %17, label %15, !prof !8, !misexpect !7 %16 = phi i32 [ 2, %0 ], [ 1, %11 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %7, i32 %16) #83 br label %17 %18 = load volatile i32, i32* @pipe_max_size, align 4 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 2), align 16 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 4197824, i64 168) #84 ------------- Use: =BAD PATH= Call Stack: 0 memtype_reserve 1 reserve_pfn_range 2 track_pfn_remap 3 remap_pfn_range 4 mmap_mem ------------- Path:  Function:mmap_mem %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = sub i64 %4, %6 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 4503599627370496 br i1 %10, label %11, label %52 %12 = shl nuw i64 %9, 12 %13 = add i64 %7, -1 %14 = xor i64 %12, -1 %15 = icmp ugt i64 %13, %14 br i1 %15, label %52, label %16 %17 = tail call i32 @valid_mmap_phys_addr_range(i64 %9, i64 %7) #83 %18 = icmp eq i32 %17, 0 br i1 %18, label %52, label %19 %20 = load i64, i64* %8, align 8 %21 = shl i64 %20, 12 %22 = add i64 %21, %7 %23 = icmp ult i64 %21, %22 br i1 %23, label %24, label %35 %25 = phi i64 [ %30, %29 ], [ %21, %19 ] %26 = phi i64 [ %31, %29 ], [ %20, %19 ] %27 = tail call i32 @devmem_is_allowed(i64 %26) #83 %28 = icmp eq i32 %27, 0 br i1 %28, label %52, label %29 %30 = add i64 %25, 4096 %31 = add i64 %26, 1 %32 = icmp ult i64 %30, %22 br i1 %32, label %24, label %33 %34 = load i64, i64* %8, align 8 br label %35 %36 = phi i64 [ %34, %33 ], [ %20, %19 ] %37 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 7 %38 = tail call i32 @phys_mem_access_prot_allowed(%struct.file* %0, i64 %36, i64 %7, %struct.anon.1* %37) #84 %39 = icmp eq i32 %38, 0 br i1 %39, label %52, label %40 %41 = load i64, i64* %8, align 8 %42 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %37, i64 0, i32 0 %43 = load i64, i64* %42, align 8 %44 = tail call i64 @phys_mem_access_prot(%struct.file* %0, i64 %41, i64 %7, i64 %43) #83 %45 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 7, i32 0 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 12 store %struct.vm_operations_struct* @mmap_mem_ops, %struct.vm_operations_struct** %46, align 8 %47 = load i64, i64* %5, align 8 %48 = load i64, i64* %8, align 8 %49 = tail call i32 @remap_pfn_range(%struct.vm_area_struct* %1, i64 %47, i64 %48, i64 %7, i64 %44) #83 Function:remap_pfn_range %6 = alloca %struct.anon.1, align 8 %7 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %6, i64 0, i32 0 store i64 %4, i64* %7, align 8 %8 = add i64 %3, 4095 %9 = and i64 %8, -4096 %10 = call i32 @track_pfn_remap(%struct.vm_area_struct* %0, %struct.anon.1* nonnull %6, i64 %2, i64 %1, i64 %9) #83 Function:track_pfn_remap %6 = shl i64 %2, 12 %7 = icmp eq %struct.vm_area_struct* %0, null br i1 %7, label %8, label %10 %11 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp eq i64 %12, %3 br i1 %13, label %14, label %26 %15 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = sub i64 %16, %3 %18 = icmp eq i64 %17, %4 br i1 %18, label %19, label %26 %20 = tail call fastcc i32 @reserve_pfn_range(i64 %6, i64 %4, %struct.anon.1* %1, i32 0) #83 Function:reserve_pfn_range %5 = alloca %struct.arch_uprobe_task, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %2, i64 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = tail call i32 @pgprot2cachemode(i64 %8) #83 %10 = bitcast i32* %6 to i8* store i32 %9, i32* %6, align 4 %11 = add i64 %1, %0 %12 = lshr i64 %0, 12 %13 = add i64 %11, 4095 %14 = lshr i64 %13, 12 %15 = bitcast %struct.arch_uprobe_task* %5 to i8* %16 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 0 store i64 %12, i64* %16, align 8 %17 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 1 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 2 store i32 0, i32* %18, align 4 %19 = icmp ult i64 %0, 1048576 %20 = select i1 %19, i64 256, i64 %12 %21 = icmp ugt i64 %14, %20 br i1 %21, label %23, label %22 br label %63 %64 = call i32 @memtype_reserve(i64 %0, i64 %11, i32 %9, i32* nonnull %6) #84 Function:memtype_reserve %5 = alloca %struct.arch_uprobe_task, align 8 %6 = alloca i8, align 1 %7 = and i64 %0, 4503599627370495 %8 = add i64 %1, 4503599627370495 %9 = and i64 %8, 4503599627370495 %10 = add nuw nsw i64 %9, 1 %11 = icmp ugt i64 %7, %9 br i1 %11, label %12, label %20 %21 = load i1, i1* @pat_bp_enabled, align 1 br i1 %21, label %25, label %22 %26 = load i1 (i64, i64)*, i1 (i64, i64)** getelementptr inbounds (%struct.x86_platform_ops, %struct.x86_platform_ops* @x86_platform, i64 0, i32 5), align 8 %27 = tail call zeroext i1 %26(i64 %7, i64 %10) #83 br i1 %27, label %28, label %31 %32 = icmp eq i32 %2, 0 br i1 %32, label %33, label %37 %38 = phi i32 [ %36, %33 ], [ %2, %31 ] %39 = icmp eq i32* %3, null br i1 %39, label %41, label %40 %42 = lshr i64 %7, 12 %43 = add nuw nsw i64 %9, 4096 %44 = lshr i64 %43, 12 %45 = bitcast %struct.arch_uprobe_task* %5 to i8* %46 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 0 store i64 %42, i64* %46, align 8 %47 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 1 store i32 0, i32* %47, align 8 %48 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 2 store i32 0, i32* %48, align 4 %49 = icmp ult i64 %7, 1048576 %50 = select i1 %49, i64 256, i64 %42 %51 = icmp ugt i64 %44, %50 br i1 %51, label %52, label %109 %53 = sub nsw i64 %44, %50 %54 = call i32 @walk_system_ram_range(i64 %50, i64 %53, i8* nonnull %45, i32 (i64, i64, i8*)* nonnull @pagerange_is_ram_callback) #83 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %57 %58 = load i32, i32* %47, align 8 %59 = icmp eq i32 %58, 0 br i1 %59, label %110, label %60 %111 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %112 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %111, i32 3520, i64 56) #85 ------------- Use: =BAD PATH= Call Stack: 0 memtype_reserve 1 reserve_pfn_range 2 track_pfn_remap 3 remap_pfn_range 4 sel_mmap_handle_status ------------- Path:  Function:sel_mmap_handle_status %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.page** %5 = load %struct.page*, %struct.page** %4, align 8 %6 = icmp eq %struct.page* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %10 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %11 = load i64, i64* %10, align 8 %12 = load i64, i64* %9, align 8 %13 = sub i64 %11, %12 %14 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 13 %15 = load i64, i64* %14, align 8 %16 = icmp ne i64 %15, 0 %17 = icmp ne i64 %13, 4096 %18 = or i1 %16, %17 br i1 %18, label %33, label %19 %20 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %21 = load i64, i64* %20, align 8 %22 = and i64 %21, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %33 %25 = and i64 %21, -33 store i64 %25, i64* %20, align 8 %26 = load i64, i64* @vmemmap_base, align 8 %27 = ptrtoint %struct.page* %5 to i64 %28 = sub i64 %27, %26 %29 = ashr exact i64 %28, 6 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 7, i32 0 %31 = load i64, i64* %30, align 8 %32 = tail call i32 @remap_pfn_range(%struct.vm_area_struct* %1, i64 %12, i64 %29, i64 4096, i64 %31) #83 Function:remap_pfn_range %6 = alloca %struct.anon.1, align 8 %7 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %6, i64 0, i32 0 store i64 %4, i64* %7, align 8 %8 = add i64 %3, 4095 %9 = and i64 %8, -4096 %10 = call i32 @track_pfn_remap(%struct.vm_area_struct* %0, %struct.anon.1* nonnull %6, i64 %2, i64 %1, i64 %9) #83 Function:track_pfn_remap %6 = shl i64 %2, 12 %7 = icmp eq %struct.vm_area_struct* %0, null br i1 %7, label %8, label %10 %11 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp eq i64 %12, %3 br i1 %13, label %14, label %26 %15 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = sub i64 %16, %3 %18 = icmp eq i64 %17, %4 br i1 %18, label %19, label %26 %20 = tail call fastcc i32 @reserve_pfn_range(i64 %6, i64 %4, %struct.anon.1* %1, i32 0) #83 Function:reserve_pfn_range %5 = alloca %struct.arch_uprobe_task, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %2, i64 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = tail call i32 @pgprot2cachemode(i64 %8) #83 %10 = bitcast i32* %6 to i8* store i32 %9, i32* %6, align 4 %11 = add i64 %1, %0 %12 = lshr i64 %0, 12 %13 = add i64 %11, 4095 %14 = lshr i64 %13, 12 %15 = bitcast %struct.arch_uprobe_task* %5 to i8* %16 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 0 store i64 %12, i64* %16, align 8 %17 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 1 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 2 store i32 0, i32* %18, align 4 %19 = icmp ult i64 %0, 1048576 %20 = select i1 %19, i64 256, i64 %12 %21 = icmp ugt i64 %14, %20 br i1 %21, label %23, label %22 br label %63 %64 = call i32 @memtype_reserve(i64 %0, i64 %11, i32 %9, i32* nonnull %6) #84 Function:memtype_reserve %5 = alloca %struct.arch_uprobe_task, align 8 %6 = alloca i8, align 1 %7 = and i64 %0, 4503599627370495 %8 = add i64 %1, 4503599627370495 %9 = and i64 %8, 4503599627370495 %10 = add nuw nsw i64 %9, 1 %11 = icmp ugt i64 %7, %9 br i1 %11, label %12, label %20 %21 = load i1, i1* @pat_bp_enabled, align 1 br i1 %21, label %25, label %22 %26 = load i1 (i64, i64)*, i1 (i64, i64)** getelementptr inbounds (%struct.x86_platform_ops, %struct.x86_platform_ops* @x86_platform, i64 0, i32 5), align 8 %27 = tail call zeroext i1 %26(i64 %7, i64 %10) #83 br i1 %27, label %28, label %31 %32 = icmp eq i32 %2, 0 br i1 %32, label %33, label %37 %38 = phi i32 [ %36, %33 ], [ %2, %31 ] %39 = icmp eq i32* %3, null br i1 %39, label %41, label %40 %42 = lshr i64 %7, 12 %43 = add nuw nsw i64 %9, 4096 %44 = lshr i64 %43, 12 %45 = bitcast %struct.arch_uprobe_task* %5 to i8* %46 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 0 store i64 %42, i64* %46, align 8 %47 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 1 store i32 0, i32* %47, align 8 %48 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 2 store i32 0, i32* %48, align 4 %49 = icmp ult i64 %7, 1048576 %50 = select i1 %49, i64 256, i64 %42 %51 = icmp ugt i64 %44, %50 br i1 %51, label %52, label %109 %53 = sub nsw i64 %44, %50 %54 = call i32 @walk_system_ram_range(i64 %50, i64 %53, i8* nonnull %45, i32 (i64, i64, i8*)* nonnull @pagerange_is_ram_callback) #83 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %57 %58 = load i32, i32* %47, align 8 %59 = icmp eq i32 %58, 0 br i1 %59, label %110, label %60 %111 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %112 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %111, i32 3520, i64 56) #85 ------------- Use: =BAD PATH= Call Stack: 0 memtype_reserve 1 reserve_pfn_range 2 track_pfn_remap 3 remap_pfn_range 4 io_uring_mmap ------------- Path:  Function:io_uring_mmap %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = sub i64 %4, %6 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.io_ring_ctx** %12 = load %struct.io_ring_ctx*, %struct.io_ring_ctx** %11, align 8 %13 = shl i64 %9, 12 switch i64 %13, label %59 [ i64 0, label %14 i64 134217728, label %14 i64 268435456, label %17 ] %18 = getelementptr inbounds %struct.io_ring_ctx, %struct.io_ring_ctx* %12, i64 0, i32 1, i32 2 %19 = bitcast %struct.io_uring_sqe** %18 to i8** br label %20 %21 = phi i8** [ %19, %17 ], [ %16, %14 ] %22 = load i8*, i8** %21, align 8 %23 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %24 = ptrtoint i8* %22 to i64 %25 = add i64 %24, 2147483648 %26 = icmp ugt i8* %22, inttoptr (i64 -2147483649 to i8*) %27 = load i64, i64* @phys_base, align 8 %28 = load i64, i64* @page_offset_base, align 8 %29 = sub i64 -2147483648, %28 %30 = select i1 %26, i64 %27, i64 %29 %31 = add i64 %25, %30 %32 = lshr i64 %31, 12 %33 = getelementptr %struct.page, %struct.page* %23, i64 %32 %34 = getelementptr %struct.page, %struct.page* %23, i64 %32, i32 1 %35 = bitcast %union.anon.20* %34 to i64* %36 = load volatile i64, i64* %35, align 8 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 %39 = add i64 %36, -1 %40 = ptrtoint %struct.page* %33 to i64 %41 = select i1 %38, i64 %40, i64 %39, !prof !4 %42 = inttoptr i64 %41 to %struct.page* %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 0 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 65536 %46 = icmp eq i64 %45, 0 br i1 %46, label %53, label %47 %48 = getelementptr %struct.page, %struct.page* %42, i64 1, i32 1 %49 = bitcast %union.anon.20* %48 to %struct.anon.13* %50 = getelementptr inbounds %struct.anon.13, %struct.anon.13* %49, i64 0, i32 2 %51 = load i8, i8* %50, align 1 %52 = zext i8 %51 to i64 br label %53 %54 = phi i64 [ %52, %47 ], [ 0, %20 ] %55 = shl i64 4096, %54 %56 = icmp ult i64 %55, %7 br i1 %56, label %59, label %57 %58 = icmp ugt i8* %22, inttoptr (i64 -4096 to i8*) br i1 %58, label %59, label %63 %64 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 7, i32 0 %65 = load i64, i64* %64, align 8 %66 = tail call i32 @remap_pfn_range(%struct.vm_area_struct* %1, i64 %6, i64 %32, i64 %7, i64 %65) #83 Function:remap_pfn_range %6 = alloca %struct.anon.1, align 8 %7 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %6, i64 0, i32 0 store i64 %4, i64* %7, align 8 %8 = add i64 %3, 4095 %9 = and i64 %8, -4096 %10 = call i32 @track_pfn_remap(%struct.vm_area_struct* %0, %struct.anon.1* nonnull %6, i64 %2, i64 %1, i64 %9) #83 Function:track_pfn_remap %6 = shl i64 %2, 12 %7 = icmp eq %struct.vm_area_struct* %0, null br i1 %7, label %8, label %10 %11 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp eq i64 %12, %3 br i1 %13, label %14, label %26 %15 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = sub i64 %16, %3 %18 = icmp eq i64 %17, %4 br i1 %18, label %19, label %26 %20 = tail call fastcc i32 @reserve_pfn_range(i64 %6, i64 %4, %struct.anon.1* %1, i32 0) #83 Function:reserve_pfn_range %5 = alloca %struct.arch_uprobe_task, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %2, i64 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = tail call i32 @pgprot2cachemode(i64 %8) #83 %10 = bitcast i32* %6 to i8* store i32 %9, i32* %6, align 4 %11 = add i64 %1, %0 %12 = lshr i64 %0, 12 %13 = add i64 %11, 4095 %14 = lshr i64 %13, 12 %15 = bitcast %struct.arch_uprobe_task* %5 to i8* %16 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 0 store i64 %12, i64* %16, align 8 %17 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 1 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 2 store i32 0, i32* %18, align 4 %19 = icmp ult i64 %0, 1048576 %20 = select i1 %19, i64 256, i64 %12 %21 = icmp ugt i64 %14, %20 br i1 %21, label %23, label %22 br label %63 %64 = call i32 @memtype_reserve(i64 %0, i64 %11, i32 %9, i32* nonnull %6) #84 Function:memtype_reserve %5 = alloca %struct.arch_uprobe_task, align 8 %6 = alloca i8, align 1 %7 = and i64 %0, 4503599627370495 %8 = add i64 %1, 4503599627370495 %9 = and i64 %8, 4503599627370495 %10 = add nuw nsw i64 %9, 1 %11 = icmp ugt i64 %7, %9 br i1 %11, label %12, label %20 %21 = load i1, i1* @pat_bp_enabled, align 1 br i1 %21, label %25, label %22 %26 = load i1 (i64, i64)*, i1 (i64, i64)** getelementptr inbounds (%struct.x86_platform_ops, %struct.x86_platform_ops* @x86_platform, i64 0, i32 5), align 8 %27 = tail call zeroext i1 %26(i64 %7, i64 %10) #83 br i1 %27, label %28, label %31 %32 = icmp eq i32 %2, 0 br i1 %32, label %33, label %37 %38 = phi i32 [ %36, %33 ], [ %2, %31 ] %39 = icmp eq i32* %3, null br i1 %39, label %41, label %40 %42 = lshr i64 %7, 12 %43 = add nuw nsw i64 %9, 4096 %44 = lshr i64 %43, 12 %45 = bitcast %struct.arch_uprobe_task* %5 to i8* %46 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 0 store i64 %42, i64* %46, align 8 %47 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 1 store i32 0, i32* %47, align 8 %48 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %5, i64 0, i32 2 store i32 0, i32* %48, align 4 %49 = icmp ult i64 %7, 1048576 %50 = select i1 %49, i64 256, i64 %42 %51 = icmp ugt i64 %44, %50 br i1 %51, label %52, label %109 %53 = sub nsw i64 %44, %50 %54 = call i32 @walk_system_ram_range(i64 %50, i64 %53, i8* nonnull %45, i32 (i64, i64, i8*)* nonnull @pagerange_is_ram_callback) #83 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %57 %58 = load i32, i32* %47, align 8 %59 = icmp eq i32 %58, 0 br i1 %59, label %110, label %60 %111 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %112 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %111, i32 3520, i64 56) #85 ------------- Use: =BAD PATH= Call Stack: 0 cpu_latency_qos_open ------------- Path:  Function:cpu_latency_qos_open %3 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %4 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %3, i32 3520, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_syslog 1 __ia32_sys_syslog ------------- Path:  Function:__ia32_sys_syslog %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i8* %11 = trunc i64 %8 to i32 %12 = tail call i32 @do_syslog(i32 %9, i8* %10, i32 %11, i32 0) #83 Function:do_syslog %5 = alloca [32 x i8], align 16 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = alloca %struct.printk_info, align 8 %9 = alloca %struct.printk_record, align 8 %10 = alloca %struct.wait_queue_entry, align 8 %11 = alloca %struct.printk_info, align 8 %12 = alloca i32, align 4 %13 = bitcast %struct.printk_info* %11 to i8* %14 = icmp eq i32 %3, 1 %15 = icmp ne i32 %0, 1 %16 = and i1 %15, %14 br i1 %16, label %37, label %17 %38 = tail call i32 @security_syslog(i32 %0) #83 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %356 switch i32 %0, label %355 [ i32 0, label %356 i32 1, label %356 i32 2, label %41 i32 4, label %163 i32 3, label %164 i32 5, label %244 i32 6, label %251 i32 7, label %258 i32 8, label %262 i32 9, label %269 i32 10, label %353 ] %42 = icmp eq i8* %1, null %43 = icmp slt i32 %2, 0 %44 = or i1 %42, %43 br i1 %44, label %356, label %45 %46 = icmp eq i32 %2, 0 br i1 %46, label %356, label %47 %48 = zext i32 %2 to i64 %49 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %50 = ptrtoint i8* %1 to i64 %51 = add i64 %48, %50 %52 = icmp ult i64 %51, %48 %53 = icmp ugt i64 %51, %49 %54 = or i1 %52, %53 br i1 %54, label %356, label %55, !prof !8, !misexpect !9 %56 = bitcast %struct.printk_info* %8 to i8* %57 = bitcast %struct.printk_record* %9 to i8* %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3264, i64 1024) #85 ------------- Use: =BAD PATH= Call Stack: 0 do_syslog 1 __x64_sys_syslog ------------- Path:  Function:__x64_sys_syslog %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i32 @do_syslog(i32 %9, i8* %6, i32 %10, i32 0) #83 Function:do_syslog %5 = alloca [32 x i8], align 16 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = alloca %struct.printk_info, align 8 %9 = alloca %struct.printk_record, align 8 %10 = alloca %struct.wait_queue_entry, align 8 %11 = alloca %struct.printk_info, align 8 %12 = alloca i32, align 4 %13 = bitcast %struct.printk_info* %11 to i8* %14 = icmp eq i32 %3, 1 %15 = icmp ne i32 %0, 1 %16 = and i1 %15, %14 br i1 %16, label %37, label %17 %38 = tail call i32 @security_syslog(i32 %0) #83 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %356 switch i32 %0, label %355 [ i32 0, label %356 i32 1, label %356 i32 2, label %41 i32 4, label %163 i32 3, label %164 i32 5, label %244 i32 6, label %251 i32 7, label %258 i32 8, label %262 i32 9, label %269 i32 10, label %353 ] %42 = icmp eq i8* %1, null %43 = icmp slt i32 %2, 0 %44 = or i1 %42, %43 br i1 %44, label %356, label %45 %46 = icmp eq i32 %2, 0 br i1 %46, label %356, label %47 %48 = zext i32 %2 to i64 %49 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %50 = ptrtoint i8* %1 to i64 %51 = add i64 %48, %50 %52 = icmp ult i64 %51, %48 %53 = icmp ugt i64 %51, %49 %54 = or i1 %52, %53 br i1 %54, label %356, label %55, !prof !8, !misexpect !9 %56 = bitcast %struct.printk_info* %8 to i8* %57 = bitcast %struct.printk_record* %9 to i8* %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3264, i64 1024) #85 ------------- Use: =BAD PATH= Call Stack: 0 do_syslog 1 __ia32_sys_syslog ------------- Path:  Function:__ia32_sys_syslog %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i8* %11 = trunc i64 %8 to i32 %12 = tail call i32 @do_syslog(i32 %9, i8* %10, i32 %11, i32 0) #83 Function:do_syslog %5 = alloca [32 x i8], align 16 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = alloca %struct.printk_info, align 8 %9 = alloca %struct.printk_record, align 8 %10 = alloca %struct.wait_queue_entry, align 8 %11 = alloca %struct.printk_info, align 8 %12 = alloca i32, align 4 %13 = bitcast %struct.printk_info* %11 to i8* %14 = icmp eq i32 %3, 1 %15 = icmp ne i32 %0, 1 %16 = and i1 %15, %14 br i1 %16, label %37, label %17 %38 = tail call i32 @security_syslog(i32 %0) #83 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %356 switch i32 %0, label %355 [ i32 0, label %356 i32 1, label %356 i32 2, label %41 i32 4, label %163 i32 3, label %164 i32 5, label %244 i32 6, label %251 i32 7, label %258 i32 8, label %262 i32 9, label %269 i32 10, label %353 ] %165 = phi i1 [ false, %40 ], [ true, %163 ] %166 = icmp eq i8* %1, null %167 = icmp slt i32 %2, 0 %168 = or i1 %166, %167 br i1 %168, label %356, label %169 %170 = icmp eq i32 %2, 0 br i1 %170, label %356, label %171 %172 = zext i32 %2 to i64 %173 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %174 = ptrtoint i8* %1 to i64 %175 = add i64 %172, %174 %176 = icmp ult i64 %175, %172 %177 = icmp ugt i64 %175, %173 %178 = or i1 %176, %177 br i1 %178, label %356, label %179, !prof !8, !misexpect !9 %180 = bitcast %struct.printk_info* %6 to i8* %181 = bitcast %struct.printk_record* %7 to i8* %182 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %183 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %182, i32 3264, i64 1024) #85 ------------- Use: =BAD PATH= Call Stack: 0 do_syslog 1 __x64_sys_syslog ------------- Path:  Function:__x64_sys_syslog %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i32 @do_syslog(i32 %9, i8* %6, i32 %10, i32 0) #83 Function:do_syslog %5 = alloca [32 x i8], align 16 %6 = alloca %struct.printk_info, align 8 %7 = alloca %struct.printk_record, align 8 %8 = alloca %struct.printk_info, align 8 %9 = alloca %struct.printk_record, align 8 %10 = alloca %struct.wait_queue_entry, align 8 %11 = alloca %struct.printk_info, align 8 %12 = alloca i32, align 4 %13 = bitcast %struct.printk_info* %11 to i8* %14 = icmp eq i32 %3, 1 %15 = icmp ne i32 %0, 1 %16 = and i1 %15, %14 br i1 %16, label %37, label %17 %38 = tail call i32 @security_syslog(i32 %0) #83 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %356 switch i32 %0, label %355 [ i32 0, label %356 i32 1, label %356 i32 2, label %41 i32 4, label %163 i32 3, label %164 i32 5, label %244 i32 6, label %251 i32 7, label %258 i32 8, label %262 i32 9, label %269 i32 10, label %353 ] %165 = phi i1 [ false, %40 ], [ true, %163 ] %166 = icmp eq i8* %1, null %167 = icmp slt i32 %2, 0 %168 = or i1 %166, %167 br i1 %168, label %356, label %169 %170 = icmp eq i32 %2, 0 br i1 %170, label %356, label %171 %172 = zext i32 %2 to i64 %173 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !7 %174 = ptrtoint i8* %1 to i64 %175 = add i64 %172, %174 %176 = icmp ult i64 %175, %172 %177 = icmp ugt i64 %175, %173 %178 = or i1 %176, %177 br i1 %178, label %356, label %179, !prof !8, !misexpect !9 %180 = bitcast %struct.printk_info* %6 to i8* %181 = bitcast %struct.printk_record* %7 to i8* %182 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %183 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %182, i32 3264, i64 1024) #85 ------------- Use: =BAD PATH= Call Stack: 0 refill_pi_state_cache 1 futex_requeue 2 do_futex 3 __se_sys_futex 4 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %38 = tail call i32 @futex_requeue(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32* null, i32 0) #83 Function:futex_requeue %8 = alloca i32, align 4 %9 = alloca %union.futex_key, align 8 %10 = alloca %union.futex_key, align 8 %11 = alloca %struct.futex_pi_state*, align 8 %12 = alloca %struct.wake_q_head, align 8 %13 = alloca i32, align 4 %14 = alloca %struct.task_struct*, align 8 %15 = bitcast %union.futex_key* %9 to i8* %16 = bitcast %union.futex_key* %10 to i8* %17 = bitcast %struct.futex_pi_state** %11 to i8* store %struct.futex_pi_state* null, %struct.futex_pi_state** %11, align 8 %18 = bitcast %struct.wake_q_head* %12 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 %21 = or i32 %4, %3 %22 = icmp sgt i32 %21, -1 br i1 %22, label %23, label %438 %24 = icmp eq i32 %6, 0 br i1 %24, label %32, label %25 %26 = icmp ne i32* %0, %2 %27 = icmp eq i32 %3, 1 %28 = and i1 %26, %27 br i1 %28, label %29, label %438 %30 = call i32 @refill_pi_state_cache() #83 Function:refill_pi_state_cache %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 149 %4 = load %struct.futex_pi_state*, %struct.futex_pi_state** %3, align 16 %5 = icmp eq %struct.futex_pi_state* %4, null br i1 %5, label %6, label %21, !prof !5, !misexpect !6 %7 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %8 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %7, i32 3520, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 refill_pi_state_cache 1 futex_requeue 2 do_futex 3 __se_sys_futex 4 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %38 = tail call i32 @futex_requeue(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32* null, i32 0) #83 Function:futex_requeue %8 = alloca i32, align 4 %9 = alloca %union.futex_key, align 8 %10 = alloca %union.futex_key, align 8 %11 = alloca %struct.futex_pi_state*, align 8 %12 = alloca %struct.wake_q_head, align 8 %13 = alloca i32, align 4 %14 = alloca %struct.task_struct*, align 8 %15 = bitcast %union.futex_key* %9 to i8* %16 = bitcast %union.futex_key* %10 to i8* %17 = bitcast %struct.futex_pi_state** %11 to i8* store %struct.futex_pi_state* null, %struct.futex_pi_state** %11, align 8 %18 = bitcast %struct.wake_q_head* %12 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 %21 = or i32 %4, %3 %22 = icmp sgt i32 %21, -1 br i1 %22, label %23, label %438 %24 = icmp eq i32 %6, 0 br i1 %24, label %32, label %25 %26 = icmp ne i32* %0, %2 %27 = icmp eq i32 %3, 1 %28 = and i1 %26, %27 br i1 %28, label %29, label %438 %30 = call i32 @refill_pi_state_cache() #83 Function:refill_pi_state_cache %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 149 %4 = load %struct.futex_pi_state*, %struct.futex_pi_state** %3, align 16 %5 = icmp eq %struct.futex_pi_state* %4, null br i1 %5, label %6, label %21, !prof !5, !misexpect !6 %7 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %8 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %7, i32 3520, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 refill_pi_state_cache 1 futex_requeue 2 do_futex 3 __se_sys_futex_time32 4 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %38 = tail call i32 @futex_requeue(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32* null, i32 0) #83 Function:futex_requeue %8 = alloca i32, align 4 %9 = alloca %union.futex_key, align 8 %10 = alloca %union.futex_key, align 8 %11 = alloca %struct.futex_pi_state*, align 8 %12 = alloca %struct.wake_q_head, align 8 %13 = alloca i32, align 4 %14 = alloca %struct.task_struct*, align 8 %15 = bitcast %union.futex_key* %9 to i8* %16 = bitcast %union.futex_key* %10 to i8* %17 = bitcast %struct.futex_pi_state** %11 to i8* store %struct.futex_pi_state* null, %struct.futex_pi_state** %11, align 8 %18 = bitcast %struct.wake_q_head* %12 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 %21 = or i32 %4, %3 %22 = icmp sgt i32 %21, -1 br i1 %22, label %23, label %438 %24 = icmp eq i32 %6, 0 br i1 %24, label %32, label %25 %26 = icmp ne i32* %0, %2 %27 = icmp eq i32 %3, 1 %28 = and i1 %26, %27 br i1 %28, label %29, label %438 %30 = call i32 @refill_pi_state_cache() #83 Function:refill_pi_state_cache %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 149 %4 = load %struct.futex_pi_state*, %struct.futex_pi_state** %3, align 16 %5 = icmp eq %struct.futex_pi_state* %4, null br i1 %5, label %6, label %21, !prof !5, !misexpect !6 %7 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %8 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %7, i32 3520, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 refill_pi_state_cache 1 futex_requeue 2 do_futex 3 __se_sys_futex_time32 4 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %38 = tail call i32 @futex_requeue(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32* null, i32 0) #83 Function:futex_requeue %8 = alloca i32, align 4 %9 = alloca %union.futex_key, align 8 %10 = alloca %union.futex_key, align 8 %11 = alloca %struct.futex_pi_state*, align 8 %12 = alloca %struct.wake_q_head, align 8 %13 = alloca i32, align 4 %14 = alloca %struct.task_struct*, align 8 %15 = bitcast %union.futex_key* %9 to i8* %16 = bitcast %union.futex_key* %10 to i8* %17 = bitcast %struct.futex_pi_state** %11 to i8* store %struct.futex_pi_state* null, %struct.futex_pi_state** %11, align 8 %18 = bitcast %struct.wake_q_head* %12 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 %21 = or i32 %4, %3 %22 = icmp sgt i32 %21, -1 br i1 %22, label %23, label %438 %24 = icmp eq i32 %6, 0 br i1 %24, label %32, label %25 %26 = icmp ne i32* %0, %2 %27 = icmp eq i32 %3, 1 %28 = and i1 %26, %27 br i1 %28, label %29, label %438 %30 = call i32 @refill_pi_state_cache() #83 Function:refill_pi_state_cache %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 149 %4 = load %struct.futex_pi_state*, %struct.futex_pi_state** %3, align 16 %5 = icmp eq %struct.futex_pi_state* %4, null br i1 %5, label %6, label %21, !prof !5, !misexpect !6 %7 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %8 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %7, i32 3520, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex 3 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %24 = load i32, i32* @futex_cmpxchg_enabled, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %64, label %26 switch i32 %9, label %64 [ i32 12, label %61 i32 9, label %28 i32 11, label %58 i32 10, label %33 i32 8, label %55 i32 7, label %52 i32 13, label %48 i32 6, label %46 ] %49 = phi i32 [ %22, %26 ], [ %47, %46 ] %50 = tail call i32 @futex_lock_pi(i32* %0, i32 %49, i64* %3, i32 0) #83 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = alloca %struct.task_struct*, align 8 %7 = alloca %struct.rt_mutex_waiter, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper* %5 to i8* %10 = bitcast %struct.task_struct** %6 to i8* store %struct.task_struct* null, %struct.task_struct** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 149 %16 = load %struct.futex_pi_state*, %struct.futex_pi_state** %15, align 16 %17 = icmp eq %struct.futex_pi_state* %16, null br i1 %17, label %18, label %33, !prof !5, !misexpect !6 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex 3 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %24 = load i32, i32* @futex_cmpxchg_enabled, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %64, label %26 switch i32 %9, label %64 [ i32 12, label %61 i32 9, label %28 i32 11, label %58 i32 10, label %33 i32 8, label %55 i32 7, label %52 i32 13, label %48 i32 6, label %46 ] %49 = phi i32 [ %22, %26 ], [ %47, %46 ] %50 = tail call i32 @futex_lock_pi(i32* %0, i32 %49, i64* %3, i32 0) #83 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = alloca %struct.task_struct*, align 8 %7 = alloca %struct.rt_mutex_waiter, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper* %5 to i8* %10 = bitcast %struct.task_struct** %6 to i8* store %struct.task_struct* null, %struct.task_struct** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 149 %16 = load %struct.futex_pi_state*, %struct.futex_pi_state** %15, align 16 %17 = icmp eq %struct.futex_pi_state* %16, null br i1 %17, label %18, label %33, !prof !5, !misexpect !6 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex_time32 3 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %24 = load i32, i32* @futex_cmpxchg_enabled, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %64, label %26 switch i32 %9, label %64 [ i32 12, label %61 i32 9, label %28 i32 11, label %58 i32 10, label %33 i32 8, label %55 i32 7, label %52 i32 13, label %48 i32 6, label %46 ] %49 = phi i32 [ %22, %26 ], [ %47, %46 ] %50 = tail call i32 @futex_lock_pi(i32* %0, i32 %49, i64* %3, i32 0) #83 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = alloca %struct.task_struct*, align 8 %7 = alloca %struct.rt_mutex_waiter, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper* %5 to i8* %10 = bitcast %struct.task_struct** %6 to i8* store %struct.task_struct* null, %struct.task_struct** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 149 %16 = load %struct.futex_pi_state*, %struct.futex_pi_state** %15, align 16 %17 = icmp eq %struct.futex_pi_state* %16, null br i1 %17, label %18, label %33, !prof !5, !misexpect !6 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex_time32 3 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %24 = load i32, i32* @futex_cmpxchg_enabled, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %64, label %26 switch i32 %9, label %64 [ i32 12, label %61 i32 9, label %28 i32 11, label %58 i32 10, label %33 i32 8, label %55 i32 7, label %52 i32 13, label %48 i32 6, label %46 ] %49 = phi i32 [ %22, %26 ], [ %47, %46 ] %50 = tail call i32 @futex_lock_pi(i32* %0, i32 %49, i64* %3, i32 0) #83 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = alloca %struct.task_struct*, align 8 %7 = alloca %struct.rt_mutex_waiter, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper* %5 to i8* %10 = bitcast %struct.task_struct** %6 to i8* store %struct.task_struct* null, %struct.task_struct** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 149 %16 = load %struct.futex_pi_state*, %struct.futex_pi_state** %15, align 16 %17 = icmp eq %struct.futex_pi_state* %16, null br i1 %17, label %18, label %33, !prof !5, !misexpect !6 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 88) #83 ------------- Use: =BAD PATH= Call Stack: 0 audit_signal_info_syscall 1 audit_signal_info 2 check_kill_permission 3 kill_pid_info 4 __ia32_compat_sys_rt_sigqueueinfo ------------- Path:  Function:__ia32_compat_sys_rt_sigqueueinfo %2 = alloca %struct.compat_siginfo, align 4 %3 = alloca %struct.kernel_siginfo, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = bitcast %struct.kernel_siginfo* %3 to i8* %14 = bitcast %struct.compat_siginfo* %2 to i8* %15 = inttoptr i64 %10 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %14, i8* %15, i64 128) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 %20 = getelementptr inbounds %struct.compat_siginfo, %struct.compat_siginfo* %2, i64 0, i32 0 store i32 %12, i32* %20, align 4 call fastcc void @post_copy_siginfo_from_user32(%struct.kernel_siginfo* nonnull %3, %struct.compat_siginfo* nonnull %2) #83 %21 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp sgt i32 %22, -1 %24 = icmp eq i32 %22, -6 %25 = or i1 %23, %24 br i1 %25, label %26, label %31 %27 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %28 = inttoptr i64 %27 to %struct.task_struct* %29 = call i32 @__task_pid_nr_ns(%struct.task_struct* %28, i32 0, %struct.pid_namespace* null) #83 %30 = icmp eq i32 %29, %11 br i1 %30, label %31, label %35 call void @__rcu_read_lock() #83 %32 = call %struct.pid* @find_vpid(i32 %11) #83 %33 = call i32 @kill_pid_info(i32 %12, %struct.kernel_siginfo* nonnull %3, %struct.pid* %32) #83 Function:kill_pid_info %4 = icmp ne i32 %0, 0 br label %5 tail call void @__rcu_read_lock() #83 %6 = tail call %struct.task_struct* @pid_task(%struct.pid* %2, i32 0) #83 %7 = icmp eq %struct.task_struct* %6, null br i1 %7, label %8, label %9 tail call void @__rcu_read_lock() #83 %10 = tail call fastcc i32 @check_kill_permission(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* nonnull %6) #83 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 ------------- Use: =BAD PATH= Call Stack: 0 audit_signal_info_syscall 1 audit_signal_info 2 check_kill_permission 3 kill_pid_info 4 __se_sys_rt_sigqueueinfo 5 __ia32_sys_rt_sigqueueinfo ------------- Path:  Function:__ia32_sys_rt_sigqueueinfo %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_rt_sigqueueinfo(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_rt_sigqueueinfo %4 = alloca %struct.kernel_siginfo, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = inttoptr i64 %2 to %struct.siginfo* %8 = bitcast %struct.kernel_siginfo* %4 to i8* %9 = call fastcc i32 @__copy_siginfo_from_user(i32 %6, %struct.kernel_siginfo* nonnull %4, %struct.siginfo* %7) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %25, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 2 %13 = load i32, i32* %12, align 8 %14 = icmp sgt i32 %13, -1 %15 = icmp eq i32 %13, -6 %16 = or i1 %14, %15 br i1 %16, label %17, label %22 %18 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %19 = inttoptr i64 %18 to %struct.task_struct* %20 = call i32 @__task_pid_nr_ns(%struct.task_struct* %19, i32 0, %struct.pid_namespace* null) #83 %21 = icmp eq i32 %20, %5 br i1 %21, label %22, label %25 call void @__rcu_read_lock() #83 %23 = call %struct.pid* @find_vpid(i32 %5) #83 %24 = call i32 @kill_pid_info(i32 %6, %struct.kernel_siginfo* nonnull %4, %struct.pid* %23) #83 Function:kill_pid_info %4 = icmp ne i32 %0, 0 br label %5 tail call void @__rcu_read_lock() #83 %6 = tail call %struct.task_struct* @pid_task(%struct.pid* %2, i32 0) #83 %7 = icmp eq %struct.task_struct* %6, null br i1 %7, label %8, label %9 tail call void @__rcu_read_lock() #83 %10 = tail call fastcc i32 @check_kill_permission(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* nonnull %6) #83 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 ------------- Use: =BAD PATH= Call Stack: 0 audit_signal_info_syscall 1 audit_signal_info 2 check_kill_permission 3 kill_pid_info 4 __se_sys_rt_sigqueueinfo 5 __x64_sys_rt_sigqueueinfo ------------- Path:  Function:__x64_sys_rt_sigqueueinfo %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_rt_sigqueueinfo(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_rt_sigqueueinfo %4 = alloca %struct.kernel_siginfo, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = inttoptr i64 %2 to %struct.siginfo* %8 = bitcast %struct.kernel_siginfo* %4 to i8* %9 = call fastcc i32 @__copy_siginfo_from_user(i32 %6, %struct.kernel_siginfo* nonnull %4, %struct.siginfo* %7) #83 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %25, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 2 %13 = load i32, i32* %12, align 8 %14 = icmp sgt i32 %13, -1 %15 = icmp eq i32 %13, -6 %16 = or i1 %14, %15 br i1 %16, label %17, label %22 %18 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %19 = inttoptr i64 %18 to %struct.task_struct* %20 = call i32 @__task_pid_nr_ns(%struct.task_struct* %19, i32 0, %struct.pid_namespace* null) #83 %21 = icmp eq i32 %20, %5 br i1 %21, label %22, label %25 call void @__rcu_read_lock() #83 %23 = call %struct.pid* @find_vpid(i32 %5) #83 %24 = call i32 @kill_pid_info(i32 %6, %struct.kernel_siginfo* nonnull %4, %struct.pid* %23) #83 Function:kill_pid_info %4 = icmp ne i32 %0, 0 br label %5 tail call void @__rcu_read_lock() #83 %6 = tail call %struct.task_struct* @pid_task(%struct.pid* %2, i32 0) #83 %7 = icmp eq %struct.task_struct* %6, null br i1 %7, label %8, label %9 tail call void @__rcu_read_lock() #83 %10 = tail call fastcc i32 @check_kill_permission(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct* nonnull %6) #83 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 ------------- Use: =BAD PATH= Call Stack: 0 audit_signal_info_syscall 1 audit_signal_info 2 check_kill_permission 3 do_send_specific 4 __ia32_compat_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_compat_sys_rt_tgsigqueueinfo %2 = alloca %struct.compat_siginfo, align 4 %3 = alloca %struct.kernel_siginfo, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %5 to i32 %14 = trunc i64 %7 to i32 %15 = trunc i64 %9 to i32 %16 = bitcast %struct.kernel_siginfo* %3 to i8* %17 = bitcast %struct.compat_siginfo* %2 to i8* %18 = inttoptr i64 %12 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %17, i8* %18, i64 128) #83 %20 = icmp eq i64 %19, 0 br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.compat_siginfo, %struct.compat_siginfo* %2, i64 0, i32 0 store i32 %15, i32* %23, align 4 call fastcc void @post_copy_siginfo_from_user32(%struct.kernel_siginfo* nonnull %3, %struct.compat_siginfo* nonnull %2) #83 %24 = icmp slt i32 %14, 1 %25 = icmp slt i32 %13, 1 %26 = or i1 %25, %24 br i1 %26, label %41, label %27 %28 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %29 = load i32, i32* %28, align 8 %30 = icmp sgt i32 %29, -1 %31 = icmp eq i32 %29, -6 %32 = or i1 %30, %31 br i1 %32, label %33, label %38 %34 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = call i32 @__task_pid_nr_ns(%struct.task_struct* %35, i32 0, %struct.pid_namespace* null) #83 %37 = icmp eq i32 %36, %14 br i1 %37, label %38, label %41 %39 = call fastcc i32 @do_send_specific(i32 %13, i32 %14, i32 %15, %struct.kernel_siginfo* nonnull %3) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %21, label %7 %8 = icmp slt i32 %0, 1 br i1 %8, label %12, label %9 %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* nonnull %5, i32 1, %struct.pid_namespace* null) #83 %11 = icmp eq i32 %10, %0 br i1 %11, label %12, label %21 %13 = tail call fastcc i32 @check_kill_permission(i32 %2, %struct.kernel_siginfo* %3, %struct.task_struct* nonnull %5) #84 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 ------------- Use: =BAD PATH= Call Stack: 0 audit_signal_info_syscall 1 audit_signal_info 2 check_kill_permission 3 do_send_specific 4 __ia32_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_sys_rt_tgsigqueueinfo %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %4 to i32 %13 = trunc i64 %6 to i32 %14 = trunc i64 %8 to i32 %15 = inttoptr i64 %11 to %struct.siginfo* %16 = bitcast %struct.kernel_siginfo* %2 to i8* %17 = call fastcc i32 @__copy_siginfo_from_user(i32 %14, %struct.kernel_siginfo* nonnull %2, %struct.siginfo* %15) #83 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %36, !prof !4, !misexpect !5 %20 = icmp slt i32 %13, 1 %21 = icmp slt i32 %12, 1 %22 = or i1 %21, %20 br i1 %22, label %36, label %23 %24 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = icmp sgt i32 %25, -1 %27 = icmp eq i32 %25, -6 %28 = or i1 %26, %27 br i1 %28, label %29, label %34 %30 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = call i32 @__task_pid_nr_ns(%struct.task_struct* %31, i32 0, %struct.pid_namespace* null) #83 %33 = icmp eq i32 %32, %13 br i1 %33, label %34, label %36 %35 = call fastcc i32 @do_send_specific(i32 %12, i32 %13, i32 %14, %struct.kernel_siginfo* nonnull %2) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %21, label %7 %8 = icmp slt i32 %0, 1 br i1 %8, label %12, label %9 %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* nonnull %5, i32 1, %struct.pid_namespace* null) #83 %11 = icmp eq i32 %10, %0 br i1 %11, label %12, label %21 %13 = tail call fastcc i32 @check_kill_permission(i32 %2, %struct.kernel_siginfo* %3, %struct.task_struct* nonnull %5) #84 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 ------------- Use: =BAD PATH= Call Stack: 0 audit_signal_info_syscall 1 audit_signal_info 2 check_kill_permission 3 do_send_specific 4 __ia32_sys_tgkill ------------- Path:  Function:__ia32_sys_tgkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp slt i32 %10, 1 %13 = icmp slt i32 %9, 1 %14 = or i1 %13, %12 br i1 %14, label %34, label %15 %16 = bitcast %struct.kernel_siginfo* %2 to i8* %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %11, i32* %17, align 8 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %19, align 8 %20 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %21 = inttoptr i64 %20 to %struct.task_struct* %22 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %21, i32 1, %struct.pid_namespace* null) #83 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %22, i32* %23, align 8 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %21, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 1, i32 0 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, -1 %29 = load i32, i32* @overflowuid, align 4 %30 = select i1 %28, i32 %29, i32 %27 %31 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %30, i32* %31, align 4 %32 = call fastcc i32 @do_send_specific(i32 %9, i32 %10, i32 %11, %struct.kernel_siginfo* nonnull %2) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %21, label %7 %8 = icmp slt i32 %0, 1 br i1 %8, label %12, label %9 %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* nonnull %5, i32 1, %struct.pid_namespace* null) #83 %11 = icmp eq i32 %10, %0 br i1 %11, label %12, label %21 %13 = tail call fastcc i32 @check_kill_permission(i32 %2, %struct.kernel_siginfo* %3, %struct.task_struct* nonnull %5) #84 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 ------------- Use: =BAD PATH= Call Stack: 0 audit_signal_info_syscall 1 audit_signal_info 2 check_kill_permission 3 do_send_specific 4 __x64_sys_rt_tgsigqueueinfo ------------- Path:  Function:__x64_sys_rt_tgsigqueueinfo %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to %struct.siginfo** %11 = load %struct.siginfo*, %struct.siginfo** %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %6 to i32 %14 = trunc i64 %8 to i32 %15 = bitcast %struct.kernel_siginfo* %2 to i8* %16 = call fastcc i32 @__copy_siginfo_from_user(i32 %14, %struct.kernel_siginfo* nonnull %2, %struct.siginfo* %11) #83 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %35, !prof !4, !misexpect !5 %19 = icmp slt i32 %13, 1 %20 = icmp slt i32 %12, 1 %21 = or i1 %20, %19 br i1 %21, label %35, label %22 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 %24 = load i32, i32* %23, align 8 %25 = icmp sgt i32 %24, -1 %26 = icmp eq i32 %24, -6 %27 = or i1 %25, %26 br i1 %27, label %28, label %33 %29 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %30 = inttoptr i64 %29 to %struct.task_struct* %31 = call i32 @__task_pid_nr_ns(%struct.task_struct* %30, i32 0, %struct.pid_namespace* null) #83 %32 = icmp eq i32 %31, %13 br i1 %32, label %33, label %35 %34 = call fastcc i32 @do_send_specific(i32 %12, i32 %13, i32 %14, %struct.kernel_siginfo* nonnull %2) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %21, label %7 %8 = icmp slt i32 %0, 1 br i1 %8, label %12, label %9 %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* nonnull %5, i32 1, %struct.pid_namespace* null) #83 %11 = icmp eq i32 %10, %0 br i1 %11, label %12, label %21 %13 = tail call fastcc i32 @check_kill_permission(i32 %2, %struct.kernel_siginfo* %3, %struct.task_struct* nonnull %5) #84 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 ------------- Use: =BAD PATH= Call Stack: 0 audit_signal_info_syscall 1 audit_signal_info 2 check_kill_permission 3 do_send_specific 4 __x64_sys_tgkill ------------- Path:  Function:__x64_sys_tgkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp slt i32 %10, 1 %13 = icmp slt i32 %9, 1 %14 = or i1 %13, %12 br i1 %14, label %34, label %15 %16 = bitcast %struct.kernel_siginfo* %2 to i8* %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %11, i32* %17, align 8 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %19, align 8 %20 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %21 = inttoptr i64 %20 to %struct.task_struct* %22 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %21, i32 1, %struct.pid_namespace* null) #83 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %22, i32* %23, align 8 %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %21, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 1, i32 0 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, -1 %29 = load i32, i32* @overflowuid, align 4 %30 = select i1 %28, i32 %29, i32 %27 %31 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %30, i32* %31, align 4 %32 = call fastcc i32 @do_send_specific(i32 %9, i32 %10, i32 %11, %struct.kernel_siginfo* nonnull %2) #83 Function:do_send_specific tail call void @__rcu_read_lock() #83 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %1) #83 %6 = icmp eq %struct.task_struct* %5, null br i1 %6, label %21, label %7 %8 = icmp slt i32 %0, 1 br i1 %8, label %12, label %9 %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* nonnull %5, i32 1, %struct.pid_namespace* null) #83 %11 = icmp eq i32 %10, %0 br i1 %11, label %12, label %21 %13 = tail call fastcc i32 @check_kill_permission(i32 %2, %struct.kernel_siginfo* %3, %struct.task_struct* nonnull %5) #84 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 ------------- Use: =BAD PATH= Call Stack: 0 audit_signal_info_syscall 1 audit_signal_info 2 check_kill_permission 3 __se_sys_tkill 4 __ia32_sys_tkill ------------- Path:  Function:__ia32_sys_tkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_tkill(i64 %4, i64 %7) #83 Function:__se_sys_tkill %3 = alloca %struct.kernel_siginfo, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = icmp slt i32 %4, 1 br i1 %6, label %38, label %7 %8 = bitcast %struct.kernel_siginfo* %3 to i8* %9 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %5, i32* %9, align 8 %10 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 store i32 -6, i32* %11, align 8 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %13, i32 1, %struct.pid_namespace* null) #83 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %14, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 94 %17 = load %struct.cred*, %struct.cred** %16, align 8 %18 = getelementptr inbounds %struct.cred, %struct.cred* %17, i64 0, i32 1, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq i32 %19, -1 %21 = load i32, i32* @overflowuid, align 4 %22 = select i1 %20, i32 %21, i32 %19 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %22, i32* %23, align 4 tail call void @__rcu_read_lock() #83 %24 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 %25 = icmp eq %struct.task_struct* %24, null br i1 %25, label %35, label %26 %27 = call fastcc i32 @check_kill_permission(i32 %5, %struct.kernel_siginfo* nonnull %3, %struct.task_struct* nonnull %24) #83 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 ------------- Use: =BAD PATH= Call Stack: 0 audit_signal_info_syscall 1 audit_signal_info 2 check_kill_permission 3 __se_sys_tkill 4 __x64_sys_tkill ------------- Path:  Function:__x64_sys_tkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_tkill(i64 %3, i64 %5) #83 Function:__se_sys_tkill %3 = alloca %struct.kernel_siginfo, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = icmp slt i32 %4, 1 br i1 %6, label %38, label %7 %8 = bitcast %struct.kernel_siginfo* %3 to i8* %9 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %5, i32* %9, align 8 %10 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 store i32 -6, i32* %11, align 8 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %13, i32 1, %struct.pid_namespace* null) #83 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %14, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 94 %17 = load %struct.cred*, %struct.cred** %16, align 8 %18 = getelementptr inbounds %struct.cred, %struct.cred* %17, i64 0, i32 1, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq i32 %19, -1 %21 = load i32, i32* @overflowuid, align 4 %22 = select i1 %20, i32 %21, i32 %19 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %22, i32* %23, align 4 tail call void @__rcu_read_lock() #83 %24 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #83 %25 = icmp eq %struct.task_struct* %24, null br i1 %25, label %35, label %26 %27 = call fastcc i32 @check_kill_permission(i32 %5, %struct.kernel_siginfo* nonnull %3, %struct.task_struct* nonnull %24) #83 Function:check_kill_permission %4 = icmp ugt i32 %0, 64 br i1 %4, label %62, label %5 %6 = icmp eq %struct.kernel_siginfo* %1, null br i1 %6, label %13, label %7 %14 = tail call i32 @audit_signal_info(i32 %0, %struct.task_struct* %2) #83 Function:audit_signal_info %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 94 %6 = load %struct.cred*, %struct.cred** %5, align 8 %7 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %8 = load i32, i32* %7, align 4 tail call void @__rcu_read_lock() #83 %9 = load volatile %struct.auditd_connection*, %struct.auditd_connection** @auditd_conn, align 8 %10 = icmp eq %struct.auditd_connection* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %9, i64 0, i32 0 %14 = load %struct.pid*, %struct.pid** %13, align 8 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %1, i64 0, i32 104 %16 = load %struct.signal_struct*, %struct.signal_struct** %15, align 8 %17 = getelementptr %struct.signal_struct, %struct.signal_struct* %16, i64 0, i32 22, i64 1 %18 = load %struct.pid*, %struct.pid** %17, align 8 %19 = icmp eq %struct.pid* %14, %18 tail call void @__rcu_read_unlock() #83 br i1 %19, label %20, label %28 %29 = tail call i32 @audit_signal_info_syscall(%struct.task_struct* %1) #83 Function:audit_signal_info_syscall %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 114 %5 = load %struct.audit_context*, %struct.audit_context** %4, align 8 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 93 %7 = load volatile %struct.cred*, %struct.cred** %6, align 32 %8 = getelementptr inbounds %struct.cred, %struct.cred* %7, i64 0, i32 1, i32 0 %9 = load i32, i32* %8, align 4 tail call void @__rcu_read_unlock() #83 %10 = load i32, i32* @audit_signals, align 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %93, label %12 %13 = load %struct.audit_context*, %struct.audit_context** %4, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %93, label %15 %16 = getelementptr %struct.audit_context, %struct.audit_context* %13, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %93 %20 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 33 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 %37 = getelementptr inbounds %struct.audit_context, %struct.audit_context* %5, i64 0, i32 18 %38 = bitcast %struct.audit_aux_data** %37 to %struct.audit_aux_data_pids** %39 = load %struct.audit_aux_data_pids*, %struct.audit_aux_data_pids** %38, align 8 %40 = icmp eq %struct.audit_aux_data_pids* %39, null br i1 %40, label %45, label %41 %46 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 10), align 16 %47 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %46, i32 2848, i64 600) #84 ------------- Use: =BAD PATH= Call Stack: 0 do_seccomp 1 prctl_set_seccomp 2 __do_sys_prctl 3 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %61 = inttoptr i64 %2 to i8* %62 = tail call i64 @prctl_set_seccomp(i64 %1, i8* %61) #83 Function:prctl_set_seccomp switch i64 %0, label %8 [ i64 1, label %4 i64 2, label %3 ] %5 = phi i32 [ 1, %3 ], [ 0, %2 ] %6 = phi i8* [ %1, %3 ], [ null, %2 ] %7 = tail call fastcc i64 @do_seccomp(i32 %5, i32 0, i8* %6) #83 Function:do_seccomp %4 = alloca %struct.orc_entry, align 2 %5 = alloca i32, align 4 %6 = alloca %struct.sock_fprog_kern, align 8 %7 = alloca %struct.compat_sock_fprog, align 4 switch i32 %0, label %523 [ i32 0, label %8 i32 1, label %41 i32 2, label %505 i32 3, label %516 ] %42 = zext i32 %1 to i64 %43 = and i64 %42, 4294967264 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %523 %46 = and i64 %42, 1 %47 = icmp eq i64 %46, 0 %48 = and i64 %42, 8 %49 = icmp eq i64 %48, 0 %50 = and i64 %42, 16 %51 = icmp eq i64 %50, 0 %52 = and i64 %42, 25 %53 = icmp eq i64 %52, 9 br i1 %53, label %523, label %54 %55 = bitcast %struct.sock_fprog_kern* %6 to i8* %56 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.102383** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.102383**)) #11, !srcloc !4 %57 = inttoptr i64 %56 to %struct.task_struct.102383* %58 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 0, i32 2 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 2 %61 = icmp eq i32 %60, 0 br i1 %61, label %77, label %62 %78 = call i64 @_copy_from_user(i8* nonnull %55, i8* %2, i64 16) #83 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %114 %81 = getelementptr inbounds %struct.sock_fprog_kern, %struct.sock_fprog_kern* %6, i64 0, i32 0 %82 = load i16, i16* %81, align 8 br label %83 %84 = phi i16 [ %82, %80 ], [ %69, %67 ] %85 = add i16 %84, -1 %86 = icmp ugt i16 %85, 4095 br i1 %86, label %115, label %87 %88 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 60 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 1 %91 = icmp eq i64 %90, 0 br i1 %91, label %92, label %94 %93 = call zeroext i1 @ns_capable_noaudit(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), i32 21) #83 br i1 %93, label %94, label %115 %95 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %96 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %95, i32 11712, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 do_seccomp 1 prctl_set_seccomp 2 __do_sys_prctl 3 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #83 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %61 = inttoptr i64 %2 to i8* %62 = tail call i64 @prctl_set_seccomp(i64 %1, i8* %61) #83 Function:prctl_set_seccomp switch i64 %0, label %8 [ i64 1, label %4 i64 2, label %3 ] %5 = phi i32 [ 1, %3 ], [ 0, %2 ] %6 = phi i8* [ %1, %3 ], [ null, %2 ] %7 = tail call fastcc i64 @do_seccomp(i32 %5, i32 0, i8* %6) #83 Function:do_seccomp %4 = alloca %struct.orc_entry, align 2 %5 = alloca i32, align 4 %6 = alloca %struct.sock_fprog_kern, align 8 %7 = alloca %struct.compat_sock_fprog, align 4 switch i32 %0, label %523 [ i32 0, label %8 i32 1, label %41 i32 2, label %505 i32 3, label %516 ] %42 = zext i32 %1 to i64 %43 = and i64 %42, 4294967264 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %523 %46 = and i64 %42, 1 %47 = icmp eq i64 %46, 0 %48 = and i64 %42, 8 %49 = icmp eq i64 %48, 0 %50 = and i64 %42, 16 %51 = icmp eq i64 %50, 0 %52 = and i64 %42, 25 %53 = icmp eq i64 %52, 9 br i1 %53, label %523, label %54 %55 = bitcast %struct.sock_fprog_kern* %6 to i8* %56 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.102383** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.102383**)) #11, !srcloc !4 %57 = inttoptr i64 %56 to %struct.task_struct.102383* %58 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 0, i32 2 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 2 %61 = icmp eq i32 %60, 0 br i1 %61, label %77, label %62 %78 = call i64 @_copy_from_user(i8* nonnull %55, i8* %2, i64 16) #83 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %114 %81 = getelementptr inbounds %struct.sock_fprog_kern, %struct.sock_fprog_kern* %6, i64 0, i32 0 %82 = load i16, i16* %81, align 8 br label %83 %84 = phi i16 [ %82, %80 ], [ %69, %67 ] %85 = add i16 %84, -1 %86 = icmp ugt i16 %85, 4095 br i1 %86, label %115, label %87 %88 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 60 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 1 %91 = icmp eq i64 %90, 0 br i1 %91, label %92, label %94 %93 = call zeroext i1 @ns_capable_noaudit(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), i32 21) #83 br i1 %93, label %94, label %115 %95 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %96 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %95, i32 11712, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 do_seccomp 1 __ia32_sys_seccomp ------------- Path:  Function:__ia32_sys_seccomp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = tail call fastcc i64 @do_seccomp(i32 %9, i32 %10, i8* %11) #83 Function:do_seccomp %4 = alloca %struct.orc_entry, align 2 %5 = alloca i32, align 4 %6 = alloca %struct.sock_fprog_kern, align 8 %7 = alloca %struct.compat_sock_fprog, align 4 switch i32 %0, label %523 [ i32 0, label %8 i32 1, label %41 i32 2, label %505 i32 3, label %516 ] %42 = zext i32 %1 to i64 %43 = and i64 %42, 4294967264 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %523 %46 = and i64 %42, 1 %47 = icmp eq i64 %46, 0 %48 = and i64 %42, 8 %49 = icmp eq i64 %48, 0 %50 = and i64 %42, 16 %51 = icmp eq i64 %50, 0 %52 = and i64 %42, 25 %53 = icmp eq i64 %52, 9 br i1 %53, label %523, label %54 %55 = bitcast %struct.sock_fprog_kern* %6 to i8* %56 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.102383** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.102383**)) #11, !srcloc !4 %57 = inttoptr i64 %56 to %struct.task_struct.102383* %58 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 0, i32 2 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 2 %61 = icmp eq i32 %60, 0 br i1 %61, label %77, label %62 %78 = call i64 @_copy_from_user(i8* nonnull %55, i8* %2, i64 16) #83 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %114 %81 = getelementptr inbounds %struct.sock_fprog_kern, %struct.sock_fprog_kern* %6, i64 0, i32 0 %82 = load i16, i16* %81, align 8 br label %83 %84 = phi i16 [ %82, %80 ], [ %69, %67 ] %85 = add i16 %84, -1 %86 = icmp ugt i16 %85, 4095 br i1 %86, label %115, label %87 %88 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 60 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 1 %91 = icmp eq i64 %90, 0 br i1 %91, label %92, label %94 %93 = call zeroext i1 @ns_capable_noaudit(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), i32 21) #83 br i1 %93, label %94, label %115 %95 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %96 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %95, i32 11712, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 do_seccomp 1 __x64_sys_seccomp ------------- Path:  Function:__x64_sys_seccomp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call fastcc i64 @do_seccomp(i32 %9, i32 %10, i8* %8) #83 Function:do_seccomp %4 = alloca %struct.orc_entry, align 2 %5 = alloca i32, align 4 %6 = alloca %struct.sock_fprog_kern, align 8 %7 = alloca %struct.compat_sock_fprog, align 4 switch i32 %0, label %523 [ i32 0, label %8 i32 1, label %41 i32 2, label %505 i32 3, label %516 ] %42 = zext i32 %1 to i64 %43 = and i64 %42, 4294967264 %44 = icmp eq i64 %43, 0 br i1 %44, label %45, label %523 %46 = and i64 %42, 1 %47 = icmp eq i64 %46, 0 %48 = and i64 %42, 8 %49 = icmp eq i64 %48, 0 %50 = and i64 %42, 16 %51 = icmp eq i64 %50, 0 %52 = and i64 %42, 25 %53 = icmp eq i64 %52, 9 br i1 %53, label %523, label %54 %55 = bitcast %struct.sock_fprog_kern* %6 to i8* %56 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.102383** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.102383**)) #11, !srcloc !4 %57 = inttoptr i64 %56 to %struct.task_struct.102383* %58 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 0, i32 2 %59 = load i32, i32* %58, align 8 %60 = and i32 %59, 2 %61 = icmp eq i32 %60, 0 br i1 %61, label %77, label %62 %78 = call i64 @_copy_from_user(i8* nonnull %55, i8* %2, i64 16) #83 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %114 %81 = getelementptr inbounds %struct.sock_fprog_kern, %struct.sock_fprog_kern* %6, i64 0, i32 0 %82 = load i16, i16* %81, align 8 br label %83 %84 = phi i16 [ %82, %80 ], [ %69, %67 ] %85 = add i16 %84, -1 %86 = icmp ugt i16 %85, 4095 br i1 %86, label %115, label %87 %88 = getelementptr inbounds %struct.task_struct.102383, %struct.task_struct.102383* %57, i64 0, i32 60 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 1 %91 = icmp eq i64 %90, 0 br i1 %91, label %92, label %94 %93 = call zeroext i1 @ns_capable_noaudit(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), i32 21) #83 br i1 %93, label %94, label %115 %95 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 8), align 16 %96 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %95, i32 11712, i64 224) #84 ------------- Use: =BAD PATH= Call Stack: 0 tracing_stats_read ------------- Path:  Function:tracing_stats_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 47 %8 = bitcast i8** %7 to %struct.trace_array** %9 = load %struct.trace_array*, %struct.trace_array** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 43 %11 = bitcast %union.anon.97* %10 to %struct.cdev** %12 = load %struct.cdev*, %struct.cdev** %11, align 8 %13 = icmp eq %struct.cdev* %12, null %14 = ptrtoint %struct.cdev* %12 to i64 %15 = trunc i64 %14 to i32 %16 = add i32 %15, -1 %17 = select i1 %13, i32 -1, i32 %16 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 13), align 8 %19 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 3264, i64 4136) #83 ------------- Use: =BAD PATH= Call Stack: 0 trace_parse_run_command 1 probes_write.12650 ------------- Path:  Function:probes_write.12650 %5 = tail call i64 bitcast (i64 (%struct.file*, i8*, i64, i64*, i32 (i8*)*)* @trace_parse_run_command to i64 (%struct.file.108396*, i8*, i64, i64*, i32 (i8*)*)*)(%struct.file.108396* %0, i8* %1, i64 %2, i64* %3, i32 (i8*)* nonnull @create_or_delete_trace_uprobe) #83 Function:trace_parse_run_command %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 trace_parse_run_command 1 dyn_event_write ------------- Path:  Function:dyn_event_write %5 = tail call i64 bitcast (i64 (%struct.file*, i8*, i64, i64*, i32 (i8*)*)* @trace_parse_run_command to i64 (%struct.file.108396*, i8*, i64, i64*, i32 (i8*)*)*)(%struct.file.108396* %0, i8* %1, i64 %2, i64* %3, i32 (i8*)* nonnull @create_dyn_event) #83 Function:trace_parse_run_command %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 trace_parse_run_command 1 probes_write ------------- Path:  Function:probes_write %5 = tail call i64 bitcast (i64 (%struct.file*, i8*, i64, i64*, i32 (i8*)*)* @trace_parse_run_command to i64 (%struct.file.108396*, i8*, i64, i64*, i32 (i8*)*)*)(%struct.file.108396* %0, i8* %1, i64 %2, i64* %3, i32 (i8*)* nonnull @create_or_delete_trace_kprobe) #83 Function:trace_parse_run_command %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 12), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3264, i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 event_filter_read ------------- Path:  Function:event_filter_read %5 = load i64, i64* %3, align 8 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %38 %8 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 13), align 8 %9 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %8, i32 3264, i64 4136) #83 ------------- Use: =BAD PATH= Call Stack: 0 subsystem_filter_read ------------- Path:  Function:subsystem_filter_read %5 = getelementptr inbounds %struct.file.108396, %struct.file.108396* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_subsystem_dir.108342** %7 = load %struct.trace_subsystem_dir.108342*, %struct.trace_subsystem_dir.108342** %6, align 8 %8 = getelementptr inbounds %struct.trace_subsystem_dir.108342, %struct.trace_subsystem_dir.108342* %7, i64 0, i32 1 %9 = load %struct.event_subsystem*, %struct.event_subsystem** %8, align 8 %10 = load i64, i64* %3, align 8 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %33 %13 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 13), align 8 %14 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %13, i32 3264, i64 4136) #83 ------------- Use: =BAD PATH= Call Stack: 0 show_header ------------- Path:  Function:show_header %5 = getelementptr inbounds %struct.file.108396, %struct.file.108396* %0, i64 0, i32 16 %6 = bitcast i8** %5 to i32 (%struct.trace_seq*)** %7 = load i32 (%struct.trace_seq*)*, i32 (%struct.trace_seq*)** %6, align 8 %8 = load i64, i64* %3, align 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %32 %11 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 13), align 8 %12 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %11, i32 3264, i64 4136) #83 ------------- Use: =BAD PATH= Call Stack: 0 system_tr_open ------------- Path:  Function:system_tr_open %3 = getelementptr inbounds %struct.inode.108445, %struct.inode.108445* %0, i64 0, i32 47 %4 = bitcast i8** %3 to i64* %5 = load i64, i64* %4, align 8 %6 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %7 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %6, i32 3520, i64 48) #83 ------------- Use: =BAD PATH= Call Stack: 0 resv_map_alloc 1 hugetlbfs_get_inode 2 hugetlb_file_setup 3 ksys_mmap_pgoff 4 __ia32_compat_sys_ia32_mmap ------------- Path:  Function:__ia32_compat_sys_ia32_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #83 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = lshr i64 %3, 26 %59 = trunc i64 %58 to i32 %60 = and i32 %59, 63 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %63 = load i32, i32* @default_hstate_idx, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %64 br label %70 %71 = phi %struct.hstate* [ %69, %66 ], [ %65, %62 ] %72 = icmp eq %struct.hstate* %71, null br i1 %72, label %95, label %73 %74 = getelementptr inbounds %struct.hstate, %struct.hstate* %71, i64 0, i32 3 %75 = load i32, i32* %74, align 8 %76 = zext i32 %75 to i64 %77 = shl i64 4096, %76 %78 = add i64 %1, -1 %79 = add i64 %78, %77 %80 = sub i64 0, %77 %81 = and i64 %79, %80 %82 = tail call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14899, i64 0, i64 0), i64 %81, i64 2097152, i32 2, i32 %60) #83 Function:hugetlb_file_setup %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %11 %12 = zext i32 %4 to i64 %13 = shl nuw i64 1, %12 %14 = tail call %struct.hstate* @size_to_hstate(i64 %13) #83 br label %15 %16 = phi %struct.hstate* [ %14, %11 ], [ %10, %7 ] %17 = icmp eq %struct.hstate* %16, null br i1 %17, label %84, label %18 %19 = ptrtoint %struct.hstate* %16 to i64 %20 = sub i64 %19, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %21 = sdiv exact i64 %20, 2208 %22 = trunc i64 %21 to i32 %23 = icmp slt i32 %22, 0 br i1 %23, label %84, label %24 %25 = and i64 %21, 4294967295 %26 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %25 %27 = load %struct.vfsmount*, %struct.vfsmount** %26, align 8 %28 = icmp eq %struct.vfsmount* %27, null br i1 %28, label %84, label %29 %30 = icmp eq i32 %3, 1 br i1 %30, label %31, label %54 %32 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %33 = tail call zeroext i1 @capable(i32 14) #83 br i1 %33, label %54, label %34 %55 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %27, i64 0, i32 1 %56 = load %struct.super_block*, %struct.super_block** %55, align 8 %57 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %56, %struct.inode* null, i16 zeroext -32257, i32 0) #85 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %7 = tail call %struct.resv_map* @resv_map_alloc() #83 Function:resv_map_alloc %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3264, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 resv_map_alloc 1 hugetlbfs_get_inode 2 hugetlb_file_setup 3 ksys_mmap_pgoff 4 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = lshr i64 %3, 26 %59 = trunc i64 %58 to i32 %60 = and i32 %59, 63 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %63 = load i32, i32* @default_hstate_idx, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %64 br label %70 %71 = phi %struct.hstate* [ %69, %66 ], [ %65, %62 ] %72 = icmp eq %struct.hstate* %71, null br i1 %72, label %95, label %73 %74 = getelementptr inbounds %struct.hstate, %struct.hstate* %71, i64 0, i32 3 %75 = load i32, i32* %74, align 8 %76 = zext i32 %75 to i64 %77 = shl i64 4096, %76 %78 = add i64 %1, -1 %79 = add i64 %78, %77 %80 = sub i64 0, %77 %81 = and i64 %79, %80 %82 = tail call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14899, i64 0, i64 0), i64 %81, i64 2097152, i32 2, i32 %60) #83 Function:hugetlb_file_setup %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %11 %12 = zext i32 %4 to i64 %13 = shl nuw i64 1, %12 %14 = tail call %struct.hstate* @size_to_hstate(i64 %13) #83 br label %15 %16 = phi %struct.hstate* [ %14, %11 ], [ %10, %7 ] %17 = icmp eq %struct.hstate* %16, null br i1 %17, label %84, label %18 %19 = ptrtoint %struct.hstate* %16 to i64 %20 = sub i64 %19, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %21 = sdiv exact i64 %20, 2208 %22 = trunc i64 %21 to i32 %23 = icmp slt i32 %22, 0 br i1 %23, label %84, label %24 %25 = and i64 %21, 4294967295 %26 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %25 %27 = load %struct.vfsmount*, %struct.vfsmount** %26, align 8 %28 = icmp eq %struct.vfsmount* %27, null br i1 %28, label %84, label %29 %30 = icmp eq i32 %3, 1 br i1 %30, label %31, label %54 %32 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %33 = tail call zeroext i1 @capable(i32 14) #83 br i1 %33, label %54, label %34 %55 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %27, i64 0, i32 1 %56 = load %struct.super_block*, %struct.super_block** %55, align 8 %57 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %56, %struct.inode* null, i16 zeroext -32257, i32 0) #85 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %7 = tail call %struct.resv_map* @resv_map_alloc() #83 Function:resv_map_alloc %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3264, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 resv_map_alloc 1 hugetlbfs_get_inode 2 hugetlb_file_setup 3 ksys_mmap_pgoff 4 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = lshr i64 %3, 26 %59 = trunc i64 %58 to i32 %60 = and i32 %59, 63 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %63 = load i32, i32* @default_hstate_idx, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %64 br label %70 %71 = phi %struct.hstate* [ %69, %66 ], [ %65, %62 ] %72 = icmp eq %struct.hstate* %71, null br i1 %72, label %95, label %73 %74 = getelementptr inbounds %struct.hstate, %struct.hstate* %71, i64 0, i32 3 %75 = load i32, i32* %74, align 8 %76 = zext i32 %75 to i64 %77 = shl i64 4096, %76 %78 = add i64 %1, -1 %79 = add i64 %78, %77 %80 = sub i64 0, %77 %81 = and i64 %79, %80 %82 = tail call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14899, i64 0, i64 0), i64 %81, i64 2097152, i32 2, i32 %60) #83 Function:hugetlb_file_setup %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %11 %12 = zext i32 %4 to i64 %13 = shl nuw i64 1, %12 %14 = tail call %struct.hstate* @size_to_hstate(i64 %13) #83 br label %15 %16 = phi %struct.hstate* [ %14, %11 ], [ %10, %7 ] %17 = icmp eq %struct.hstate* %16, null br i1 %17, label %84, label %18 %19 = ptrtoint %struct.hstate* %16 to i64 %20 = sub i64 %19, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %21 = sdiv exact i64 %20, 2208 %22 = trunc i64 %21 to i32 %23 = icmp slt i32 %22, 0 br i1 %23, label %84, label %24 %25 = and i64 %21, 4294967295 %26 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %25 %27 = load %struct.vfsmount*, %struct.vfsmount** %26, align 8 %28 = icmp eq %struct.vfsmount* %27, null br i1 %28, label %84, label %29 %30 = icmp eq i32 %3, 1 br i1 %30, label %31, label %54 %32 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %33 = tail call zeroext i1 @capable(i32 14) #83 br i1 %33, label %54, label %34 %55 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %27, i64 0, i32 1 %56 = load %struct.super_block*, %struct.super_block** %55, align 8 %57 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %56, %struct.inode* null, i16 zeroext -32257, i32 0) #85 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %7 = tail call %struct.resv_map* @resv_map_alloc() #83 Function:resv_map_alloc %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3264, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 resv_map_alloc 1 hugetlbfs_get_inode 2 hugetlb_file_setup 3 ksys_mmap_pgoff 4 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = lshr i64 %3, 26 %59 = trunc i64 %58 to i32 %60 = and i32 %59, 63 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %63 = load i32, i32* @default_hstate_idx, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %64 br label %70 %71 = phi %struct.hstate* [ %69, %66 ], [ %65, %62 ] %72 = icmp eq %struct.hstate* %71, null br i1 %72, label %95, label %73 %74 = getelementptr inbounds %struct.hstate, %struct.hstate* %71, i64 0, i32 3 %75 = load i32, i32* %74, align 8 %76 = zext i32 %75 to i64 %77 = shl i64 4096, %76 %78 = add i64 %1, -1 %79 = add i64 %78, %77 %80 = sub i64 0, %77 %81 = and i64 %79, %80 %82 = tail call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14899, i64 0, i64 0), i64 %81, i64 2097152, i32 2, i32 %60) #83 Function:hugetlb_file_setup %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %11 %12 = zext i32 %4 to i64 %13 = shl nuw i64 1, %12 %14 = tail call %struct.hstate* @size_to_hstate(i64 %13) #83 br label %15 %16 = phi %struct.hstate* [ %14, %11 ], [ %10, %7 ] %17 = icmp eq %struct.hstate* %16, null br i1 %17, label %84, label %18 %19 = ptrtoint %struct.hstate* %16 to i64 %20 = sub i64 %19, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %21 = sdiv exact i64 %20, 2208 %22 = trunc i64 %21 to i32 %23 = icmp slt i32 %22, 0 br i1 %23, label %84, label %24 %25 = and i64 %21, 4294967295 %26 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %25 %27 = load %struct.vfsmount*, %struct.vfsmount** %26, align 8 %28 = icmp eq %struct.vfsmount* %27, null br i1 %28, label %84, label %29 %30 = icmp eq i32 %3, 1 br i1 %30, label %31, label %54 %32 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %33 = tail call zeroext i1 @capable(i32 14) #83 br i1 %33, label %54, label %34 %55 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %27, i64 0, i32 1 %56 = load %struct.super_block*, %struct.super_block** %55, align 8 %57 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %56, %struct.inode* null, i16 zeroext -32257, i32 0) #85 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %7 = tail call %struct.resv_map* @resv_map_alloc() #83 Function:resv_map_alloc %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3264, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 resv_map_alloc 1 hugetlbfs_get_inode 2 hugetlb_file_setup 3 ksys_mmap_pgoff 4 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:ksys_mmap_pgoff %7 = and i64 %3, 32 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %52 %53 = and i64 %3, 262144 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = lshr i64 %3, 26 %59 = trunc i64 %58 to i32 %60 = and i32 %59, 63 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %66 %63 = load i32, i32* @default_hstate_idx, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %64 br label %70 %71 = phi %struct.hstate* [ %69, %66 ], [ %65, %62 ] %72 = icmp eq %struct.hstate* %71, null br i1 %72, label %95, label %73 %74 = getelementptr inbounds %struct.hstate, %struct.hstate* %71, i64 0, i32 3 %75 = load i32, i32* %74, align 8 %76 = zext i32 %75 to i64 %77 = shl i64 4096, %76 %78 = add i64 %1, -1 %79 = add i64 %78, %77 %80 = sub i64 0, %77 %81 = and i64 %79, %80 %82 = tail call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14899, i64 0, i64 0), i64 %81, i64 2097152, i32 2, i32 %60) #83 Function:hugetlb_file_setup %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %11 %12 = zext i32 %4 to i64 %13 = shl nuw i64 1, %12 %14 = tail call %struct.hstate* @size_to_hstate(i64 %13) #83 br label %15 %16 = phi %struct.hstate* [ %14, %11 ], [ %10, %7 ] %17 = icmp eq %struct.hstate* %16, null br i1 %17, label %84, label %18 %19 = ptrtoint %struct.hstate* %16 to i64 %20 = sub i64 %19, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %21 = sdiv exact i64 %20, 2208 %22 = trunc i64 %21 to i32 %23 = icmp slt i32 %22, 0 br i1 %23, label %84, label %24 %25 = and i64 %21, 4294967295 %26 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %25 %27 = load %struct.vfsmount*, %struct.vfsmount** %26, align 8 %28 = icmp eq %struct.vfsmount* %27, null br i1 %28, label %84, label %29 %30 = icmp eq i32 %3, 1 br i1 %30, label %31, label %54 %32 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %33 = tail call zeroext i1 @capable(i32 14) #83 br i1 %33, label %54, label %34 %55 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %27, i64 0, i32 1 %56 = load %struct.super_block*, %struct.super_block** %55, align 8 %57 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %56, %struct.inode* null, i16 zeroext -32257, i32 0) #85 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %7 = tail call %struct.resv_map* @resv_map_alloc() #83 Function:resv_map_alloc %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3264, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 resv_map_alloc 1 hugetlbfs_get_inode 2 hugetlbfs_create ------------- Path:  Function:hugetlbfs_create %6 = or i16 %3, -32768 %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %8, %struct.inode* %1, i16 zeroext %6, i32 0) #83 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %7 = tail call %struct.resv_map* @resv_map_alloc() #83 Function:resv_map_alloc %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3264, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 resv_map_alloc 1 hugetlbfs_get_inode 2 hugetlbfs_symlink ------------- Path:  Function:hugetlbfs_symlink %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %6, %struct.inode* %1, i16 zeroext -24065, i32 0) #83 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %7 = tail call %struct.resv_map* @resv_map_alloc() #83 Function:resv_map_alloc %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3264, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 resv_map_alloc 1 hugetlbfs_get_inode 2 hugetlbfs_mkdir ------------- Path:  Function:hugetlbfs_mkdir %5 = or i16 %3, 16384 %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %5, i32 0) #83 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %7 = tail call %struct.resv_map* @resv_map_alloc() #83 Function:resv_map_alloc %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3264, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 resv_map_alloc 1 hugetlbfs_get_inode 2 hugetlbfs_mknod ------------- Path:  Function:hugetlbfs_mknod %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %3, i32 %4) #83 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %7 = tail call %struct.resv_map* @resv_map_alloc() #83 Function:resv_map_alloc %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3264, i64 56) #83 ------------- Use: =BAD PATH= Call Stack: 0 resv_map_alloc 1 hugetlbfs_get_inode 2 hugetlbfs_tmpfile ------------- Path:  Function:hugetlbfs_tmpfile %5 = or i16 %3, -32768 %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %5, i32 0) #83 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %7 = tail call %struct.resv_map* @resv_map_alloc() #83 Function:resv_map_alloc %1 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %2 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %1, i32 3264, i64 56) #83 ------------- Good: 4813 Bad: 458 Ignored: 4731 Check Use of Function:__audit_inode_child Check Use of Function:sta_info_insert Check Use of Function:cn_netlink_send Check Use of Function:tracefs_syscall_rmdir Check Use of Function:ieee80211_vif_release_channel Check Use of Function:cfg80211_process_wdev_events Check Use of Function:fat_dir_ioctl Check Use of Function:perf_uprobe_init Check Use of Function:kernfs_fop_write_iter Check Use of Function:cfg80211_stop_p2p_device Check Use of Function:cfg80211_mlme_purge_registrations Check Use of Function:security_kernel_post_load_data Check Use of Function:netlbl_calipso_genl_init Check Use of Function:genl_unregister_family Check Use of Function:do_timens_ktime_to_host Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex_waitv 1 __ia32_sys_futex_waitv ------------- Path:  Function:__ia32_sys_futex_waitv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_futex_waitv(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_futex_waitv %6 = alloca %struct.thread_info, align 8 %7 = alloca %struct.hrtimer_sleeper, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %0 to %struct.thread_info* %11 = trunc i64 %1 to i32 %12 = trunc i64 %2 to i32 %13 = inttoptr i64 %3 to %struct.cpu_itimer* %14 = trunc i64 %4 to i32 %15 = bitcast %struct.hrtimer_sleeper* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = bitcast i64* %9 to i8* %18 = icmp eq i32 %12, 0 br i1 %18, label %19, label %111 %20 = add i32 %11, -1 %21 = icmp ult i32 %20, 128 %22 = icmp ne i64 %0, 0 %23 = and i1 %22, %21 br i1 %23, label %24, label %111 %25 = icmp eq i64 %3, 0 br i1 %25, label %61, label %26 %27 = icmp eq i32 %14, 0 %28 = select i1 %27, i32 2, i32 0 %29 = icmp ult i32 %14, 2 br i1 %29, label %30, label %111 %31 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %13) #83 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %111 %34 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %35 = load i64, i64* %34, align 8 %36 = icmp slt i64 %35, 0 br i1 %36, label %111, label %37 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = icmp ult i64 %39, 1000000000 br i1 %40, label %41, label %111 %42 = icmp sgt i64 %35, 9223372035 %43 = mul i64 %35, 1000000000 %44 = add i64 %39, %43 %45 = select i1 %42, i64 9223372036854775807, i64 %44, !prof !4 store i64 %45, i64* %9, align 8 br i1 %27, label %59, label %46 %47 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %48 = inttoptr i64 %47 to %struct.task_struct* %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %48, i64 0, i32 103 %50 = load %struct.nsproxy*, %struct.nsproxy** %49, align 64 %51 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %50, i64 0, i32 6 %52 = load %struct.time_namespace*, %struct.time_namespace** %51, align 8 %53 = icmp eq %struct.time_namespace* %52, @init_time_ns br i1 %53, label %57, label %54, !prof !6, !misexpect !7 %55 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %52, i64 0, i32 3 %56 = call i64 @do_timens_ktime_to_host(i32 1, i64 %45, %struct.timens_offsets* %55) #83 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex_waitv 1 __x64_sys_futex_waitv ------------- Path:  Function:__x64_sys_futex_waitv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_futex_waitv(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_futex_waitv %6 = alloca %struct.thread_info, align 8 %7 = alloca %struct.hrtimer_sleeper, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %0 to %struct.thread_info* %11 = trunc i64 %1 to i32 %12 = trunc i64 %2 to i32 %13 = inttoptr i64 %3 to %struct.cpu_itimer* %14 = trunc i64 %4 to i32 %15 = bitcast %struct.hrtimer_sleeper* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = bitcast i64* %9 to i8* %18 = icmp eq i32 %12, 0 br i1 %18, label %19, label %111 %20 = add i32 %11, -1 %21 = icmp ult i32 %20, 128 %22 = icmp ne i64 %0, 0 %23 = and i1 %22, %21 br i1 %23, label %24, label %111 %25 = icmp eq i64 %3, 0 br i1 %25, label %61, label %26 %27 = icmp eq i32 %14, 0 %28 = select i1 %27, i32 2, i32 0 %29 = icmp ult i32 %14, 2 br i1 %29, label %30, label %111 %31 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %13) #83 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %111 %34 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %35 = load i64, i64* %34, align 8 %36 = icmp slt i64 %35, 0 br i1 %36, label %111, label %37 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = icmp ult i64 %39, 1000000000 br i1 %40, label %41, label %111 %42 = icmp sgt i64 %35, 9223372035 %43 = mul i64 %35, 1000000000 %44 = add i64 %39, %43 %45 = select i1 %42, i64 9223372036854775807, i64 %44, !prof !4 store i64 %45, i64* %9, align 8 br i1 %27, label %59, label %46 %47 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %48 = inttoptr i64 %47 to %struct.task_struct* %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %48, i64 0, i32 103 %50 = load %struct.nsproxy*, %struct.nsproxy** %49, align 64 %51 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %50, i64 0, i32 6 %52 = load %struct.time_namespace*, %struct.time_namespace** %51, align 8 %53 = icmp eq %struct.time_namespace* %52, @init_time_ns br i1 %53, label %57, label %54, !prof !6, !misexpect !7 %55 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %52, i64 0, i32 3 %56 = call i64 @do_timens_ktime_to_host(i32 1, i64 %45, %struct.timens_offsets* %55) #83 ------------- Good: 3 Bad: 6 Ignored: 7 Check Use of Function:netlink_register_notifier Check Use of Function:nl80211_exit Check Use of Function:ieee80211_bss_info_change_notify Check Use of Function:__mmap_lock_do_trace_released Use: =BAD PATH= Call Stack: 0 do_get_mempolicy 1 __se_sys_get_mempolicy 2 __ia32_sys_get_mempolicy ------------- Path:  Function:__ia32_sys_get_mempolicy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_get_mempolicy(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_get_mempolicy %6 = alloca i32, align 4 %7 = alloca %struct.cpumask, align 8 %8 = bitcast i32* %6 to i8* %9 = bitcast %struct.cpumask* %7 to i8* %10 = icmp eq i64 %1, 0 br i1 %10, label %15, label %11 %12 = load i32, i32* @nr_node_ids, align 4 %13 = zext i32 %12 to i64 %14 = icmp ugt i64 %13, %2 br i1 %14, label %82, label %15 %16 = call fastcc i64 @do_get_mempolicy(i32* nonnull %6, %struct.cpumask* nonnull %7, i64 %3, i64 %4) #83 Function:do_get_mempolicy %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 47 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 156 %10 = load %struct.mempolicy*, %struct.mempolicy** %9, align 8 %11 = icmp ult i64 %3, 8 br i1 %11, label %12, label %159 %13 = and i64 %3, 4 %14 = icmp eq i64 %13, 0 br i1 %14, label %23, label %15 %24 = and i64 %3, 2 %25 = icmp eq i64 %24, 0 br i1 %25, label %54, label %26 %55 = icmp eq i64 %2, 0 br i1 %55, label %62, label %159 %63 = icmp eq %struct.mempolicy* %10, null %64 = select i1 %63, %struct.mempolicy* @default_policy, %struct.mempolicy* %10 %65 = and i64 %3, 1 %66 = icmp eq i64 %65, 0 br i1 %66, label %83, label %71 %72 = icmp eq %struct.mempolicy* %64, %10 br i1 %72, label %73, label %124 %125 = phi %struct.mempolicy* [ %59, %67 ], [ %100, %108 ], [ %100, %123 ], [ %100, %98 ], [ %10, %73 ], [ %64, %71 ] %126 = phi i32 [ %69, %67 ], [ 0, %108 ], [ 0, %123 ], [ 0, %98 ], [ -22, %73 ], [ -22, %71 ] %127 = phi %struct.vm_area_struct* [ null, %67 ], [ %101, %108 ], [ %101, %123 ], [ %101, %98 ], [ null, %73 ], [ null, %71 ] %128 = phi %struct.mempolicy* [ %59, %67 ], [ %102, %108 ], [ %102, %123 ], [ %102, %98 ], [ null, %73 ], [ null, %71 ] %129 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %125, i64 0, i32 2 %130 = load i16, i16* %129, align 2 %131 = and i16 %130, 1 %132 = icmp eq i16 %131, 0 br i1 %132, label %141, label %133 %142 = icmp eq %struct.vm_area_struct* %127, null br i1 %142, label %147, label %143 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_get_mempolicy, %144)) #6 to label %145 [label %144], !srcloc !5 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %8, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_get_mempolicy 1 __se_sys_get_mempolicy 2 __x64_sys_get_mempolicy ------------- Path:  Function:__x64_sys_get_mempolicy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_get_mempolicy(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_get_mempolicy %6 = alloca i32, align 4 %7 = alloca %struct.cpumask, align 8 %8 = bitcast i32* %6 to i8* %9 = bitcast %struct.cpumask* %7 to i8* %10 = icmp eq i64 %1, 0 br i1 %10, label %15, label %11 %12 = load i32, i32* @nr_node_ids, align 4 %13 = zext i32 %12 to i64 %14 = icmp ugt i64 %13, %2 br i1 %14, label %82, label %15 %16 = call fastcc i64 @do_get_mempolicy(i32* nonnull %6, %struct.cpumask* nonnull %7, i64 %3, i64 %4) #83 Function:do_get_mempolicy %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 47 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 156 %10 = load %struct.mempolicy*, %struct.mempolicy** %9, align 8 %11 = icmp ult i64 %3, 8 br i1 %11, label %12, label %159 %13 = and i64 %3, 4 %14 = icmp eq i64 %13, 0 br i1 %14, label %23, label %15 %24 = and i64 %3, 2 %25 = icmp eq i64 %24, 0 br i1 %25, label %54, label %26 %55 = icmp eq i64 %2, 0 br i1 %55, label %62, label %159 %63 = icmp eq %struct.mempolicy* %10, null %64 = select i1 %63, %struct.mempolicy* @default_policy, %struct.mempolicy* %10 %65 = and i64 %3, 1 %66 = icmp eq i64 %65, 0 br i1 %66, label %83, label %71 %72 = icmp eq %struct.mempolicy* %64, %10 br i1 %72, label %73, label %124 %125 = phi %struct.mempolicy* [ %59, %67 ], [ %100, %108 ], [ %100, %123 ], [ %100, %98 ], [ %10, %73 ], [ %64, %71 ] %126 = phi i32 [ %69, %67 ], [ 0, %108 ], [ 0, %123 ], [ 0, %98 ], [ -22, %73 ], [ -22, %71 ] %127 = phi %struct.vm_area_struct* [ null, %67 ], [ %101, %108 ], [ %101, %123 ], [ %101, %98 ], [ null, %73 ], [ null, %71 ] %128 = phi %struct.mempolicy* [ %59, %67 ], [ %102, %108 ], [ %102, %123 ], [ %102, %98 ], [ null, %73 ], [ null, %71 ] %129 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %125, i64 0, i32 2 %130 = load i16, i16* %129, align 2 %131 = and i16 %130, 1 %132 = icmp eq i16 %131, 0 br i1 %132, label %141, label %133 %142 = icmp eq %struct.vm_area_struct* %127, null br i1 %142, label %147, label %143 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_get_mempolicy, %144)) #6 to label %145 [label %144], !srcloc !5 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %8, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 madvise_remove 1 do_madvise 2 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %88 = call fastcc i64 @madvise_remove(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #83 Function:madvise_remove %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 store %struct.vm_area_struct* null, %struct.vm_area_struct** %1, align 8 %7 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8192 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %45 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = icmp eq %struct.file* %13, null br i1 %14, label %45, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = icmp eq %struct.address_space* %17, null br i1 %18, label %45, label %19 %20 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 0 %21 = load %struct.inode*, %struct.inode** %20, align 8 %22 = icmp eq %struct.inode* %21, null br i1 %22, label %45, label %23 %24 = and i64 %8, 10 %25 = icmp eq i64 %24, 10 br i1 %25, label %26, label %45 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = sub i64 %2, %28 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %31 = load i64, i64* %30, align 8 %32 = shl i64 %31, 12 %33 = add i64 %29, %32 %34 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@madvise_remove, %35)) #6 to label %36 [label %35], !srcloc !5 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %6, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 madvise_remove 1 do_madvise 2 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %88 = call fastcc i64 @madvise_remove(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #83 Function:madvise_remove %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 store %struct.vm_area_struct* null, %struct.vm_area_struct** %1, align 8 %7 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8192 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %45 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = icmp eq %struct.file* %13, null br i1 %14, label %45, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = icmp eq %struct.address_space* %17, null br i1 %18, label %45, label %19 %20 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 0 %21 = load %struct.inode*, %struct.inode** %20, align 8 %22 = icmp eq %struct.inode* %21, null br i1 %22, label %45, label %23 %24 = and i64 %8, 10 %25 = icmp eq i64 %24, 10 br i1 %25, label %26, label %45 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = sub i64 %2, %28 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %31 = load i64, i64* %30, align 8 %32 = shl i64 %31, 12 %33 = add i64 %29, %32 %34 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@madvise_remove, %35)) #6 to label %36 [label %35], !srcloc !5 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %6, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 madvise_willneed 1 do_madvise 2 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #83 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 9 %19 = load %struct.address_space_operations*, %struct.address_space_operations** %18, align 8 %20 = icmp eq %struct.address_space_operations* %19, @shmem_aops br i1 %20, label %21, label %137 store %struct.vm_area_struct* null, %struct.vm_area_struct** %1, align 8 %138 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %138, i64* %138) #6, !srcloc !9 %139 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %140 = load i64, i64* %139, align 8 %141 = sub i64 %2, %140 %142 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %143 = load i64, i64* %142, align 8 %144 = shl i64 %143, 12 %145 = add i64 %141, %144 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@madvise_willneed, %146)) #6 to label %147 [label %146], !srcloc !10 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %7, i1 zeroext false) #83 ------------- Use: =BAD PATH= Call Stack: 0 madvise_willneed 1 do_madvise 2 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %74, %struct.vm_area_struct** nonnull %11, i64 %82, i64 %86) #83 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 9 %19 = load %struct.address_space_operations*, %struct.address_space_operations** %18, align 8 %20 = icmp eq %struct.address_space_operations* %19, @shmem_aops br i1 %20, label %21, label %137 store %struct.vm_area_struct* null, %struct.vm_area_struct** %1, align 8 %138 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %138, i64* %138) #6, !srcloc !9 %139 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %140 = load i64, i64* %139, align 8 %141 = sub i64 %2, %140 %142 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %143 = load i64, i64* %142, align 8 %144 = shl i64 %143, 12 %145 = add i64 %141, %144 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@madvise_willneed, %146)) #6 to label %147 [label %146], !srcloc !10 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %7, i1 zeroext false) #83 ------------- Good: 155 Bad: 6 Ignored: 110 Check Use of Function:autofs_dir_unlink Check Use of Function:regulatory_exit Check Use of Function:alloc_workqueue Check Use of Function:free_fs_struct Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __ia32_sys_unshare ------------- Path:  Function:__ia32_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call i32 @ksys_unshare(i64 %4) #83 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %152 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 74 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %152 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 105 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 16 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %152, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #83 br i1 %45, label %46, label %152 %47 = and i64 %8, 134479872 %48 = icmp eq i64 %47, 0 %49 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %50 = inttoptr i64 %49 to %struct.task_struct* %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 100 %52 = load %struct.fs_struct*, %struct.fs_struct** %51, align 8 %53 = and i64 %17, 512 %54 = icmp ne i64 %53, 0 %55 = icmp ne %struct.fs_struct* %52, null %56 = and i1 %54, %55 br i1 %56, label %57, label %65 %66 = phi i64 [ 0, %46 ], [ %63, %61 ], [ 0, %57 ] %67 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 101 %68 = load %struct.files_struct*, %struct.files_struct** %67, align 16 %69 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 %70 = and i64 %8, 1024 %71 = icmp ne i64 %70, 0 %72 = icmp ne %struct.files_struct* %68, null %73 = and i1 %71, %72 br i1 %73, label %74, label %83 %75 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %68, i64 0, i32 0, i32 0 %76 = load volatile i32, i32* %75, align 4 %77 = icmp sgt i32 %76, 1 br i1 %77, label %78, label %83 %84 = phi i64 [ 0, %65 ], [ 0, %74 ], [ %80, %78 ] br label %87 %88 = phi i64 [ %84, %83 ], [ %80, %85 ] %89 = and i64 %8, 268435456 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %139 %92 = inttoptr i64 %66 to %struct.fs_struct* %93 = call i32 @unshare_nsproxy_namespaces(i64 %17, %struct.nsproxy** nonnull %3, %struct.cred* null, %struct.fs_struct* %92) #83 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %139 %96 = or i64 %66, %47 %97 = or i64 %96, %88 %98 = icmp ne i64 %97, 0 %99 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %100 = icmp ne %struct.nsproxy* %99, null %101 = or i1 %98, %100 br i1 %101, label %102, label %136 br i1 %48, label %104, label %103 %105 = and i64 %8, 134217728 %106 = icmp eq i64 %105, 0 br i1 %106, label %111, label %107 %112 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %113 = icmp eq %struct.nsproxy* %112, null br i1 %113, label %115, label %114 %116 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 121, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %116) #83 %117 = icmp eq i64 %66, 0 br i1 %117, label %128, label %118 %129 = phi i64 [ 0, %115 ], [ %127, %118 ] %130 = icmp eq i64 %88, 0 br i1 %130, label %134, label %131 %135 = phi i64 [ 0, %128 ], [ %133, %131 ] call void @_raw_spin_unlock(%struct.raw_spinlock* %116) #83 br label %136 %137 = phi i64 [ %129, %134 ], [ %66, %95 ] %138 = phi i64 [ %135, %134 ], [ %88, %95 ] call void bitcast (void (%struct.task_struct.115211*)* @perf_event_namespaces to void (%struct.task_struct*)*)(%struct.task_struct* %50) #83 br label %139 %140 = phi i64 [ %66, %87 ], [ %137, %136 ], [ %66, %91 ] %141 = phi i64 [ %88, %87 ], [ %138, %136 ], [ %88, %91 ] %142 = phi i32 [ -22, %87 ], [ 0, %136 ], [ %93, %91 ] %143 = icmp eq i64 %141, 0 br i1 %143, label %146, label %144 %147 = phi i64 [ %140, %139 ], [ %140, %144 ], [ %66, %85 ] %148 = phi i32 [ %142, %139 ], [ %142, %144 ], [ %82, %85 ] %149 = icmp eq i64 %147, 0 br i1 %149, label %152, label %150 %151 = inttoptr i64 %147 to %struct.fs_struct* call void @free_fs_struct(%struct.fs_struct* nonnull %151) #83 ------------- Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __x64_sys_unshare ------------- Path:  Function:__x64_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call i32 @ksys_unshare(i64 %3) #83 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %152 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 74 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %152 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 105 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 16 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %152, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #83 br i1 %45, label %46, label %152 %47 = and i64 %8, 134479872 %48 = icmp eq i64 %47, 0 %49 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %50 = inttoptr i64 %49 to %struct.task_struct* %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 100 %52 = load %struct.fs_struct*, %struct.fs_struct** %51, align 8 %53 = and i64 %17, 512 %54 = icmp ne i64 %53, 0 %55 = icmp ne %struct.fs_struct* %52, null %56 = and i1 %54, %55 br i1 %56, label %57, label %65 %66 = phi i64 [ 0, %46 ], [ %63, %61 ], [ 0, %57 ] %67 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 101 %68 = load %struct.files_struct*, %struct.files_struct** %67, align 16 %69 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 %70 = and i64 %8, 1024 %71 = icmp ne i64 %70, 0 %72 = icmp ne %struct.files_struct* %68, null %73 = and i1 %71, %72 br i1 %73, label %74, label %83 %75 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %68, i64 0, i32 0, i32 0 %76 = load volatile i32, i32* %75, align 4 %77 = icmp sgt i32 %76, 1 br i1 %77, label %78, label %83 %84 = phi i64 [ 0, %65 ], [ 0, %74 ], [ %80, %78 ] br label %87 %88 = phi i64 [ %84, %83 ], [ %80, %85 ] %89 = and i64 %8, 268435456 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %139 %92 = inttoptr i64 %66 to %struct.fs_struct* %93 = call i32 @unshare_nsproxy_namespaces(i64 %17, %struct.nsproxy** nonnull %3, %struct.cred* null, %struct.fs_struct* %92) #83 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %139 %96 = or i64 %66, %47 %97 = or i64 %96, %88 %98 = icmp ne i64 %97, 0 %99 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %100 = icmp ne %struct.nsproxy* %99, null %101 = or i1 %98, %100 br i1 %101, label %102, label %136 br i1 %48, label %104, label %103 %105 = and i64 %8, 134217728 %106 = icmp eq i64 %105, 0 br i1 %106, label %111, label %107 %112 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %113 = icmp eq %struct.nsproxy* %112, null br i1 %113, label %115, label %114 %116 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 121, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %116) #83 %117 = icmp eq i64 %66, 0 br i1 %117, label %128, label %118 %129 = phi i64 [ 0, %115 ], [ %127, %118 ] %130 = icmp eq i64 %88, 0 br i1 %130, label %134, label %131 %135 = phi i64 [ 0, %128 ], [ %133, %131 ] call void @_raw_spin_unlock(%struct.raw_spinlock* %116) #83 br label %136 %137 = phi i64 [ %129, %134 ], [ %66, %95 ] %138 = phi i64 [ %135, %134 ], [ %88, %95 ] call void bitcast (void (%struct.task_struct.115211*)* @perf_event_namespaces to void (%struct.task_struct*)*)(%struct.task_struct* %50) #83 br label %139 %140 = phi i64 [ %66, %87 ], [ %137, %136 ], [ %66, %91 ] %141 = phi i64 [ %88, %87 ], [ %138, %136 ], [ %88, %91 ] %142 = phi i32 [ -22, %87 ], [ 0, %136 ], [ %93, %91 ] %143 = icmp eq i64 %141, 0 br i1 %143, label %146, label %144 %147 = phi i64 [ %140, %139 ], [ %140, %144 ], [ %66, %85 ] %148 = phi i32 [ %142, %139 ], [ %142, %144 ], [ %82, %85 ] %149 = icmp eq i64 %147, 0 br i1 %149, label %152, label %150 %151 = inttoptr i64 %147 to %struct.fs_struct* call void @free_fs_struct(%struct.fs_struct* nonnull %151) #83 ------------- Good: 1 Bad: 2 Ignored: 1 Check Use of Function:autofs_lookup Check Use of Function:regulatory_init Check Use of Function:rate_control_deinitialize Check Use of Function:debugfs_create_dir Check Use of Function:seg6_exit Check Use of Function:io_req_task_work_add Check Use of Function:igmp6_late_init Check Use of Function:put_ipc_ns Use: =BAD PATH= Call Stack: 0 shm_release ------------- Path:  Function:shm_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %5, i64 0, i32 1 %7 = load %struct.ipc_namespace*, %struct.ipc_namespace** %6, align 8 tail call void @put_ipc_ns(%struct.ipc_namespace* %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 mqueue_create_attr 1 mqueue_create ------------- Path:  Function:mqueue_create %6 = tail call i32 @mqueue_create_attr(%struct.dentry* %2, i16 zeroext %3, i8* null) #83 Function:mqueue_create_attr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %5 = load %struct.dentry*, %struct.dentry** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %5, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = bitcast i8* %2 to %struct.mq_attr* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @mq_lock, i64 0, i32 0, i32 0)) #83 %9 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.ipc_namespace** %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 16 %14 = icmp eq %struct.ipc_namespace* %13, null br i1 %14, label %65, label %15 %16 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 24, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #83 br label %26 %27 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 15 %28 = load i32, i32* %27, align 8 %29 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 16 %30 = load i32, i32* %29, align 4 %31 = icmp ult i32 %28, %30 br i1 %31, label %36, label %32 %33 = tail call zeroext i1 @capable(i32 24) #83 br i1 %33, label %34, label %66 %67 = phi i32 [ -28, %32 ], [ %44, %42 ] tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @mq_lock, i64 0, i32 0, i32 0)) #83 tail call void @put_ipc_ns(%struct.ipc_namespace* nonnull %13) #83 ------------- Good: 11 Bad: 2 Ignored: 7 Check Use of Function:synchronize_srcu_expedited Check Use of Function:cfg80211_rx_unprot_mlme_mgmt Check Use of Function:ioam6_init Check Use of Function:genl_ctrl_event Check Use of Function:reg_process_self_managed_hints Check Use of Function:cancel_delayed_work Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_commit_done ------------- Path:  Function:nfs4_commit_done %3 = getelementptr inbounds %struct.nfs_commit_data.233181, %struct.nfs_commit_data.233181* %1, i64 0, i32 9, i32 0, i32 0 %4 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %3, align 8 %5 = icmp eq %struct.nfs4_slot.233140* %4, null br i1 %5, label %13, label %6 %7 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %4, i64 0, i32 0 %8 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %8, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %8, %struct.nfs4_slot.233140* nonnull %4) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %8 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %5, i64 0, i32 0 %9 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %9, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #83 %11 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %9, %struct.nfs4_slot.233140* nonnull %5) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %8 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %5, i64 0, i32 0 %9 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %9, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #83 %11 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %9, %struct.nfs4_slot.233140* nonnull %5) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.233148** %7 = load %struct.nfs_renamedata.233148*, %struct.nfs_renamedata.233148** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %8, align 8 %10 = icmp eq %struct.nfs4_slot.233140* %9, null br i1 %10, label %18, label %11 %12 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %9, i64 0, i32 0 %13 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %13, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %14) #83 %15 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %13, %struct.nfs4_slot.233140* nonnull %9) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.233145** %6 = load %struct.nfs_unlinkdata.233145*, %struct.nfs_unlinkdata.233145** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %17, label %10 %11 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %8, i64 0, i32 0 %12 = load %struct.nfs4_slot_table.233139*, %struct.nfs4_slot_table.233139** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %12, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %13) #83 %14 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.233139* %12, %struct.nfs4_slot.233140* nonnull %8) #83 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.233140, %struct.nfs4_slot.233140* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.233139, %struct.nfs4_slot_table.233139* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.233140* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #83 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #83 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #83 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #83 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %31 [label %11], !srcloc !4 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %34 = load volatile %struct.list_head*, %struct.list_head** %33, align 8 %35 = icmp eq %struct.list_head* %34, %32 br i1 %35, label %49, label %36 %37 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %37, align 8 %38 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %40, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %34, %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %33, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %38, align 8 %42 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %49 %47 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %48 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %47) #84 ------------- Good: 219 Bad: 5 Ignored: 177 Check Use of Function:seq_read_iter Use: =BAD PATH= Call Stack: 0 kernfs_fop_read_iter ------------- Path:  Function:kernfs_fop_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.kernfs_open_file** %10 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %9, align 8 %11 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %10, i64 0, i32 0 %12 = load %struct.kernfs_node*, %struct.kernfs_node** %11, align 8 %13 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %12, i64 0, i32 10 %14 = load i16, i16* %13, align 8 %15 = and i16 %14, 64 %16 = icmp eq i16 %15, 0 br i1 %16, label %19, label %17 %18 = tail call i64 @seq_read_iter(%struct.kiocb* %0, %struct.iov_iter* %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #83 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #84 ------------- Good: 0 Bad: 113 Ignored: 119 Check Use of Function:drm_gem_handle_delete Check Use of Function:usblp_ioctl Check Use of Function:cfg80211_rdev_by_wiphy_idx Check Use of Function:regulatory_hint_user Check Use of Function:uart_change_speed Check Use of Function:ieee80211_key_free_common Check Use of Function:mod_delayed_work_on Use: =BAD PATH= Call Stack: 0 __intel_wakeref_put_last 1 intel_gt_pm_debugfs_forcewake_user_release 2 i915_forcewake_release ------------- Path:  Function:i915_forcewake_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.426623** %5 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %5, i64 0, i32 108 %7 = tail call i32 @intel_gt_pm_debugfs_forcewake_user_release(%struct.intel_gt.426438* %6) #83 Function:intel_gt_pm_debugfs_forcewake_user_release %2 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %0, i64 0, i32 0 %3 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %2, align 8 %4 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %3, i64 0, i32 3, i32 0 %5 = load i8, i8* %4, align 8 %6 = icmp ugt i8 %5, 5 br i1 %6, label %7, label %10 %8 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %0, i64 0, i32 1 %9 = load %struct.intel_uncore.426297*, %struct.intel_uncore.426297** %8, align 8 tail call void bitcast (void (%struct.intel_uncore.422493*)* @intel_uncore_forcewake_user_put to void (%struct.intel_uncore.426297*)*)(%struct.intel_uncore.426297* %9) #83 br label %10 %11 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %0, i64 0, i32 8 %12 = tail call i32 @__SCT__might_resched() #83 %13 = getelementptr inbounds %struct.intel_wakeref, %struct.intel_wakeref* %11, i64 0, i32 0, i32 0 %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 1 br i1 %15, label %26, label %16, !prof !4, !misexpect !5 %17 = phi i32 [ %24, %23 ], [ %14, %10 ] %18 = add i32 %17, -1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %13, i32 %18, i32* %13, i32 %17) #6, !srcloc !6 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %27, !prof !4, !misexpect !5 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 1 br i1 %25, label %26, label %16, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.intel_wakeref.422513*, i64)* @__intel_wakeref_put_last to void (%struct.intel_wakeref*, i64)*)(%struct.intel_wakeref* %11, i64 0) #83 Function:__intel_wakeref_put_last %3 = and i64 %1, 1 %4 = icmp eq i64 %3, 0 br i1 %4, label %5, label %9 %6 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 1 %7 = tail call i32 @mutex_trylock(%struct.mutex* %6) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %10 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %11 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 5 %12 = lshr i64 %1, 1 %13 = tail call zeroext i1 @mod_delayed_work_on(i32 64, %struct.workqueue_struct* %10, %struct.delayed_work* %11, i64 %12) #83 ------------- Use: =BAD PATH= Call Stack: 0 __intel_wakeref_put_last 1 forcewake_user_release ------------- Path:  Function:forcewake_user_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.intel_gt.426438** %5 = load %struct.intel_gt.426438*, %struct.intel_gt.426438** %4, align 8 %6 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %5, i64 0, i32 0 %7 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %6, align 8 %8 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %7, i64 0, i32 3, i32 0 %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 5 br i1 %10, label %11, label %14 %12 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %5, i64 0, i32 1 %13 = load %struct.intel_uncore.426297*, %struct.intel_uncore.426297** %12, align 8 tail call void bitcast (void (%struct.intel_uncore.422493*)* @intel_uncore_forcewake_user_put to void (%struct.intel_uncore.426297*)*)(%struct.intel_uncore.426297* %13) #83 br label %14 %15 = getelementptr inbounds %struct.intel_gt.426438, %struct.intel_gt.426438* %5, i64 0, i32 8 %16 = tail call i32 @__SCT__might_resched() #83 %17 = getelementptr inbounds %struct.intel_wakeref, %struct.intel_wakeref* %15, i64 0, i32 0, i32 0 %18 = load volatile i32, i32* %17, align 4 %19 = icmp eq i32 %18, 1 br i1 %19, label %30, label %20, !prof !4, !misexpect !5 %21 = phi i32 [ %28, %27 ], [ %18, %14 ] %22 = add i32 %21, -1 %23 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 %22, i32* %17, i32 %21) #6, !srcloc !6 %24 = extractvalue { i8, i32 } %23, 0 %25 = and i8 %24, 1 %26 = icmp eq i8 %25, 0 br i1 %26, label %27, label %31, !prof !4, !misexpect !5 %28 = extractvalue { i8, i32 } %23, 1 %29 = icmp eq i32 %28, 1 br i1 %29, label %30, label %20, !prof !4, !misexpect !5 tail call void bitcast (void (%struct.intel_wakeref.422513*, i64)* @__intel_wakeref_put_last to void (%struct.intel_wakeref*, i64)*)(%struct.intel_wakeref* %15, i64 0) #83 Function:__intel_wakeref_put_last %3 = and i64 %1, 1 %4 = icmp eq i64 %3, 0 br i1 %4, label %5, label %9 %6 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 1 %7 = tail call i32 @mutex_trylock(%struct.mutex* %6) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %14 %10 = load %struct.workqueue_struct*, %struct.workqueue_struct** @system_wq, align 8 %11 = getelementptr inbounds %struct.intel_wakeref.422513, %struct.intel_wakeref.422513* %0, i64 0, i32 5 %12 = lshr i64 %1, 1 %13 = tail call zeroext i1 @mod_delayed_work_on(i32 64, %struct.workqueue_struct* %10, %struct.delayed_work* %11, i64 %12) #83 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_request_bypass_insert 4 blk_mq_sched_insert_request 5 blk_mq_submit_bio 6 __submit_bio 7 submit_bio_noacct 8 __blk_queue_split 9 blk_queue_split 10 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.688709*, align 8 store %struct.bio.688709* %0, %struct.bio.688709** %2, align 8 %3 = getelementptr inbounds %struct.bio.688709, %struct.bio.688709* %0, i64 0, i32 1 %4 = load %struct.block_device.688705*, %struct.block_device.688705** %3, align 8 %5 = getelementptr inbounds %struct.block_device.688705, %struct.block_device.688705* %4, i64 0, i32 17 %6 = load %struct.gendisk.688433*, %struct.gendisk.688433** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.688433, %struct.gendisk.688433* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 38 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #83 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = icmp eq i8* %13, null br i1 %15, label %16, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 1 %28 = icmp eq i64 %27, 0 %29 = getelementptr inbounds %struct.bio.688709, %struct.bio.688709* %0, i64 0, i32 2 %30 = load i32, i32* %29, align 8 br i1 %28, label %59, label %31, !prof !6, !misexpect !5 %60 = trunc i32 %30 to i8 switch i8 %60, label %63 [ i8 3, label %61 i8 5, label %61 i8 7, label %61 i8 9, label %61 ] call void bitcast (void (%struct.bio.289986**)* @blk_queue_split to void (%struct.bio.688709**)*)(%struct.bio.688709** nonnull %2) #83 Function:blk_queue_split %2 = alloca i32, align 4 %3 = load %struct.bio.289986*, %struct.bio.289986** %0, align 8 %4 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 1 %5 = load %struct.block_device.289982*, %struct.block_device.289982** %4, align 8 %6 = getelementptr inbounds %struct.block_device.289982, %struct.block_device.289982* %5, i64 0, i32 18 %7 = load %struct.request_queue.289873*, %struct.request_queue.289873** %6, align 8 %8 = bitcast i32* %2 to i8* %9 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i8 switch i8 %11, label %12 [ i8 3, label %29 i8 5, label %29 i8 9, label %29 i8 7, label %29 ] %13 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %7, i64 0, i32 32, i32 5 %14 = load i32, i32* %13, align 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %29 call void @__blk_queue_split(%struct.request_queue.289873* %7, %struct.bio.289986** %0, i32* nonnull %2) #83 Function:__blk_queue_split %4 = alloca %struct.bio_vec.289985, align 8 %5 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %6 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 2 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i8 switch i8 %8, label %80 [ i8 3, label %9 i8 5, label %9 i8 9, label %56 i8 7, label %68 ] %69 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 52 store i32 1, i32* %2, align 4 %70 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 32, i32 15 %71 = load i32, i32* %70, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %324, label %73 %74 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 8, i32 1 %75 = load i32, i32* %74, align 8 %76 = lshr i32 %75, 9 %77 = icmp ugt i32 %76, %71 br i1 %77, label %78, label %324 %79 = tail call %struct.bio.289986* @bio_split(%struct.bio.289986* %5, i32 %71, i32 3072, %struct.bio_set.289990* %69) #83 br label %290 %291 = phi %struct.bio.289986* [ %289, %288 ], [ %55, %38 ], [ %67, %66 ], [ %79, %78 ] %292 = icmp eq %struct.bio.289986* %291, null br i1 %292, label %324, label %293 %294 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %291, i64 0, i32 2 %295 = load i32, i32* %294, align 8 %296 = or i32 %295, 16384 store i32 %296, i32* %294, align 8 %297 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void @bio_chain(%struct.bio.289986* nonnull %291, %struct.bio.289986* %297) #83 %298 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %299 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %298, i64 0, i32 8, i32 0 %300 = load i64, i64* %299, align 8 %301 = trunc i64 %300 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %302)) #6 to label %322 [label %302], !srcloc !9 %323 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void bitcast (void (%struct.bio.290594*)* @submit_bio_noacct to void (%struct.bio.289986*)*)(%struct.bio.289986* %323) #83 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.290592], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.290793* %5 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %4, i64 0, i32 128 %6 = load %struct.bio_list.290592*, %struct.bio_list.290592** %5, align 16 %7 = icmp eq %struct.bio_list.290592* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %18 = load %struct.block_device.290586*, %struct.block_device.290586** %17, align 8 %19 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %18, i64 0, i32 17 %20 = load %struct.gendisk.290584*, %struct.gendisk.290584** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %22, i64 0, i32 0 %24 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %23, align 8 %25 = icmp eq void (%struct.bio.290594*)* %24, null %26 = bitcast [2 x %struct.bio_list.290592]* %2 to i8* br i1 %25, label %27, label %44 %45 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 0 %46 = load %struct.bio.290594*, %struct.bio.290594** %45, align 8 %47 = icmp eq %struct.bio.290594* %46, null br i1 %47, label %49, label %48, !prof !5, !misexpect !6 %50 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0 store %struct.bio_list.290592* %50, %struct.bio_list.290592** %5, align 16 %51 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1 %52 = bitcast %struct.bio_list.290592* %51 to i8* %53 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 0 %54 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 1 %55 = bitcast %struct.bio.290594** %54 to i64* %56 = getelementptr inbounds %struct.bio_list.290592, %struct.bio_list.290592* %51, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1, i32 1 %58 = bitcast %struct.bio.290594** %57 to i64* br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 %68 = phi %struct.bio.290594* [ %104, %99 ], [ %65, %59 ] %69 = phi i64 [ %103, %99 ], [ 0, %59 ] %70 = phi %struct.bio.290594* [ %102, %99 ], [ null, %59 ] %71 = phi i64 [ %101, %99 ], [ 0, %59 ] %72 = phi %struct.bio.290594* [ %100, %99 ], [ null, %59 ] %73 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 0 %74 = load %struct.bio.290594*, %struct.bio.290594** %73, align 8 store %struct.bio.290594* %74, %struct.bio.290594** %53, align 16 %75 = icmp eq %struct.bio.290594* %74, null br i1 %75, label %76, label %77 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %77 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 %78 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 1 %79 = load %struct.block_device.290586*, %struct.block_device.290586** %78, align 8 %80 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %79, i64 0, i32 18 %81 = load %struct.request_queue.290802*, %struct.request_queue.290802** %80, align 8 %82 = icmp eq %struct.request_queue.290802* %64, %81 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 br i1 %82, label %83, label %91 %92 = icmp eq i64 %71, 0 br i1 %92, label %96, label %93 %94 = inttoptr i64 %71 to %struct.bio.290594* %95 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %94, i64 0, i32 0 store %struct.bio.290594* %68, %struct.bio.290594** %95, align 8 br label %96 %97 = phi %struct.bio.290594* [ %72, %93 ], [ %68, %91 ] %98 = ptrtoint %struct.bio.290594* %68 to i64 br label %99 %100 = phi %struct.bio.290594* [ %72, %88 ], [ %97, %96 ] %101 = phi i64 [ %71, %88 ], [ %98, %96 ] %102 = phi %struct.bio.290594* [ %89, %88 ], [ %70, %96 ] %103 = phi i64 [ %90, %88 ], [ %69, %96 ] %104 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %105 = icmp eq %struct.bio.290594* %104, null br i1 %105, label %106, label %67 %107 = icmp eq %struct.bio.290594* %100, null br i1 %107, label %115, label %108 %109 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %110 = icmp eq %struct.bio.290594* %109, null br i1 %110, label %113, label %111 store %struct.bio.290594* %100, %struct.bio.290594** %53, align 16 br label %114 store i64 %101, i64* %55, align 8 br label %115 %116 = icmp eq %struct.bio.290594* %102, null br i1 %116, label %124, label %117 %118 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %119 = icmp eq %struct.bio.290594* %118, null br i1 %119, label %122, label %120 store %struct.bio.290594* %102, %struct.bio.290594** %53, align 16 br label %123 store i64 %103, i64* %55, align 8 br label %124 %125 = load %struct.bio.290594*, %struct.bio.290594** %56, align 16 %126 = icmp eq %struct.bio.290594* %125, null br i1 %126, label %135, label %127 %128 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %129 = icmp eq %struct.bio.290594* %128, null br i1 %129, label %132, label %130 store %struct.bio.290594* %125, %struct.bio.290594** %53, align 16 br label %133 %134 = load i64, i64* %58, align 8 store i64 %134, i64* %55, align 8 br label %135 %136 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %137 = icmp eq %struct.bio.290594* %136, null br i1 %137, label %144, label %138 %139 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %136, i64 0, i32 0 %140 = load %struct.bio.290594*, %struct.bio.290594** %139, align 8 store %struct.bio.290594* %140, %struct.bio.290594** %53, align 16 %141 = icmp eq %struct.bio.290594* %140, null br i1 %141, label %142, label %143 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %143 store %struct.bio.290594* null, %struct.bio.290594** %139, align 8 br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 Function:__submit_bio %2 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %3 = load %struct.block_device.290586*, %struct.block_device.290586** %2, align 8 %4 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 17 %5 = load %struct.gendisk.290584*, %struct.gendisk.290584** %4, align 8 %6 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %5, i64 0, i32 8 %7 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %6, align 8 %8 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %7, i64 0, i32 0 %9 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %8, align 8 %10 = icmp eq void (%struct.bio.290594*)* %9, null br i1 %10, label %11, label %12 tail call void bitcast (void (%struct.bio.294796*)* @blk_mq_submit_bio to void (%struct.bio.290594*)*)(%struct.bio.290594* %0) #83 Function:blk_mq_submit_bio %2 = alloca %struct.blk_mq_alloc_data.294797, align 8 %3 = alloca %struct.bio.294796*, align 8 %4 = alloca i8, align 1 %5 = alloca i32, align 4 store %struct.bio.294796* %0, %struct.bio.294796** %3, align 8 %6 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %0, i64 0, i32 1 %7 = load %struct.block_device.294788*, %struct.block_device.294788** %6, align 8 %8 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %7, i64 0, i32 18 %9 = load %struct.request_queue.294830*, %struct.request_queue.294830** %8, align 8 %10 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %0, i64 0, i32 2 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 255 %13 = icmp eq i32 %12, 0 %14 = and i32 %11, 395264 %15 = icmp ne i32 %14, 0 %16 = or i1 %13, %15 store i8 0, i8* %4, align 1 %17 = bitcast i32* %5 to i8* store i32 1, i32* %5, align 4 %18 = trunc i32 %11 to i8 switch i8 %18, label %19 [ i8 3, label %36 i8 5, label %36 i8 9, label %36 i8 7, label %36 ] %20 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 32, i32 5 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 call void bitcast (void (%struct.request_queue.289873*, %struct.bio.289986**, i32*)* @__blk_queue_split to void (%struct.request_queue.294830*, %struct.bio.294796**, i32*)*)(%struct.request_queue.294830* %9, %struct.bio.294796** nonnull %3, i32* nonnull %5) #83 %37 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 %38 = load i32, i32* %5, align 4 br label %39 %40 = phi i32 [ %38, %36 ], [ 1, %27 ] %41 = phi %struct.bio.294796* [ %37, %36 ], [ %0, %27 ] %42 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295073** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295073**)) #11, !srcloc !4 %43 = inttoptr i64 %42 to %struct.task_struct.295073* %44 = getelementptr inbounds %struct.task_struct.295073, %struct.task_struct.295073* %43, i64 0, i32 129 %45 = load %struct.blk_plug.295036*, %struct.blk_plug.295036** %44, align 8 %46 = icmp eq %struct.blk_plug.295036* %45, null br i1 %46, label %110, label %47 %48 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 1 %49 = load %struct.request.294838*, %struct.request.294838** %48, align 8 %50 = icmp eq %struct.request.294838* %49, null br i1 %50, label %110, label %51 %52 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 0 %53 = load %struct.request_queue.294830*, %struct.request_queue.294830** %52, align 8 %54 = icmp eq %struct.request_queue.294830* %53, %9 br i1 %54, label %55, label %110 %56 = call zeroext i1 bitcast (i1 (%struct.bio.290594*)* @submit_bio_checks to i1 (%struct.bio.294796*)*)(%struct.bio.294796* %41) #83 br i1 %56, label %57, label %541, !prof !5, !misexpect !6 %58 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 11 %59 = load volatile i64, i64* %58, align 8 %60 = and i64 %59, 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %71 %63 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %64 = load i32, i32* %63, align 8 %65 = and i32 %64, 409600 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %71 %68 = call zeroext i1 bitcast (i1 (%struct.request_queue.289873*, %struct.bio.289986*, i32, i8*)* @blk_attempt_plug_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32, i8*)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40, i8* nonnull %4) #83 br i1 %68, label %541, label %69 %70 = call zeroext i1 bitcast (i1 (%struct.request_queue.296452*, %struct.bio.296418*, i32)* @blk_mq_sched_bio_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40) #83 br i1 %70, label %541, label %71 %72 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %73 = load i32, i32* %72, align 8 %74 = and i32 %73, 16777216 %75 = icmp eq i32 %74, 0 %76 = and i32 %73, 255 %77 = icmp eq i32 %76, 0 %78 = zext i1 %77 to i32 %79 = select i1 %75, i32 %78, i32 2 %80 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 2 %81 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %80, align 8 %82 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 13 %83 = load i16, i16* %82, align 4 %84 = zext i16 %83 to i32 %85 = icmp eq i32 %79, %84 br i1 %85, label %86, label %110 %87 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 3 %88 = load i32, i32* %87, align 8 %89 = and i32 %88, 393216 %90 = icmp eq i32 %89, 0 %91 = and i32 %73, 393216 %92 = icmp ne i32 %91, 0 %93 = xor i1 %92, %90 br i1 %93, label %94, label %110 %111 = phi i1 [ true, %86 ], [ false, %51 ], [ false, %47 ], [ false, %39 ], [ true, %71 ] %112 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 1 %113 = load %struct.block_device.294788*, %struct.block_device.294788** %112, align 8 %114 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %113, i64 0, i32 18 %115 = load %struct.request_queue.294830*, %struct.request_queue.294830** %114, align 8 call void @__rcu_read_lock() #83 %116 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %115, i64 0, i32 2, i32 0 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 3 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %122, !prof !5, !misexpect !6 %123 = and i64 %117, 2 %124 = icmp eq i64 %123, 0 br i1 %124, label %125, label %147 %126 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %115, i64 0, i32 2, i32 1 %127 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %126, align 8 %128 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %127, i64 0, i32 0, i32 0 %129 = load volatile i64, i64* %128, align 8 %130 = icmp eq i64 %129, 0 br i1 %130, label %147, label %131, !prof !8, !misexpect !6 %132 = phi i64 [ %139, %138 ], [ %129, %125 ] %133 = add i64 %132, 1 %134 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %128, i64 %133, i64* %128, i64 %132) #6, !srcloc !9 %135 = extractvalue { i8, i64 } %134, 0 %136 = and i8 %135, 1 %137 = icmp eq i8 %136, 0 br i1 %137, label %138, label %141, !prof !8, !misexpect !6 %139 = extractvalue { i8, i64 } %134, 1 %140 = icmp eq i64 %139, 0 br i1 %140, label %147, label %131, !prof !8, !misexpect !6 call void @__rcu_read_unlock() #83 %148 = call i32 bitcast (i32 (%struct.request_queue.290802*, %struct.bio.290594*)* @__bio_queue_enter to i32 (%struct.request_queue.294830*, %struct.bio.294796*)*)(%struct.request_queue.294830* %115, %struct.bio.294796* %41) #83 %149 = icmp eq i32 %148, 0 br i1 %149, label %150, label %541, !prof !5, !misexpect !6 br i1 %111, label %153, label %151 %152 = call zeroext i1 bitcast (i1 (%struct.bio.290594*)* @submit_bio_checks to i1 (%struct.bio.294796*)*)(%struct.bio.294796* %41) #83 br i1 %152, label %153, label %209, !prof !5, !misexpect !6 %154 = bitcast %struct.blk_mq_alloc_data.294797* %2 to i8* %155 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 0 store %struct.request_queue.294830* %9, %struct.request_queue.294830** %155, align 8 %156 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 1 store i32 0, i32* %156, align 8 %157 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 2 store i32 0, i32* %157, align 4 %158 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 3 %159 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %160 = load i32, i32* %159, align 8 store i32 %160, i32* %158, align 8 %161 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 4 store i32 0, i32* %161, align 4 %162 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 5 store i32 1, i32* %162, align 8 %163 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 6 %164 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 11 %165 = bitcast %struct.request.294838*** %163 to i8* %166 = load volatile i64, i64* %164, align 8 %167 = and i64 %166, 8 %168 = icmp eq i64 %167, 0 %169 = and i32 %160, 409600 %170 = icmp eq i32 %169, 0 %171 = and i1 %170, %168 br i1 %171, label %172, label %176 %173 = call zeroext i1 bitcast (i1 (%struct.request_queue.289873*, %struct.bio.289986*, i32, i8*)* @blk_attempt_plug_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32, i8*)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40, i8* nonnull %4) #83 br i1 %173, label %207, label %174 %175 = call zeroext i1 bitcast (i1 (%struct.request_queue.296452*, %struct.bio.296418*, i32)* @blk_mq_sched_bio_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40) #83 br i1 %175, label %207, label %176 %177 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 4 %178 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %177, align 8 %179 = icmp eq %struct.rq_qos.294814* %178, null br i1 %179, label %185, label %180 %181 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 3 %182 = load i16, i16* %181, align 4 %183 = or i16 %182, 1024 store i16 %183, i16* %181, align 4 %184 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %177, align 8 call void bitcast (void (%struct.rq_qos.299433*, %struct.bio.299428*)* @__rq_qos_throttle to void (%struct.rq_qos.294814*, %struct.bio.294796*)*)(%struct.rq_qos.294814* %184, %struct.bio.294796* %41) #83 br label %185 br i1 %46, label %191, label %186 %187 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 2 %188 = load i16, i16* %187, align 8 %189 = zext i16 %188 to i32 store i32 %189, i32* %162, align 8 store i16 1, i16* %187, align 8 %190 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 1 store %struct.request.294838** %190, %struct.request.294838*** %163, align 8 br label %191 %192 = call fastcc %struct.request.294838* @__blk_mq_alloc_requests(%struct.blk_mq_alloc_data.294797* nonnull %2) #83 %193 = icmp eq %struct.request.294838* %192, null br i1 %193, label %194, label %208 br label %210 %211 = phi %struct.request.294838* [ %192, %208 ], [ %49, %94 ], [ %49, %105 ] %212 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_getrq to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_submit_bio, %213)) #6 to label %233 [label %213], !srcloc !10 %234 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 4 %235 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %234, align 8 %236 = icmp eq %struct.rq_qos.294814* %235, null br i1 %236, label %239, label %237 %240 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 %241 = load i32, i32* %5, align 4 %242 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 2 %243 = load i32, i32* %242, align 8 %244 = and i32 %243, 524288 %245 = icmp eq i32 %244, 0 br i1 %245, label %250, label %246 %247 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 3 %248 = load i32, i32* %247, align 8 %249 = or i32 %248, 1792 store i32 %249, i32* %247, align 8 br label %250 %251 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 8, i32 0 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 9 store i64 %252, i64* %253, align 8 %254 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 5 %255 = load i16, i16* %254, align 8 %256 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 19 store i16 %255, i16* %256, align 4 %257 = trunc i32 %241 to i16 %258 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 18 store i16 %257, i16* %258, align 2 %259 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 8, i32 1 %260 = load i32, i32* %259, align 8 %261 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 8 store i32 %260, i32* %261, align 4 %262 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 11 store %struct.bio.294796* %240, %struct.bio.294796** %262, align 8 %263 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 10 store %struct.bio.294796* %240, %struct.bio.294796** %263, align 8 %264 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 4 %265 = load i16, i16* %264, align 2 %266 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 20 store i16 %265, i16* %266, align 2 %267 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 1 %268 = load %struct.block_device.294788*, %struct.block_device.294788** %267, align 8 %269 = icmp eq %struct.block_device.294788* %268, null br i1 %269, label %276, label %270 %271 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %268, i64 0, i32 17 %272 = bitcast %struct.gendisk.294786** %271 to i64* %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 13 %275 = bitcast %struct.gendisk.294786** %274 to i64* store i64 %273, i64* %275, align 8 br label %276 %277 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 4 %278 = load i32, i32* %277, align 4 %279 = and i32 %278, 8192 %280 = icmp eq i32 %279, 0 br i1 %280, label %287, label %281 %288 = phi %struct.bio.294796* [ %240, %276 ], [ %240, %281 ], [ %286, %285 ] %289 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %288, i64 0, i32 2 %290 = load i32, i32* %289, align 8 %291 = and i32 %290, 393216 %292 = icmp eq i32 %291, 0 br i1 %292, label %294, label %293 br i1 %46, label %416, label %295 %417 = load i32, i32* %277, align 4 %418 = and i32 %417, 4194304 %419 = icmp eq i32 %418, 0 br i1 %419, label %420, label %427 %421 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 9 %422 = load i32, i32* %421, align 8 br label %529 %530 = phi i32 [ %422, %420 ], [ %297, %428 ] %531 = icmp ugt i32 %530, 1 %532 = and i1 %16, %531 %533 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 2 %534 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %533, align 8 br i1 %532, label %539, label %535 %536 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %534, i64 0, i32 12 %537 = load i32, i32* %536, align 8 %538 = icmp eq i32 %537, 0 br i1 %538, label %539, label %540 call void bitcast (void (%struct.request.296460*, i1, i1, i1)* @blk_mq_sched_insert_request to void (%struct.request.294838*, i1, i1, i1)*)(%struct.request.294838* nonnull %211, i1 zeroext false, i1 zeroext true, i1 zeroext true) #83 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.296460, %struct.request.296460* %0, i64 0, i32 0 %7 = load %struct.request_queue.296452*, %struct.request_queue.296452** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %8, align 8 %10 = getelementptr inbounds %struct.request.296460, %struct.request.296460* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.296351*, %struct.blk_mq_ctx.296351** %10, align 8 %12 = getelementptr inbounds %struct.request.296460, %struct.request.296460* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_hw_ctx.296364** %12, align 8 %14 = icmp eq %struct.elevator_queue.296431* %9, null br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.request.296460, %struct.request.296460* %0, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 16 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %30 %31 = icmp ne i32 %23, 0 %32 = or i1 %31, %1 tail call void bitcast (void (%struct.request.294838*, i1, i1)* @blk_mq_request_bypass_insert to void (%struct.request.296460*, i1, i1)*)(%struct.request.296460* %0, i1 zeroext %32, i1 zeroext false) #83 Function:blk_mq_request_bypass_insert %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #83 %7 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 12, i32 0 %8 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 0, i32 1 br i1 %1, label %9, label %15 %16 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 0, i32 1, i32 1 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 store %struct.list_head* %7, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %18, align 8 %19 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %17, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 0 br label %21 %22 = phi %struct.list_head** [ %20, %15 ], [ %10, %9 ] store volatile %struct.list_head* %7, %struct.list_head** %22, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %6) #83 br i1 %2, label %23, label %24 tail call void @blk_mq_run_hw_queue(%struct.blk_mq_hw_ctx.294739* %5, i1 zeroext false) #84 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void @__rcu_read_lock() #83 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %14 = load %struct.request_queue.294830*, %struct.request_queue.294830** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void @__rcu_read_unlock() #83 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.294739* %0, i1 zeroext %1, i64 0) #84 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %81, !prof !4, !misexpect !5 br i1 %1, label %33, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %33 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.6.27866, i64 0, i64 0)) #83 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %27, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @preempt_count_sub(i32 1) #83 %28 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %33, !prof !11, !misexpect !5 %32 = tail call i64 asm sideeffect "call __SCT__preempt_schedule", "={rsp},0,~{dirflag},~{fpsr},~{flags}"(i64 %31) #6, !srcloc !14 br label %33 %34 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 3 %35 = load i32, i32* %34, align 32 %36 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %37 = load %struct.request_queue.294830*, %struct.request_queue.294830** %36, align 8 %38 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %37, i64 0, i32 9 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 1 br i1 %40, label %75, label %41 %76 = phi i32 [ %67, %74 ], [ 64, %73 ], [ 64, %33 ] %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 1 %78 = trunc i64 %2 to i32 %79 = tail call i64 @__msecs_to_jiffies(i32 %78) #83 %80 = tail call i32 @kblockd_mod_delayed_work_on(i32 %76, %struct.delayed_work* %77, i64 %79) #83 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_request_bypass_insert 4 blk_mq_sched_insert_request 5 blk_mq_submit_bio 6 __submit_bio 7 submit_bio_noacct 8 __blk_queue_split 9 blk_queue_split 10 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.687194*, align 8 store %struct.bio.687194* %0, %struct.bio.687194** %2, align 8 %3 = getelementptr inbounds %struct.bio.687194, %struct.bio.687194* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.687194, %struct.bio.687194* %0, i64 0, i32 1 %8 = load %struct.block_device.687185*, %struct.block_device.687185** %7, align 8 %9 = getelementptr inbounds %struct.block_device.687185, %struct.block_device.687185* %8, i64 0, i32 17 %10 = load %struct.gendisk.687208*, %struct.gendisk.687208** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.687208, %struct.gendisk.687208* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.289986**)* @blk_queue_split to void (%struct.bio.687194**)*)(%struct.bio.687194** nonnull %2) #83 Function:blk_queue_split %2 = alloca i32, align 4 %3 = load %struct.bio.289986*, %struct.bio.289986** %0, align 8 %4 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 1 %5 = load %struct.block_device.289982*, %struct.block_device.289982** %4, align 8 %6 = getelementptr inbounds %struct.block_device.289982, %struct.block_device.289982* %5, i64 0, i32 18 %7 = load %struct.request_queue.289873*, %struct.request_queue.289873** %6, align 8 %8 = bitcast i32* %2 to i8* %9 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %3, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i8 switch i8 %11, label %12 [ i8 3, label %29 i8 5, label %29 i8 9, label %29 i8 7, label %29 ] %13 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %7, i64 0, i32 32, i32 5 %14 = load i32, i32* %13, align 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %29 call void @__blk_queue_split(%struct.request_queue.289873* %7, %struct.bio.289986** %0, i32* nonnull %2) #83 Function:__blk_queue_split %4 = alloca %struct.bio_vec.289985, align 8 %5 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %6 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 2 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i8 switch i8 %8, label %80 [ i8 3, label %9 i8 5, label %9 i8 9, label %56 i8 7, label %68 ] %69 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 52 store i32 1, i32* %2, align 4 %70 = getelementptr inbounds %struct.request_queue.289873, %struct.request_queue.289873* %0, i64 0, i32 32, i32 15 %71 = load i32, i32* %70, align 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %324, label %73 %74 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %5, i64 0, i32 8, i32 1 %75 = load i32, i32* %74, align 8 %76 = lshr i32 %75, 9 %77 = icmp ugt i32 %76, %71 br i1 %77, label %78, label %324 %79 = tail call %struct.bio.289986* @bio_split(%struct.bio.289986* %5, i32 %71, i32 3072, %struct.bio_set.289990* %69) #83 br label %290 %291 = phi %struct.bio.289986* [ %289, %288 ], [ %55, %38 ], [ %67, %66 ], [ %79, %78 ] %292 = icmp eq %struct.bio.289986* %291, null br i1 %292, label %324, label %293 %294 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %291, i64 0, i32 2 %295 = load i32, i32* %294, align 8 %296 = or i32 %295, 16384 store i32 %296, i32* %294, align 8 %297 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void @bio_chain(%struct.bio.289986* nonnull %291, %struct.bio.289986* %297) #83 %298 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 %299 = getelementptr inbounds %struct.bio.289986, %struct.bio.289986* %298, i64 0, i32 8, i32 0 %300 = load i64, i64* %299, align 8 %301 = trunc i64 %300 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %302)) #6 to label %322 [label %302], !srcloc !9 %323 = load %struct.bio.289986*, %struct.bio.289986** %1, align 8 call void bitcast (void (%struct.bio.290594*)* @submit_bio_noacct to void (%struct.bio.289986*)*)(%struct.bio.289986* %323) #83 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.290592], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.290793* %5 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %4, i64 0, i32 128 %6 = load %struct.bio_list.290592*, %struct.bio_list.290592** %5, align 16 %7 = icmp eq %struct.bio_list.290592* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %18 = load %struct.block_device.290586*, %struct.block_device.290586** %17, align 8 %19 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %18, i64 0, i32 17 %20 = load %struct.gendisk.290584*, %struct.gendisk.290584** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %22, i64 0, i32 0 %24 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %23, align 8 %25 = icmp eq void (%struct.bio.290594*)* %24, null %26 = bitcast [2 x %struct.bio_list.290592]* %2 to i8* br i1 %25, label %27, label %44 %45 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 0 %46 = load %struct.bio.290594*, %struct.bio.290594** %45, align 8 %47 = icmp eq %struct.bio.290594* %46, null br i1 %47, label %49, label %48, !prof !5, !misexpect !6 %50 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0 store %struct.bio_list.290592* %50, %struct.bio_list.290592** %5, align 16 %51 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1 %52 = bitcast %struct.bio_list.290592* %51 to i8* %53 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 0 %54 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 0, i32 1 %55 = bitcast %struct.bio.290594** %54 to i64* %56 = getelementptr inbounds %struct.bio_list.290592, %struct.bio_list.290592* %51, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.290592], [2 x %struct.bio_list.290592]* %2, i64 0, i64 1, i32 1 %58 = bitcast %struct.bio.290594** %57 to i64* br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 %68 = phi %struct.bio.290594* [ %104, %99 ], [ %65, %59 ] %69 = phi i64 [ %103, %99 ], [ 0, %59 ] %70 = phi %struct.bio.290594* [ %102, %99 ], [ null, %59 ] %71 = phi i64 [ %101, %99 ], [ 0, %59 ] %72 = phi %struct.bio.290594* [ %100, %99 ], [ null, %59 ] %73 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 0 %74 = load %struct.bio.290594*, %struct.bio.290594** %73, align 8 store %struct.bio.290594* %74, %struct.bio.290594** %53, align 16 %75 = icmp eq %struct.bio.290594* %74, null br i1 %75, label %76, label %77 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %77 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 %78 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %68, i64 0, i32 1 %79 = load %struct.block_device.290586*, %struct.block_device.290586** %78, align 8 %80 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %79, i64 0, i32 18 %81 = load %struct.request_queue.290802*, %struct.request_queue.290802** %80, align 8 %82 = icmp eq %struct.request_queue.290802* %64, %81 store %struct.bio.290594* null, %struct.bio.290594** %73, align 8 br i1 %82, label %83, label %91 %92 = icmp eq i64 %71, 0 br i1 %92, label %96, label %93 %94 = inttoptr i64 %71 to %struct.bio.290594* %95 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %94, i64 0, i32 0 store %struct.bio.290594* %68, %struct.bio.290594** %95, align 8 br label %96 %97 = phi %struct.bio.290594* [ %72, %93 ], [ %68, %91 ] %98 = ptrtoint %struct.bio.290594* %68 to i64 br label %99 %100 = phi %struct.bio.290594* [ %72, %88 ], [ %97, %96 ] %101 = phi i64 [ %71, %88 ], [ %98, %96 ] %102 = phi %struct.bio.290594* [ %89, %88 ], [ %70, %96 ] %103 = phi i64 [ %90, %88 ], [ %69, %96 ] %104 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %105 = icmp eq %struct.bio.290594* %104, null br i1 %105, label %106, label %67 %107 = icmp eq %struct.bio.290594* %100, null br i1 %107, label %115, label %108 %109 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %110 = icmp eq %struct.bio.290594* %109, null br i1 %110, label %113, label %111 store %struct.bio.290594* %100, %struct.bio.290594** %53, align 16 br label %114 store i64 %101, i64* %55, align 8 br label %115 %116 = icmp eq %struct.bio.290594* %102, null br i1 %116, label %124, label %117 %118 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %119 = icmp eq %struct.bio.290594* %118, null br i1 %119, label %122, label %120 store %struct.bio.290594* %102, %struct.bio.290594** %53, align 16 br label %123 store i64 %103, i64* %55, align 8 br label %124 %125 = load %struct.bio.290594*, %struct.bio.290594** %56, align 16 %126 = icmp eq %struct.bio.290594* %125, null br i1 %126, label %135, label %127 %128 = load %struct.bio.290594*, %struct.bio.290594** %54, align 8 %129 = icmp eq %struct.bio.290594* %128, null br i1 %129, label %132, label %130 store %struct.bio.290594* %125, %struct.bio.290594** %53, align 16 br label %133 %134 = load i64, i64* %58, align 8 store i64 %134, i64* %55, align 8 br label %135 %136 = load %struct.bio.290594*, %struct.bio.290594** %53, align 16 %137 = icmp eq %struct.bio.290594* %136, null br i1 %137, label %144, label %138 %139 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %136, i64 0, i32 0 %140 = load %struct.bio.290594*, %struct.bio.290594** %139, align 8 store %struct.bio.290594* %140, %struct.bio.290594** %53, align 16 %141 = icmp eq %struct.bio.290594* %140, null br i1 %141, label %142, label %143 store %struct.bio.290594* null, %struct.bio.290594** %54, align 8 br label %143 store %struct.bio.290594* null, %struct.bio.290594** %139, align 8 br label %59 %60 = phi %struct.bio.290594* [ %0, %49 ], [ %136, %143 ] %61 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %60, i64 0, i32 1 %62 = load %struct.block_device.290586*, %struct.block_device.290586** %61, align 8 %63 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %62, i64 0, i32 18 %64 = load %struct.request_queue.290802*, %struct.request_queue.290802** %63, align 8 call fastcc void @__submit_bio(%struct.bio.290594* %60) #83 Function:__submit_bio %2 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %3 = load %struct.block_device.290586*, %struct.block_device.290586** %2, align 8 %4 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %3, i64 0, i32 17 %5 = load %struct.gendisk.290584*, %struct.gendisk.290584** %4, align 8 %6 = getelementptr inbounds %struct.gendisk.290584, %struct.gendisk.290584* %5, i64 0, i32 8 %7 = load %struct.block_device_operations.290575*, %struct.block_device_operations.290575** %6, align 8 %8 = getelementptr inbounds %struct.block_device_operations.290575, %struct.block_device_operations.290575* %7, i64 0, i32 0 %9 = load void (%struct.bio.290594*)*, void (%struct.bio.290594*)** %8, align 8 %10 = icmp eq void (%struct.bio.290594*)* %9, null br i1 %10, label %11, label %12 tail call void bitcast (void (%struct.bio.294796*)* @blk_mq_submit_bio to void (%struct.bio.290594*)*)(%struct.bio.290594* %0) #83 Function:blk_mq_submit_bio %2 = alloca %struct.blk_mq_alloc_data.294797, align 8 %3 = alloca %struct.bio.294796*, align 8 %4 = alloca i8, align 1 %5 = alloca i32, align 4 store %struct.bio.294796* %0, %struct.bio.294796** %3, align 8 %6 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %0, i64 0, i32 1 %7 = load %struct.block_device.294788*, %struct.block_device.294788** %6, align 8 %8 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %7, i64 0, i32 18 %9 = load %struct.request_queue.294830*, %struct.request_queue.294830** %8, align 8 %10 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %0, i64 0, i32 2 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 255 %13 = icmp eq i32 %12, 0 %14 = and i32 %11, 395264 %15 = icmp ne i32 %14, 0 %16 = or i1 %13, %15 store i8 0, i8* %4, align 1 %17 = bitcast i32* %5 to i8* store i32 1, i32* %5, align 4 %18 = trunc i32 %11 to i8 switch i8 %18, label %19 [ i8 3, label %36 i8 5, label %36 i8 9, label %36 i8 7, label %36 ] %20 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 32, i32 5 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %36 call void bitcast (void (%struct.request_queue.289873*, %struct.bio.289986**, i32*)* @__blk_queue_split to void (%struct.request_queue.294830*, %struct.bio.294796**, i32*)*)(%struct.request_queue.294830* %9, %struct.bio.294796** nonnull %3, i32* nonnull %5) #83 %37 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 %38 = load i32, i32* %5, align 4 br label %39 %40 = phi i32 [ %38, %36 ], [ 1, %27 ] %41 = phi %struct.bio.294796* [ %37, %36 ], [ %0, %27 ] %42 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295073** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295073**)) #11, !srcloc !4 %43 = inttoptr i64 %42 to %struct.task_struct.295073* %44 = getelementptr inbounds %struct.task_struct.295073, %struct.task_struct.295073* %43, i64 0, i32 129 %45 = load %struct.blk_plug.295036*, %struct.blk_plug.295036** %44, align 8 %46 = icmp eq %struct.blk_plug.295036* %45, null br i1 %46, label %110, label %47 %48 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 1 %49 = load %struct.request.294838*, %struct.request.294838** %48, align 8 %50 = icmp eq %struct.request.294838* %49, null br i1 %50, label %110, label %51 %52 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 0 %53 = load %struct.request_queue.294830*, %struct.request_queue.294830** %52, align 8 %54 = icmp eq %struct.request_queue.294830* %53, %9 br i1 %54, label %55, label %110 %56 = call zeroext i1 bitcast (i1 (%struct.bio.290594*)* @submit_bio_checks to i1 (%struct.bio.294796*)*)(%struct.bio.294796* %41) #83 br i1 %56, label %57, label %541, !prof !5, !misexpect !6 %58 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 11 %59 = load volatile i64, i64* %58, align 8 %60 = and i64 %59, 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %71 %63 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %64 = load i32, i32* %63, align 8 %65 = and i32 %64, 409600 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %71 %68 = call zeroext i1 bitcast (i1 (%struct.request_queue.289873*, %struct.bio.289986*, i32, i8*)* @blk_attempt_plug_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32, i8*)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40, i8* nonnull %4) #83 br i1 %68, label %541, label %69 %70 = call zeroext i1 bitcast (i1 (%struct.request_queue.296452*, %struct.bio.296418*, i32)* @blk_mq_sched_bio_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40) #83 br i1 %70, label %541, label %71 %72 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %73 = load i32, i32* %72, align 8 %74 = and i32 %73, 16777216 %75 = icmp eq i32 %74, 0 %76 = and i32 %73, 255 %77 = icmp eq i32 %76, 0 %78 = zext i1 %77 to i32 %79 = select i1 %75, i32 %78, i32 2 %80 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 2 %81 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %80, align 8 %82 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 13 %83 = load i16, i16* %82, align 4 %84 = zext i16 %83 to i32 %85 = icmp eq i32 %79, %84 br i1 %85, label %86, label %110 %87 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %49, i64 0, i32 3 %88 = load i32, i32* %87, align 8 %89 = and i32 %88, 393216 %90 = icmp eq i32 %89, 0 %91 = and i32 %73, 393216 %92 = icmp ne i32 %91, 0 %93 = xor i1 %92, %90 br i1 %93, label %94, label %110 %111 = phi i1 [ true, %86 ], [ false, %51 ], [ false, %47 ], [ false, %39 ], [ true, %71 ] %112 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 1 %113 = load %struct.block_device.294788*, %struct.block_device.294788** %112, align 8 %114 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %113, i64 0, i32 18 %115 = load %struct.request_queue.294830*, %struct.request_queue.294830** %114, align 8 call void @__rcu_read_lock() #83 %116 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %115, i64 0, i32 2, i32 0 %117 = load volatile i64, i64* %116, align 8 %118 = and i64 %117, 3 %119 = icmp eq i64 %118, 0 br i1 %119, label %120, label %122, !prof !5, !misexpect !6 %123 = and i64 %117, 2 %124 = icmp eq i64 %123, 0 br i1 %124, label %125, label %147 %126 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %115, i64 0, i32 2, i32 1 %127 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %126, align 8 %128 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %127, i64 0, i32 0, i32 0 %129 = load volatile i64, i64* %128, align 8 %130 = icmp eq i64 %129, 0 br i1 %130, label %147, label %131, !prof !8, !misexpect !6 %132 = phi i64 [ %139, %138 ], [ %129, %125 ] %133 = add i64 %132, 1 %134 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %128, i64 %133, i64* %128, i64 %132) #6, !srcloc !9 %135 = extractvalue { i8, i64 } %134, 0 %136 = and i8 %135, 1 %137 = icmp eq i8 %136, 0 br i1 %137, label %138, label %141, !prof !8, !misexpect !6 %139 = extractvalue { i8, i64 } %134, 1 %140 = icmp eq i64 %139, 0 br i1 %140, label %147, label %131, !prof !8, !misexpect !6 call void @__rcu_read_unlock() #83 %148 = call i32 bitcast (i32 (%struct.request_queue.290802*, %struct.bio.290594*)* @__bio_queue_enter to i32 (%struct.request_queue.294830*, %struct.bio.294796*)*)(%struct.request_queue.294830* %115, %struct.bio.294796* %41) #83 %149 = icmp eq i32 %148, 0 br i1 %149, label %150, label %541, !prof !5, !misexpect !6 br i1 %111, label %153, label %151 %152 = call zeroext i1 bitcast (i1 (%struct.bio.290594*)* @submit_bio_checks to i1 (%struct.bio.294796*)*)(%struct.bio.294796* %41) #83 br i1 %152, label %153, label %209, !prof !5, !misexpect !6 %154 = bitcast %struct.blk_mq_alloc_data.294797* %2 to i8* %155 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 0 store %struct.request_queue.294830* %9, %struct.request_queue.294830** %155, align 8 %156 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 1 store i32 0, i32* %156, align 8 %157 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 2 store i32 0, i32* %157, align 4 %158 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 3 %159 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 2 %160 = load i32, i32* %159, align 8 store i32 %160, i32* %158, align 8 %161 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 4 store i32 0, i32* %161, align 4 %162 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 5 store i32 1, i32* %162, align 8 %163 = getelementptr inbounds %struct.blk_mq_alloc_data.294797, %struct.blk_mq_alloc_data.294797* %2, i64 0, i32 6 %164 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 11 %165 = bitcast %struct.request.294838*** %163 to i8* %166 = load volatile i64, i64* %164, align 8 %167 = and i64 %166, 8 %168 = icmp eq i64 %167, 0 %169 = and i32 %160, 409600 %170 = icmp eq i32 %169, 0 %171 = and i1 %170, %168 br i1 %171, label %172, label %176 %173 = call zeroext i1 bitcast (i1 (%struct.request_queue.289873*, %struct.bio.289986*, i32, i8*)* @blk_attempt_plug_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32, i8*)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40, i8* nonnull %4) #83 br i1 %173, label %207, label %174 %175 = call zeroext i1 bitcast (i1 (%struct.request_queue.296452*, %struct.bio.296418*, i32)* @blk_mq_sched_bio_merge to i1 (%struct.request_queue.294830*, %struct.bio.294796*, i32)*)(%struct.request_queue.294830* %9, %struct.bio.294796* %41, i32 %40) #83 br i1 %175, label %207, label %176 %177 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 4 %178 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %177, align 8 %179 = icmp eq %struct.rq_qos.294814* %178, null br i1 %179, label %185, label %180 %181 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %41, i64 0, i32 3 %182 = load i16, i16* %181, align 4 %183 = or i16 %182, 1024 store i16 %183, i16* %181, align 4 %184 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %177, align 8 call void bitcast (void (%struct.rq_qos.299433*, %struct.bio.299428*)* @__rq_qos_throttle to void (%struct.rq_qos.294814*, %struct.bio.294796*)*)(%struct.rq_qos.294814* %184, %struct.bio.294796* %41) #83 br label %185 br i1 %46, label %191, label %186 %187 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 2 %188 = load i16, i16* %187, align 8 %189 = zext i16 %188 to i32 store i32 %189, i32* %162, align 8 store i16 1, i16* %187, align 8 %190 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %45, i64 0, i32 1 store %struct.request.294838** %190, %struct.request.294838*** %163, align 8 br label %191 %192 = call fastcc %struct.request.294838* @__blk_mq_alloc_requests(%struct.blk_mq_alloc_data.294797* nonnull %2) #83 %193 = icmp eq %struct.request.294838* %192, null br i1 %193, label %194, label %208 br label %210 %211 = phi %struct.request.294838* [ %192, %208 ], [ %49, %94 ], [ %49, %105 ] %212 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_getrq to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_submit_bio, %213)) #6 to label %233 [label %213], !srcloc !10 %234 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 4 %235 = load %struct.rq_qos.294814*, %struct.rq_qos.294814** %234, align 8 %236 = icmp eq %struct.rq_qos.294814* %235, null br i1 %236, label %239, label %237 %240 = load %struct.bio.294796*, %struct.bio.294796** %3, align 8 %241 = load i32, i32* %5, align 4 %242 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 2 %243 = load i32, i32* %242, align 8 %244 = and i32 %243, 524288 %245 = icmp eq i32 %244, 0 br i1 %245, label %250, label %246 %247 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 3 %248 = load i32, i32* %247, align 8 %249 = or i32 %248, 1792 store i32 %249, i32* %247, align 8 br label %250 %251 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 8, i32 0 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 9 store i64 %252, i64* %253, align 8 %254 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 5 %255 = load i16, i16* %254, align 8 %256 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 19 store i16 %255, i16* %256, align 4 %257 = trunc i32 %241 to i16 %258 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 18 store i16 %257, i16* %258, align 2 %259 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 8, i32 1 %260 = load i32, i32* %259, align 8 %261 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 8 store i32 %260, i32* %261, align 4 %262 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 11 store %struct.bio.294796* %240, %struct.bio.294796** %262, align 8 %263 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 10 store %struct.bio.294796* %240, %struct.bio.294796** %263, align 8 %264 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 4 %265 = load i16, i16* %264, align 2 %266 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 20 store i16 %265, i16* %266, align 2 %267 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %240, i64 0, i32 1 %268 = load %struct.block_device.294788*, %struct.block_device.294788** %267, align 8 %269 = icmp eq %struct.block_device.294788* %268, null br i1 %269, label %276, label %270 %271 = getelementptr inbounds %struct.block_device.294788, %struct.block_device.294788* %268, i64 0, i32 17 %272 = bitcast %struct.gendisk.294786** %271 to i64* %273 = load i64, i64* %272, align 8 %274 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 13 %275 = bitcast %struct.gendisk.294786** %274 to i64* store i64 %273, i64* %275, align 8 br label %276 %277 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 4 %278 = load i32, i32* %277, align 4 %279 = and i32 %278, 8192 %280 = icmp eq i32 %279, 0 br i1 %280, label %287, label %281 %288 = phi %struct.bio.294796* [ %240, %276 ], [ %240, %281 ], [ %286, %285 ] %289 = getelementptr inbounds %struct.bio.294796, %struct.bio.294796* %288, i64 0, i32 2 %290 = load i32, i32* %289, align 8 %291 = and i32 %290, 393216 %292 = icmp eq i32 %291, 0 br i1 %292, label %294, label %293 br i1 %46, label %416, label %295 %417 = load i32, i32* %277, align 4 %418 = and i32 %417, 4194304 %419 = icmp eq i32 %418, 0 br i1 %419, label %420, label %427 %421 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %9, i64 0, i32 9 %422 = load i32, i32* %421, align 8 br label %529 %530 = phi i32 [ %422, %420 ], [ %297, %428 ] %531 = icmp ugt i32 %530, 1 %532 = and i1 %16, %531 %533 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %211, i64 0, i32 2 %534 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %533, align 8 br i1 %532, label %539, label %535 %536 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %534, i64 0, i32 12 %537 = load i32, i32* %536, align 8 %538 = icmp eq i32 %537, 0 br i1 %538, label %539, label %540 call void bitcast (void (%struct.request.296460*, i1, i1, i1)* @blk_mq_sched_insert_request to void (%struct.request.294838*, i1, i1, i1)*)(%struct.request.294838* nonnull %211, i1 zeroext false, i1 zeroext true, i1 zeroext true) #83 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.296460, %struct.request.296460* %0, i64 0, i32 0 %7 = load %struct.request_queue.296452*, %struct.request_queue.296452** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %8, align 8 %10 = getelementptr inbounds %struct.request.296460, %struct.request.296460* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.296351*, %struct.blk_mq_ctx.296351** %10, align 8 %12 = getelementptr inbounds %struct.request.296460, %struct.request.296460* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_hw_ctx.296364** %12, align 8 %14 = icmp eq %struct.elevator_queue.296431* %9, null br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.request.296460, %struct.request.296460* %0, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 16 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %30 %31 = icmp ne i32 %23, 0 %32 = or i1 %31, %1 tail call void bitcast (void (%struct.request.294838*, i1, i1)* @blk_mq_request_bypass_insert to void (%struct.request.296460*, i1, i1)*)(%struct.request.296460* %0, i1 zeroext %32, i1 zeroext false) #83 Function:blk_mq_request_bypass_insert %4 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 2 %5 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %4, align 8 %6 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #83 %7 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 12, i32 0 %8 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 0, i32 1 br i1 %1, label %9, label %15 %16 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %5, i64 0, i32 0, i32 1, i32 1 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 store %struct.list_head* %7, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %18, align 8 %19 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %0, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %17, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 0 br label %21 %22 = phi %struct.list_head** [ %20, %15 ], [ %10, %9 ] store volatile %struct.list_head* %7, %struct.list_head** %22, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %6) #83 br i1 %2, label %23, label %24 tail call void @blk_mq_run_hw_queue(%struct.blk_mq_hw_ctx.294739* %5, i1 zeroext false) #84 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void @__rcu_read_lock() #83 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %14 = load %struct.request_queue.294830*, %struct.request_queue.294830** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void @__rcu_read_unlock() #83 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.294739* %0, i1 zeroext %1, i64 0) #84 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %81, !prof !4, !misexpect !5 br i1 %1, label %33, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %33 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.6.27866, i64 0, i64 0)) #83 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %27, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @preempt_count_sub(i32 1) #83 %28 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %33, !prof !11, !misexpect !5 %32 = tail call i64 asm sideeffect "call __SCT__preempt_schedule", "={rsp},0,~{dirflag},~{fpsr},~{flags}"(i64 %31) #6, !srcloc !14 br label %33 %34 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 3 %35 = load i32, i32* %34, align 32 %36 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %37 = load %struct.request_queue.294830*, %struct.request_queue.294830** %36, align 8 %38 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %37, i64 0, i32 9 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 1 br i1 %40, label %75, label %41 %76 = phi i32 [ %67, %74 ], [ 64, %73 ], [ 64, %33 ] %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 1 %78 = trunc i64 %2 to i32 %79 = tail call i64 @__msecs_to_jiffies(i32 %78) #83 %80 = tail call i32 @kblockd_mod_delayed_work_on(i32 %76, %struct.delayed_work* %77, i64 %79) #83 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug 6 blk_finish_plug 7 __se_sys_io_submit 8 __ia32_sys_io_submit ------------- Path:  Function:__ia32_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_io_submit(i64 %4, i64 %7, i64 %10) #83 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %74, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %74, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 64 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #83 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %4) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.blk_mq_ctx.296351* %1, %struct.list_head* %2) #83 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.296364*, i1)*)(%struct.blk_mq_hw_ctx.296364* %0, i1 zeroext %3) #83 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void @__rcu_read_lock() #83 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %14 = load %struct.request_queue.294830*, %struct.request_queue.294830** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void @__rcu_read_unlock() #83 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.294739* %0, i1 zeroext %1, i64 0) #84 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %81, !prof !4, !misexpect !5 br i1 %1, label %33, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %33 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.6.27866, i64 0, i64 0)) #83 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %27, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @preempt_count_sub(i32 1) #83 %28 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %33, !prof !11, !misexpect !5 %32 = tail call i64 asm sideeffect "call __SCT__preempt_schedule", "={rsp},0,~{dirflag},~{fpsr},~{flags}"(i64 %31) #6, !srcloc !14 br label %33 %34 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 3 %35 = load i32, i32* %34, align 32 %36 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %37 = load %struct.request_queue.294830*, %struct.request_queue.294830** %36, align 8 %38 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %37, i64 0, i32 9 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 1 br i1 %40, label %75, label %41 %76 = phi i32 [ %67, %74 ], [ 64, %73 ], [ 64, %33 ] %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 1 %78 = trunc i64 %2 to i32 %79 = tail call i64 @__msecs_to_jiffies(i32 %78) #83 %80 = tail call i32 @kblockd_mod_delayed_work_on(i32 %76, %struct.delayed_work* %77, i64 %79) #83 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug 6 blk_finish_plug 7 __se_sys_io_submit 8 __x64_sys_io_submit ------------- Path:  Function:__x64_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_io_submit(i64 %3, i64 %5, i64 %7) #83 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %74, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #83 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %74, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 64 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #83 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %4) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.blk_mq_ctx.296351* %1, %struct.list_head* %2) #83 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.296364*, i1)*)(%struct.blk_mq_hw_ctx.296364* %0, i1 zeroext %3) #83 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void @__rcu_read_lock() #83 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %14 = load %struct.request_queue.294830*, %struct.request_queue.294830** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void @__rcu_read_unlock() #83 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.294739* %0, i1 zeroext %1, i64 0) #84 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %81, !prof !4, !misexpect !5 br i1 %1, label %33, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %33 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.6.27866, i64 0, i64 0)) #83 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %27, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @preempt_count_sub(i32 1) #83 %28 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %33, !prof !11, !misexpect !5 %32 = tail call i64 asm sideeffect "call __SCT__preempt_schedule", "={rsp},0,~{dirflag},~{fpsr},~{flags}"(i64 %31) #6, !srcloc !14 br label %33 %34 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 3 %35 = load i32, i32* %34, align 32 %36 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %37 = load %struct.request_queue.294830*, %struct.request_queue.294830** %36, align 8 %38 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %37, i64 0, i32 9 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 1 br i1 %40, label %75, label %41 %76 = phi i32 [ %67, %74 ], [ 64, %73 ], [ 64, %33 ] %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 1 %78 = trunc i64 %2 to i32 %79 = tail call i64 @__msecs_to_jiffies(i32 %78) #83 %80 = tail call i32 @kblockd_mod_delayed_work_on(i32 %76, %struct.delayed_work* %77, i64 %79) #83 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug 6 blk_finish_plug 7 do_madvise 8 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 47 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 8 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %210 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %211 = load %struct.mm_struct*, %struct.mm_struct** %210, align 8 %212 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %213 = load i64, i64* %212, align 8 switch i32 %3, label %254 [ i32 0, label %214 i32 2, label %216 i32 1, label %219 i32 10, label %222 i32 11, label %224 i32 18, label %229 i32 19, label %238 i32 16, label %240 i32 17, label %242 i32 15, label %250 i32 14, label %250 ] %243 = and i64 %213, 4194304 %244 = icmp ne i64 %243, 0 %245 = and i64 %213, 268715008 %246 = icmp eq i64 %245, 0 %247 = or i1 %244, %246 br i1 %247, label %248, label %329 %330 = phi i32 [ -12, %53 ], [ %328, %327 ], [ -22, %242 ], [ -12, %284 ], [ -12, %273 ], [ -22, %229 ], [ -22, %224 ], [ -22, %141 ], [ -22, %136 ], [ %81, %312 ], [ -12, %78 ], [ %81, %310 ], [ -12, %323 ] call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.blk_mq_ctx.296351* %1, %struct.list_head* %2) #83 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.296364*, i1)*)(%struct.blk_mq_hw_ctx.296364* %0, i1 zeroext %3) #83 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void @__rcu_read_lock() #83 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %14 = load %struct.request_queue.294830*, %struct.request_queue.294830** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void @__rcu_read_unlock() #83 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.294739* %0, i1 zeroext %1, i64 0) #84 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %81, !prof !4, !misexpect !5 br i1 %1, label %33, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %33 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.6.27866, i64 0, i64 0)) #83 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %27, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @preempt_count_sub(i32 1) #83 %28 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %33, !prof !11, !misexpect !5 %32 = tail call i64 asm sideeffect "call __SCT__preempt_schedule", "={rsp},0,~{dirflag},~{fpsr},~{flags}"(i64 %31) #6, !srcloc !14 br label %33 %34 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 3 %35 = load i32, i32* %34, align 32 %36 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %37 = load %struct.request_queue.294830*, %struct.request_queue.294830** %36, align 8 %38 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %37, i64 0, i32 9 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 1 br i1 %40, label %75, label %41 %76 = phi i32 [ %67, %74 ], [ 64, %73 ], [ 64, %33 ] %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 1 %78 = trunc i64 %2 to i32 %79 = tail call i64 @__msecs_to_jiffies(i32 %78) #83 %80 = tail call i32 @kblockd_mod_delayed_work_on(i32 %76, %struct.delayed_work* %77, i64 %79) #83 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug 6 blk_finish_plug 7 do_madvise 8 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 47 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 8 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #83 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #83 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #83 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #83 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void bitcast (void (%struct.blk_plug.290756*)* @blk_start_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i64 [ %1, %54 ], [ %324, %323 ] %73 = phi i32 [ 0, %54 ], [ %81, %323 ] %74 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %72, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i32 [ -12, %78 ], [ %73, %71 ] %82 = phi i64 [ %76, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %210 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 6 %211 = load %struct.mm_struct*, %struct.mm_struct** %210, align 8 %212 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %74, i64 0, i32 8 %213 = load i64, i64* %212, align 8 switch i32 %3, label %254 [ i32 0, label %214 i32 2, label %216 i32 1, label %219 i32 10, label %222 i32 11, label %224 i32 18, label %229 i32 19, label %238 i32 16, label %240 i32 17, label %242 i32 15, label %250 i32 14, label %250 ] %243 = and i64 %213, 4194304 %244 = icmp ne i64 %243, 0 %245 = and i64 %213, 268715008 %246 = icmp eq i64 %245, 0 %247 = or i1 %244, %246 br i1 %247, label %248, label %329 %330 = phi i32 [ -12, %53 ], [ %328, %327 ], [ -22, %242 ], [ -12, %284 ], [ -12, %273 ], [ -22, %229 ], [ -22, %224 ], [ -22, %141 ], [ -22, %136 ], [ %81, %312 ], [ -12, %78 ], [ %81, %310 ], [ -12, %323 ] call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %12) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.blk_mq_ctx.296351* %1, %struct.list_head* %2) #83 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.296364*, i1)*)(%struct.blk_mq_hw_ctx.296364* %0, i1 zeroext %3) #83 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void @__rcu_read_lock() #83 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %14 = load %struct.request_queue.294830*, %struct.request_queue.294830** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void @__rcu_read_unlock() #83 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.294739* %0, i1 zeroext %1, i64 0) #84 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %81, !prof !4, !misexpect !5 br i1 %1, label %33, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %33 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.6.27866, i64 0, i64 0)) #83 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %27, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @preempt_count_sub(i32 1) #83 %28 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %33, !prof !11, !misexpect !5 %32 = tail call i64 asm sideeffect "call __SCT__preempt_schedule", "={rsp},0,~{dirflag},~{fpsr},~{flags}"(i64 %31) #6, !srcloc !14 br label %33 %34 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 3 %35 = load i32, i32* %34, align 32 %36 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %37 = load %struct.request_queue.294830*, %struct.request_queue.294830** %36, align 8 %38 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %37, i64 0, i32 9 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 1 br i1 %40, label %75, label %41 %76 = phi i32 [ %67, %74 ], [ 64, %73 ], [ 64, %33 ] %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 1 %78 = trunc i64 %2 to i32 %79 = tail call i64 @__msecs_to_jiffies(i32 %78) #83 %80 = tail call i32 @kblockd_mod_delayed_work_on(i32 %76, %struct.delayed_work* %77, i64 %79) #83 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug 6 blk_finish_plug 7 __ia32_compat_sys_io_submit ------------- Path:  Function:__ia32_compat_sys_io_submit %2 = alloca %struct.blk_plug, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %6 to i32 %11 = inttoptr i64 %9 to i32* %12 = bitcast %struct.blk_plug* %2 to i8* %13 = icmp sgt i32 %10, -1 br i1 %13, label %14, label %82, !prof !4, !misexpect !5 %15 = and i64 %4, 4294967295 %16 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %15) #83 %17 = icmp eq %struct.kioctx* %16, null br i1 %17, label %82, label %18, !prof !6, !misexpect !5 %19 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %16, i64 0, i32 7 %20 = load i32, i32* %19, align 64 %21 = icmp ult i32 %20, %10 %22 = select i1 %21, i32 %20, i32 %10 %23 = icmp sgt i32 %22, 2 br i1 %23, label %24, label %25 %26 = icmp sgt i32 %22, 0 br i1 %26, label %27, label %57 %28 = zext i32 %22 to i64 br label %29 %30 = phi i64 [ 0, %27 ], [ %46, %45 ] %32 = getelementptr i32, i32* %11, i64 %30 %33 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %32, i64 4, i64 %31) #6, !srcloc !7 %34 = extractvalue { i32*, i32, i64 } %33, 0 %35 = extractvalue { i32*, i32, i64 } %33, 2 %36 = ptrtoint i32* %34 to i64 %37 = and i64 %36, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %51, !prof !4, !misexpect !5 %40 = extractvalue { i32*, i32, i64 } %33, 1 %41 = zext i32 %40 to i64 %42 = inttoptr i64 %41 to %struct.iocb* %43 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %16, %struct.iocb* %42, i1 zeroext true) #83 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %48 %46 = add nuw nsw i64 %30, 1 %47 = icmp eq i64 %46, %28 br i1 %47, label %53, label %29 %54 = phi i32 [ %49, %48 ], [ %52, %51 ], [ %22, %45 ] %55 = phi i64 [ %50, %48 ], [ -14, %51 ], [ 0, %45 ] br i1 %23, label %56, label %57 call void bitcast (void (%struct.blk_plug.290756*)* @blk_finish_plug to void (%struct.blk_plug*)*)(%struct.blk_plug* nonnull %2) #83 Function:blk_finish_plug %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.290793* %4 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %3, i64 0, i32 129 %5 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %4, align 8 %6 = icmp eq %struct.blk_plug.290756* %5, %0 br i1 %6, label %7, label %8 tail call void @blk_flush_plug(%struct.blk_plug.290756* %0, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.blk_mq_ctx.296351* %1, %struct.list_head* %2) #83 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.296364*, i1)*)(%struct.blk_mq_hw_ctx.296364* %0, i1 zeroext %3) #83 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void @__rcu_read_lock() #83 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %14 = load %struct.request_queue.294830*, %struct.request_queue.294830** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void @__rcu_read_unlock() #83 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.294739* %0, i1 zeroext %1, i64 0) #84 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %81, !prof !4, !misexpect !5 br i1 %1, label %33, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %33 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.6.27866, i64 0, i64 0)) #83 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %27, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @preempt_count_sub(i32 1) #83 %28 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %33, !prof !11, !misexpect !5 %32 = tail call i64 asm sideeffect "call __SCT__preempt_schedule", "={rsp},0,~{dirflag},~{fpsr},~{flags}"(i64 %31) #6, !srcloc !14 br label %33 %34 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 3 %35 = load i32, i32* %34, align 32 %36 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %37 = load %struct.request_queue.294830*, %struct.request_queue.294830** %36, align 8 %38 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %37, i64 0, i32 9 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 1 br i1 %40, label %75, label %41 %76 = phi i32 [ %67, %74 ], [ 64, %73 ], [ 64, %33 ] %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 1 %78 = trunc i64 %2 to i32 %79 = tail call i64 @__msecs_to_jiffies(i32 %78) #83 %80 = tail call i32 @kblockd_mod_delayed_work_on(i32 %76, %struct.delayed_work* %77, i64 %79) #83 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug 6 bio_poll 7 iocb_bio_iopoll ------------- Path:  Function:iocb_bio_iopoll tail call void @__rcu_read_lock() #83 %4 = getelementptr inbounds %struct.kiocb.290504, %struct.kiocb.290504* %0, i64 0, i32 3 %5 = load volatile i8*, i8** %4, align 8 %6 = bitcast i8* %5 to %struct.bio.290594* %7 = icmp eq i8* %5, null br i1 %7, label %15, label %8 %9 = getelementptr inbounds i8, i8* %5, i64 8 %10 = bitcast i8* %9 to %struct.block_device.290586** %11 = load %struct.block_device.290586*, %struct.block_device.290586** %10, align 8 %12 = icmp eq %struct.block_device.290586* %11, null br i1 %12, label %15, label %13 %14 = tail call i32 @bio_poll(%struct.bio.290594* nonnull %6, %struct.io_comp_batch.290810* %1, i32 %2) #84 Function:bio_poll %4 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 1 %5 = load %struct.block_device.290586*, %struct.block_device.290586** %4, align 8 %6 = getelementptr inbounds %struct.block_device.290586, %struct.block_device.290586* %5, i64 0, i32 18 %7 = load %struct.request_queue.290802*, %struct.request_queue.290802** %6, align 8 %8 = getelementptr inbounds %struct.bio.290594, %struct.bio.290594* %0, i64 0, i32 9 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, -1 br i1 %10, label %54, label %11 %12 = getelementptr inbounds %struct.request_queue.290802, %struct.request_queue.290802* %7, i64 0, i32 11 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 65536 %15 = icmp eq i64 %14, 0 br i1 %15, label %54, label %16 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.290793** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.290793**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.290793* %19 = getelementptr inbounds %struct.task_struct.290793, %struct.task_struct.290793* %18, i64 0, i32 129 %20 = load %struct.blk_plug.290756*, %struct.blk_plug.290756** %19, align 8 %21 = icmp eq %struct.blk_plug.290756* %20, null br i1 %21, label %23, label %22 tail call void @blk_flush_plug(%struct.blk_plug.290756* nonnull %20, i1 zeroext false) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.blk_mq_ctx.296351* %1, %struct.list_head* %2) #83 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.296364*, i1)*)(%struct.blk_mq_hw_ctx.296364* %0, i1 zeroext %3) #83 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void @__rcu_read_lock() #83 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %14 = load %struct.request_queue.294830*, %struct.request_queue.294830** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void @__rcu_read_unlock() #83 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.294739* %0, i1 zeroext %1, i64 0) #84 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %81, !prof !4, !misexpect !5 br i1 %1, label %33, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %33 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.6.27866, i64 0, i64 0)) #83 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %27, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @preempt_count_sub(i32 1) #83 %28 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %33, !prof !11, !misexpect !5 %32 = tail call i64 asm sideeffect "call __SCT__preempt_schedule", "={rsp},0,~{dirflag},~{fpsr},~{flags}"(i64 %31) #6, !srcloc !14 br label %33 %34 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 3 %35 = load i32, i32* %34, align 32 %36 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %37 = load %struct.request_queue.294830*, %struct.request_queue.294830** %36, align 8 %38 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %37, i64 0, i32 9 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 1 br i1 %40, label %75, label %41 %76 = phi i32 [ %67, %74 ], [ 64, %73 ], [ 64, %33 ] %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 1 %78 = trunc i64 %2 to i32 %79 = tail call i64 @__msecs_to_jiffies(i32 %78) #83 %80 = tail call i32 @kblockd_mod_delayed_work_on(i32 %76, %struct.delayed_work* %77, i64 %79) #83 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug 6 wakeup_flusher_threads 7 ksys_sync 8 __do_sys_sync ------------- Path:  Function:__do_sys_sync tail call void @ksys_sync() #83 Function:ksys_sync %1 = alloca i32, align 4 %2 = alloca i32, align 4 %3 = bitcast i32* %1 to i8* store i32 0, i32* %1, align 4 %4 = bitcast i32* %2 to i8* store i32 1, i32* %2, align 4 tail call void @wakeup_flusher_threads(i32 2) #83 Function:wakeup_flusher_threads %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 129 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, null br i1 %6, label %17, label %7 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 0 %9 = load %struct.request*, %struct.request** %8, align 8 %10 = icmp eq %struct.request* %9, null br i1 %10, label %11, label %16 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %5, i64 0, i32 7 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %17, label %16 tail call void bitcast (void (%struct.blk_plug.290756*, i1)* @blk_flush_plug to void (%struct.blk_plug*, i1)*)(%struct.blk_plug* nonnull %5, i1 zeroext true) #83 Function:blk_flush_plug %3 = alloca %struct.list_head, align 8 %4 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 7 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = icmp eq %struct.list_head* %6, %4 br i1 %7, label %44, label %8 %45 = getelementptr inbounds %struct.blk_plug.290756, %struct.blk_plug.290756* %0, i64 0, i32 0 %46 = load %struct.request.290809*, %struct.request.290809** %45, align 8 %47 = icmp eq %struct.request.290809* %46, null br i1 %47, label %49, label %48 call void bitcast (void (%struct.blk_plug.295036*, i1)* @blk_mq_flush_plug_list to void (%struct.blk_plug.290756*, i1)*)(%struct.blk_plug.290756* %0, i1 zeroext %1) #83 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 0 %8 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %9 = icmp eq %struct.request.294838* %8, null br i1 %9, label %117, label %10 %11 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 3 store i16 0, i16* %11, align 2 %12 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 4 %13 = load i8, i8* %12, align 4, !range !4 %14 = icmp eq i8 %13, 0 br i1 %14, label %15, label %23 %16 = getelementptr inbounds %struct.blk_plug.295036, %struct.blk_plug.295036* %0, i64 0, i32 5 %17 = load i8, i8* %16, align 1, !range !4 %18 = icmp ne i8 %17, 0 %19 = or i1 %18, %1 br i1 %19, label %23, label %20 %24 = phi %struct.request.294838* [ %8, %15 ], [ %8, %10 ], [ %21, %20 ] %25 = icmp eq %struct.blk_plug.295036* %0, null %26 = bitcast %struct.blk_plug.295036* %0 to i64* %27 = xor i1 %1, true br label %28 %29 = phi %struct.request.294838* [ %24, %23 ], [ %88, %78 ] %30 = phi i32 [ 0, %23 ], [ %87, %78 ] %31 = phi %struct.blk_mq_ctx.294726* [ null, %23 ], [ %80, %78 ] %32 = phi %struct.blk_mq_hw_ctx.294739* [ null, %23 ], [ %81, %78 ] br i1 %25, label %37, label %33 %38 = phi %struct.request.294838* [ %29, %33 ], [ null, %28 ] %39 = icmp eq %struct.blk_mq_hw_ctx.294739* %32, null %40 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 2 %41 = load %struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_hw_ctx.294739** %40, align 8 br i1 %39, label %73, label %42 %74 = phi i32 [ 0, %71 ], [ %30, %37 ] %75 = phi %struct.blk_mq_hw_ctx.294739* [ %72, %71 ], [ %41, %37 ] %76 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 1 %77 = load %struct.blk_mq_ctx.294726*, %struct.blk_mq_ctx.294726** %76, align 8 br label %78 %79 = phi i32 [ %30, %44 ], [ %74, %73 ] %80 = phi %struct.blk_mq_ctx.294726* [ %31, %44 ], [ %77, %73 ] %81 = phi %struct.blk_mq_hw_ctx.294739* [ %32, %44 ], [ %75, %73 ] %82 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0 %83 = load %struct.list_head*, %struct.list_head** %5, align 8 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 1 store %struct.list_head* %82, %struct.list_head** %84, align 8 %85 = getelementptr inbounds %struct.list_head, %struct.list_head* %82, i64 0, i32 0 store %struct.list_head* %83, %struct.list_head** %85, align 8 %86 = getelementptr inbounds %struct.request.294838, %struct.request.294838* %38, i64 0, i32 12, i32 0, i32 1 store %struct.list_head* %3, %struct.list_head** %86, align 8 store volatile %struct.list_head* %82, %struct.list_head** %5, align 8 %87 = add i32 %79, 1 %88 = load %struct.request.294838*, %struct.request.294838** %7, align 8 %89 = icmp eq %struct.request.294838* %88, null br i1 %89, label %90, label %28 %91 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %92 = icmp eq %struct.list_head* %91, %3 br i1 %92, label %117, label %93 %94 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %81, i64 0, i32 7 %95 = load %struct.request_queue.294830*, %struct.request_queue.294830** %94, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %96)) #6 to label %116 [label %96], !srcloc !5 call void bitcast (void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.294739* %81, %struct.blk_mq_ctx.294726* %80, %struct.list_head* nonnull %3, i1 zeroext %1) #84 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 7 %6 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %6, i64 0, i32 2 tail call void @__rcu_read_lock() #83 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !4, !misexpect !5 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !6 br label %18 tail call void @__rcu_read_unlock() #83 %19 = load %struct.request_queue.296452*, %struct.request_queue.296452** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.296452, %struct.request_queue.296452* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.296431*, %struct.elevator_queue.296431** %20, align 8 %22 = icmp eq %struct.elevator_queue.296431* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.296364, %struct.blk_mq_hw_ctx.296364* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.296364*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.list_head* %2) #83 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, %struct.blk_mq_ctx.294726*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.296364*, %struct.blk_mq_ctx.296351*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.296364* %0, %struct.blk_mq_ctx.296351* %1, %struct.list_head* %2) #83 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.294739*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.296364*, i1)*)(%struct.blk_mq_hw_ctx.296364* %0, i1 zeroext %3) #83 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void @__rcu_read_lock() #83 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %14 = load %struct.request_queue.294830*, %struct.request_queue.294830** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void @__rcu_read_unlock() #83 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.294739* %0, i1 zeroext %1, i64 0) #84 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %81, !prof !4, !misexpect !5 br i1 %1, label %33, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %33 tail call void @preempt_count_add(i32 1) #83 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @__this_cpu_preempt_check(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.6.27866, i64 0, i64 0)) #83 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %27, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @preempt_count_sub(i32 1) #83 %28 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %33, !prof !11, !misexpect !5 %32 = tail call i64 asm sideeffect "call __SCT__preempt_schedule", "={rsp},0,~{dirflag},~{fpsr},~{flags}"(i64 %31) #6, !srcloc !14 br label %33 %34 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 3 %35 = load i32, i32* %34, align 32 %36 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 7 %37 = load %struct.request_queue.294830*, %struct.request_queue.294830** %36, align 8 %38 = getelementptr inbounds %struct.request_queue.294830, %struct.request_queue.294830* %37, i64 0, i32 9 %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 1 br i1 %40, label %75, label %41 %76 = phi i32 [ %67, %74 ], [ 64, %73 ], [ 64, %33 ] %77 = getelementptr inbounds %struct.blk_mq_hw_ctx.294739, %struct.blk_mq_hw_ctx.294739* %0, i64 0, i32 1 %78 = trunc i64 %2 to i32 %79 = tail call i64 @__msecs_to_jiffies(i32 %78) #83 %80 = tail call i32 @kblockd_mod_delayed_work_on(i32 %76, %struct.delayed_work* %77, i64 %79) #83 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #83 ------------- Good: 481 Bad: 11 Ignored: 716 Check Use of Function:audit_log Check Use of Function:selinux_policy_cancel Check Use of Function:selinux_status_update_policyload Check Use of Function:bmap Check Use of Function:intel_modeset_driver_remove Check Use of Function:__import_iovec Check Use of Function:shmem_file_read_iter Check Use of Function:vfat_create Check Use of Function:add_to_avail_list Check Use of Function:try_to_free_swap Check Use of Function:__dev_change_net_namespace Check Use of Function:snd_disconnect_ioctl Check Use of Function:i915_sw_fence_complete Check Use of Function:snapshot_get_image_size Check Use of Function:intel_display_prepare_reset Check Use of Function:pin_insert Check Use of Function:__lookup_hash Check Use of Function:ieee80211_csa_finalize Check Use of Function:drm_master_put Check Use of Function:__create_xol_area Check Use of Function:__setplane_check Check Use of Function:avc_has_perm Use: =BAD PATH= Call Stack: 0 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 94 %18 = load %struct.cred*, %struct.cred** %17, align 8 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #83 ------------- Use: =BAD PATH= Call Stack: 0 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #83 ------------- Use: =BAD PATH= Call Stack: 0 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 94 %25 = load %struct.cred*, %struct.cred** %24, align 8 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #83 ------------- Use: =BAD PATH= Call Stack: 0 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 94 %19 = load %struct.cred*, %struct.cred** %18, align 8 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull @selinux_state, i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #83 ------------- Good: 61 Bad: 4 Ignored: 154 Check Use of Function:cfg80211_free_nan_func Check Use of Function:drm_primary_helper_disable Check Use of Function:drm_modeset_acquire_fini Check Use of Function:drm_modeset_drop_locks Check Use of Function:__fsnotify_parent Check Use of Function:drm_crtc_vblank_count Check Use of Function:free_irq Check Use of Function:jbd2_journal_abort Check Use of Function:intel_irq_uninstall Check Use of Function:drm_event_reserve_init Check Use of Function:drm_atomic_helper_page_flip Check Use of Function:drm_modeset_acquire_init Check Use of Function:tty_buffer_restart_work Check Use of Function:dev_change_carrier Check Use of Function:freeze_bdev Check Use of Function:replace_mm_exe_file Check Use of Function:drm_framebuffer_check_src_coords Check Use of Function:_dev_alert Check Use of Function:xt_request_find_match Check Use of Function:drm_connector_list_iter_end Check Use of Function:compat_start_thread Check Use of Function:drm_property_replace_blob Check Use of Function:xt_compat_check_entry_offsets Check Use of Function:kernel_kexec Check Use of Function:drm_connector_set_obj_prop Check Use of Function:drm_modeset_lock_all_ctx Check Use of Function:drm_property_free_blob Check Use of Function:xt_compat_flush_offsets Check Use of Function:drm_framebuffer_free Check Use of Function:serial8250_verify_port Check Use of Function:__is_local_mountpoint Check Use of Function:vt_do_kbkeycode_ioctl Check Use of Function:kernfs_iop_rmdir Check Use of Function:drm_atomic_state_clear Check Use of Function:__put_net Use: =BAD PATH= Call Stack: 0 put_fs_context 1 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.156180*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #83 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 5 %3 = load %struct.dentry.156117*, %struct.dentry.156117** %2, align 8 %4 = icmp eq %struct.dentry.156117* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.155755*, %struct.fs_context_operations.155755** %15, align 8 %17 = icmp eq %struct.fs_context_operations.155755* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.155755, %struct.fs_context_operations.155755* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.156180*)*, void (%struct.fs_context.156180*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.156180*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #83 %25 = getelementptr inbounds %struct.fs_context.156180, %struct.fs_context.156180* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %26) #83 ------------- Use: =BAD PATH= Call Stack: 0 single_release_net ------------- Path:  Function:single_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.net** %8 = load %struct.net*, %struct.net** %7, align 8 %9 = getelementptr inbounds %struct.net, %struct.net* %8, i64 0, i32 14, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %8) #83 ------------- Use: =BAD PATH= Call Stack: 0 seq_release_net ------------- Path:  Function:seq_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.possible_net_t** %8 = load %struct.possible_net_t*, %struct.possible_net_t** %7, align 8 %9 = getelementptr inbounds %struct.possible_net_t, %struct.possible_net_t* %8, i64 0, i32 0 %10 = load %struct.net*, %struct.net** %9, align 8 %11 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 14, i32 3 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %10) #83 ------------- Good: 86 Bad: 3 Ignored: 55 Check Use of Function:drm_atomic_connector_commit_dpms Check Use of Function:kthread_stop Check Use of Function:clear_posix_cputimers_work Check Use of Function:drm_atomic_commit Check Use of Function:drm_mode_object_get_properties Check Use of Function:fifo_init Check Use of Function:strscpy Use: =BAD PATH= Call Stack: 0 snd_hwdep_ioctl 1 snd_hwdep_ioctl_compat ------------- Path:  Function:snd_hwdep_ioctl_compat %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.snd_hwdep** %7 = load %struct.snd_hwdep*, %struct.snd_hwdep** %6, align 8 %8 = and i64 %2, 4294967295 switch i32 %1, label %79 [ i32 -2147203072, label %9 i32 -2133047295, label %9 i32 -2143270910, label %9 i32 1079003139, label %11 ] %10 = tail call i64 @snd_hwdep_ioctl(%struct.file* %0, i32 %1, i64 %8) #83 Function:snd_hwdep_ioctl %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = alloca %struct.snd_hwdep_dsp_status, align 4 %6 = alloca %struct.snd_hwdep_info, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.snd_hwdep** %9 = load %struct.snd_hwdep*, %struct.snd_hwdep** %8, align 8 switch i32 %1, label %88 [ i32 -2147203072, label %10 i32 -2133047295, label %19 i32 -2143270910, label %39 i32 1080051715, label %58 ] %20 = bitcast %struct.snd_hwdep_info* %6 to i8* %21 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 0 %22 = load %struct.snd_card*, %struct.snd_card** %21, align 8 %23 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 1 store i32 %24, i32* %25, align 4 %26 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 2, i64 0 %27 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 3, i64 0 %28 = call i64 @strscpy(i8* %26, i8* %27, i64 64) #83 %29 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 4, i64 0 %31 = call i64 @strscpy(i8* %29, i8* %30, i64 80) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_hwdep_ioctl ------------- Path:  Function:snd_hwdep_ioctl %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = alloca %struct.snd_hwdep_dsp_status, align 4 %6 = alloca %struct.snd_hwdep_info, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.snd_hwdep** %9 = load %struct.snd_hwdep*, %struct.snd_hwdep** %8, align 8 switch i32 %1, label %88 [ i32 -2147203072, label %10 i32 -2133047295, label %19 i32 -2143270910, label %39 i32 1080051715, label %58 ] %20 = bitcast %struct.snd_hwdep_info* %6 to i8* %21 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 0 %22 = load %struct.snd_card*, %struct.snd_card** %21, align 8 %23 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 1 store i32 %24, i32* %25, align 4 %26 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 2, i64 0 %27 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 3, i64 0 %28 = call i64 @strscpy(i8* %26, i8* %27, i64 64) #83 %29 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 4, i64 0 %31 = call i64 @strscpy(i8* %29, i8* %30, i64 80) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_hwdep_ioctl 1 snd_hwdep_ioctl_compat ------------- Path:  Function:snd_hwdep_ioctl_compat %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.snd_hwdep** %7 = load %struct.snd_hwdep*, %struct.snd_hwdep** %6, align 8 %8 = and i64 %2, 4294967295 switch i32 %1, label %79 [ i32 -2147203072, label %9 i32 -2133047295, label %9 i32 -2143270910, label %9 i32 1079003139, label %11 ] %10 = tail call i64 @snd_hwdep_ioctl(%struct.file* %0, i32 %1, i64 %8) #83 Function:snd_hwdep_ioctl %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = alloca %struct.snd_hwdep_dsp_status, align 4 %6 = alloca %struct.snd_hwdep_info, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.snd_hwdep** %9 = load %struct.snd_hwdep*, %struct.snd_hwdep** %8, align 8 switch i32 %1, label %88 [ i32 -2147203072, label %10 i32 -2133047295, label %19 i32 -2143270910, label %39 i32 1080051715, label %58 ] %20 = bitcast %struct.snd_hwdep_info* %6 to i8* %21 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 0 %22 = load %struct.snd_card*, %struct.snd_card** %21, align 8 %23 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 1 store i32 %24, i32* %25, align 4 %26 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 2, i64 0 %27 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 3, i64 0 %28 = call i64 @strscpy(i8* %26, i8* %27, i64 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 snd_hwdep_ioctl ------------- Path:  Function:snd_hwdep_ioctl %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = alloca %struct.snd_hwdep_dsp_status, align 4 %6 = alloca %struct.snd_hwdep_info, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.snd_hwdep** %9 = load %struct.snd_hwdep*, %struct.snd_hwdep** %8, align 8 switch i32 %1, label %88 [ i32 -2147203072, label %10 i32 -2133047295, label %19 i32 -2143270910, label %39 i32 1080051715, label %58 ] %20 = bitcast %struct.snd_hwdep_info* %6 to i8* %21 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 0 %22 = load %struct.snd_card*, %struct.snd_card** %21, align 8 %23 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 1 store i32 %24, i32* %25, align 4 %26 = getelementptr inbounds %struct.snd_hwdep_info, %struct.snd_hwdep_info* %6, i64 0, i32 2, i64 0 %27 = getelementptr inbounds %struct.snd_hwdep, %struct.snd_hwdep* %9, i64 0, i32 3, i64 0 %28 = call i64 @strscpy(i8* %26, i8* %27, i64 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_printk 4 pnp_disable_dev 5 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.343946* %11 = getelementptr inbounds %struct.pnp_dev.343946, %struct.pnp_dev.343946* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #84 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.35209, i64 0, i64 0), i64 7) #85 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.344092*)* @pnp_disable_dev to i32 (%struct.pnp_dev.343946*)*)(%struct.pnp_dev.343946* %10) #84 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.344082*, %struct.pnp_protocol.344082** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.344082, %struct.pnp_protocol.344082* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.344092*)*, i32 (%struct.pnp_dev.344092*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.344092*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %23 = load i32, i32* @pnp_debug, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %51, label %25 %26 = getelementptr inbounds %struct.pnp_dev.344092, %struct.pnp_dev.344092* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.35105, i64 0, i64 0), %struct.device* %26, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.7.35106, i64 0, i64 0)) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_printk 4 drm_dev_dbg 5 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.373290* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.45512, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_printk 4 drm_dev_dbg 5 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %70, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #83 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %70 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #84 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %70 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.41039, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_printk 4 drm_dev_dbg 5 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.428426** %12 = load %struct.drm_i915_private.428426*, %struct.drm_i915_private.428426** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %66, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #83 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %66 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #84 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.41032, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #83 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %66 %38 = icmp eq %struct.drm_i915_private.428426* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.41033, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.41034, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.41035, i64 0, i64 0), i8* %46) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_printk 4 drm_dev_dbg 5 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.426591** %7 = load %struct.i915_gpu_coredump.426591*, %struct.i915_gpu_coredump.426591** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.426591* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.426591, %struct.i915_gpu_coredump.426591* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %10, align 8 %12 = icmp eq %struct.drm_i915_private.426623* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.40.40785, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_printk 4 drm_dev_dbg 5 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.412466** %12 = load %struct.drm_i915_private.412466*, %struct.drm_i915_private.412466** %11, align 8 %13 = icmp eq %struct.drm_i915_private.412466* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.40123, i64 0, i64 0)) #83 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.39228, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.39224, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #83 Function:_dev_printk %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %8, align 8 %9 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %9, align 8 call fastcc void @__dev_printk(i8* %0, %struct.device* %1, %struct.va_format* nonnull %4) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_warn 4 cur_state_store ------------- Path:  Function:cur_state_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 36 %7 = bitcast %struct.dev_iommu** %6 to %struct.thermal_cooling_device* %8 = bitcast i64* %5 to i8* %9 = load i1, i1* @cur_state_store.__print_once, align 1 br i1 %9, label %13, label %10 store i1 true, i1* @cur_state_store.__print_once, align 1 %11 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %6, i64 2 %12 = bitcast %struct.dev_iommu** %11 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %12, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.31.59516, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_warn 4 stable_pages_required_show ------------- Path:  Function:stable_pages_required_show %4 = load i1, i1* @stable_pages_required_show.__print_once, align 1 br i1 %4, label %6, label %5 store i1 true, i1* @stable_pages_required_show.__print_once, align 1 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %0, i8* getelementptr inbounds ([102 x i8], [102 x i8]* @.str.7.14003, i64 0, i64 0)) #83 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_warn 4 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.313800* %9 = bitcast i8** %5 to i8* %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.13.30582, i64 0, i64 0)) #83 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 253 %14 = bitcast %struct.irq_domain** %13 to i8* store i8 0, i8* %14, align 8 %15 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 25 %16 = bitcast %struct.irq_domain** %15 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %16, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.79.30583, i64 0, i64 0)) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_warn 4 pci_vpd_available 5 pci_vpd_read 6 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_read %6 = alloca i32, align 4 %7 = add i64 %2, %1 %8 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_warn 4 pci_vpd_available 5 pci_vpd_write 6 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318200* %9 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.318200* %8, i64 %4, i64 %5, i8* %3, i1 zeroext true) #83 Function:pci_vpd_write %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.318200* %0, i1 zeroext %4) #83 Function:pci_vpd_available %3 = alloca [3 x i8], align 1 %4 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 2 %5 = load i8, i8* %4, align 4 %6 = icmp eq i8 %5, 0 br i1 %6, label %110, label %7 %8 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 62, i32 1 %9 = load i32, i32* %8, align 8 %10 = icmp ne i32 %9, 0 %11 = xor i1 %1, true %12 = or i1 %10, %11 br i1 %12, label %110, label %13 %14 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 0 %15 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 52 %16 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 6 %18 = getelementptr inbounds [3 x i8], [3 x i8]* %3, i64 0, i64 1 %19 = bitcast i8* %18 to i16* br label %20 %21 = phi i64 [ 0, %13 ], [ %83, %82 ] %22 = load i16, i16* %15, align 2 %23 = and i16 %22, 256 %24 = icmp eq i16 %23, 0 br i1 %24, label %33, label %25 %26 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %27 = load i32, i32* %17, align 8 %28 = and i32 %27, 248 %29 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %26, i32 %28) #83 %30 = icmp eq %struct.pci_dev.318200* %29, null br i1 %30, label %105, label %31 %32 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.318200* nonnull %29, i64 %21, i64 1, i8* nonnull %14, i1 zeroext false) #83 tail call void bitcast (void (%struct.pci_dev.313800*)* @pci_dev_put to void (%struct.pci_dev.318200*)*)(%struct.pci_dev.318200* nonnull %29) #83 br label %35 %36 = phi i64 [ %32, %31 ], [ %34, %33 ] %37 = icmp eq i64 %36, 1 br i1 %37, label %38, label %105 %39 = icmp eq i64 %21, 0 %40 = load i8, i8* %14, align 1 br i1 %39, label %41, label %42 %43 = icmp sgt i8 %40, -1 br i1 %43, label %72, label %44 %45 = add i64 %21, 1 %46 = load i16, i16* %15, align 2 %47 = and i16 %46, 256 %48 = icmp eq i16 %47, 0 br i1 %48, label %57, label %49 %50 = load %struct.pci_bus.318189*, %struct.pci_bus.318189** %16, align 8 %51 = load i32, i32* %17, align 8 %52 = and i32 %51, 248 %53 = tail call %struct.pci_dev.318200* bitcast (%struct.pci_dev.313800* (%struct.pci_bus.313802*, i32)* @pci_get_slot to %struct.pci_dev.318200* (%struct.pci_bus.318189*, i32)*)(%struct.pci_bus.318189* %50, i32 %52) #83 %54 = icmp eq %struct.pci_dev.318200* %53, null br i1 %54, label %62, label %55 %63 = getelementptr inbounds %struct.pci_dev.318200, %struct.pci_dev.318200* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %63, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.30907, i64 0, i64 0), i64 %45) #84 Function:_dev_warn %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.26.48242, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %22 = bitcast %struct.list_head** %21 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #83 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %23 = bitcast %struct.list_head** %22 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.62458, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.62479, i64 0, i64 0)) #83 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 dev_vprintk_emit 1 dev_printk_emit 2 __dev_printk 3 _dev_err 4 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #83 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.60.58643, i64 0, i64 0), i16* %21, i8* nonnull %6) #83 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.62.58645, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.57.58648, i64 0, i64 0)) #84 Function:_dev_err %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %7, align 8 %8 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %8, align 8 call fastcc void @__dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.48146, i64 0, i64 0), %struct.device* %0, %struct.va_format* nonnull %3) #83 Function:__dev_printk %4 = icmp eq %struct.device* %1, null br i1 %4, label %41, label %5 %6 = getelementptr i8, i8* %0, i64 1 %7 = load i8, i8* %6, align 1 %8 = sext i8 %7 to i32 %9 = add nsw i32 %8, -48 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 6 %11 = load volatile %struct.device_driver*, %struct.device_driver** %10, align 8 %12 = icmp eq %struct.device_driver* %11, null br i1 %12, label %15, label %13 %16 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %17 = load %struct.bus_type*, %struct.bus_type** %16, align 8 %18 = icmp eq %struct.bus_type* %17, null br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %23 = load %struct.class*, %struct.class** %22, align 8 %24 = icmp eq %struct.class* %23, null br i1 %24, label %30, label %25 %26 = getelementptr inbounds %struct.class, %struct.class* %23, i64 0, i32 0 br label %27 %28 = phi i8** [ %14, %13 ], [ %20, %19 ], [ %26, %25 ] %29 = load i8*, i8** %28, align 8 br label %30 %31 = phi i8* [ getelementptr inbounds ([1 x i8], [1 x i8]* @.str.53.48147, i64 0, i64 0), %21 ], [ %29, %27 ] %32 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 3 %33 = load i8*, i8** %32, align 8 %34 = icmp eq i8* %33, null br i1 %34, label %35, label %38 %39 = phi i8* [ %37, %35 ], [ %33, %30 ] %40 = tail call i32 (i32, %struct.device*, i8*, ...) @dev_printk_emit(i32 %9, %struct.device* nonnull %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.89.48148, i64 0, i64 0), i8* %31, i8* %39, %struct.va_format* %2) #83 Function:dev_printk_emit %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %6 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %4, i64 0, i64 0 %7 = call i32 @dev_vprintk_emit(i32 %0, %struct.device* %1, i8* %2, %struct.__va_list_tag* nonnull %6) #83 Function:dev_vprintk_emit %5 = alloca %struct.dev_printk_info, align 1 %6 = getelementptr inbounds %struct.dev_printk_info, %struct.dev_printk_info* %5, i64 0, i32 0, i64 0 %7 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 32 %8 = load %struct.class*, %struct.class** %7, align 8 %9 = icmp eq %struct.class* %8, null br i1 %9, label %12, label %10 %13 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 5 %14 = load %struct.bus_type*, %struct.bus_type** %13, align 8 %15 = icmp eq %struct.bus_type* %14, null br i1 %15, label %52, label %16 %17 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %14, i64 0, i32 0 br label %18 %19 = phi i8** [ %11, %10 ], [ %17, %16 ] %20 = load i8*, i8** %19, align 8 %21 = call i64 @strscpy(i8* nonnull %6, i8* %20, i64 16) #83 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_actions_logged_handler ------------- Path:  Function:seccomp_actions_logged_handler %6 = alloca %struct.ctl_table, align 8 %7 = alloca [63 x i8], align 16 %8 = alloca i8*, align 8 %9 = alloca [63 x i8], align 16 %10 = alloca %struct.ctl_table, align 8 %11 = icmp eq i32 %1, 0 br i1 %11, label %169, label %12 %170 = getelementptr inbounds [63 x i8], [63 x i8]* %9, i64 0, i64 0 %171 = bitcast %struct.ctl_table* %6 to i8* %172 = load i32, i32* @seccomp_actions_logged, align 4 br label %173 %174 = phi i8** [ getelementptr inbounds ([9 x %struct.anon.117], [9 x %struct.anon.117]* @seccomp_log_names, i64 0, i64 0, i32 1), %169 ], [ %207, %202 ] %175 = phi i8 [ 0, %169 ], [ %205, %202 ] %176 = phi %struct.anon.117* [ getelementptr inbounds ([9 x %struct.anon.117], [9 x %struct.anon.117]* @seccomp_log_names, i64 0, i64 0), %169 ], [ %206, %202 ] %177 = phi i8* [ %170, %169 ], [ %204, %202 ] %178 = phi i64 [ 63, %169 ], [ %203, %202 ] %179 = getelementptr inbounds %struct.anon.117, %struct.anon.117* %176, i64 0, i32 0 %180 = load i32, i32* %179, align 8 %181 = and i32 %180, %172 %182 = icmp eq i32 %181, 0 br i1 %182, label %202, label %183 %184 = and i8 %175, 1 %185 = icmp eq i8 %184, 0 br i1 %185, label %192, label %186 %187 = call i64 @strscpy(i8* %177, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.15.11341, i64 0, i64 0), i64 %178) #83 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_actions_logged_handler ------------- Path:  Function:seccomp_actions_logged_handler %6 = alloca %struct.ctl_table, align 8 %7 = alloca [63 x i8], align 16 %8 = alloca i8*, align 8 %9 = alloca [63 x i8], align 16 %10 = alloca %struct.ctl_table, align 8 %11 = icmp eq i32 %1, 0 br i1 %11, label %169, label %12 %170 = getelementptr inbounds [63 x i8], [63 x i8]* %9, i64 0, i64 0 %171 = bitcast %struct.ctl_table* %6 to i8* %172 = load i32, i32* @seccomp_actions_logged, align 4 br label %173 %174 = phi i8** [ getelementptr inbounds ([9 x %struct.anon.117], [9 x %struct.anon.117]* @seccomp_log_names, i64 0, i64 0, i32 1), %169 ], [ %207, %202 ] %175 = phi i8 [ 0, %169 ], [ %205, %202 ] %176 = phi %struct.anon.117* [ getelementptr inbounds ([9 x %struct.anon.117], [9 x %struct.anon.117]* @seccomp_log_names, i64 0, i64 0), %169 ], [ %206, %202 ] %177 = phi i8* [ %170, %169 ], [ %204, %202 ] %178 = phi i64 [ 63, %169 ], [ %203, %202 ] %179 = getelementptr inbounds %struct.anon.117, %struct.anon.117* %176, i64 0, i32 0 %180 = load i32, i32* %179, align 8 %181 = and i32 %180, %172 %182 = icmp eq i32 %181, 0 br i1 %182, label %202, label %183 %184 = and i8 %175, 1 %185 = icmp eq i8 %184, 0 br i1 %185, label %192, label %186 %187 = call i64 @strscpy(i8* %177, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.15.11341, i64 0, i64 0), i64 %178) #83 %188 = icmp slt i64 %187, 0 br i1 %188, label %217, label %189 %190 = getelementptr i8, i8* %177, i64 %187 %191 = sub i64 %178, %187 br label %192 %193 = phi i64 [ %191, %189 ], [ %178, %183 ] %194 = phi i8* [ %190, %189 ], [ %177, %183 ] %195 = phi i8 [ %175, %189 ], [ 1, %183 ] %196 = load i8*, i8** %174, align 8 %197 = call i64 @strscpy(i8* %194, i8* %196, i64 %193) #83 ------------- Good: 4538 Bad: 24 Ignored: 2199 Check Use of Function:rt_mutex_wait_proxy_lock Check Use of Function:i915_request_create Check Use of Function:drm_mode_object_find Use: =BAD PATH= Call Stack: 0 intel_sprite_set_colorkey_ioctl ------------- Path:  Function:intel_sprite_set_colorkey_ioctl %4 = alloca %struct.drm_modeset_acquire_ctx, align 8 %5 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.407247* %6 = bitcast %struct.drm_modeset_acquire_ctx* %4 to i8* %7 = getelementptr inbounds i8, i8* %1, i64 16 %8 = bitcast i8* %7 to i32* %9 = load i32, i32* %8, align 4 %10 = and i32 %9, -2 store i32 %10, i32* %8, align 4 %11 = icmp ugt i32 %9, 7 %12 = and i32 %9, 6 %13 = icmp eq i32 %12, 6 %14 = or i1 %11, %13 br i1 %14, label %182, label %15 %16 = getelementptr inbounds %struct.drm_i915_private.407247, %struct.drm_i915_private.407247* %5, i64 0, i32 4, i32 0, i64 0 %17 = load i32, i32* %16, align 4 %18 = and i32 %17, 9437184 %19 = icmp eq i32 %18, 0 %20 = and i32 %9, 2 %21 = icmp eq i32 %20, 0 %22 = or i1 %21, %19 br i1 %22, label %23, label %182 %24 = bitcast i8* %1 to i32* %25 = load i32, i32* %24, align 4 %26 = tail call %struct.drm_mode_object.373208* @drm_mode_object_find(%struct.drm_device.373290* %0, %struct.drm_file* %2, i32 %25, i32 -286331154) #83 ------------- Use: =BAD PATH= Call Stack: 0 intel_overlay_put_image_ioctl ------------- Path:  Function:intel_overlay_put_image_ioctl %4 = alloca i8, align 1 %5 = alloca %struct.i915_gem_ww_ctx.545140, align 8 %6 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.545366* %7 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 20, i32 3, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.intel_overlay** %9 = load %struct.intel_overlay*, %struct.intel_overlay** %8, align 8 %10 = icmp eq %struct.intel_overlay* %9, null br i1 %10, label %11, label %18 %19 = bitcast i8* %1 to i32* %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 16777216 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %25 %26 = getelementptr inbounds i8, i8* %1, i64 32 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = tail call %struct.drm_mode_object.373208* @drm_mode_object_find(%struct.drm_device.373290* %0, %struct.drm_file* %2, i32 %28, i32 -858993460) #83 ------------- Use: =BAD PATH= Call Stack: 0 intel_get_pipe_from_crtc_id_ioctl ------------- Path:  Function:intel_get_pipe_from_crtc_id_ioctl %4 = bitcast i8* %1 to i32* %5 = load i32, i32* %4, align 4 %6 = tail call %struct.drm_mode_object.373208* @drm_mode_object_find(%struct.drm_device.373290* %0, %struct.drm_file* %2, i32 %5, i32 -858993460) #83 ------------- Good: 6 Bad: 3 Ignored: 15 Check Use of Function:write_pool Use: =BAD PATH= Call Stack: 0 random_write ------------- Path:  Function:random_write %5 = tail call fastcc i32 @write_pool(i8* %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 random_write ------------- Path:  Function:random_write %5 = tail call fastcc i32 @write_pool(i8* %1, i64 %2) #83 ------------- Good: 1 Bad: 2 Ignored: 0 Check Use of Function:mq_select_queue Check Use of Function:drm_gem_fb_create_handle Check Use of Function:xhci_dbg_trace Check Use of Function:intel_user_framebuffer_create_handle Check Use of Function:ieee80211_run_deferred_scan Check Use of Function:intel_user_framebuffer_dirty Check Use of Function:e1000e_release_hw_control Check Use of Function:netlbl_cipsov4_genl_init Check Use of Function:dev_driver_string Use: =BAD PATH= Call Stack: 0 name_show.58586 ------------- Path:  Function:name_show.58586 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %5 = load %struct.device*, %struct.device** %4, align 8 %6 = tail call i8* @dev_driver_string(%struct.device* %5) #83 ------------- Good: 3746 Bad: 1 Ignored: 2846 Check Use of Function:drm_atomic_get_plane_state Check Use of Function:free_ret_instance Check Use of Function:memcpy_toio Check Use of Function:pid_revalidate Check Use of Function:ext4_file_write_iter Check Use of Function:vfs_create Check Use of Function:ext4_rmdir Check Use of Function:security_task_setscheduler Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __se_compat_sys_sched_setaffinity 2 __ia32_compat_sys_sched_setaffinity ------------- Path:  Function:__ia32_compat_sys_sched_setaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_setaffinity(i64 %4, i64 %7, i64 %10) #83 Function:__se_compat_sys_sched_setaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = inttoptr i64 %2 to i32* %8 = bitcast [1 x %struct.cpumask]* %4 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %10 = icmp ult i32 %6, 8 br i1 %10, label %11, label %16 %12 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = shl i64 %1, 3 %14 = and i64 %13, 4294967288 %15 = add nuw nsw i64 %14, 31 br label %16 %17 = phi i64 [ %15, %11 ], [ 95, %3 ] %18 = lshr i64 %17, 3 %19 = and i64 %18, 2305843009213693948 %20 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %21 = add i64 %19, %2 %22 = icmp ult i64 %21, %19 %23 = icmp ugt i64 %21, %20 %24 = or i1 %22, %23 br i1 %24, label %60, label %25, !prof !5, !misexpect !6 %26 = lshr i64 %17, 5 %27 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %28 %29 = phi i64 [ %26, %25 ], [ %47, %40 ] %30 = phi i32* [ %7, %25 ], [ %41, %40 ] %31 = phi i64* [ %27, %25 ], [ %46, %40 ] %32 = icmp ugt i64 %29, 1 br i1 %32, label %33, label %48 %49 = icmp eq i64 %29, 0 br i1 %49, label %56, label %50 %51 = bitcast i32* %30 to %struct.__large_struct* %52 = callbr i32 asm "\0A1:\09movl $1,$0\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long 3 \0A .popsection\0A", "=r,*m,X,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %51, i8* blockaddress(@__se_compat_sys_sched_setaffinity, %55)) #4 to label %53 [label %55], !srcloc !11 %54 = zext i32 %52 to i64 store i64 %54, i64* %31, align 8 br label %56 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %57 = call i64 @sched_setaffinity(i32 %5, %struct.cpumask* nonnull %9) #83 Function:sched_setaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !5 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !6, !misexpect !7 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !8, !misexpect !7 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #83 br label %24 tail call void @__rcu_read_unlock() #83 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 67108864 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %56 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 94 %33 = load %struct.cred*, %struct.cred** %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 93 %35 = load volatile %struct.cred*, %struct.cred** %34, align 32 %36 = getelementptr inbounds %struct.cred, %struct.cred* %33, i64 0, i32 5, i32 0 %37 = load i32, i32* %36, align 4 %38 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %37, %39 br i1 %40, label %41, label %42 tail call void @__rcu_read_unlock() #83 br label %51 %52 = tail call i32 @security_task_setscheduler(%struct.task_struct* nonnull %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_sys_sched_setaffinity ------------- Path:  Function:__ia32_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = and i64 %6, 4294967295 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 br label %18 %19 = phi i64 [ %16, %15 ], [ 8, %1 ] %20 = inttoptr i64 %9 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %12, i8* %20, i64 %19) #83 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %27 %24 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #83 Function:sched_setaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !5 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !6, !misexpect !7 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !8, !misexpect !7 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #83 br label %24 tail call void @__rcu_read_unlock() #83 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 67108864 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %56 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 94 %33 = load %struct.cred*, %struct.cred** %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 93 %35 = load volatile %struct.cred*, %struct.cred** %34, align 32 %36 = getelementptr inbounds %struct.cred, %struct.cred* %33, i64 0, i32 5, i32 0 %37 = load i32, i32* %36, align 4 %38 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %37, %39 br i1 %40, label %41, label %42 tail call void @__rcu_read_unlock() #83 br label %51 %52 = tail call i32 @security_task_setscheduler(%struct.task_struct* nonnull %10) #83 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __x64_sys_sched_setaffinity ------------- Path:  Function:__x64_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %16, align 8 %17 = and i64 %6, 4294967295 br label %18 %19 = phi i64 [ %17, %15 ], [ 8, %1 ] %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* %9, i64 %19) #83 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 %23 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #83 Function:sched_setaffinity tail call void @__rcu_read_lock() #83 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #83 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !5 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !6, !misexpect !7 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !8, !misexpect !7 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #83 br label %24 tail call void @__rcu_read_unlock() #83 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 67108864 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %56 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 94 %33 = load %struct.cred*, %struct.cred** %32, align 8 tail call void @__rcu_read_lock() #83 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 93 %35 = load volatile %struct.cred*, %struct.cred** %34, align 32 %36 = getelementptr inbounds %struct.cred, %struct.cred* %33, i64 0, i32 5, i32 0 %37 = load i32, i32* %36, align 4 %38 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %37, %39 br i1 %40, label %41, label %42 tail call void @__rcu_read_unlock() #83 br label %51 %52 = tail call i32 @security_task_setscheduler(%struct.task_struct* nonnull %10) #83 ------------- Good: 3 Bad: 3 Ignored: 1 Check Use of Function:drm_property_change_valid_put Check Use of Function:intel_ring_begin Check Use of Function:free_nsproxy Check Use of Function:proc_tgid_base_lookup Check Use of Function:intel_overlay_flip_prepare Check Use of Function:__i915_gem_object_flush_frontbuffer Check Use of Function:set_personality_64bit Check Use of Function:i915_gem_ww_ctx_backoff Check Use of Function:drm_modeset_unlock_all Check Use of Function:i915_active_ref Check Use of Function:i915_gem_ww_ctx_init Check Use of Function:pipe_read Check Use of Function:futex_hash Check Use of Function:nl80211_common_reg_change_event Check Use of Function:ww_mutex_lock Use: =BAD PATH= Call Stack: 0 dma_buf_poll ------------- Path:  Function:dma_buf_poll %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.dma_buf** %5 = load %struct.dma_buf*, %struct.dma_buf** %4, align 8 %6 = icmp eq %struct.dma_buf* %5, null br i1 %6, label %112, label %7 %8 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %5, i64 0, i32 13 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = icmp eq %struct.dma_resv* %9, null br i1 %10, label %112, label %11 %12 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %5, i64 0, i32 14 %13 = icmp eq %struct.poll_table_struct* %1, null br i1 %13, label %26, label %14 %27 = phi i32 [ %24, %21 ], [ 5, %11 ] %28 = phi i32 [ %23, %21 ], [ -1, %11 ] %29 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %9, i64 0, i32 0 %30 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %29, %struct.ww_acquire_ctx* null) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_object_set_tiling 1 i915_gem_set_tiling_ioctl ------------- Path:  Function:i915_gem_set_tiling_ioctl %4 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.426623* %5 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %4, i64 0, i32 67, i32 12 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %149, label %8 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void @__rcu_read_lock() #83 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #83 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.426638* %15 = icmp eq i8* %13, null br i1 %15, label %39, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !4 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !5, !misexpect !6 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #83 br label %37 %38 = icmp eq i32 %32, 0 br i1 %38, label %39, label %40 tail call void @__rcu_read_unlock() #83 %41 = getelementptr inbounds i8, i8* %13, i64 440 %42 = bitcast i8* %41 to %struct.drm_i915_gem_object_ops.426626** %43 = load %struct.drm_i915_gem_object_ops.426626*, %struct.drm_i915_gem_object_ops.426626** %42, align 8 %44 = getelementptr inbounds %struct.drm_i915_gem_object_ops.426626, %struct.drm_i915_gem_object_ops.426626* %43, i64 0, i32 0 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %138 %49 = getelementptr inbounds i8, i8* %1, i64 4 %50 = bitcast i8* %49 to i32* %51 = load i32, i32* %50, align 4 %52 = getelementptr inbounds i8, i8* %1, i64 8 %53 = bitcast i8* %52 to i32* %54 = load i32, i32* %53, align 4 %55 = getelementptr inbounds i8, i8* %13, i64 8 %56 = bitcast i8* %55 to %struct.drm_i915_private.426623** %57 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %56, align 8 %58 = icmp eq i32 %51, 0 br i1 %58, label %105, label %59 %60 = icmp ugt i32 %51, 2 br i1 %60, label %138, label %61 %62 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %57, i64 0, i32 3, i32 0 %63 = load i8, i8* %62, align 8 %64 = icmp ugt i8 %63, 6 br i1 %64, label %65, label %67 %68 = icmp ugt i8 %63, 3 br i1 %68, label %69, label %71 %72 = icmp ugt i32 %54, 8192 br i1 %72, label %138, label %73 %74 = zext i32 %54 to i64 %76 = icmp eq i64 %75, 1 br i1 %76, label %77, label %138 %78 = icmp eq i8 %63, 2 br i1 %78, label %87, label %79 %80 = icmp eq i32 %51, 2 br i1 %80, label %81, label %92 %82 = getelementptr inbounds %struct.drm_i915_private.426623, %struct.drm_i915_private.426623* %57, i64 0, i32 4, i32 0, i64 0 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 384 %85 = icmp eq i32 %84, 0 %86 = icmp ne i32 %54, 0 br i1 %85, label %101, label %97 %98 = and i32 %54, 511 %99 = icmp eq i32 %98, 0 %100 = and i1 %86, %99 br i1 %100, label %116, label %138 %117 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 14, i32 30, i32 97 %118 = bitcast i8* %117 to i32* %119 = load i32, i32* %118, align 4 %120 = getelementptr inbounds i8, i8* %1, i64 12 %121 = bitcast i8* %120 to i32* store i32 %119, i32* %121, align 4 br label %122 %123 = phi i32* [ %121, %116 ], [ %115, %110 ] %124 = phi i32 [ %119, %116 ], [ %113, %110 ] switch i32 %124, label %128 [ i32 6, label %125 i32 7, label %126 i32 5, label %127 ] %129 = phi i32 [ %54, %122 ], [ %54, %126 ], [ %54, %125 ], [ 0, %127 ], [ 0, %105 ] %130 = phi i32 [ %51, %122 ], [ %51, %126 ], [ %51, %125 ], [ 0, %127 ], [ 0, %105 ] %131 = tail call i32 @i915_gem_object_set_tiling(%struct.drm_i915_gem_object.426638* nonnull %14, i32 %130, i32 %129) #84 Function:i915_gem_object_set_tiling %4 = alloca %struct.list_head, align 8 %5 = getelementptr inbounds %struct.drm_i915_gem_object.426638, %struct.drm_i915_gem_object.426638* %0, i64 0, i32 0, i32 0, i32 0, i32 2 %6 = bitcast %struct.drm_device.373290** %5 to %struct.drm_i915_private.426623** %7 = load %struct.drm_i915_private.426623*, %struct.drm_i915_private.426623** %6, align 8 %8 = or i32 %2, %1 %9 = getelementptr inbounds %struct.drm_i915_gem_object.426638, %struct.drm_i915_gem_object.426638* %0, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %8, %10 br i1 %11, label %313, label %12 %13 = getelementptr inbounds %struct.drm_i915_gem_object.426638, %struct.drm_i915_gem_object.426638* %0, i64 0, i32 16 %14 = load volatile %struct.intel_frontbuffer.426560*, %struct.intel_frontbuffer.426560** %13, align 8 %15 = icmp eq %struct.intel_frontbuffer.426560* %14, null br i1 %15, label %16, label %313 %17 = getelementptr inbounds %struct.drm_i915_gem_object.426638, %struct.drm_i915_gem_object.426638* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %18 = load %struct.dma_resv*, %struct.dma_resv** %17, align 8 %19 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %18, i64 0, i32 0 %20 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %19, %struct.ww_acquire_ctx* null) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_object_flush_if_display 1 i915_gem_sw_finish_ioctl ------------- Path:  Function:i915_gem_sw_finish_ioctl %4 = bitcast i8* %1 to i32* %5 = load i32, i32* %4, align 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %7 = zext i32 %5 to i64 %8 = tail call i8* @idr_find(%struct.idr* %6, i64 %7) #83 %9 = bitcast i8* %8 to %struct.drm_i915_gem_object.436033* %10 = icmp eq i8* %8, null br i1 %10, label %34, label %11 %12 = bitcast i8* %8 to %struct.seqcount_spinlock* %13 = bitcast i8* %8 to i32* %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %26, label %16 %17 = phi i32 [ %24, %23 ], [ %14, %11 ] %18 = add i32 %17, 1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %13, i32 %18, i32* nonnull %13, i32 %17) #6, !srcloc !4 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %26, !prof !5, !misexpect !6 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %16 %27 = phi i32 [ 0, %11 ], [ %17, %16 ], [ 0, %23 ] %28 = add i32 %27, 1 %29 = or i32 %28, %27 %30 = icmp sgt i32 %29, -1 br i1 %30, label %32, label %31, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %12, i32 0) #83 br label %32 %33 = icmp eq i32 %27, 0 br i1 %33, label %34, label %35 tail call void @__rcu_read_unlock() #83 tail call void bitcast (void (%struct.drm_i915_gem_object.474999*)* @i915_gem_object_flush_if_display to void (%struct.drm_i915_gem_object.436033*)*)(%struct.drm_i915_gem_object.436033* nonnull %9) #83 Function:i915_gem_object_flush_if_display %2 = getelementptr inbounds %struct.drm_i915_gem_object.474999, %struct.drm_i915_gem_object.474999* %0, i64 0, i32 16 %3 = load volatile %struct.intel_frontbuffer.474989*, %struct.intel_frontbuffer.474989** %2, align 8 %4 = icmp eq %struct.intel_frontbuffer.474989* %3, null br i1 %4, label %42, label %5 %6 = getelementptr inbounds %struct.drm_i915_gem_object.474999, %struct.drm_i915_gem_object.474999* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %7 = load %struct.dma_resv*, %struct.dma_resv** %6, align 8 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %7, i64 0, i32 0 %9 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %8, %struct.ww_acquire_ctx* null) #83 ------------- Good: 379 Bad: 3 Ignored: 400 Check Use of Function:netif_set_xps_queue Check Use of Function:drm_mode_object_lease_required Check Use of Function:rtl8169_do_counters Check Use of Function:dev_get_iflink Use: =BAD PATH= Call Stack: 0 iflink_show ------------- Path:  Function:iflink_show %4 = getelementptr %struct.device.754070, %struct.device.754070* %0, i64 -2, i32 11 %5 = bitcast %struct.dev_pm_info.754055* %4 to %struct.net_device.754351* %6 = tail call i32 bitcast (i32 (%struct.net_device.744736*)* @dev_get_iflink to i32 (%struct.net_device.754351*)*)(%struct.net_device.754351* %5) #83 ------------- Good: 117 Bad: 1 Ignored: 139 Check Use of Function:ns_to_timespec64 Use: =BAD PATH= Call Stack: 0 sock_gettstamp ------------- Path:  Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #83 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 %27 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %25, i64* %27, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 store i64 %26, i64* %28, align 8 switch i64 %25, label %34 [ i64 -1, label %44 i64 0, label %29 ] %30 = tail call i64 @ktime_get_with_offset(i32 0) #83 store volatile i64 %30, i64* %22, align 8 %31 = tail call { i64, i64 } @ns_to_timespec64(i64 %30) #83 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp ------------- Path:  Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #83 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 %27 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %25, i64* %27, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 store i64 %26, i64* %28, align 8 switch i64 %25, label %34 [ i64 -1, label %44 i64 0, label %29 ] %30 = tail call i64 @ktime_get_with_offset(i32 0) #83 store volatile i64 %30, i64* %22, align 8 %31 = tail call { i64, i64 } @ns_to_timespec64(i64 %30) #83 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp 1 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8*, align 8 %6 = alloca %struct.ifreq, align 8 %7 = alloca %struct.ifreq, align 8 %8 = alloca i8, align 1 %9 = alloca i8*, align 8 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.socket** %12 = load %struct.socket*, %struct.socket** %11, align 8 %13 = getelementptr inbounds %struct.socket, %struct.socket* %12, i64 0, i32 4 %14 = getelementptr inbounds %struct.socket, %struct.socket* %12, i64 0, i32 5 %15 = load %struct.proto_ops*, %struct.proto_ops** %14, align 32 %16 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %15, i64 0, i32 10 %17 = load i32 (%struct.socket*, i32, i64)*, i32 (%struct.socket*, i32, i64)** %16, align 8 %18 = icmp eq i32 (%struct.socket*, i32, i64)* %17, null br i1 %18, label %21, label %19 %22 = phi i32 [ %20, %19 ], [ -515, %3 ] %23 = icmp eq i32 %22, -515 %24 = and i32 %1, -256 %25 = icmp eq i32 %24, 35584 %26 = and i1 %25, %23 %27 = xor i1 %23, true %28 = or i1 %25, %27 %29 = select i1 %26, i32 -22, i32 %22 br i1 %28, label %164, label %30 %31 = and i64 %2, 4294967295 %32 = inttoptr i64 %31 to i8* %33 = load %struct.sock*, %struct.sock** %13, align 8 %34 = getelementptr inbounds %struct.sock, %struct.sock* %33, i64 0, i32 0, i32 9, i32 0 %35 = load %struct.net*, %struct.net** %34, align 8 %36 = and i32 %1, -16 %37 = icmp eq i32 %36, 35312 br i1 %37, label %38, label %41 switch i32 %1, label %164 [ i32 35137, label %42 i32 35136, label %42 i32 35146, label %55 i32 35078, label %100 i32 35079, label %100 i32 35142, label %108 i32 35219, label %108 i32 35220, label %108 i32 35248, label %108 i32 35249, label %108 i32 35073, label %126 i32 35074, label %126 i32 35075, label %126 i32 35076, label %126 i32 35232, label %126 i32 35233, label %126 i32 35202, label %126 i32 35203, label %126 i32 35148, label %126 i32 -2146399994, label %126 i32 -2146399993, label %126 i32 35090, label %126 i32 35091, label %129 i32 35092, label %129 i32 35184, label %129 i32 35185, label %129 i32 35101, label %129 i32 35102, label %129 i32 35105, label %129 i32 35106, label %129 i32 35103, label %129 i32 35104, label %129 i32 35111, label %129 i32 35108, label %129 i32 35121, label %129 i32 35122, label %129 i32 35123, label %129 i32 35093, label %129 i32 35094, label %129 i32 35127, label %129 i32 35126, label %129 i32 35097, label %129 i32 35098, label %129 i32 35095, label %129 i32 35096, label %129 i32 35099, label %129 i32 35100, label %129 i32 35124, label %129 i32 35125, label %129 i32 35138, label %129 i32 35139, label %129 i32 35234, label %129 i32 35235, label %129 i32 35088, label %129 i32 35107, label %129 i32 35143, label %129 i32 35144, label %129 i32 35145, label %129 i32 35216, label %129 i32 35217, label %129 i32 35218, label %129 i32 35221, label %129 i32 35157, label %129 i32 35156, label %129 i32 35155, label %129 i32 21521, label %129 i32 35147, label %129 i32 35077, label %129 ] %101 = load %struct.proto_ops*, %struct.proto_ops** %14, align 32 %102 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %101, i64 0, i32 11 %103 = load i32 (%struct.socket*, i8*, i1, i1)*, i32 (%struct.socket*, i8*, i1, i1)** %102, align 8 %104 = icmp eq i32 (%struct.socket*, i8*, i1, i1)* %103, null br i1 %104, label %164, label %105 %106 = icmp eq i32 %1, 35078 %107 = tail call i32 %103(%struct.socket* %12, i8* %32, i1 zeroext %106, i1 zeroext true) #83 Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #83 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 %27 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %25, i64* %27, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 store i64 %26, i64* %28, align 8 switch i64 %25, label %34 [ i64 -1, label %44 i64 0, label %29 ] %30 = tail call i64 @ktime_get_with_offset(i32 0) #83 store volatile i64 %30, i64* %22, align 8 %31 = tail call { i64, i64 } @ns_to_timespec64(i64 %30) #83 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp 1 sock_ioctl ------------- Path:  Function:sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8, align 1 %6 = alloca i8*, align 8 %7 = alloca %struct.ifreq, align 8 %8 = alloca i8*, align 8 %9 = alloca i8, align 1 %10 = inttoptr i64 %2 to i8* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.socket** %13 = load %struct.socket*, %struct.socket** %12, align 8 %14 = getelementptr inbounds %struct.socket, %struct.socket* %13, i64 0, i32 4 %15 = load %struct.sock*, %struct.sock** %14, align 8 %16 = getelementptr inbounds %struct.sock, %struct.sock* %15, i64 0, i32 0, i32 9, i32 0 %17 = load %struct.net*, %struct.net** %16, align 8 %18 = and i32 %1, -16 %19 = icmp eq i32 %18, 35312 br i1 %19, label %20, label %44, !prof !4, !misexpect !5 switch i32 %1, label %122 [ i32 35073, label %45 i32 35074, label %45 i32 35075, label %60 i32 35076, label %60 i32 35136, label %70 i32 35137, label %70 i32 35232, label %70 i32 35233, label %70 i32 35202, label %82 i32 35203, label %82 i32 35148, label %94 i32 35078, label %101 i32 35079, label %101 i32 -2146399994, label %110 i32 -2146399993, label %110 i32 35090, label %119 ] %111 = getelementptr inbounds %struct.socket, %struct.socket* %13, i64 0, i32 5 %112 = load %struct.proto_ops*, %struct.proto_ops** %111, align 32 %113 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %112, i64 0, i32 11 %114 = load i32 (%struct.socket*, i8*, i1, i1)*, i32 (%struct.socket*, i8*, i1, i1)** %113, align 8 %115 = icmp eq i32 (%struct.socket*, i8*, i1, i1)* %114, null br i1 %115, label %157, label %116 %117 = icmp eq i32 %1, -2146399994 %118 = tail call i32 %114(%struct.socket* %13, i8* %10, i1 zeroext %117, i1 zeroext false) #84 Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #83 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 %27 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %25, i64* %27, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 store i64 %26, i64* %28, align 8 switch i64 %25, label %34 [ i64 -1, label %44 i64 0, label %29 ] %30 = tail call i64 @ktime_get_with_offset(i32 0) #83 store volatile i64 %30, i64* %22, align 8 %31 = tail call { i64, i64 } @ns_to_timespec64(i64 %30) #83 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp ------------- Path:  Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #83 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp ------------- Path:  Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #83 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp 1 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8*, align 8 %6 = alloca %struct.ifreq, align 8 %7 = alloca %struct.ifreq, align 8 %8 = alloca i8, align 1 %9 = alloca i8*, align 8 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.socket** %12 = load %struct.socket*, %struct.socket** %11, align 8 %13 = getelementptr inbounds %struct.socket, %struct.socket* %12, i64 0, i32 4 %14 = getelementptr inbounds %struct.socket, %struct.socket* %12, i64 0, i32 5 %15 = load %struct.proto_ops*, %struct.proto_ops** %14, align 32 %16 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %15, i64 0, i32 10 %17 = load i32 (%struct.socket*, i32, i64)*, i32 (%struct.socket*, i32, i64)** %16, align 8 %18 = icmp eq i32 (%struct.socket*, i32, i64)* %17, null br i1 %18, label %21, label %19 %22 = phi i32 [ %20, %19 ], [ -515, %3 ] %23 = icmp eq i32 %22, -515 %24 = and i32 %1, -256 %25 = icmp eq i32 %24, 35584 %26 = and i1 %25, %23 %27 = xor i1 %23, true %28 = or i1 %25, %27 %29 = select i1 %26, i32 -22, i32 %22 br i1 %28, label %164, label %30 %31 = and i64 %2, 4294967295 %32 = inttoptr i64 %31 to i8* %33 = load %struct.sock*, %struct.sock** %13, align 8 %34 = getelementptr inbounds %struct.sock, %struct.sock* %33, i64 0, i32 0, i32 9, i32 0 %35 = load %struct.net*, %struct.net** %34, align 8 %36 = and i32 %1, -16 %37 = icmp eq i32 %36, 35312 br i1 %37, label %38, label %41 switch i32 %1, label %164 [ i32 35137, label %42 i32 35136, label %42 i32 35146, label %55 i32 35078, label %100 i32 35079, label %100 i32 35142, label %108 i32 35219, label %108 i32 35220, label %108 i32 35248, label %108 i32 35249, label %108 i32 35073, label %126 i32 35074, label %126 i32 35075, label %126 i32 35076, label %126 i32 35232, label %126 i32 35233, label %126 i32 35202, label %126 i32 35203, label %126 i32 35148, label %126 i32 -2146399994, label %126 i32 -2146399993, label %126 i32 35090, label %126 i32 35091, label %129 i32 35092, label %129 i32 35184, label %129 i32 35185, label %129 i32 35101, label %129 i32 35102, label %129 i32 35105, label %129 i32 35106, label %129 i32 35103, label %129 i32 35104, label %129 i32 35111, label %129 i32 35108, label %129 i32 35121, label %129 i32 35122, label %129 i32 35123, label %129 i32 35093, label %129 i32 35094, label %129 i32 35127, label %129 i32 35126, label %129 i32 35097, label %129 i32 35098, label %129 i32 35095, label %129 i32 35096, label %129 i32 35099, label %129 i32 35100, label %129 i32 35124, label %129 i32 35125, label %129 i32 35138, label %129 i32 35139, label %129 i32 35234, label %129 i32 35235, label %129 i32 35088, label %129 i32 35107, label %129 i32 35143, label %129 i32 35144, label %129 i32 35145, label %129 i32 35216, label %129 i32 35217, label %129 i32 35218, label %129 i32 35221, label %129 i32 35157, label %129 i32 35156, label %129 i32 35155, label %129 i32 21521, label %129 i32 35147, label %129 i32 35077, label %129 ] %101 = load %struct.proto_ops*, %struct.proto_ops** %14, align 32 %102 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %101, i64 0, i32 11 %103 = load i32 (%struct.socket*, i8*, i1, i1)*, i32 (%struct.socket*, i8*, i1, i1)** %102, align 8 %104 = icmp eq i32 (%struct.socket*, i8*, i1, i1)* %103, null br i1 %104, label %164, label %105 %106 = icmp eq i32 %1, 35078 %107 = tail call i32 %103(%struct.socket* %12, i8* %32, i1 zeroext %106, i1 zeroext true) #83 Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #83 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp 1 sock_ioctl ------------- Path:  Function:sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8, align 1 %6 = alloca i8*, align 8 %7 = alloca %struct.ifreq, align 8 %8 = alloca i8*, align 8 %9 = alloca i8, align 1 %10 = inttoptr i64 %2 to i8* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.socket** %13 = load %struct.socket*, %struct.socket** %12, align 8 %14 = getelementptr inbounds %struct.socket, %struct.socket* %13, i64 0, i32 4 %15 = load %struct.sock*, %struct.sock** %14, align 8 %16 = getelementptr inbounds %struct.sock, %struct.sock* %15, i64 0, i32 0, i32 9, i32 0 %17 = load %struct.net*, %struct.net** %16, align 8 %18 = and i32 %1, -16 %19 = icmp eq i32 %18, 35312 br i1 %19, label %20, label %44, !prof !4, !misexpect !5 switch i32 %1, label %122 [ i32 35073, label %45 i32 35074, label %45 i32 35075, label %60 i32 35076, label %60 i32 35136, label %70 i32 35137, label %70 i32 35232, label %70 i32 35233, label %70 i32 35202, label %82 i32 35203, label %82 i32 35148, label %94 i32 35078, label %101 i32 35079, label %101 i32 -2146399994, label %110 i32 -2146399993, label %110 i32 35090, label %119 ] %111 = getelementptr inbounds %struct.socket, %struct.socket* %13, i64 0, i32 5 %112 = load %struct.proto_ops*, %struct.proto_ops** %111, align 32 %113 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %112, i64 0, i32 11 %114 = load i32 (%struct.socket*, i8*, i1, i1)*, i32 (%struct.socket*, i8*, i1, i1)** %113, align 8 %115 = icmp eq i32 (%struct.socket*, i8*, i1, i1)* %114, null br i1 %115, label %157, label %116 %117 = icmp eq i32 %1, -2146399994 %118 = tail call i32 %114(%struct.socket* %13, i8* %10, i1 zeroext %117, i1 zeroext false) #84 Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 63 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #83 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %14 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, 1 br i1 %16, label %17, label %342 %18 = load i64, i64* %4, align 8 %19 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.721187* %0, i64 %18) #83 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %110, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #83 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.721187*)*)(%struct.snd_pcm_substream.721187* %0) #83 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #83 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #83 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 57 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.307872* %30, %struct.pci_devres* %36) #83 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 44 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %77, label %17 %78 = and i32 %14, 134217728 %79 = icmp eq i32 %78, 0 br i1 %79, label %116, label %80 %81 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %3, i64 0, i32 0 %82 = load i8, i8* %81, align 4 %83 = and i8 %82, 15 %84 = icmp eq i8 %83, 5 br i1 %84, label %85, label %116 %86 = bitcast %struct.snd_pcm_substream* %0 to i8* %87 = call i32 @get_device_system_crosststamp(i32 (i64*, %struct.system_counterval_t*, i8*)* nonnull @azx_get_sync_time, i8* %86, %struct.system_time_snapshot* null, %struct.perf_branch_entry* nonnull %6) #83 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %121 %90 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %91 = load i32, i32* %90, align 4 switch i32 %91, label %94 [ i32 1, label %121 i32 2, label %92 ] %95 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 1 br label %96 %97 = phi i64* [ %95, %94 ], [ %93, %92 ] %98 = load i64, i64* %97, align 8 %99 = call { i64, i64 } @ns_to_timespec64(i64 %98) #83 %100 = extractvalue { i64, i64 } %99, 0 %101 = extractvalue { i64, i64 } %99, 1 %102 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %100, i64* %102, align 8 %103 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 %101, i64* %103, align 8 %104 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 0 %105 = load i64, i64* %104, align 8 %106 = call { i64, i64 } @ns_to_timespec64(i64 %105) #83 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %14 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, 1 br i1 %16, label %17, label %342 %18 = load i64, i64* %4, align 8 %19 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.721187* %0, i64 %18) #83 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %110, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #83 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.721187*)*)(%struct.snd_pcm_substream.721187* %0) #83 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #83 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #83 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 57 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.307872* %30, %struct.pci_devres* %36) #83 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 44 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %77, label %17 %78 = and i32 %14, 134217728 %79 = icmp eq i32 %78, 0 br i1 %79, label %116, label %80 %81 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %3, i64 0, i32 0 %82 = load i8, i8* %81, align 4 %83 = and i8 %82, 15 %84 = icmp eq i8 %83, 5 br i1 %84, label %85, label %116 %86 = bitcast %struct.snd_pcm_substream* %0 to i8* %87 = call i32 @get_device_system_crosststamp(i32 (i64*, %struct.system_counterval_t*, i8*)* nonnull @azx_get_sync_time, i8* %86, %struct.system_time_snapshot* null, %struct.perf_branch_entry* nonnull %6) #83 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %121 %90 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %91 = load i32, i32* %90, align 4 switch i32 %91, label %94 [ i32 1, label %121 i32 2, label %92 ] %95 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 1 br label %96 %97 = phi i64* [ %95, %94 ], [ %93, %92 ] %98 = load i64, i64* %97, align 8 %99 = call { i64, i64 } @ns_to_timespec64(i64 %98) #83 %100 = extractvalue { i64, i64 } %99, 0 %101 = extractvalue { i64, i64 } %99, 1 %102 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %100, i64* %102, align 8 %103 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 %101, i64* %103, align 8 %104 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 0 %105 = load i64, i64* %104, align 8 %106 = call { i64, i64 } @ns_to_timespec64(i64 %105) #83 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %14 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, 1 br i1 %16, label %17, label %342 %18 = load i64, i64* %4, align 8 %19 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.721187* %0, i64 %18) #83 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %110, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #83 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.721187*)*)(%struct.snd_pcm_substream.721187* %0) #83 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #83 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #83 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 57 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.307872* %30, %struct.pci_devres* %36) #83 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 44 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %77, label %17 %78 = and i32 %14, 134217728 %79 = icmp eq i32 %78, 0 br i1 %79, label %116, label %80 %81 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %3, i64 0, i32 0 %82 = load i8, i8* %81, align 4 %83 = and i8 %82, 15 %84 = icmp eq i8 %83, 5 br i1 %84, label %85, label %116 %86 = bitcast %struct.snd_pcm_substream* %0 to i8* %87 = call i32 @get_device_system_crosststamp(i32 (i64*, %struct.system_counterval_t*, i8*)* nonnull @azx_get_sync_time, i8* %86, %struct.system_time_snapshot* null, %struct.perf_branch_entry* nonnull %6) #83 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %121 %90 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %91 = load i32, i32* %90, align 4 switch i32 %91, label %94 [ i32 1, label %121 i32 2, label %92 ] %95 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 1 br label %96 %97 = phi i64* [ %95, %94 ], [ %93, %92 ] %98 = load i64, i64* %97, align 8 %99 = call { i64, i64 } @ns_to_timespec64(i64 %98) #83 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %14 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, 1 br i1 %16, label %17, label %342 %18 = load i64, i64* %4, align 8 %19 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.721187* %0, i64 %18) #83 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %110, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #83 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.721187*)*)(%struct.snd_pcm_substream.721187* %0) #83 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #83 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #83 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 57 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.307872* %30, %struct.pci_devres* %36) #83 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 44 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %77, label %17 %78 = and i32 %14, 134217728 %79 = icmp eq i32 %78, 0 br i1 %79, label %116, label %80 %81 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %3, i64 0, i32 0 %82 = load i8, i8* %81, align 4 %83 = and i8 %82, 15 %84 = icmp eq i8 %83, 5 br i1 %84, label %85, label %116 %86 = bitcast %struct.snd_pcm_substream* %0 to i8* %87 = call i32 @get_device_system_crosststamp(i32 (i64*, %struct.system_counterval_t*, i8*)* nonnull @azx_get_sync_time, i8* %86, %struct.system_time_snapshot* null, %struct.perf_branch_entry* nonnull %6) #83 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %121 %90 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %91 = load i32, i32* %90, align 4 switch i32 %91, label %94 [ i32 1, label %121 i32 2, label %92 ] %95 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 1 br label %96 %97 = phi i64* [ %95, %94 ], [ %93, %92 ] %98 = load i64, i64* %97, align 8 %99 = call { i64, i64 } @ns_to_timespec64(i64 %98) #83 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %14 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, 1 br i1 %16, label %17, label %342 %18 = load i64, i64* %4, align 8 %19 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.721187* %0, i64 %18) #83 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %110, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #83 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.721187*)*)(%struct.snd_pcm_substream.721187* %0) #83 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #83 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #83 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 57 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.307872* %30, %struct.pci_devres* %36) #83 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 44 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %77, label %17 %18 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %3, i64 0, i32 0 %19 = load i8, i8* %18, align 4 %20 = and i8 %19, 15 %21 = icmp eq i8 %20, 2 br i1 %21, label %22, label %77 %23 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %24 = load i32, i32* %23, align 4 switch i32 %24, label %27 [ i32 1, label %25 i32 2, label %26 ] tail call void @ktime_get_ts64(%struct.cpu_itimer* %1) #83 br label %28 %29 = getelementptr inbounds %struct.azx_dev, %struct.azx_dev* %11, i64 0, i32 0, i32 20 %30 = tail call i64 @timecounter_read(%struct.timecounter* %29) #83 %31 = udiv i64 %30, 3 %32 = load i8, i8* %18, align 4 %33 = and i8 %32, 16 %34 = icmp eq i8 %33, 0 br i1 %34, label %65, label %35 %36 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 2 %37 = bitcast i8** %36 to %struct.azx_pcm** %38 = load %struct.azx_pcm*, %struct.azx_pcm** %37, align 8 %39 = getelementptr inbounds %struct.azx_pcm, %struct.azx_pcm* %38, i64 0, i32 3 %40 = load %struct.hda_pcm*, %struct.hda_pcm** %39, align 8 %41 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 5 %42 = load i32, i32* %41, align 4 %43 = sext i32 %42 to i64 %44 = getelementptr %struct.hda_pcm, %struct.hda_pcm* %40, i64 0, i32 1, i64 %43, i32 8, i32 4 %45 = load i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)*, i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)** %44, align 8 %46 = icmp eq i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)* %45, null br i1 %46, label %65, label %47 %48 = getelementptr %struct.hda_pcm, %struct.hda_pcm* %40, i64 0, i32 1, i64 %43 %49 = getelementptr inbounds %struct.azx_pcm, %struct.azx_pcm* %38, i64 0, i32 2 %50 = load %struct.hda_codec*, %struct.hda_codec** %49, align 8 %51 = tail call i32 %45(%struct.hda_pcm_stream* %48, %struct.hda_codec* %50, %struct.snd_pcm_substream* %0) #83 %52 = zext i32 %51 to i64 %53 = mul nuw nsw i64 %52, 1000000000 %54 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %55 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %54, i64 0, i32 14 %56 = load i32, i32* %55, align 4 %57 = zext i32 %56 to i64 %58 = udiv i64 %53, %57 %59 = load i32, i32* %41, align 4 %60 = icmp eq i32 %59, 1 br i1 %60, label %61, label %63 br label %65 %66 = phi i64 [ %31, %28 ], [ %62, %61 ], [ %64, %63 ], [ %31, %35 ] %67 = tail call { i64, i64 } @ns_to_timespec64(i64 %66) #83 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %14 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, 1 br i1 %16, label %17, label %342 %18 = load i64, i64* %4, align 8 %19 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.721187* %0, i64 %18) #83 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %110, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #83 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.721187*)*)(%struct.snd_pcm_substream.721187* %0) #83 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #83 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #83 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 57 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.307872* %30, %struct.pci_devres* %36) #83 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 44 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %77, label %17 %18 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %3, i64 0, i32 0 %19 = load i8, i8* %18, align 4 %20 = and i8 %19, 15 %21 = icmp eq i8 %20, 2 br i1 %21, label %22, label %77 %23 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %24 = load i32, i32* %23, align 4 switch i32 %24, label %27 [ i32 1, label %25 i32 2, label %26 ] tail call void @ktime_get_ts64(%struct.cpu_itimer* %1) #83 br label %28 %29 = getelementptr inbounds %struct.azx_dev, %struct.azx_dev* %11, i64 0, i32 0, i32 20 %30 = tail call i64 @timecounter_read(%struct.timecounter* %29) #83 %31 = udiv i64 %30, 3 %32 = load i8, i8* %18, align 4 %33 = and i8 %32, 16 %34 = icmp eq i8 %33, 0 br i1 %34, label %65, label %35 %36 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 2 %37 = bitcast i8** %36 to %struct.azx_pcm** %38 = load %struct.azx_pcm*, %struct.azx_pcm** %37, align 8 %39 = getelementptr inbounds %struct.azx_pcm, %struct.azx_pcm* %38, i64 0, i32 3 %40 = load %struct.hda_pcm*, %struct.hda_pcm** %39, align 8 %41 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 5 %42 = load i32, i32* %41, align 4 %43 = sext i32 %42 to i64 %44 = getelementptr %struct.hda_pcm, %struct.hda_pcm* %40, i64 0, i32 1, i64 %43, i32 8, i32 4 %45 = load i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)*, i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)** %44, align 8 %46 = icmp eq i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)* %45, null br i1 %46, label %65, label %47 %48 = getelementptr %struct.hda_pcm, %struct.hda_pcm* %40, i64 0, i32 1, i64 %43 %49 = getelementptr inbounds %struct.azx_pcm, %struct.azx_pcm* %38, i64 0, i32 2 %50 = load %struct.hda_codec*, %struct.hda_codec** %49, align 8 %51 = tail call i32 %45(%struct.hda_pcm_stream* %48, %struct.hda_codec* %50, %struct.snd_pcm_substream* %0) #83 %52 = zext i32 %51 to i64 %53 = mul nuw nsw i64 %52, 1000000000 %54 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %55 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %54, i64 0, i32 14 %56 = load i32, i32* %55, align 4 %57 = zext i32 %56 to i64 %58 = udiv i64 %53, %57 %59 = load i32, i32* %41, align 4 %60 = icmp eq i32 %59, 1 br i1 %60, label %61, label %63 br label %65 %66 = phi i64 [ %31, %28 ], [ %62, %61 ], [ %64, %63 ], [ %31, %35 ] %67 = tail call { i64, i64 } @ns_to_timespec64(i64 %66) #83 ------------- Use: =BAD PATH= Call Stack: 0 update_audio_tstamp 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %14 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, 1 br i1 %16, label %17, label %342 %18 = load i64, i64* %4, align 8 %19 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.721187* %0, i64 %18) #83 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %110, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #83 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.721187*)*)(%struct.snd_pcm_substream.721187* %0) #83 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #83 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #83 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %49 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %50 = load i32, i32* %49, align 4 switch i32 %50, label %53 [ i32 1, label %51 i32 2, label %52 ] call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %4) #83 br label %54 %55 = icmp eq i64 %19, -1 br i1 %55, label %56, label %80 %81 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 18 %82 = load i64, i64* %81, align 8 %83 = icmp ult i64 %19, %82 br i1 %83, label %98, label %84 %85 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %98, label %87 %88 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 store i8 0, i8* %88, align 16 %89 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 0 %90 = load %struct.snd_pcm*, %struct.snd_pcm** %89, align 8 %91 = getelementptr inbounds %struct.snd_pcm, %struct.snd_pcm* %90, i64 0, i32 0 %92 = load %struct.snd_card*, %struct.snd_card** %91, align 8 %93 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %92, i64 0, i32 27 %94 = load %struct.device*, %struct.device** %93, align 8 %95 = load i64, i64* %81, align 8 %96 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 16 %97 = load i64, i64* %96, align 8 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %94, i8* getelementptr inbounds ([71 x i8], [71 x i8]* @.str.3.63413, i64 0, i64 0), i8* nonnull %88, i64 %19, i64 %95, i64 %97) #84 br label %98 %99 = phi i64 [ %19, %80 ], [ 0, %84 ], [ 0, %87 ] %100 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 19 %101 = load i64, i64* %100, align 8 %102 = urem i64 %99, %101 %103 = sub i64 %99, %102 %104 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 5 %105 = load i64, i64* %104, align 8 %106 = add i64 %105, %103 %107 = icmp eq i32 %1, 0 br i1 %107, label %133, label %108 %134 = icmp ult i64 %106, %14 br i1 %134, label %135, label %144 %145 = phi i64 [ %130, %124 ], [ %141, %135 ], [ %105, %133 ] %146 = phi i1 [ %131, %124 ], [ %142, %135 ], [ false, %133 ] %147 = phi i64 [ %132, %124 ], [ %143, %135 ], [ %106, %133 ] %148 = zext i1 %146 to i32 %149 = sub i64 %147, %14 %150 = icmp slt i64 %149, 0 br i1 %150, label %151, label %155 %152 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 33 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %149 br label %155 %156 = phi i64 [ %154, %151 ], [ %149, %144 ] %157 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 26 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %194, label %161 %162 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 7 %163 = load i64, i64* %162, align 8 %164 = sub i64 %20, %163 %165 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 8 %166 = load i64, i64* %165, align 8 %167 = lshr i64 %166, 1 %168 = icmp ult i64 %164, %167 br i1 %168, label %202, label %169 %170 = mul i64 %156, 1000 %171 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 14 %172 = load i32, i32* %171, align 4 %173 = zext i32 %172 to i64 %174 = sdiv i64 %170, %173 %175 = sub i64 %164, %174 %176 = add nuw i64 %167, 1 %177 = icmp sgt i64 %175, %176 br i1 %177, label %178, label %202 %203 = phi i64 [ %145, %161 ], [ %145, %194 ], [ %188, %200 ], [ %145, %169 ] %204 = phi i32 [ %148, %161 ], [ %148, %194 ], [ %191, %200 ], [ %148, %169 ] %205 = phi i64 [ %147, %161 ], [ %147, %194 ], [ %201, %200 ], [ %147, %169 ] %206 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %207 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %206, i64 0, i32 3 %208 = load i64, i64* %207, align 8 %209 = icmp eq i64 %208, %205 br i1 %209, label %210, label %212 %213 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 5 %214 = load i32, i32* %213, align 4 %215 = icmp eq i32 %214, 0 br i1 %215, label %216, label %221 %217 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 32 %218 = load i64, i64* %217, align 8 %219 = icmp eq i64 %218, 0 br i1 %219, label %221, label %220 br i1 %107, label %239, label %222 %223 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 6 %224 = load i64, i64* %223, align 8 %225 = sub i64 %205, %224 %226 = icmp slt i64 %225, 0 %227 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 33 %228 = load i64, i64* %227, align 8 %229 = select i1 %226, i64 %228, i64 0 %230 = add i64 %225, %229 %231 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 16 %232 = load i64, i64* %231, align 8 %233 = urem i64 %230, %232 %234 = sub i64 %230, %233 %235 = add i64 %234, %224 store i64 %235, i64* %223, align 8 %236 = icmp ult i64 %235, %228 br i1 %236, label %239, label %237 store i64 %203, i64* %104, align 8 %240 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %241 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %240, i64 0, i32 3 store i64 %205, i64* %241, align 8 %242 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 7 store i64 %20, i64* %242, align 8 %243 = icmp eq i32 %204, 0 br i1 %243, label %250, label %244 call fastcc void @update_audio_tstamp(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5) #85 Function:update_audio_tstamp %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %5, align 8 %7 = bitcast %struct.cpu_itimer* %4 to i8* %8 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 27 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %11, label %95 %12 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %13 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %12, align 8 %14 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %13, i64 0, i32 9 %15 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)** %14, align 8 %16 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)* %15, null br i1 %16, label %25, label %17 %26 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 10 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 37 %29 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %28, align 8 %30 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %29, i64 0, i32 3 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, %27 %33 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 56, i32 0 %34 = load i8, i8* %33, align 4 %35 = and i8 %34, 16 %36 = icmp eq i8 %35, 0 br i1 %36, label %47, label %37 %48 = phi i64 [ %44, %43 ], [ %46, %45 ], [ %32, %25 ] %49 = mul i64 %48, 1000000000 %50 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 14 %51 = load i32, i32* %50, align 4 %52 = zext i32 %51 to i64 %53 = udiv i64 %49, %52 %54 = tail call { i64, i64 } @ns_to_timespec64(i64 %53) #83 ------------- Use: =BAD PATH= Call Stack: 0 update_audio_tstamp 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %596, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.721187*, %struct.snd_pcm_substream.721187** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.721187* %18, null br i1 %19, label %596, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %596 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %154 i32 -1034141423, label %158 i32 -1066909421, label %162 i32 -2140389088, label %333 i32 -1066647260, label %404 i32 -2146418382, label %408 i32 1074544976, label %502 i32 -2146680495, label %506 i32 1074544978, label %510 i32 -2146680493, label %514 i32 -2147204831, label %518 i32 1074020678, label %536 i32 1074020681, label %562 i32 -2139078368, label %588 i32 -1065336540, label %592 ] %409 = inttoptr i64 %10 to %struct.ist_info* %410 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %412 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 0 %413 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %412, i64 4, i64 %411) #6, !srcloc !20 %414 = extractvalue { i32*, i32, i64 } %413, 0 %415 = extractvalue { i32*, i32, i64 } %413, 1 %416 = extractvalue { i32*, i32, i64 } %413, 2 %417 = ptrtoint i32* %414 to i64 %418 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %415, i32* %418, align 8 %419 = and i64 %417, 4294967295 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %499, !prof !5, !misexpect !6 %423 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 1 %424 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %423, i64 4, i64 %422) #6, !srcloc !21 %425 = extractvalue { i32*, i32, i64 } %424, 0 %426 = extractvalue { i32*, i32, i64 } %424, 1 %427 = extractvalue { i32*, i32, i64 } %424, 2 %428 = ptrtoint i32* %425 to i64 %429 = zext i32 %426 to i64 %430 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %429, i64* %430, align 8 %431 = and i64 %428, 4294967295 %432 = icmp eq i64 %431, 0 br i1 %432, label %433, label %499, !prof !5, !misexpect !6 %435 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 2 %436 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %435, i64 4, i64 %434) #6, !srcloc !22 %437 = extractvalue { i32*, i32, i64 } %436, 0 %438 = extractvalue { i32*, i32, i64 } %436, 1 %439 = extractvalue { i32*, i32, i64 } %436, 2 %440 = ptrtoint i32* %437 to i64 %441 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %438, i32* %441, align 8 %442 = and i64 %440, 4294967295 %443 = icmp eq i64 %442, 0 br i1 %443, label %444, label %499, !prof !5, !misexpect !6 %446 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %409, i64 0, i32 3 %447 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %446, i64 4, i64 %445) #6, !srcloc !23 %448 = extractvalue { i32*, i32, i64 } %447, 0 %449 = extractvalue { i32*, i32, i64 } %447, 1 %450 = extractvalue { i32*, i32, i64 } %447, 2 %451 = ptrtoint i32* %448 to i64 %452 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %449, i32* %452, align 4 %453 = and i64 %451, 4294967295 %454 = icmp eq i64 %453, 0 br i1 %454, label %455, label %499, !prof !5, !misexpect !6 %456 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.721187* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #84 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #83 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #83 br label %30 br i1 %21, label %46, label %31 %32 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 15 %33 = load i32, i32* %32, align 8 %34 = icmp ult i32 %4, %33 br i1 %34, label %35, label %46 %36 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %37 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 10 %38 = load %struct.snd_pcm_ops.721177*, %struct.snd_pcm_ops.721177** %37, align 8 %39 = getelementptr inbounds %struct.snd_pcm_ops.721177, %struct.snd_pcm_ops.721177* %38, i64 0, i32 2 %40 = load i32 (%struct.snd_pcm_substream.721187*, i32, i8*)*, i32 (%struct.snd_pcm_substream.721187*, i32, i8*)** %39, align 8 %41 = icmp eq i32 (%struct.snd_pcm_substream.721187*, i32, i8*)* %40, null br i1 %41, label %44, label %42 %43 = tail call i32 %40(%struct.snd_pcm_substream.721187* %0, i32 2, i8* %36) #83 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %6, i64 0, i32 37 %8 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 8 br i1 %11, label %342, label %12 switch i32 %1, label %342 [ i32 1074282825, label %13 i32 -1033879279, label %23 i32 -1064812269, label %26 i32 16704, label %29 i32 16706, label %170 i32 16708, label %306 i32 16707, label %308 i32 -2146942687, label %340 ] %14 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, 1 br i1 %16, label %17, label %342 %18 = load i64, i64* %4, align 8 %19 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.721187* %0, i64 %18) #83 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %110, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.721172*, %struct.snd_pcm.721172** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.721172, %struct.snd_pcm.721172* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #83 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.721187, %struct.snd_pcm_substream.721187* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.721183*, %struct.snd_pcm_runtime.721183** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.721183, %struct.snd_pcm_runtime.721183* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.721187*)*)(%struct.snd_pcm_substream.721187* %0) #83 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #83 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #83 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 56 %31 = getelementptr %struct.anon.0.307872, %struct.anon.0.307872* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %49 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 49 %50 = load i32, i32* %49, align 4 switch i32 %50, label %53 [ i32 1, label %51 i32 2, label %52 ] call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %4) #83 br label %54 %55 = icmp eq i64 %19, -1 br i1 %55, label %56, label %80 %81 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 18 %82 = load i64, i64* %81, align 8 %83 = icmp ult i64 %19, %82 br i1 %83, label %98, label %84 %85 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #83 %86 = icmp eq i32 %85, 0 br i1 %86, label %98, label %87 %88 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 store i8 0, i8* %88, align 16 %89 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 0 %90 = load %struct.snd_pcm*, %struct.snd_pcm** %89, align 8 %91 = getelementptr inbounds %struct.snd_pcm, %struct.snd_pcm* %90, i64 0, i32 0 %92 = load %struct.snd_card*, %struct.snd_card** %91, align 8 %93 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %92, i64 0, i32 27 %94 = load %struct.device*, %struct.device** %93, align 8 %95 = load i64, i64* %81, align 8 %96 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 16 %97 = load i64, i64* %96, align 8 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %94, i8* getelementptr inbounds ([71 x i8], [71 x i8]* @.str.3.63413, i64 0, i64 0), i8* nonnull %88, i64 %19, i64 %95, i64 %97) #84 br label %98 %99 = phi i64 [ %19, %80 ], [ 0, %84 ], [ 0, %87 ] %100 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 19 %101 = load i64, i64* %100, align 8 %102 = urem i64 %99, %101 %103 = sub i64 %99, %102 %104 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 5 %105 = load i64, i64* %104, align 8 %106 = add i64 %105, %103 %107 = icmp eq i32 %1, 0 br i1 %107, label %133, label %108 %134 = icmp ult i64 %106, %14 br i1 %134, label %135, label %144 %145 = phi i64 [ %130, %124 ], [ %141, %135 ], [ %105, %133 ] %146 = phi i1 [ %131, %124 ], [ %142, %135 ], [ false, %133 ] %147 = phi i64 [ %132, %124 ], [ %143, %135 ], [ %106, %133 ] %148 = zext i1 %146 to i32 %149 = sub i64 %147, %14 %150 = icmp slt i64 %149, 0 br i1 %150, label %151, label %155 %152 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 33 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %149 br label %155 %156 = phi i64 [ %154, %151 ], [ %149, %144 ] %157 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 26 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %194, label %161 %162 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 7 %163 = load i64, i64* %162, align 8 %164 = sub i64 %20, %163 %165 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 8 %166 = load i64, i64* %165, align 8 %167 = lshr i64 %166, 1 %168 = icmp ult i64 %164, %167 br i1 %168, label %202, label %169 %170 = mul i64 %156, 1000 %171 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 14 %172 = load i32, i32* %171, align 4 %173 = zext i32 %172 to i64 %174 = sdiv i64 %170, %173 %175 = sub i64 %164, %174 %176 = add nuw i64 %167, 1 %177 = icmp sgt i64 %175, %176 br i1 %177, label %178, label %202 %203 = phi i64 [ %145, %161 ], [ %145, %194 ], [ %188, %200 ], [ %145, %169 ] %204 = phi i32 [ %148, %161 ], [ %148, %194 ], [ %191, %200 ], [ %148, %169 ] %205 = phi i64 [ %147, %161 ], [ %147, %194 ], [ %201, %200 ], [ %147, %169 ] %206 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %207 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %206, i64 0, i32 3 %208 = load i64, i64* %207, align 8 %209 = icmp eq i64 %208, %205 br i1 %209, label %210, label %212 %213 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 5 %214 = load i32, i32* %213, align 4 %215 = icmp eq i32 %214, 0 br i1 %215, label %216, label %221 %217 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 32 %218 = load i64, i64* %217, align 8 %219 = icmp eq i64 %218, 0 br i1 %219, label %221, label %220 br i1 %107, label %239, label %222 %223 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 6 %224 = load i64, i64* %223, align 8 %225 = sub i64 %205, %224 %226 = icmp slt i64 %225, 0 %227 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 33 %228 = load i64, i64* %227, align 8 %229 = select i1 %226, i64 %228, i64 0 %230 = add i64 %225, %229 %231 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 16 %232 = load i64, i64* %231, align 8 %233 = urem i64 %230, %232 %234 = sub i64 %230, %233 %235 = add i64 %234, %224 store i64 %235, i64* %223, align 8 %236 = icmp ult i64 %235, %228 br i1 %236, label %239, label %237 store i64 %203, i64* %104, align 8 %240 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %241 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %240, i64 0, i32 3 store i64 %205, i64* %241, align 8 %242 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 7 store i64 %20, i64* %242, align 8 %243 = icmp eq i32 %204, 0 br i1 %243, label %250, label %244 call fastcc void @update_audio_tstamp(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5) #85 Function:update_audio_tstamp %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %5, align 8 %7 = bitcast %struct.cpu_itimer* %4 to i8* %8 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 27 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %11, label %95 %12 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %13 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %12, align 8 %14 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %13, i64 0, i32 9 %15 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)** %14, align 8 %16 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.307872*, %struct.pci_devres*)* %15, null br i1 %16, label %25, label %17 %26 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 10 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 37 %29 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %28, align 8 %30 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %29, i64 0, i32 3 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, %27 %33 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 56, i32 0 %34 = load i8, i8* %33, align 4 %35 = and i8 %34, 16 %36 = icmp eq i8 %35, 0 br i1 %36, label %47, label %37 %48 = phi i64 [ %44, %43 ], [ %46, %45 ], [ %32, %25 ] %49 = mul i64 %48, 1000000000 %50 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 14 %51 = load i32, i32* %50, align 4 %52 = zext i32 %51 to i64 %53 = udiv i64 %49, %52 %54 = tail call { i64, i64 } @ns_to_timespec64(i64 %53) #83 ------------- Use: =BAD PATH= Call Stack: 0 ptp_ioctl ------------- Path:  Function:ptp_ioctl %4 = alloca %struct.ptp_sys_offset_precise, align 8 %5 = alloca %struct.perf_branch_entry, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.ptp_clock_request, align 8 %8 = alloca %struct.ptp_clock_caps, align 4 %9 = alloca %struct.ptp_pin_desc, align 4 %10 = alloca %struct.cpu_itimer, align 8 %11 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %12 = bitcast %struct.ptp_sys_offset_precise* %4 to i8* %13 = bitcast %struct.perf_branch_entry* %5 to i8* %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 1 %15 = bitcast i32 (%struct.posix_clock*, %struct.__kernel_timex*)** %14 to %struct.ptp_clock_info.683310** %16 = load %struct.ptp_clock_info.683310*, %struct.ptp_clock_info.683310** %15, align 8 %17 = bitcast %struct.timens_offsets* %6 to i8* %18 = bitcast %struct.ptp_clock_request* %7 to i8* %19 = bitcast %struct.ptp_clock_caps* %8 to i8* %20 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %9, i64 0, i32 0, i64 0 %21 = bitcast %struct.cpu_itimer* %10 to i8* switch i32 %1, label %486 [ i32 -2142225151, label %22 i32 -2142225142, label %22 i32 1074806018, label %57 i32 1074806027, label %57 i32 1077427459, label %106 i32 1077427468, label %106 i32 1074019588, label %196 i32 1074019597, label %196 i32 -1069531896, label %210 i32 -1069531887, label %210 i32 -994034423, label %248 i32 -994034414, label %248 i32 1128283397, label %320 i32 1128283406, label %320 i32 -1067434746, label %378 i32 -1067434737, label %378 i32 1080048903, label %433 i32 1080048912, label %433 ] %211 = getelementptr inbounds %struct.ptp_clock_info.683310, %struct.ptp_clock_info.683310* %16, i64 0, i32 15 %212 = load i32 (%struct.ptp_clock_info.683310*, %struct.perf_branch_entry*)*, i32 (%struct.ptp_clock_info.683310*, %struct.perf_branch_entry*)** %211, align 8 %213 = icmp eq i32 (%struct.ptp_clock_info.683310*, %struct.perf_branch_entry*)* %212, null br i1 %213, label %486, label %214 %215 = call i32 %212(%struct.ptp_clock_info.683310* %16, %struct.perf_branch_entry* nonnull %5) #83 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %486 %218 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 0 %219 = load i64, i64* %218, align 8 %220 = call { i64, i64 } @ns_to_timespec64(i64 %219) #83 %221 = extractvalue { i64, i64 } %220, 0 %222 = extractvalue { i64, i64 } %220, 1 %223 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 0, i32 0 store i64 %221, i64* %223, align 8 %224 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 0, i32 1 store i64 %222, i64* %224, align 8 %225 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 0, i32 0 store i64 %221, i64* %225, align 8 %226 = trunc i64 %222 to i32 %227 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 0, i32 1 store i32 %226, i32* %227, align 8 %228 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 1 %229 = load i64, i64* %228, align 8 %230 = call { i64, i64 } @ns_to_timespec64(i64 %229) #83 %231 = extractvalue { i64, i64 } %230, 0 %232 = extractvalue { i64, i64 } %230, 1 store i64 %231, i64* %223, align 8 store i64 %232, i64* %224, align 8 %233 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 1, i32 0 store i64 %231, i64* %233, align 8 %234 = trunc i64 %232 to i32 %235 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 1, i32 1 store i32 %234, i32* %235, align 8 %236 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 2 %237 = load i64, i64* %236, align 8 %238 = call { i64, i64 } @ns_to_timespec64(i64 %237) #83 ------------- Use: =BAD PATH= Call Stack: 0 ptp_ioctl ------------- Path:  Function:ptp_ioctl %4 = alloca %struct.ptp_sys_offset_precise, align 8 %5 = alloca %struct.perf_branch_entry, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.ptp_clock_request, align 8 %8 = alloca %struct.ptp_clock_caps, align 4 %9 = alloca %struct.ptp_pin_desc, align 4 %10 = alloca %struct.cpu_itimer, align 8 %11 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %12 = bitcast %struct.ptp_sys_offset_precise* %4 to i8* %13 = bitcast %struct.perf_branch_entry* %5 to i8* %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 1 %15 = bitcast i32 (%struct.posix_clock*, %struct.__kernel_timex*)** %14 to %struct.ptp_clock_info.683310** %16 = load %struct.ptp_clock_info.683310*, %struct.ptp_clock_info.683310** %15, align 8 %17 = bitcast %struct.timens_offsets* %6 to i8* %18 = bitcast %struct.ptp_clock_request* %7 to i8* %19 = bitcast %struct.ptp_clock_caps* %8 to i8* %20 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %9, i64 0, i32 0, i64 0 %21 = bitcast %struct.cpu_itimer* %10 to i8* switch i32 %1, label %486 [ i32 -2142225151, label %22 i32 -2142225142, label %22 i32 1074806018, label %57 i32 1074806027, label %57 i32 1077427459, label %106 i32 1077427468, label %106 i32 1074019588, label %196 i32 1074019597, label %196 i32 -1069531896, label %210 i32 -1069531887, label %210 i32 -994034423, label %248 i32 -994034414, label %248 i32 1128283397, label %320 i32 1128283406, label %320 i32 -1067434746, label %378 i32 -1067434737, label %378 i32 1080048903, label %433 i32 1080048912, label %433 ] %211 = getelementptr inbounds %struct.ptp_clock_info.683310, %struct.ptp_clock_info.683310* %16, i64 0, i32 15 %212 = load i32 (%struct.ptp_clock_info.683310*, %struct.perf_branch_entry*)*, i32 (%struct.ptp_clock_info.683310*, %struct.perf_branch_entry*)** %211, align 8 %213 = icmp eq i32 (%struct.ptp_clock_info.683310*, %struct.perf_branch_entry*)* %212, null br i1 %213, label %486, label %214 %215 = call i32 %212(%struct.ptp_clock_info.683310* %16, %struct.perf_branch_entry* nonnull %5) #83 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %486 %218 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 0 %219 = load i64, i64* %218, align 8 %220 = call { i64, i64 } @ns_to_timespec64(i64 %219) #83 %221 = extractvalue { i64, i64 } %220, 0 %222 = extractvalue { i64, i64 } %220, 1 %223 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 0, i32 0 store i64 %221, i64* %223, align 8 %224 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 0, i32 1 store i64 %222, i64* %224, align 8 %225 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 0, i32 0 store i64 %221, i64* %225, align 8 %226 = trunc i64 %222 to i32 %227 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 0, i32 1 store i32 %226, i32* %227, align 8 %228 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 1 %229 = load i64, i64* %228, align 8 %230 = call { i64, i64 } @ns_to_timespec64(i64 %229) #83 ------------- Use: =BAD PATH= Call Stack: 0 ptp_ioctl ------------- Path:  Function:ptp_ioctl %4 = alloca %struct.ptp_sys_offset_precise, align 8 %5 = alloca %struct.perf_branch_entry, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.ptp_clock_request, align 8 %8 = alloca %struct.ptp_clock_caps, align 4 %9 = alloca %struct.ptp_pin_desc, align 4 %10 = alloca %struct.cpu_itimer, align 8 %11 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %12 = bitcast %struct.ptp_sys_offset_precise* %4 to i8* %13 = bitcast %struct.perf_branch_entry* %5 to i8* %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 1 %15 = bitcast i32 (%struct.posix_clock*, %struct.__kernel_timex*)** %14 to %struct.ptp_clock_info.683310** %16 = load %struct.ptp_clock_info.683310*, %struct.ptp_clock_info.683310** %15, align 8 %17 = bitcast %struct.timens_offsets* %6 to i8* %18 = bitcast %struct.ptp_clock_request* %7 to i8* %19 = bitcast %struct.ptp_clock_caps* %8 to i8* %20 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %9, i64 0, i32 0, i64 0 %21 = bitcast %struct.cpu_itimer* %10 to i8* switch i32 %1, label %486 [ i32 -2142225151, label %22 i32 -2142225142, label %22 i32 1074806018, label %57 i32 1074806027, label %57 i32 1077427459, label %106 i32 1077427468, label %106 i32 1074019588, label %196 i32 1074019597, label %196 i32 -1069531896, label %210 i32 -1069531887, label %210 i32 -994034423, label %248 i32 -994034414, label %248 i32 1128283397, label %320 i32 1128283406, label %320 i32 -1067434746, label %378 i32 -1067434737, label %378 i32 1080048903, label %433 i32 1080048912, label %433 ] %211 = getelementptr inbounds %struct.ptp_clock_info.683310, %struct.ptp_clock_info.683310* %16, i64 0, i32 15 %212 = load i32 (%struct.ptp_clock_info.683310*, %struct.perf_branch_entry*)*, i32 (%struct.ptp_clock_info.683310*, %struct.perf_branch_entry*)** %211, align 8 %213 = icmp eq i32 (%struct.ptp_clock_info.683310*, %struct.perf_branch_entry*)* %212, null br i1 %213, label %486, label %214 %215 = call i32 %212(%struct.ptp_clock_info.683310* %16, %struct.perf_branch_entry* nonnull %5) #83 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %486 %218 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 0 %219 = load i64, i64* %218, align 8 %220 = call { i64, i64 } @ns_to_timespec64(i64 %219) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __ia32_compat_sys_sysinfo ------------- Path:  Function:__ia32_compat_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = alloca %struct.compat_sysinfo, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.sysinfo* %2 to i8* %7 = bitcast %struct.compat_sysinfo* %3 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #83 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #83 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __ia32_sys_sysinfo ------------- Path:  Function:__ia32_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.sysinfo* %2 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #83 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #83 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #83 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __x64_sys_sysinfo ------------- Path:  Function:__x64_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.sysinfo* %2 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #83 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #83 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #83 ------------- Good: 263 Bad: 22 Ignored: 289 Check Use of Function:drm_mode_crtc_set_obj_prop Check Use of Function:drm_vblank_put Check Use of Function:drm_event_reserve_init_locked Check Use of Function:cancel_delayed_work_sync Use: =BAD PATH= Call Stack: 0 rpc_destroy_wait_queue 1 nfs4_free_client ------------- Path:  Function:nfs4_free_client %2 = getelementptr inbounds %struct.nfs_client.243389, %struct.nfs_client.243389* %0, i64 0, i32 3 %3 = tail call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 3) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %7, label %6 tail call void bitcast (void (%struct.nfs_client.235532*)* @nfs4_kill_renewd to void (%struct.nfs_client.243389*)*)(%struct.nfs_client.243389* %0) #83 br label %7 %8 = getelementptr inbounds %struct.nfs_client.243389, %struct.nfs_client.243389* %0, i64 0, i32 31 %9 = load %struct.nfs4_minor_version_ops.243398*, %struct.nfs4_minor_version_ops.243398** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_minor_version_ops.243398, %struct.nfs4_minor_version_ops.243398* %9, i64 0, i32 3 %11 = bitcast {}** %10 to void (%struct.nfs_client.243389*)** %12 = load void (%struct.nfs_client.243389*)*, void (%struct.nfs_client.243389*)** %11, align 8 tail call void %12(%struct.nfs_client.243389* %0) #83 %13 = tail call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 1) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %22, label %16 %17 = load %struct.nfs4_minor_version_ops.243398*, %struct.nfs4_minor_version_ops.243398** %8, align 8 %18 = getelementptr inbounds %struct.nfs4_minor_version_ops.243398, %struct.nfs4_minor_version_ops.243398* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 %20 = getelementptr inbounds %struct.nfs_client.243389, %struct.nfs_client.243389* %0, i64 0, i32 43 %21 = load %struct.net*, %struct.net** %20, align 8 tail call void @nfs_callback_down(i32 %19, %struct.net* %21) #83 br label %22 %23 = tail call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 2) #6, !srcloc !4 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %27, label %26 %28 = getelementptr inbounds %struct.nfs_client.243389, %struct.nfs_client.243389* %0, i64 0, i32 27 tail call void @rpc_destroy_wait_queue(%struct.rpc_wait_queue* %28) #83 Function:rpc_destroy_wait_queue %2 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %0, i64 0, i32 6, i32 2 %3 = tail call zeroext i1 @cancel_delayed_work_sync(%struct.delayed_work* %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_kill_renewd 1 nfs4_free_client ------------- Path:  Function:nfs4_free_client %2 = getelementptr inbounds %struct.nfs_client.243389, %struct.nfs_client.243389* %0, i64 0, i32 3 %3 = tail call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 3) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %7, label %6 tail call void bitcast (void (%struct.nfs_client.235532*)* @nfs4_kill_renewd to void (%struct.nfs_client.243389*)*)(%struct.nfs_client.243389* %0) #83 Function:nfs4_kill_renewd %2 = getelementptr inbounds %struct.nfs_client.235532, %struct.nfs_client.235532* %0, i64 0, i32 26 %3 = tail call zeroext i1 bitcast (i1 (%struct.delayed_work*)* @cancel_delayed_work_sync to i1 (%struct.delayed_work.116834*)*)(%struct.delayed_work.116834* %2) #83 ------------- Good: 105 Bad: 2 Ignored: 80 Check Use of Function:drm_modeset_unlock Check Use of Function:drm_atomic_get_crtc_state Check Use of Function:put_fs_context Use: =BAD PATH= Call Stack: 0 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.156180*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #83 ------------- Good: 18 Bad: 1 Ignored: 2 Check Use of Function:ext4_unlink Check Use of Function:dev_set_threaded Check Use of Function:drm_mode_obj_find_prop_id Check Use of Function:__SCT__tp_func_sched_process_fork Check Use of Function:drm_property_create_blob Check Use of Function:mntput_no_expire Check Use of Function:proc_sys_write Check Use of Function:exit_sem Check Use of Function:drm_property_blob_put Check Use of Function:drm_mode_destroy Check Use of Function:__drm_dbg Use: =BAD PATH= Call Stack: 0 i915_perf_remove_config_ioctl ------------- Path:  Function:i915_perf_remove_config_ioctl %4 = bitcast i8* %1 to i64* %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %6 = bitcast %struct.workqueue_struct** %5 to %struct.drm_i915_private.436298** %7 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %6, align 8 %8 = icmp eq %struct.drm_i915_private.436298* %7, null br i1 %8, label %9, label %10 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.47743, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %6 = bitcast %struct.workqueue_struct** %5 to %struct.i915_perf.436281* %7 = bitcast i32* %4 to i8* %8 = bitcast %struct.workqueue_struct** %5 to %struct.drm_i915_private.436298** %9 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %8, align 8 %10 = icmp eq %struct.drm_i915_private.436298* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 3 %14 = bitcast i32* %13 to %struct.kobject** %15 = load %struct.kobject*, %struct.kobject** %14, align 8 %16 = icmp eq %struct.kobject* %15, null br i1 %16, label %17, label %18 %19 = load i32, i32* @i915_perf_stream_paranoid, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = tail call zeroext i1 @capable(i32 38) #83 br i1 %22, label %26, label %23 %27 = getelementptr inbounds i8, i8* %1, i64 48 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 8 %30 = icmp eq i64 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds i8, i8* %1, i64 36 %33 = bitcast i8* %32 to i32* %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %57 %37 = getelementptr inbounds i8, i8* %1, i64 56 %38 = bitcast i8* %37 to i64* %39 = load i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %46, label %41 %42 = getelementptr inbounds i8, i8* %1, i64 40 %43 = bitcast i8* %42 to i32* %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %57 %47 = getelementptr inbounds i8, i8* %1, i64 64 %48 = bitcast i8* %47 to i64* %49 = load i64, i64* %48, align 8 %50 = icmp eq i64 %49, 0 br i1 %50, label %56, label %51 %52 = getelementptr inbounds i8, i8* %1, i64 44 %53 = bitcast i8* %52 to i32* %54 = load i32, i32* %53, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.5.47796, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %6 = bitcast %struct.workqueue_struct** %5 to %struct.i915_perf.436281* %7 = bitcast i32* %4 to i8* %8 = bitcast %struct.workqueue_struct** %5 to %struct.drm_i915_private.436298** %9 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %8, align 8 %10 = icmp eq %struct.drm_i915_private.436298* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 3 %14 = bitcast i32* %13 to %struct.kobject** %15 = load %struct.kobject*, %struct.kobject** %14, align 8 %16 = icmp eq %struct.kobject* %15, null br i1 %16, label %17, label %18 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([41 x i8], [41 x i8]* @.str.3.47764, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %6 = bitcast %struct.workqueue_struct** %5 to %struct.i915_perf.436281* %7 = bitcast i32* %4 to i8* %8 = bitcast %struct.workqueue_struct** %5 to %struct.drm_i915_private.436298** %9 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %8, align 8 %10 = icmp eq %struct.drm_i915_private.436298* %9, null br i1 %10, label %11, label %12 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.47743, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.436125*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %11 = bitcast %struct.workqueue_struct** %10 to %struct.i915_perf.436281* %12 = bitcast %struct.perf_open_properties* %9 to i8* %13 = bitcast %struct.workqueue_struct** %10 to %struct.drm_i915_private.436298** %14 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %13, align 8 %15 = icmp eq %struct.drm_i915_private.436298* %14, null br i1 %15, label %16, label %17 %18 = bitcast i8* %1 to i32* %19 = load i32, i32* %18, align 8 %20 = icmp ult i32 %19, 8 br i1 %20, label %22, label %21 %23 = getelementptr inbounds i8, i8* %1, i64 8 %24 = bitcast i8* %23 to i64** %25 = load i64*, i64** %24, align 8 %26 = getelementptr inbounds i8, i8* %1, i64 4 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %29, align 8 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %32 %33 = tail call %struct.intel_engine_cs.436309* bitcast (%struct.intel_engine_cs.408079* (%struct.drm_i915_private.408067*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.436309* (%struct.drm_i915_private.436298*, i8, i8)*)(%struct.drm_i915_private.436298* nonnull %14, i8 zeroext 0, i8 zeroext 0) #83 %34 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.436309* %33, %struct.intel_engine_cs.436309** %34, align 8 %35 = icmp eq %struct.intel_engine_cs.436309* %33, null br i1 %35, label %36, label %37 %38 = icmp ugt i32 %28, 8 br i1 %38, label %54, label %39 %40 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %41 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %43 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %47 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %48 = getelementptr inbounds %struct.workqueue_struct*, %struct.workqueue_struct** %10, i64 37 %49 = bitcast %struct.workqueue_struct** %48 to i64* %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %53 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %55 %56 = phi i64* [ %25, %39 ], [ %169, %168 ] %57 = phi i32 [ 0, %39 ], [ %170, %168 ] %59 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %56, i64 8, i64 %58) #6, !srcloc !4 %60 = extractvalue { i64*, i64, i64 } %59, 0 %61 = extractvalue { i64*, i64, i64 } %59, 1 %62 = extractvalue { i64*, i64, i64 } %59, 2 %63 = ptrtoint i64* %60 to i64 %64 = trunc i64 %63 to i32 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %1411 %68 = getelementptr i64, i64* %56, i64 1 %69 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %68, i64 8, i64 %67) #6, !srcloc !5 %70 = extractvalue { i64*, i64, i64 } %69, 0 %71 = extractvalue { i64*, i64, i64 } %69, 1 %72 = extractvalue { i64*, i64, i64 } %69, 2 %73 = ptrtoint i64* %70 to i64 %74 = trunc i64 %73 to i32 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %1415 %77 = add i64 %61, -1 %78 = icmp ugt i64 %77, 7 br i1 %78, label %79, label %80 %81 = trunc i64 %61 to i32 switch i32 %81, label %168 [ i32 1, label %82 i32 2, label %85 i32 3, label %90 i32 4, label %95 i32 5, label %108 i32 6, label %131 i32 7, label %137 i32 8, label %161 i32 9, label %166 ] %162 = icmp ult i64 %71, 100000 br i1 %162, label %163, label %165 %164 = extractvalue { i64*, i64, i64 } %69, 1 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([50 x i8], [50 x i8]* @.str.32.47756, i64 0, i64 0), i64 %164) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.436125*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %11 = bitcast %struct.workqueue_struct** %10 to %struct.i915_perf.436281* %12 = bitcast %struct.perf_open_properties* %9 to i8* %13 = bitcast %struct.workqueue_struct** %10 to %struct.drm_i915_private.436298** %14 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %13, align 8 %15 = icmp eq %struct.drm_i915_private.436298* %14, null br i1 %15, label %16, label %17 %18 = bitcast i8* %1 to i32* %19 = load i32, i32* %18, align 8 %20 = icmp ult i32 %19, 8 br i1 %20, label %22, label %21 %23 = getelementptr inbounds i8, i8* %1, i64 8 %24 = bitcast i8* %23 to i64** %25 = load i64*, i64** %24, align 8 %26 = getelementptr inbounds i8, i8* %1, i64 4 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %29, align 8 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %32 %33 = tail call %struct.intel_engine_cs.436309* bitcast (%struct.intel_engine_cs.408079* (%struct.drm_i915_private.408067*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.436309* (%struct.drm_i915_private.436298*, i8, i8)*)(%struct.drm_i915_private.436298* nonnull %14, i8 zeroext 0, i8 zeroext 0) #83 %34 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.436309* %33, %struct.intel_engine_cs.436309** %34, align 8 %35 = icmp eq %struct.intel_engine_cs.436309* %33, null br i1 %35, label %36, label %37 %38 = icmp ugt i32 %28, 8 br i1 %38, label %54, label %39 %40 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %41 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %43 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %47 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %48 = getelementptr inbounds %struct.workqueue_struct*, %struct.workqueue_struct** %10, i64 37 %49 = bitcast %struct.workqueue_struct** %48 to i64* %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %53 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %55 %56 = phi i64* [ %25, %39 ], [ %169, %168 ] %57 = phi i32 [ 0, %39 ], [ %170, %168 ] %59 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %56, i64 8, i64 %58) #6, !srcloc !4 %60 = extractvalue { i64*, i64, i64 } %59, 0 %61 = extractvalue { i64*, i64, i64 } %59, 1 %62 = extractvalue { i64*, i64, i64 } %59, 2 %63 = ptrtoint i64* %60 to i64 %64 = trunc i64 %63 to i32 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %1411 %68 = getelementptr i64, i64* %56, i64 1 %69 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %68, i64 8, i64 %67) #6, !srcloc !5 %70 = extractvalue { i64*, i64, i64 } %69, 0 %71 = extractvalue { i64*, i64, i64 } %69, 1 %72 = extractvalue { i64*, i64, i64 } %69, 2 %73 = ptrtoint i64* %70 to i64 %74 = trunc i64 %73 to i32 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %1415 %77 = add i64 %61, -1 %78 = icmp ugt i64 %77, 7 br i1 %78, label %79, label %80 %81 = trunc i64 %61 to i32 switch i32 %81, label %168 [ i32 1, label %82 i32 2, label %85 i32 3, label %90 i32 4, label %95 i32 5, label %108 i32 6, label %131 i32 7, label %137 i32 8, label %161 i32 9, label %166 ] %138 = inttoptr i64 %71 to i8* %139 = call i64 @_copy_from_user(i8* nonnull %40, i8* %138, i64 32) #83 %140 = icmp eq i64 %139, 0 br i1 %140, label %141, label %157 %142 = load %struct.intel_engine_cs.436309*, %struct.intel_engine_cs.436309** %34, align 8 %143 = load i16, i16* %42, align 8 %144 = getelementptr inbounds %struct.intel_engine_cs.436309, %struct.intel_engine_cs.436309* %142, i64 0, i32 11 %145 = load i16, i16* %144, align 2 %146 = icmp eq i16 %143, %145 br i1 %146, label %147, label %157 %158 = phi i8* [ getelementptr inbounds ([38 x i8], [38 x i8]* @.str.30.47754, i64 0, i64 0), %137 ], [ getelementptr inbounds ([28 x i8], [28 x i8]* @.str.31.47755, i64 0, i64 0), %152 ], [ getelementptr inbounds ([28 x i8], [28 x i8]* @.str.31.47755, i64 0, i64 0), %147 ], [ getelementptr inbounds ([28 x i8], [28 x i8]* @.str.31.47755, i64 0, i64 0), %141 ] %159 = phi i32 [ -14, %137 ], [ %155, %152 ], [ -22, %147 ], [ -22, %141 ] call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* %158) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.436125*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %11 = bitcast %struct.workqueue_struct** %10 to %struct.i915_perf.436281* %12 = bitcast %struct.perf_open_properties* %9 to i8* %13 = bitcast %struct.workqueue_struct** %10 to %struct.drm_i915_private.436298** %14 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %13, align 8 %15 = icmp eq %struct.drm_i915_private.436298* %14, null br i1 %15, label %16, label %17 %18 = bitcast i8* %1 to i32* %19 = load i32, i32* %18, align 8 %20 = icmp ult i32 %19, 8 br i1 %20, label %22, label %21 %23 = getelementptr inbounds i8, i8* %1, i64 8 %24 = bitcast i8* %23 to i64** %25 = load i64*, i64** %24, align 8 %26 = getelementptr inbounds i8, i8* %1, i64 4 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %29, align 8 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %32 %33 = tail call %struct.intel_engine_cs.436309* bitcast (%struct.intel_engine_cs.408079* (%struct.drm_i915_private.408067*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.436309* (%struct.drm_i915_private.436298*, i8, i8)*)(%struct.drm_i915_private.436298* nonnull %14, i8 zeroext 0, i8 zeroext 0) #83 %34 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.436309* %33, %struct.intel_engine_cs.436309** %34, align 8 %35 = icmp eq %struct.intel_engine_cs.436309* %33, null br i1 %35, label %36, label %37 %38 = icmp ugt i32 %28, 8 br i1 %38, label %54, label %39 %40 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %41 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %43 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %47 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %48 = getelementptr inbounds %struct.workqueue_struct*, %struct.workqueue_struct** %10, i64 37 %49 = bitcast %struct.workqueue_struct** %48 to i64* %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %53 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %55 %56 = phi i64* [ %25, %39 ], [ %169, %168 ] %57 = phi i32 [ 0, %39 ], [ %170, %168 ] %59 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %56, i64 8, i64 %58) #6, !srcloc !4 %60 = extractvalue { i64*, i64, i64 } %59, 0 %61 = extractvalue { i64*, i64, i64 } %59, 1 %62 = extractvalue { i64*, i64, i64 } %59, 2 %63 = ptrtoint i64* %60 to i64 %64 = trunc i64 %63 to i32 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %1411 %68 = getelementptr i64, i64* %56, i64 1 %69 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %68, i64 8, i64 %67) #6, !srcloc !5 %70 = extractvalue { i64*, i64, i64 } %69, 0 %71 = extractvalue { i64*, i64, i64 } %69, 1 %72 = extractvalue { i64*, i64, i64 } %69, 2 %73 = ptrtoint i64* %70 to i64 %74 = trunc i64 %73 to i32 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %1415 %77 = add i64 %61, -1 %78 = icmp ugt i64 %77, 7 br i1 %78, label %79, label %80 %81 = trunc i64 %61 to i32 switch i32 %81, label %168 [ i32 1, label %82 i32 2, label %85 i32 3, label %90 i32 4, label %95 i32 5, label %108 i32 6, label %131 i32 7, label %137 i32 8, label %161 i32 9, label %166 ] %109 = icmp ugt i64 %71, 31 br i1 %109, label %110, label %111 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.28.47752, i64 0, i64 0), i32 31) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.436125*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %11 = bitcast %struct.workqueue_struct** %10 to %struct.i915_perf.436281* %12 = bitcast %struct.perf_open_properties* %9 to i8* %13 = bitcast %struct.workqueue_struct** %10 to %struct.drm_i915_private.436298** %14 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %13, align 8 %15 = icmp eq %struct.drm_i915_private.436298* %14, null br i1 %15, label %16, label %17 %18 = bitcast i8* %1 to i32* %19 = load i32, i32* %18, align 8 %20 = icmp ult i32 %19, 8 br i1 %20, label %22, label %21 %23 = getelementptr inbounds i8, i8* %1, i64 8 %24 = bitcast i8* %23 to i64** %25 = load i64*, i64** %24, align 8 %26 = getelementptr inbounds i8, i8* %1, i64 4 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %29, align 8 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %32 %33 = tail call %struct.intel_engine_cs.436309* bitcast (%struct.intel_engine_cs.408079* (%struct.drm_i915_private.408067*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.436309* (%struct.drm_i915_private.436298*, i8, i8)*)(%struct.drm_i915_private.436298* nonnull %14, i8 zeroext 0, i8 zeroext 0) #83 %34 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.436309* %33, %struct.intel_engine_cs.436309** %34, align 8 %35 = icmp eq %struct.intel_engine_cs.436309* %33, null br i1 %35, label %36, label %37 %38 = icmp ugt i32 %28, 8 br i1 %38, label %54, label %39 %40 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %41 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %43 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %47 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %48 = getelementptr inbounds %struct.workqueue_struct*, %struct.workqueue_struct** %10, i64 37 %49 = bitcast %struct.workqueue_struct** %48 to i64* %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %53 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %55 %56 = phi i64* [ %25, %39 ], [ %169, %168 ] %57 = phi i32 [ 0, %39 ], [ %170, %168 ] %59 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %56, i64 8, i64 %58) #6, !srcloc !4 %60 = extractvalue { i64*, i64, i64 } %59, 0 %61 = extractvalue { i64*, i64, i64 } %59, 1 %62 = extractvalue { i64*, i64, i64 } %59, 2 %63 = ptrtoint i64* %60 to i64 %64 = trunc i64 %63 to i32 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %1411 %68 = getelementptr i64, i64* %56, i64 1 %69 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %68, i64 8, i64 %67) #6, !srcloc !5 %70 = extractvalue { i64*, i64, i64 } %69, 0 %71 = extractvalue { i64*, i64, i64 } %69, 1 %72 = extractvalue { i64*, i64, i64 } %69, 2 %73 = ptrtoint i64* %70 to i64 %74 = trunc i64 %73 to i32 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %1415 %77 = add i64 %61, -1 %78 = icmp ugt i64 %77, 7 br i1 %78, label %79, label %80 %81 = trunc i64 %61 to i32 switch i32 %81, label %168 [ i32 1, label %82 i32 2, label %85 i32 3, label %90 i32 4, label %95 i32 5, label %108 i32 6, label %131 i32 7, label %137 i32 8, label %161 i32 9, label %166 ] %96 = add i64 %71, -1 %97 = icmp ugt i64 %96, 9 br i1 %97, label %98, label %100 %101 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %71) #6, !srcloc !6 %102 = and i8 %101, 1 %103 = icmp eq i8 %102, 0 br i1 %103, label %104, label %106 %105 = extractvalue { i64*, i64, i64 } %69, 1 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.27.47751, i64 0, i64 0), i64 %105) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.436125*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %11 = bitcast %struct.workqueue_struct** %10 to %struct.i915_perf.436281* %12 = bitcast %struct.perf_open_properties* %9 to i8* %13 = bitcast %struct.workqueue_struct** %10 to %struct.drm_i915_private.436298** %14 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %13, align 8 %15 = icmp eq %struct.drm_i915_private.436298* %14, null br i1 %15, label %16, label %17 %18 = bitcast i8* %1 to i32* %19 = load i32, i32* %18, align 8 %20 = icmp ult i32 %19, 8 br i1 %20, label %22, label %21 %23 = getelementptr inbounds i8, i8* %1, i64 8 %24 = bitcast i8* %23 to i64** %25 = load i64*, i64** %24, align 8 %26 = getelementptr inbounds i8, i8* %1, i64 4 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %29, align 8 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %32 %33 = tail call %struct.intel_engine_cs.436309* bitcast (%struct.intel_engine_cs.408079* (%struct.drm_i915_private.408067*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.436309* (%struct.drm_i915_private.436298*, i8, i8)*)(%struct.drm_i915_private.436298* nonnull %14, i8 zeroext 0, i8 zeroext 0) #83 %34 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.436309* %33, %struct.intel_engine_cs.436309** %34, align 8 %35 = icmp eq %struct.intel_engine_cs.436309* %33, null br i1 %35, label %36, label %37 %38 = icmp ugt i32 %28, 8 br i1 %38, label %54, label %39 %40 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %41 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %43 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %47 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %48 = getelementptr inbounds %struct.workqueue_struct*, %struct.workqueue_struct** %10, i64 37 %49 = bitcast %struct.workqueue_struct** %48 to i64* %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %53 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %55 %56 = phi i64* [ %25, %39 ], [ %169, %168 ] %57 = phi i32 [ 0, %39 ], [ %170, %168 ] %59 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %56, i64 8, i64 %58) #6, !srcloc !4 %60 = extractvalue { i64*, i64, i64 } %59, 0 %61 = extractvalue { i64*, i64, i64 } %59, 1 %62 = extractvalue { i64*, i64, i64 } %59, 2 %63 = ptrtoint i64* %60 to i64 %64 = trunc i64 %63 to i32 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %1411 %68 = getelementptr i64, i64* %56, i64 1 %69 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %68, i64 8, i64 %67) #6, !srcloc !5 %70 = extractvalue { i64*, i64, i64 } %69, 0 %71 = extractvalue { i64*, i64, i64 } %69, 1 %72 = extractvalue { i64*, i64, i64 } %69, 2 %73 = ptrtoint i64* %70 to i64 %74 = trunc i64 %73 to i32 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %1415 %77 = add i64 %61, -1 %78 = icmp ugt i64 %77, 7 br i1 %78, label %79, label %80 %81 = trunc i64 %61 to i32 switch i32 %81, label %168 [ i32 1, label %82 i32 2, label %85 i32 3, label %90 i32 4, label %95 i32 5, label %108 i32 6, label %131 i32 7, label %137 i32 8, label %161 i32 9, label %166 ] %96 = add i64 %71, -1 %97 = icmp ugt i64 %96, 9 br i1 %97, label %98, label %100 %99 = extractvalue { i64*, i64, i64 } %69, 1 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.26.47750, i64 0, i64 0), i64 %99) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.436125*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %11 = bitcast %struct.workqueue_struct** %10 to %struct.i915_perf.436281* %12 = bitcast %struct.perf_open_properties* %9 to i8* %13 = bitcast %struct.workqueue_struct** %10 to %struct.drm_i915_private.436298** %14 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %13, align 8 %15 = icmp eq %struct.drm_i915_private.436298* %14, null br i1 %15, label %16, label %17 %18 = bitcast i8* %1 to i32* %19 = load i32, i32* %18, align 8 %20 = icmp ult i32 %19, 8 br i1 %20, label %22, label %21 %23 = getelementptr inbounds i8, i8* %1, i64 8 %24 = bitcast i8* %23 to i64** %25 = load i64*, i64** %24, align 8 %26 = getelementptr inbounds i8, i8* %1, i64 4 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %29, align 8 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %32 %33 = tail call %struct.intel_engine_cs.436309* bitcast (%struct.intel_engine_cs.408079* (%struct.drm_i915_private.408067*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.436309* (%struct.drm_i915_private.436298*, i8, i8)*)(%struct.drm_i915_private.436298* nonnull %14, i8 zeroext 0, i8 zeroext 0) #83 %34 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.436309* %33, %struct.intel_engine_cs.436309** %34, align 8 %35 = icmp eq %struct.intel_engine_cs.436309* %33, null br i1 %35, label %36, label %37 %38 = icmp ugt i32 %28, 8 br i1 %38, label %54, label %39 %40 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %41 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %43 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %47 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %48 = getelementptr inbounds %struct.workqueue_struct*, %struct.workqueue_struct** %10, i64 37 %49 = bitcast %struct.workqueue_struct** %48 to i64* %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %53 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %55 %56 = phi i64* [ %25, %39 ], [ %169, %168 ] %57 = phi i32 [ 0, %39 ], [ %170, %168 ] %59 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %56, i64 8, i64 %58) #6, !srcloc !4 %60 = extractvalue { i64*, i64, i64 } %59, 0 %61 = extractvalue { i64*, i64, i64 } %59, 1 %62 = extractvalue { i64*, i64, i64 } %59, 2 %63 = ptrtoint i64* %60 to i64 %64 = trunc i64 %63 to i32 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %1411 %68 = getelementptr i64, i64* %56, i64 1 %69 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %68, i64 8, i64 %67) #6, !srcloc !5 %70 = extractvalue { i64*, i64, i64 } %69, 0 %71 = extractvalue { i64*, i64, i64 } %69, 1 %72 = extractvalue { i64*, i64, i64 } %69, 2 %73 = ptrtoint i64* %70 to i64 %74 = trunc i64 %73 to i32 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %1415 %77 = add i64 %61, -1 %78 = icmp ugt i64 %77, 7 br i1 %78, label %79, label %80 %81 = trunc i64 %61 to i32 switch i32 %81, label %168 [ i32 1, label %82 i32 2, label %85 i32 3, label %90 i32 4, label %95 i32 5, label %108 i32 6, label %131 i32 7, label %137 i32 8, label %161 i32 9, label %166 ] %91 = icmp eq i64 %71, 0 br i1 %91, label %92, label %93 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.25.47749, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.436125*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %11 = bitcast %struct.workqueue_struct** %10 to %struct.i915_perf.436281* %12 = bitcast %struct.perf_open_properties* %9 to i8* %13 = bitcast %struct.workqueue_struct** %10 to %struct.drm_i915_private.436298** %14 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %13, align 8 %15 = icmp eq %struct.drm_i915_private.436298* %14, null br i1 %15, label %16, label %17 %18 = bitcast i8* %1 to i32* %19 = load i32, i32* %18, align 8 %20 = icmp ult i32 %19, 8 br i1 %20, label %22, label %21 %23 = getelementptr inbounds i8, i8* %1, i64 8 %24 = bitcast i8* %23 to i64** %25 = load i64*, i64** %24, align 8 %26 = getelementptr inbounds i8, i8* %1, i64 4 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %29, align 8 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %32 %33 = tail call %struct.intel_engine_cs.436309* bitcast (%struct.intel_engine_cs.408079* (%struct.drm_i915_private.408067*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.436309* (%struct.drm_i915_private.436298*, i8, i8)*)(%struct.drm_i915_private.436298* nonnull %14, i8 zeroext 0, i8 zeroext 0) #83 %34 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.436309* %33, %struct.intel_engine_cs.436309** %34, align 8 %35 = icmp eq %struct.intel_engine_cs.436309* %33, null br i1 %35, label %36, label %37 %38 = icmp ugt i32 %28, 8 br i1 %38, label %54, label %39 %40 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %41 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %43 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %47 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %48 = getelementptr inbounds %struct.workqueue_struct*, %struct.workqueue_struct** %10, i64 37 %49 = bitcast %struct.workqueue_struct** %48 to i64* %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %53 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %55 %56 = phi i64* [ %25, %39 ], [ %169, %168 ] %57 = phi i32 [ 0, %39 ], [ %170, %168 ] %59 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %56, i64 8, i64 %58) #6, !srcloc !4 %60 = extractvalue { i64*, i64, i64 } %59, 0 %61 = extractvalue { i64*, i64, i64 } %59, 1 %62 = extractvalue { i64*, i64, i64 } %59, 2 %63 = ptrtoint i64* %60 to i64 %64 = trunc i64 %63 to i32 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %1411 %68 = getelementptr i64, i64* %56, i64 1 %69 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %68, i64 8, i64 %67) #6, !srcloc !5 %70 = extractvalue { i64*, i64, i64 } %69, 0 %71 = extractvalue { i64*, i64, i64 } %69, 1 %72 = extractvalue { i64*, i64, i64 } %69, 2 %73 = ptrtoint i64* %70 to i64 %74 = trunc i64 %73 to i32 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %1415 %77 = add i64 %61, -1 %78 = icmp ugt i64 %77, 7 br i1 %78, label %79, label %80 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.24.47748, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.436125*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %11 = bitcast %struct.workqueue_struct** %10 to %struct.i915_perf.436281* %12 = bitcast %struct.perf_open_properties* %9 to i8* %13 = bitcast %struct.workqueue_struct** %10 to %struct.drm_i915_private.436298** %14 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %13, align 8 %15 = icmp eq %struct.drm_i915_private.436298* %14, null br i1 %15, label %16, label %17 %18 = bitcast i8* %1 to i32* %19 = load i32, i32* %18, align 8 %20 = icmp ult i32 %19, 8 br i1 %20, label %22, label %21 %23 = getelementptr inbounds i8, i8* %1, i64 8 %24 = bitcast i8* %23 to i64** %25 = load i64*, i64** %24, align 8 %26 = getelementptr inbounds i8, i8* %1, i64 4 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %29, align 8 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %32 %33 = tail call %struct.intel_engine_cs.436309* bitcast (%struct.intel_engine_cs.408079* (%struct.drm_i915_private.408067*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.436309* (%struct.drm_i915_private.436298*, i8, i8)*)(%struct.drm_i915_private.436298* nonnull %14, i8 zeroext 0, i8 zeroext 0) #83 %34 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.436309* %33, %struct.intel_engine_cs.436309** %34, align 8 %35 = icmp eq %struct.intel_engine_cs.436309* %33, null br i1 %35, label %36, label %37 %38 = icmp ugt i32 %28, 8 br i1 %38, label %54, label %39 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([48 x i8], [48 x i8]* @.str.23.47747, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.436125*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %11 = bitcast %struct.workqueue_struct** %10 to %struct.i915_perf.436281* %12 = bitcast %struct.perf_open_properties* %9 to i8* %13 = bitcast %struct.workqueue_struct** %10 to %struct.drm_i915_private.436298** %14 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %13, align 8 %15 = icmp eq %struct.drm_i915_private.436298* %14, null br i1 %15, label %16, label %17 %18 = bitcast i8* %1 to i32* %19 = load i32, i32* %18, align 8 %20 = icmp ult i32 %19, 8 br i1 %20, label %22, label %21 %23 = getelementptr inbounds i8, i8* %1, i64 8 %24 = bitcast i8* %23 to i64** %25 = load i64*, i64** %24, align 8 %26 = getelementptr inbounds i8, i8* %1, i64 4 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %29, align 8 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %32 %33 = tail call %struct.intel_engine_cs.436309* bitcast (%struct.intel_engine_cs.408079* (%struct.drm_i915_private.408067*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.436309* (%struct.drm_i915_private.436298*, i8, i8)*)(%struct.drm_i915_private.436298* nonnull %14, i8 zeroext 0, i8 zeroext 0) #83 %34 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.436309* %33, %struct.intel_engine_cs.436309** %34, align 8 %35 = icmp eq %struct.intel_engine_cs.436309* %33, null br i1 %35, label %36, label %37 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.22.47746, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.436125*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %11 = bitcast %struct.workqueue_struct** %10 to %struct.i915_perf.436281* %12 = bitcast %struct.perf_open_properties* %9 to i8* %13 = bitcast %struct.workqueue_struct** %10 to %struct.drm_i915_private.436298** %14 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %13, align 8 %15 = icmp eq %struct.drm_i915_private.436298* %14, null br i1 %15, label %16, label %17 %18 = bitcast i8* %1 to i32* %19 = load i32, i32* %18, align 8 %20 = icmp ult i32 %19, 8 br i1 %20, label %22, label %21 %23 = getelementptr inbounds i8, i8* %1, i64 8 %24 = bitcast i8* %23 to i64** %25 = load i64*, i64** %24, align 8 %26 = getelementptr inbounds i8, i8* %1, i64 4 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %29, align 8 %30 = icmp eq i32 %28, 0 br i1 %30, label %31, label %32 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.21.47745, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.436125*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %11 = bitcast %struct.workqueue_struct** %10 to %struct.i915_perf.436281* %12 = bitcast %struct.perf_open_properties* %9 to i8* %13 = bitcast %struct.workqueue_struct** %10 to %struct.drm_i915_private.436298** %14 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %13, align 8 %15 = icmp eq %struct.drm_i915_private.436298* %14, null br i1 %15, label %16, label %17 %18 = bitcast i8* %1 to i32* %19 = load i32, i32* %18, align 8 %20 = icmp ult i32 %19, 8 br i1 %20, label %22, label %21 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.1.47744, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.436125*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.436077, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 32, i32 2 %11 = bitcast %struct.workqueue_struct** %10 to %struct.i915_perf.436281* %12 = bitcast %struct.perf_open_properties* %9 to i8* %13 = bitcast %struct.workqueue_struct** %10 to %struct.drm_i915_private.436298** %14 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %13, align 8 %15 = icmp eq %struct.drm_i915_private.436298* %14, null br i1 %15, label %16, label %17 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.47743, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer2_ioctl ------------- Path:  Function:i915_gem_execbuffer2_ioctl %4 = alloca %struct.static_call_site, align 4 %5 = alloca %struct.i915_execbuffer, align 8 %6 = bitcast i8* %1 to %struct.drm_i915_gem_execbuffer2* %7 = getelementptr inbounds i8, i8* %1, i64 8 %8 = bitcast i8* %7 to i32* %9 = load i32, i32* %8, align 8 %10 = zext i32 %9 to i64 %11 = add nsw i64 %10, -1 %12 = icmp ult i64 %11, 2147483647 br i1 %12, label %20, label %13 %21 = getelementptr inbounds i8, i8* %1, i64 40 %22 = bitcast i8* %21 to i64* %23 = load i64, i64* %22, align 8 %24 = and i64 %23, -4161344 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %1875 %27 = and i64 %23, 2621440 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %39 %30 = getelementptr inbounds i8, i8* %1, i64 28 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %1875 %35 = getelementptr inbounds i8, i8* %1, i64 32 %36 = bitcast i8* %35 to i64* %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %1875 %40 = getelementptr inbounds i8, i8* %1, i64 24 %41 = bitcast i8* %40 to i32* %42 = load i32, i32* %41, align 8 %43 = icmp eq i32 %42, -1 br i1 %43, label %50, label %44 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.3.42292, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_getparam_ioctl ------------- Path:  Function:i915_getparam_ioctl %4 = alloca i32, align 4 %5 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.408067* %6 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 0, i32 2 %7 = bitcast %struct.device** %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 17, i32 30, i32 66 %10 = bitcast %struct.drm_property.373206** %9 to %struct.intel_gt.408001* %11 = getelementptr inbounds %struct.drm_i915_private.408067, %struct.drm_i915_private.408067* %5, i64 0, i32 108, i32 34, i32 5 %12 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %13 = bitcast i8* %1 to i32* %14 = load i32, i32* %13, align 8 switch i32 %14, label %152 [ i32 1, label %166 i32 2, label %166 i32 3, label %166 i32 14, label %166 i32 4, label %15 i32 32, label %20 i32 6, label %24 i32 7, label %27 i32 10, label %33 i32 11, label %37 i32 22, label %41 i32 31, label %45 i32 17, label %49 i32 27, label %56 i32 18, label %59 i32 20, label %63 i32 23, label %68 i32 28, label %78 i32 33, label %80 i32 34, label %83 i32 35, label %88 i32 36, label %99 i32 38, label %100 i32 39, label %107 i32 42, label %111 i32 40, label %116 i32 41, label %118 i32 30, label %121 i32 5, label %121 i32 8, label %121 i32 9, label %121 i32 12, label %121 i32 13, label %121 i32 15, label %121 i32 16, label %121 i32 19, label %121 i32 21, label %121 i32 24, label %121 i32 25, label %121 i32 26, label %121 i32 29, label %121 i32 37, label %121 i32 43, label %121 i32 44, label %121 i32 45, label %121 i32 48, label %121 i32 49, label %121 i32 53, label %121 i32 55, label %121 i32 56, label %121 i32 50, label %122 i32 46, label %124 i32 47, label %129 i32 51, label %139 i32 52, label %143 i32 54, label %150 ] tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.40028, i64 0, i64 0), i32 %14) #83 ------------- Use: =BAD PATH= Call Stack: 0 crc_control_write ------------- Path:  Function:crc_control_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_crtc.400184** %11 = load %struct.drm_crtc.400184*, %struct.drm_crtc.400184** %10, align 8 %12 = bitcast i64* %5 to i8* %13 = icmp eq i64 %2, 0 br i1 %13, label %48, label %14 %15 = icmp ugt i64 %2, 4095 br i1 %15, label %16, label %17 tail call void (i32, i8*, ...) @__drm_dbg(i32 4, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.39724, i64 0, i64 0), i64 4096) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_compat_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.static_call_site, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %10 = tail call i64 bitcast (i64 (%struct.file.398249*, i32, i64)* @drm_compat_ioctl to i64 (%struct.file.425584*, i32, i64)*)(%struct.file.425584* %0, i32 %1, i64 %2) #83 Function:drm_compat_ioctl %4 = and i32 %1, 255 %5 = getelementptr inbounds %struct.file.398249, %struct.file.398249* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.drm_file.398296** %7 = load %struct.drm_file.398296*, %struct.drm_file.398296** %6, align 8 %8 = icmp ugt i32 %4, 184 br i1 %8, label %9, label %11 %12 = zext i32 %4 to i64 %13 = getelementptr [185 x %struct.anon.83.398250], [185 x %struct.anon.83.398250]* @drm_compat_ioctls, i64 0, i64 %12, i32 0 %14 = load i32 (%struct.file.398249*, i32, i64)*, i32 (%struct.file.398249*, i32, i64)** %13, align 16 %15 = icmp eq i32 (%struct.file.398249*, i32, i64)* %14, null br i1 %15, label %16, label %18 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.398209** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.398209**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.398209* %21 = getelementptr inbounds %struct.task_struct.398209, %struct.task_struct.398209* %20, i64 0, i32 96, i64 0 %22 = getelementptr inbounds %struct.task_struct.398209, %struct.task_struct.398209* %20, i64 0, i32 62 %23 = load i32, i32* %22, align 32 %24 = getelementptr inbounds %struct.drm_file.398296, %struct.drm_file.398296* %7, i64 0, i32 13 %25 = load %struct.drm_minor.398283*, %struct.drm_minor.398283** %24, align 8 %26 = getelementptr inbounds %struct.drm_minor.398283, %struct.drm_minor.398283* %25, i64 0, i32 2 %27 = load %struct.device.398280*, %struct.device.398280** %26, align 8 %28 = getelementptr inbounds %struct.device.398280, %struct.device.398280* %27, i64 0, i32 28 %29 = load i32, i32* %28, align 4 %30 = lshr i32 %29, 20 %31 = shl nuw nsw i32 %30, 8 %32 = or i32 %31, %29 %33 = and i32 %32, 65535 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds %struct.drm_file.398296, %struct.drm_file.398296* %7, i64 0, i32 0 %36 = load i8, i8* %35, align 8, !range !5 %37 = zext i8 %36 to i32 %38 = getelementptr [185 x %struct.anon.83.398250], [185 x %struct.anon.83.398250]* @drm_compat_ioctls, i64 0, i64 %12, i32 1 %39 = load i8*, i8** %38, align 8 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.39630, i64 0, i64 0), i8* %21, i32 %23, i64 %34, i32 %37, i8* %39) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_noop ------------- Path:  Function:drm_noop tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.38119, i64 0, i64 0)) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.382942** %8 = load %struct.drm_file.382942*, %struct.drm_file.382942** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 13 %12 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %12, i64 0, i32 3 %14 = load %struct.drm_device.382975*, %struct.drm_device.382975** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.373290*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.382975*, i32*)*)(%struct.drm_device.382975* %14, i32* nonnull %4) #83 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #83 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.382975, %struct.drm_device.382975* %14, i64 0, i32 4 %27 = load %struct.drm_driver.382950*, %struct.drm_driver.382950** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.382950, %struct.drm_driver.382950* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.382950*, %struct.drm_driver.382950** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.382950, %struct.drm_driver.382950* %37, i64 0, i32 25 %39 = load %struct.drm_ioctl_desc.382949*, %struct.drm_ioctl_desc.382949** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.382949* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 96, i64 0 %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 62 %74 = load i32, i32* %73, align 32 %75 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %76 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %75, i64 0, i32 2 %77 = load %struct.device*, %struct.device** %76, align 8 %78 = getelementptr inbounds %struct.device, %struct.device* %77, i64 0, i32 28 %79 = load i32, i32* %78, align 4 %80 = lshr i32 %79, 20 %81 = shl nuw nsw i32 %80, 8 %82 = or i32 %81, %79 %83 = and i32 %82, 65535 %84 = zext i32 %83 to i64 %85 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 0 %86 = load i8, i8* %85, align 8, !range !6 %87 = zext i8 %86 to i32 %88 = getelementptr inbounds %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %53, i64 0, i32 3 %89 = load i8*, i8** %88, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.1.38229, i64 0, i64 0), i8* %72, i32 %74, i64 %84, i32 %87, i8* %89) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.static_call_site, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %35 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.425584*, i32, i64)*)(%struct.file.425584* %0, i32 %1, i64 %2) #83 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.382942** %8 = load %struct.drm_file.382942*, %struct.drm_file.382942** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 13 %12 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %12, i64 0, i32 3 %14 = load %struct.drm_device.382975*, %struct.drm_device.382975** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.373290*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.382975*, i32*)*)(%struct.drm_device.382975* %14, i32* nonnull %4) #83 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #83 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.382975, %struct.drm_device.382975* %14, i64 0, i32 4 %27 = load %struct.drm_driver.382950*, %struct.drm_driver.382950** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.382950, %struct.drm_driver.382950* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.382950*, %struct.drm_driver.382950** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.382950, %struct.drm_driver.382950* %37, i64 0, i32 25 %39 = load %struct.drm_ioctl_desc.382949*, %struct.drm_ioctl_desc.382949** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.382949* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 96, i64 0 %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 62 %74 = load i32, i32* %73, align 32 %75 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %76 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %75, i64 0, i32 2 %77 = load %struct.device*, %struct.device** %76, align 8 %78 = getelementptr inbounds %struct.device, %struct.device* %77, i64 0, i32 28 %79 = load i32, i32* %78, align 4 %80 = lshr i32 %79, 20 %81 = shl nuw nsw i32 %80, 8 %82 = or i32 %81, %79 %83 = and i32 %82, 65535 %84 = zext i32 %83 to i64 %85 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 0 %86 = load i8, i8* %85, align 8, !range !6 %87 = zext i8 %86 to i32 %88 = getelementptr inbounds %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %53, i64 0, i32 3 %89 = load i8*, i8** %88, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.1.38229, i64 0, i64 0), i8* %72, i32 %74, i64 %84, i32 %87, i8* %89) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.382942** %8 = load %struct.drm_file.382942*, %struct.drm_file.382942** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 13 %12 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %12, i64 0, i32 3 %14 = load %struct.drm_device.382975*, %struct.drm_device.382975** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.373290*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.382975*, i32*)*)(%struct.drm_device.382975* %14, i32* nonnull %4) #83 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #83 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.382975, %struct.drm_device.382975* %14, i64 0, i32 4 %27 = load %struct.drm_driver.382950*, %struct.drm_driver.382950** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.382950, %struct.drm_driver.382950* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %127 = phi i32 [ %52, %122 ], [ %9, %42 ], [ %9, %25 ] %128 = phi i32 [ %124, %122 ], [ -22, %42 ], [ -22, %25 ] %129 = phi i8* [ %123, %122 ], [ null, %42 ], [ null, %25 ] %130 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %131 = inttoptr i64 %130 to %struct.task_struct* %132 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %131, i64 0, i32 96, i64 0 %133 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %131, i64 0, i32 62 %134 = load i32, i32* %133, align 32 %135 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %136 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %135, i64 0, i32 2 %137 = load %struct.device*, %struct.device** %136, align 8 %138 = getelementptr inbounds %struct.device, %struct.device* %137, i64 0, i32 28 %139 = load i32, i32* %138, align 4 %140 = lshr i32 %139, 20 %141 = shl nuw nsw i32 %140, 8 %142 = or i32 %141, %139 %143 = and i32 %142, 65535 %144 = zext i32 %143 to i64 %145 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 0 %146 = load i8, i8* %145, align 8, !range !6 %147 = zext i8 %146 to i32 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([77 x i8], [77 x i8]* @.str.3.38231, i64 0, i64 0), i8* %132, i32 %134, i64 %144, i32 %147, i32 %1, i32 %127) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.static_call_site, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %35 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.425584*, i32, i64)*)(%struct.file.425584* %0, i32 %1, i64 %2) #83 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.382942** %8 = load %struct.drm_file.382942*, %struct.drm_file.382942** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 13 %12 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %12, i64 0, i32 3 %14 = load %struct.drm_device.382975*, %struct.drm_device.382975** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.373290*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.382975*, i32*)*)(%struct.drm_device.382975* %14, i32* nonnull %4) #83 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #83 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.382975, %struct.drm_device.382975* %14, i64 0, i32 4 %27 = load %struct.drm_driver.382950*, %struct.drm_driver.382950** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.382950, %struct.drm_driver.382950* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %127 = phi i32 [ %52, %122 ], [ %9, %42 ], [ %9, %25 ] %128 = phi i32 [ %124, %122 ], [ -22, %42 ], [ -22, %25 ] %129 = phi i8* [ %123, %122 ], [ null, %42 ], [ null, %25 ] %130 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %131 = inttoptr i64 %130 to %struct.task_struct* %132 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %131, i64 0, i32 96, i64 0 %133 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %131, i64 0, i32 62 %134 = load i32, i32* %133, align 32 %135 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %136 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %135, i64 0, i32 2 %137 = load %struct.device*, %struct.device** %136, align 8 %138 = getelementptr inbounds %struct.device, %struct.device* %137, i64 0, i32 28 %139 = load i32, i32* %138, align 4 %140 = lshr i32 %139, 20 %141 = shl nuw nsw i32 %140, 8 %142 = or i32 %141, %139 %143 = and i32 %142, 65535 %144 = zext i32 %143 to i64 %145 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 0 %146 = load i8, i8* %145, align 8, !range !6 %147 = zext i8 %146 to i32 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([77 x i8], [77 x i8]* @.str.3.38231, i64 0, i64 0), i8* %132, i32 %134, i64 %144, i32 %147, i32 %1, i32 %127) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.382942** %8 = load %struct.drm_file.382942*, %struct.drm_file.382942** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 13 %12 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %12, i64 0, i32 3 %14 = load %struct.drm_device.382975*, %struct.drm_device.382975** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.373290*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.382975*, i32*)*)(%struct.drm_device.382975* %14, i32* nonnull %4) #83 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #83 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.382975, %struct.drm_device.382975* %14, i64 0, i32 4 %27 = load %struct.drm_driver.382950*, %struct.drm_driver.382950** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.382950, %struct.drm_driver.382950* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.382950*, %struct.drm_driver.382950** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.382950, %struct.drm_driver.382950* %37, i64 0, i32 25 %39 = load %struct.drm_ioctl_desc.382949*, %struct.drm_ioctl_desc.382949** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.382949* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 96, i64 0 %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 62 %74 = load i32, i32* %73, align 32 %75 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %76 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %75, i64 0, i32 2 %77 = load %struct.device*, %struct.device** %76, align 8 %78 = getelementptr inbounds %struct.device, %struct.device* %77, i64 0, i32 28 %79 = load i32, i32* %78, align 4 %80 = lshr i32 %79, 20 %81 = shl nuw nsw i32 %80, 8 %82 = or i32 %81, %79 %83 = and i32 %82, 65535 %84 = zext i32 %83 to i64 %85 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 0 %86 = load i8, i8* %85, align 8, !range !6 %87 = zext i8 %86 to i32 %88 = getelementptr inbounds %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %53, i64 0, i32 3 %89 = load i8*, i8** %88, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.1.38229, i64 0, i64 0), i8* %72, i32 %74, i64 %84, i32 %87, i8* %89) #83 %90 = getelementptr inbounds %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %53, i64 0, i32 2 %91 = bitcast {}** %90 to i32 (%struct.drm_device.382975*, i8*, %struct.drm_file.382942*)** %92 = load i32 (%struct.drm_device.382975*, i8*, %struct.drm_file.382942*)*, i32 (%struct.drm_device.382975*, i8*, %struct.drm_file.382942*)** %91, align 8 %93 = icmp eq i32 (%struct.drm_device.382975*, i8*, %struct.drm_file.382942*)* %92, null br i1 %93, label %94, label %95, !prof !7, !misexpect !8 %96 = icmp ult i32 %69, 129 br i1 %96, label %101, label %97 %102 = phi i8* [ %99, %97 ], [ %10, %95 ] %103 = inttoptr i64 %2 to i8* %104 = zext i32 %63 to i64 %105 = call i64 @_copy_from_user(i8* %102, i8* %103, i64 %104) #83 %106 = icmp eq i64 %105, 0 br i1 %106, label %107, label %122 %108 = icmp ugt i32 %69, %63 br i1 %108, label %109, label %113 %110 = getelementptr i8, i8* %102, i64 %104 %111 = sub nsw i32 %69, %63 %112 = zext i32 %111 to i64 br label %113 %114 = getelementptr inbounds %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %53, i64 0, i32 1 %115 = load i32, i32* %114, align 4 %116 = call i64 @drm_ioctl_kernel(%struct.file* %0, i32 (%struct.drm_device.382975*, i8*, %struct.drm_file.382942*)* nonnull %92, i8* %102, i32 %115) #85 %117 = trunc i64 %116 to i32 %118 = zext i32 %65 to i64 %119 = call i64 @_copy_to_user(i8* %103, i8* %102, i64 %118) #83 %120 = icmp eq i64 %119, 0 %121 = select i1 %120, i32 %117, i32 -14 br label %122 %123 = phi i8* [ null, %94 ], [ null, %97 ], [ %102, %101 ], [ %102, %113 ] %124 = phi i32 [ -22, %94 ], [ -12, %97 ], [ -14, %101 ], [ %121, %113 ] %125 = icmp eq %struct.drm_ioctl_desc.382949* %53, null br i1 %125, label %126, label %148 %149 = phi i32 [ %124, %122 ], [ %128, %126 ] %150 = phi i8* [ %123, %122 ], [ %129, %126 ] %151 = icmp eq i8* %150, %10 br i1 %151, label %153, label %152 %154 = icmp eq i32 %149, 0 br i1 %154, label %161, label %155 %156 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %157 = inttoptr i64 %156 to %struct.task_struct* %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %157, i64 0, i32 96, i64 0 %159 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %157, i64 0, i32 62 %160 = load i32, i32* %159, align 32 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.4.38232, i64 0, i64 0), i8* %158, i32 %160, i32 %149) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca %struct.static_call_site, align 4 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %34 %35 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.425584*, i32, i64)*)(%struct.file.425584* %0, i32 %1, i64 %2) #83 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.382942** %8 = load %struct.drm_file.382942*, %struct.drm_file.382942** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 13 %12 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %12, i64 0, i32 3 %14 = load %struct.drm_device.382975*, %struct.drm_device.382975** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.373290*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.382975*, i32*)*)(%struct.drm_device.382975* %14, i32* nonnull %4) #83 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #83 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.382975, %struct.drm_device.382975* %14, i64 0, i32 4 %27 = load %struct.drm_driver.382950*, %struct.drm_driver.382950** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.382950, %struct.drm_driver.382950* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.382950*, %struct.drm_driver.382950** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.382950, %struct.drm_driver.382950* %37, i64 0, i32 25 %39 = load %struct.drm_ioctl_desc.382949*, %struct.drm_ioctl_desc.382949** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.382949* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 96, i64 0 %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 62 %74 = load i32, i32* %73, align 32 %75 = load %struct.drm_minor.382940*, %struct.drm_minor.382940** %11, align 8 %76 = getelementptr inbounds %struct.drm_minor.382940, %struct.drm_minor.382940* %75, i64 0, i32 2 %77 = load %struct.device*, %struct.device** %76, align 8 %78 = getelementptr inbounds %struct.device, %struct.device* %77, i64 0, i32 28 %79 = load i32, i32* %78, align 4 %80 = lshr i32 %79, 20 %81 = shl nuw nsw i32 %80, 8 %82 = or i32 %81, %79 %83 = and i32 %82, 65535 %84 = zext i32 %83 to i64 %85 = getelementptr inbounds %struct.drm_file.382942, %struct.drm_file.382942* %8, i64 0, i32 0 %86 = load i8, i8* %85, align 8, !range !6 %87 = zext i8 %86 to i32 %88 = getelementptr inbounds %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %53, i64 0, i32 3 %89 = load i8*, i8** %88, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.1.38229, i64 0, i64 0), i8* %72, i32 %74, i64 %84, i32 %87, i8* %89) #83 %90 = getelementptr inbounds %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %53, i64 0, i32 2 %91 = bitcast {}** %90 to i32 (%struct.drm_device.382975*, i8*, %struct.drm_file.382942*)** %92 = load i32 (%struct.drm_device.382975*, i8*, %struct.drm_file.382942*)*, i32 (%struct.drm_device.382975*, i8*, %struct.drm_file.382942*)** %91, align 8 %93 = icmp eq i32 (%struct.drm_device.382975*, i8*, %struct.drm_file.382942*)* %92, null br i1 %93, label %94, label %95, !prof !7, !misexpect !8 %96 = icmp ult i32 %69, 129 br i1 %96, label %101, label %97 %102 = phi i8* [ %99, %97 ], [ %10, %95 ] %103 = inttoptr i64 %2 to i8* %104 = zext i32 %63 to i64 %105 = call i64 @_copy_from_user(i8* %102, i8* %103, i64 %104) #83 %106 = icmp eq i64 %105, 0 br i1 %106, label %107, label %122 %108 = icmp ugt i32 %69, %63 br i1 %108, label %109, label %113 %110 = getelementptr i8, i8* %102, i64 %104 %111 = sub nsw i32 %69, %63 %112 = zext i32 %111 to i64 br label %113 %114 = getelementptr inbounds %struct.drm_ioctl_desc.382949, %struct.drm_ioctl_desc.382949* %53, i64 0, i32 1 %115 = load i32, i32* %114, align 4 %116 = call i64 @drm_ioctl_kernel(%struct.file* %0, i32 (%struct.drm_device.382975*, i8*, %struct.drm_file.382942*)* nonnull %92, i8* %102, i32 %115) #85 %117 = trunc i64 %116 to i32 %118 = zext i32 %65 to i64 %119 = call i64 @_copy_to_user(i8* %103, i8* %102, i64 %118) #83 %120 = icmp eq i64 %119, 0 %121 = select i1 %120, i32 %117, i32 -14 br label %122 %123 = phi i8* [ null, %94 ], [ null, %97 ], [ %102, %101 ], [ %102, %113 ] %124 = phi i32 [ -22, %94 ], [ -12, %97 ], [ -14, %101 ], [ %121, %113 ] %125 = icmp eq %struct.drm_ioctl_desc.382949* %53, null br i1 %125, label %126, label %148 %149 = phi i32 [ %124, %122 ], [ %128, %126 ] %150 = phi i8* [ %123, %122 ], [ %129, %126 ] %151 = icmp eq i8* %150, %10 br i1 %151, label %153, label %152 %154 = icmp eq i32 %149, 0 br i1 %154, label %161, label %155 %156 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %157 = inttoptr i64 %156 to %struct.task_struct* %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %157, i64 0, i32 96, i64 0 %159 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %157, i64 0, i32 62 %160 = load i32, i32* %159, align 32 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.4.38232, i64 0, i64 0), i8* %158, i32 %160, i32 %149) #83 ------------- Use: =BAD PATH= Call Stack: 0 drm_stub_open ------------- Path:  Function:drm_stub_open tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.38240, i64 0, i64 0)) #83 ------------- Good: 1290 Bad: 28 Ignored: 803 Check Use of Function:__drm_mode_set_config_internal Check Use of Function:drm_atomic_helper_set_config Check Use of Function:drm_mode_get_hv_timing Check Use of Function:sd_pr_preempt Check Use of Function:power_supply_changed Check Use of Function:i915_gem_flush_free_objects Use: =BAD PATH= Call Stack: 0 __i915_gem_object_create_user_ext 1 i915_gem_create_ext_ioctl ------------- Path:  Function:i915_gem_create_ext_ioctl %4 = alloca %struct.create_ext.473307, align 8 %5 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.473291* %6 = bitcast %struct.create_ext.473307* %4 to i8* %7 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 1 %8 = bitcast [4 x %struct.intel_memory_region.473294*]* %7 to i8* %9 = bitcast %struct.create_ext.473307* %4 to %struct.drm_device.373290** store %struct.drm_device.373290* %0, %struct.drm_device.373290** %9, align 8 %10 = getelementptr inbounds i8, i8* %1, i64 12 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %61 %15 = getelementptr inbounds i8, i8* %1, i64 16 %16 = bitcast i8* %15 to %struct.i915_user_extension** %17 = load %struct.i915_user_extension*, %struct.i915_user_extension** %16, align 8 %18 = call i32 @i915_user_extensions(%struct.i915_user_extension* %17, i32 (%struct.i915_user_extension*, i8*)** getelementptr inbounds ([2 x i32 (%struct.i915_user_extension*, i8*)*], [2 x i32 (%struct.i915_user_extension*, i8*)*]* @create_extensions.42261, i64 0, i64 0), i32 2, i8* nonnull %6) #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %61 %21 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %27 %28 = phi i32 [ %22, %20 ], [ 1, %24 ] %29 = bitcast i8* %1 to i64* %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 1, i64 0 %32 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 3 %33 = load i64, i64* %32, align 8 %34 = trunc i64 %33 to i32 %35 = call fastcc %struct.drm_i915_gem_object.473306* @__i915_gem_object_create_user_ext(%struct.drm_i915_private.473291* %5, i64 %30, %struct.intel_memory_region.473294** %31, i32 %28, i32 %34) #84 Function:__i915_gem_object_create_user_ext %6 = bitcast %struct.intel_memory_region.473294** %2 to i8* %7 = load %struct.intel_memory_region.473294*, %struct.intel_memory_region.473294** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.436298*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.473291*)*)(%struct.drm_i915_private.473291* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 __i915_gem_object_create_user_ext 1 i915_gem_create_ioctl ------------- Path:  Function:i915_gem_create_ioctl %4 = alloca %struct.intel_memory_region.473294*, align 8 %5 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.473291* %6 = bitcast %struct.intel_memory_region.473294** %4 to i8* %7 = tail call %struct.intel_memory_region.473294* bitcast (%struct.intel_memory_region.415924* (%struct.drm_i915_private.415921*, i32)* @intel_memory_region_by_type to %struct.intel_memory_region.473294* (%struct.drm_i915_private.473291*, i32)*)(%struct.drm_i915_private.473291* %5, i32 0) #83 store %struct.intel_memory_region.473294* %7, %struct.intel_memory_region.473294** %4, align 8 %8 = bitcast i8* %1 to i64* %9 = load i64, i64* %8, align 8 %10 = call fastcc %struct.drm_i915_gem_object.473306* @__i915_gem_object_create_user_ext(%struct.drm_i915_private.473291* %5, i64 %9, %struct.intel_memory_region.473294** nonnull %4, i32 1, i32 0) #83 Function:__i915_gem_object_create_user_ext %6 = bitcast %struct.intel_memory_region.473294** %2 to i8* %7 = load %struct.intel_memory_region.473294*, %struct.intel_memory_region.473294** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.436298*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.473291*)*)(%struct.drm_i915_private.473291* %0) #83 ------------- Good: 2 Bad: 2 Ignored: 4 Check Use of Function:drm_mode_convert_umode Check Use of Function:pci_bus_write_config_byte Check Use of Function:netlink_ack Use: =BAD PATH= Call Stack: 0 netlink_rcv_skb 1 uevent_net_rcv ------------- Path:  Function:uevent_net_rcv %2 = tail call i32 @netlink_rcv_skb(%struct.sk_buff* %0, i32 (%struct.sk_buff*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @uevent_net_rcv_skb) #83 Function:netlink_rcv_skb %3 = alloca %struct.netlink_ext_ack, align 8 %4 = bitcast %struct.netlink_ext_ack* %3 to i8* %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = icmp ult i32 %6, 16 br i1 %7, label %51, label %8 %9 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %10 = bitcast i8** %9 to %struct.nlmsghdr** br label %11 %12 = phi i32 [ %6, %8 ], [ %49, %41 ] %13 = load %struct.nlmsghdr*, %struct.nlmsghdr** %10, align 8 %14 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp ult i32 %15, 16 %17 = icmp ult i32 %12, %15 %18 = or i1 %16, %17 br i1 %18, label %51, label %19 %20 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 2 %21 = load i16, i16* %20, align 2 %22 = and i16 %21, 1 %23 = icmp eq i16 %22, 0 br i1 %23, label %33, label %24 %25 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 1 %26 = load i16, i16* %25, align 4 %27 = icmp ult i16 %26, 16 br i1 %27, label %33, label %28 %29 = call i32 %1(%struct.sk_buff* %0, %struct.nlmsghdr* %13, %struct.netlink_ext_ack* nonnull %3) #83 %30 = icmp eq i32 %29, -4 br i1 %30, label %41, label %31 %32 = load i16, i16* %20, align 2 br label %33 %34 = phi i16 [ %21, %24 ], [ %32, %31 ], [ %21, %19 ] %35 = phi i32 [ 0, %24 ], [ %29, %31 ], [ 0, %19 ] %36 = and i16 %34, 4 %37 = icmp ne i16 %36, 0 %38 = icmp ne i32 %35, 0 %39 = or i1 %38, %37 br i1 %39, label %40, label %41 call void @netlink_ack(%struct.sk_buff* %0, %struct.nlmsghdr* %13, i32 %35, %struct.netlink_ext_ack* nonnull %3) #84 ------------- Use: =BAD PATH= Call Stack: 0 netlink_rcv_skb 1 rtnetlink_rcv ------------- Path:  Function:rtnetlink_rcv %2 = tail call i32 @netlink_rcv_skb(%struct.sk_buff* %0, i32 (%struct.sk_buff*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @rtnetlink_rcv_msg) #83 Function:netlink_rcv_skb %3 = alloca %struct.netlink_ext_ack, align 8 %4 = bitcast %struct.netlink_ext_ack* %3 to i8* %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = icmp ult i32 %6, 16 br i1 %7, label %51, label %8 %9 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %10 = bitcast i8** %9 to %struct.nlmsghdr** br label %11 %12 = phi i32 [ %6, %8 ], [ %49, %41 ] %13 = load %struct.nlmsghdr*, %struct.nlmsghdr** %10, align 8 %14 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp ult i32 %15, 16 %17 = icmp ult i32 %12, %15 %18 = or i1 %16, %17 br i1 %18, label %51, label %19 %20 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 2 %21 = load i16, i16* %20, align 2 %22 = and i16 %21, 1 %23 = icmp eq i16 %22, 0 br i1 %23, label %33, label %24 %25 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 1 %26 = load i16, i16* %25, align 4 %27 = icmp ult i16 %26, 16 br i1 %27, label %33, label %28 %29 = call i32 %1(%struct.sk_buff* %0, %struct.nlmsghdr* %13, %struct.netlink_ext_ack* nonnull %3) #83 %30 = icmp eq i32 %29, -4 br i1 %30, label %41, label %31 %32 = load i16, i16* %20, align 2 br label %33 %34 = phi i16 [ %21, %24 ], [ %32, %31 ], [ %21, %19 ] %35 = phi i32 [ 0, %24 ], [ %29, %31 ], [ 0, %19 ] %36 = and i16 %34, 4 %37 = icmp ne i16 %36, 0 %38 = icmp ne i32 %35, 0 %39 = or i1 %38, %37 br i1 %39, label %40, label %41 call void @netlink_ack(%struct.sk_buff* %0, %struct.nlmsghdr* %13, i32 %35, %struct.netlink_ext_ack* nonnull %3) #84 ------------- Good: 16 Bad: 2 Ignored: 1 Check Use of Function:empty_dir_lookup Check Use of Function:drm_mode_debug_printmodeline Check Use of Function:drm_get_mode_status_name Check Use of Function:acpi_debugfs_init Check Use of Function:get_futex_key Use: =BAD PATH= Call Stack: 0 futex_wake_op 1 do_futex 2 __se_sys_futex 3 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %44 = tail call i32 @futex_wake_op(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32 %6) #83 Function:futex_wake_op %7 = alloca [16 x i8], align 16 %8 = alloca %union.futex_key, align 8 %9 = alloca %union.futex_key, align 8 %10 = alloca %struct.wake_q_head, align 8 %11 = bitcast %union.futex_key* %8 to i8* %12 = bitcast %union.futex_key* %9 to i8* %13 = bitcast %struct.wake_q_head* %10 to i8* %14 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %10, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %14, align 8 %15 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %10, i64 0, i32 1 store %struct.wake_q_node** %14, %struct.wake_q_node*** %15, align 8 %16 = and i32 %1, 1 %17 = icmp ne i32 %16, 0 %18 = call i32 @get_futex_key(i32* %0, i1 zeroext %17, %union.futex_key* nonnull %8, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_wake_op 1 do_futex 2 __se_sys_futex 3 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %44 = tail call i32 @futex_wake_op(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32 %6) #83 Function:futex_wake_op %7 = alloca [16 x i8], align 16 %8 = alloca %union.futex_key, align 8 %9 = alloca %union.futex_key, align 8 %10 = alloca %struct.wake_q_head, align 8 %11 = bitcast %union.futex_key* %8 to i8* %12 = bitcast %union.futex_key* %9 to i8* %13 = bitcast %struct.wake_q_head* %10 to i8* %14 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %10, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %14, align 8 %15 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %10, i64 0, i32 1 store %struct.wake_q_node** %14, %struct.wake_q_node*** %15, align 8 %16 = and i32 %1, 1 %17 = icmp ne i32 %16, 0 %18 = call i32 @get_futex_key(i32* %0, i1 zeroext %17, %union.futex_key* nonnull %8, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_wake_op 1 do_futex 2 __se_sys_futex_time32 3 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %44 = tail call i32 @futex_wake_op(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32 %6) #83 Function:futex_wake_op %7 = alloca [16 x i8], align 16 %8 = alloca %union.futex_key, align 8 %9 = alloca %union.futex_key, align 8 %10 = alloca %struct.wake_q_head, align 8 %11 = bitcast %union.futex_key* %8 to i8* %12 = bitcast %union.futex_key* %9 to i8* %13 = bitcast %struct.wake_q_head* %10 to i8* %14 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %10, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %14, align 8 %15 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %10, i64 0, i32 1 store %struct.wake_q_node** %14, %struct.wake_q_node*** %15, align 8 %16 = and i32 %1, 1 %17 = icmp ne i32 %16, 0 %18 = call i32 @get_futex_key(i32* %0, i1 zeroext %17, %union.futex_key* nonnull %8, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_wake_op 1 do_futex 2 __se_sys_futex_time32 3 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %44 = tail call i32 @futex_wake_op(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32 %6) #83 Function:futex_wake_op %7 = alloca [16 x i8], align 16 %8 = alloca %union.futex_key, align 8 %9 = alloca %union.futex_key, align 8 %10 = alloca %struct.wake_q_head, align 8 %11 = bitcast %union.futex_key* %8 to i8* %12 = bitcast %union.futex_key* %9 to i8* %13 = bitcast %struct.wake_q_head* %10 to i8* %14 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %10, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %14, align 8 %15 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %10, i64 0, i32 1 store %struct.wake_q_node** %14, %struct.wake_q_node*** %15, align 8 %16 = and i32 %1, 1 %17 = icmp ne i32 %16, 0 %18 = call i32 @get_futex_key(i32* %0, i1 zeroext %17, %union.futex_key* nonnull %8, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_wake 1 do_futex 2 __se_sys_futex 3 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_wake 1 do_futex 2 __se_sys_futex 3 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_wake 1 do_futex 2 __se_sys_futex_time32 3 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_wake 1 do_futex 2 __se_sys_futex_time32 3 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %34 = phi i32 [ %6, %21 ], [ %6, %26 ], [ -1, %32 ] %35 = tail call i32 @futex_wake(i32* %0, i32 %22, i32 %2, i32 %34) #83 Function:futex_wake %5 = alloca %union.futex_key, align 8 %6 = alloca %struct.wake_q_head, align 8 %7 = bitcast %union.futex_key* %5 to i8* %8 = bitcast %struct.wake_q_head* %6 to i8* %9 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %9, align 8 %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %6, i64 0, i32 1 store %struct.wake_q_node** %9, %struct.wake_q_node*** %10, align 8 %11 = icmp eq i32 %3, 0 br i1 %11, label %84, label %12 %13 = and i32 %1, 1 %14 = icmp ne i32 %13, 0 %15 = call i32 @get_futex_key(i32* %0, i1 zeroext %14, %union.futex_key* nonnull %5, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_requeue 1 do_futex 2 __se_sys_futex 3 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %38 = tail call i32 @futex_requeue(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32* null, i32 0) #83 Function:futex_requeue %8 = alloca i32, align 4 %9 = alloca %union.futex_key, align 8 %10 = alloca %union.futex_key, align 8 %11 = alloca %struct.futex_pi_state*, align 8 %12 = alloca %struct.wake_q_head, align 8 %13 = alloca i32, align 4 %14 = alloca %struct.task_struct*, align 8 %15 = bitcast %union.futex_key* %9 to i8* %16 = bitcast %union.futex_key* %10 to i8* %17 = bitcast %struct.futex_pi_state** %11 to i8* store %struct.futex_pi_state* null, %struct.futex_pi_state** %11, align 8 %18 = bitcast %struct.wake_q_head* %12 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 %21 = or i32 %4, %3 %22 = icmp sgt i32 %21, -1 br i1 %22, label %23, label %438 %24 = icmp eq i32 %6, 0 br i1 %24, label %32, label %25 %26 = icmp ne i32* %0, %2 %27 = icmp eq i32 %3, 1 %28 = and i1 %26, %27 br i1 %28, label %29, label %438 %30 = call i32 @refill_pi_state_cache() #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %438 %33 = and i32 %1, 1 %34 = icmp ne i32 %33, 0 %35 = call i32 @get_futex_key(i32* %0, i1 zeroext %34, %union.futex_key* nonnull %9, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_requeue 1 do_futex 2 __se_sys_futex 3 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %38 = tail call i32 @futex_requeue(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32* null, i32 0) #83 Function:futex_requeue %8 = alloca i32, align 4 %9 = alloca %union.futex_key, align 8 %10 = alloca %union.futex_key, align 8 %11 = alloca %struct.futex_pi_state*, align 8 %12 = alloca %struct.wake_q_head, align 8 %13 = alloca i32, align 4 %14 = alloca %struct.task_struct*, align 8 %15 = bitcast %union.futex_key* %9 to i8* %16 = bitcast %union.futex_key* %10 to i8* %17 = bitcast %struct.futex_pi_state** %11 to i8* store %struct.futex_pi_state* null, %struct.futex_pi_state** %11, align 8 %18 = bitcast %struct.wake_q_head* %12 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 %21 = or i32 %4, %3 %22 = icmp sgt i32 %21, -1 br i1 %22, label %23, label %438 %24 = icmp eq i32 %6, 0 br i1 %24, label %32, label %25 %26 = icmp ne i32* %0, %2 %27 = icmp eq i32 %3, 1 %28 = and i1 %26, %27 br i1 %28, label %29, label %438 %30 = call i32 @refill_pi_state_cache() #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %438 %33 = and i32 %1, 1 %34 = icmp ne i32 %33, 0 %35 = call i32 @get_futex_key(i32* %0, i1 zeroext %34, %union.futex_key* nonnull %9, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_requeue 1 do_futex 2 __se_sys_futex_time32 3 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %38 = tail call i32 @futex_requeue(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32* null, i32 0) #83 Function:futex_requeue %8 = alloca i32, align 4 %9 = alloca %union.futex_key, align 8 %10 = alloca %union.futex_key, align 8 %11 = alloca %struct.futex_pi_state*, align 8 %12 = alloca %struct.wake_q_head, align 8 %13 = alloca i32, align 4 %14 = alloca %struct.task_struct*, align 8 %15 = bitcast %union.futex_key* %9 to i8* %16 = bitcast %union.futex_key* %10 to i8* %17 = bitcast %struct.futex_pi_state** %11 to i8* store %struct.futex_pi_state* null, %struct.futex_pi_state** %11, align 8 %18 = bitcast %struct.wake_q_head* %12 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 %21 = or i32 %4, %3 %22 = icmp sgt i32 %21, -1 br i1 %22, label %23, label %438 %24 = icmp eq i32 %6, 0 br i1 %24, label %32, label %25 %26 = icmp ne i32* %0, %2 %27 = icmp eq i32 %3, 1 %28 = and i1 %26, %27 br i1 %28, label %29, label %438 %30 = call i32 @refill_pi_state_cache() #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %438 %33 = and i32 %1, 1 %34 = icmp ne i32 %33, 0 %35 = call i32 @get_futex_key(i32* %0, i1 zeroext %34, %union.futex_key* nonnull %9, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_requeue 1 do_futex 2 __se_sys_futex_time32 3 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %38 = tail call i32 @futex_requeue(i32* %0, i32 %22, i32* %4, i32 %2, i32 %5, i32* null, i32 0) #83 Function:futex_requeue %8 = alloca i32, align 4 %9 = alloca %union.futex_key, align 8 %10 = alloca %union.futex_key, align 8 %11 = alloca %struct.futex_pi_state*, align 8 %12 = alloca %struct.wake_q_head, align 8 %13 = alloca i32, align 4 %14 = alloca %struct.task_struct*, align 8 %15 = bitcast %union.futex_key* %9 to i8* %16 = bitcast %union.futex_key* %10 to i8* %17 = bitcast %struct.futex_pi_state** %11 to i8* store %struct.futex_pi_state* null, %struct.futex_pi_state** %11, align 8 %18 = bitcast %struct.wake_q_head* %12 to i8* %19 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %19, align 8 %20 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %12, i64 0, i32 1 store %struct.wake_q_node** %19, %struct.wake_q_node*** %20, align 8 %21 = or i32 %4, %3 %22 = icmp sgt i32 %21, -1 br i1 %22, label %23, label %438 %24 = icmp eq i32 %6, 0 br i1 %24, label %32, label %25 %26 = icmp ne i32* %0, %2 %27 = icmp eq i32 %3, 1 %28 = and i1 %26, %27 br i1 %28, label %29, label %438 %30 = call i32 @refill_pi_state_cache() #83 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %438 %33 = and i32 %1, 1 %34 = icmp ne i32 %33, 0 %35 = call i32 @get_futex_key(i32* %0, i1 zeroext %34, %union.futex_key* nonnull %9, i32 0) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_unlock_pi 1 do_futex 2 __se_sys_futex 3 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %24 = load i32, i32* @futex_cmpxchg_enabled, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %64, label %26 switch i32 %9, label %64 [ i32 12, label %61 i32 9, label %28 i32 11, label %58 i32 10, label %33 i32 8, label %55 i32 7, label %52 i32 13, label %48 i32 6, label %46 ] %53 = tail call i32 @futex_unlock_pi(i32* %0, i32 %22) #83 Function:futex_unlock_pi %3 = alloca %struct.rt_wake_q_head, align 8 %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca %union.futex_key, align 8 %7 = bitcast i32* %5 to i8* %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %9, i32 0, %struct.pid_namespace* null) #83 %11 = bitcast %union.futex_key* %6 to i8* %13 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %0, i64 4, i64 %12) #6, !srcloc !5 %14 = extractvalue { i32*, i32, i64 } %13, 0 %15 = extractvalue { i32*, i32, i64 } %13, 2 %16 = ptrtoint i32* %14 to i64 %17 = and i64 %16, 4294967295 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %133, !prof !6, !misexpect !7 %20 = extractvalue { i32*, i32, i64 } %13, 1 %21 = and i32 %1, 1 %22 = icmp ne i32 %21, 0 %23 = bitcast %struct.rt_wake_q_head* %3 to i8* %24 = getelementptr inbounds %struct.rt_wake_q_head, %struct.rt_wake_q_head* %3, i64 0, i32 0, i32 0 %25 = getelementptr inbounds %struct.rt_wake_q_head, %struct.rt_wake_q_head* %3, i64 0, i32 0, i32 1 %26 = getelementptr inbounds %struct.rt_wake_q_head, %struct.rt_wake_q_head* %3, i64 0, i32 1 %27 = bitcast i32* %4 to i8* br label %28 %29 = phi i32 [ %20, %19 ], [ %125, %121 ] %30 = and i32 %29, 1073741823 %31 = icmp eq i32 %30, %10 br i1 %31, label %32, label %133 %33 = call i32 @get_futex_key(i32* %0, i1 zeroext %22, %union.futex_key* nonnull %6, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_unlock_pi 1 do_futex 2 __se_sys_futex 3 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %24 = load i32, i32* @futex_cmpxchg_enabled, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %64, label %26 switch i32 %9, label %64 [ i32 12, label %61 i32 9, label %28 i32 11, label %58 i32 10, label %33 i32 8, label %55 i32 7, label %52 i32 13, label %48 i32 6, label %46 ] %53 = tail call i32 @futex_unlock_pi(i32* %0, i32 %22) #83 Function:futex_unlock_pi %3 = alloca %struct.rt_wake_q_head, align 8 %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca %union.futex_key, align 8 %7 = bitcast i32* %5 to i8* %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %9, i32 0, %struct.pid_namespace* null) #83 %11 = bitcast %union.futex_key* %6 to i8* %13 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %0, i64 4, i64 %12) #6, !srcloc !5 %14 = extractvalue { i32*, i32, i64 } %13, 0 %15 = extractvalue { i32*, i32, i64 } %13, 2 %16 = ptrtoint i32* %14 to i64 %17 = and i64 %16, 4294967295 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %133, !prof !6, !misexpect !7 %20 = extractvalue { i32*, i32, i64 } %13, 1 %21 = and i32 %1, 1 %22 = icmp ne i32 %21, 0 %23 = bitcast %struct.rt_wake_q_head* %3 to i8* %24 = getelementptr inbounds %struct.rt_wake_q_head, %struct.rt_wake_q_head* %3, i64 0, i32 0, i32 0 %25 = getelementptr inbounds %struct.rt_wake_q_head, %struct.rt_wake_q_head* %3, i64 0, i32 0, i32 1 %26 = getelementptr inbounds %struct.rt_wake_q_head, %struct.rt_wake_q_head* %3, i64 0, i32 1 %27 = bitcast i32* %4 to i8* br label %28 %29 = phi i32 [ %20, %19 ], [ %125, %121 ] %30 = and i32 %29, 1073741823 %31 = icmp eq i32 %30, %10 br i1 %31, label %32, label %133 %33 = call i32 @get_futex_key(i32* %0, i1 zeroext %22, %union.futex_key* nonnull %6, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_unlock_pi 1 do_futex 2 __se_sys_futex_time32 3 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %24 = load i32, i32* @futex_cmpxchg_enabled, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %64, label %26 switch i32 %9, label %64 [ i32 12, label %61 i32 9, label %28 i32 11, label %58 i32 10, label %33 i32 8, label %55 i32 7, label %52 i32 13, label %48 i32 6, label %46 ] %53 = tail call i32 @futex_unlock_pi(i32* %0, i32 %22) #83 Function:futex_unlock_pi %3 = alloca %struct.rt_wake_q_head, align 8 %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca %union.futex_key, align 8 %7 = bitcast i32* %5 to i8* %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %9, i32 0, %struct.pid_namespace* null) #83 %11 = bitcast %union.futex_key* %6 to i8* %13 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %0, i64 4, i64 %12) #6, !srcloc !5 %14 = extractvalue { i32*, i32, i64 } %13, 0 %15 = extractvalue { i32*, i32, i64 } %13, 2 %16 = ptrtoint i32* %14 to i64 %17 = and i64 %16, 4294967295 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %133, !prof !6, !misexpect !7 %20 = extractvalue { i32*, i32, i64 } %13, 1 %21 = and i32 %1, 1 %22 = icmp ne i32 %21, 0 %23 = bitcast %struct.rt_wake_q_head* %3 to i8* %24 = getelementptr inbounds %struct.rt_wake_q_head, %struct.rt_wake_q_head* %3, i64 0, i32 0, i32 0 %25 = getelementptr inbounds %struct.rt_wake_q_head, %struct.rt_wake_q_head* %3, i64 0, i32 0, i32 1 %26 = getelementptr inbounds %struct.rt_wake_q_head, %struct.rt_wake_q_head* %3, i64 0, i32 1 %27 = bitcast i32* %4 to i8* br label %28 %29 = phi i32 [ %20, %19 ], [ %125, %121 ] %30 = and i32 %29, 1073741823 %31 = icmp eq i32 %30, %10 br i1 %31, label %32, label %133 %33 = call i32 @get_futex_key(i32* %0, i1 zeroext %22, %union.futex_key* nonnull %6, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 futex_unlock_pi 1 do_futex 2 __se_sys_futex_time32 3 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #83 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #83 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct* %46 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %45, i64 0, i32 103 %47 = load %struct.nsproxy*, %struct.nsproxy** %46, align 64 %48 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %47, i64 0, i32 6 %49 = load %struct.time_namespace*, %struct.time_namespace** %48, align 8 %50 = icmp eq %struct.time_namespace* %49, @init_time_ns br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #83 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #83 Function:do_futex %8 = alloca i32, align 4 store i32 %6, i32* %8, align 4 %9 = and i32 %1, -385 %10 = lshr i32 %1, 7 %11 = and i32 %10, 1 %12 = xor i32 %11, 1 %13 = and i32 %1, 256 %14 = icmp eq i32 %13, 0 br i1 %14, label %21, label %15 %22 = phi i32 [ %16, %15 ], [ %12, %7 ] switch i32 %9, label %64 [ i32 6, label %23 i32 13, label %23 i32 7, label %23 i32 8, label %23 i32 11, label %23 i32 12, label %23 i32 0, label %27 i32 9, label %28 i32 1, label %32 i32 10, label %33 i32 3, label %37 i32 4, label %40 i32 5, label %43 ] %24 = load i32, i32* @futex_cmpxchg_enabled, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %64, label %26 switch i32 %9, label %64 [ i32 12, label %61 i32 9, label %28 i32 11, label %58 i32 10, label %33 i32 8, label %55 i32 7, label %52 i32 13, label %48 i32 6, label %46 ] %53 = tail call i32 @futex_unlock_pi(i32* %0, i32 %22) #83 Function:futex_unlock_pi %3 = alloca %struct.rt_wake_q_head, align 8 %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca %union.futex_key, align 8 %7 = bitcast i32* %5 to i8* %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %9, i32 0, %struct.pid_namespace* null) #83 %11 = bitcast %union.futex_key* %6 to i8* %13 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %0, i64 4, i64 %12) #6, !srcloc !5 %14 = extractvalue { i32*, i32, i64 } %13, 0 %15 = extractvalue { i32*, i32, i64 } %13, 2 %16 = ptrtoint i32* %14 to i64 %17 = and i64 %16, 4294967295 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %133, !prof !6, !misexpect !7 %20 = extractvalue { i32*, i32, i64 } %13, 1 %21 = and i32 %1, 1 %22 = icmp ne i32 %21, 0 %23 = bitcast %struct.rt_wake_q_head* %3 to i8* %24 = getelementptr inbounds %struct.rt_wake_q_head, %struct.rt_wake_q_head* %3, i64 0, i32 0, i32 0 %25 = getelementptr inbounds %struct.rt_wake_q_head, %struct.rt_wake_q_head* %3, i64 0, i32 0, i32 1 %26 = getelementptr inbounds %struct.rt_wake_q_head, %struct.rt_wake_q_head* %3, i64 0, i32 1 %27 = bitcast i32* %4 to i8* br label %28 %29 = phi i32 [ %20, %19 ], [ %125, %121 ] %30 = and i32 %29, 1073741823 %31 = icmp eq i32 %30, %10 br i1 %31, label %32, label %133 %33 = call i32 @get_futex_key(i32* %0, i1 zeroext %22, %union.futex_key* nonnull %6, i32 1) #83 ------------- Good: 17 Bad: 16 Ignored: 0 Check Use of Function:drm_plane_check_pixel_format Check Use of Function:drm_dev_put Use: =BAD PATH= Call Stack: 0 singleton_release ------------- Path:  Function:singleton_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_i915_private.436298** %5 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %5, i64 0, i32 109, i32 1 %7 = bitcast %struct.file** %6 to i64* %8 = tail call %struct.file* asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, %struct.file* null, %struct.file* %1, i64* %7) #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %5, i64 0, i32 0 tail call void @drm_dev_put(%struct.drm_device.373290* %9) #83 ------------- Good: 6 Bad: 1 Ignored: 5 Check Use of Function:xt_free_table_info Check Use of Function:drm_modeset_unregister_all Check Use of Function:unmap_mapping_range Use: =BAD PATH= Call Stack: 0 i915_gem_object_release_mmap_offset 1 __i915_gem_object_put_pages 2 __i915_gem_object_pages_fini 3 i915_gem_flush_free_objects 4 __i915_gem_object_create_user_ext 5 i915_gem_create_ext_ioctl ------------- Path:  Function:i915_gem_create_ext_ioctl %4 = alloca %struct.create_ext.473307, align 8 %5 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.473291* %6 = bitcast %struct.create_ext.473307* %4 to i8* %7 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 1 %8 = bitcast [4 x %struct.intel_memory_region.473294*]* %7 to i8* %9 = bitcast %struct.create_ext.473307* %4 to %struct.drm_device.373290** store %struct.drm_device.373290* %0, %struct.drm_device.373290** %9, align 8 %10 = getelementptr inbounds i8, i8* %1, i64 12 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %61 %15 = getelementptr inbounds i8, i8* %1, i64 16 %16 = bitcast i8* %15 to %struct.i915_user_extension** %17 = load %struct.i915_user_extension*, %struct.i915_user_extension** %16, align 8 %18 = call i32 @i915_user_extensions(%struct.i915_user_extension* %17, i32 (%struct.i915_user_extension*, i8*)** getelementptr inbounds ([2 x i32 (%struct.i915_user_extension*, i8*)*], [2 x i32 (%struct.i915_user_extension*, i8*)*]* @create_extensions.42261, i64 0, i64 0), i32 2, i8* nonnull %6) #83 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %61 %21 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %27 %28 = phi i32 [ %22, %20 ], [ 1, %24 ] %29 = bitcast i8* %1 to i64* %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 1, i64 0 %32 = getelementptr inbounds %struct.create_ext.473307, %struct.create_ext.473307* %4, i64 0, i32 3 %33 = load i64, i64* %32, align 8 %34 = trunc i64 %33 to i32 %35 = call fastcc %struct.drm_i915_gem_object.473306* @__i915_gem_object_create_user_ext(%struct.drm_i915_private.473291* %5, i64 %30, %struct.intel_memory_region.473294** %31, i32 %28, i32 %34) #84 Function:__i915_gem_object_create_user_ext %6 = bitcast %struct.intel_memory_region.473294** %2 to i8* %7 = load %struct.intel_memory_region.473294*, %struct.intel_memory_region.473294** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.436298*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.473291*)*)(%struct.drm_i915_private.473291* %0) #83 Function:i915_gem_flush_free_objects %2 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %0, i64 0, i32 68, i32 6, i32 0 %3 = tail call %struct.llist_node* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.llist_node** %2, %struct.llist_node* null, %struct.llist_node** %2) #6, !srcloc !4 %4 = icmp eq %struct.llist_node* %3, null br i1 %4, label %29, label %5, !prof !5, !misexpect !6 %6 = getelementptr %struct.llist_node, %struct.llist_node* %3, i64 -66 %7 = icmp eq %struct.llist_node* %6, inttoptr (i64 -528 to %struct.llist_node*) br i1 %7, label %29, label %8 %9 = bitcast %struct.llist_node* %6 to %struct.drm_i915_gem_object.436033* br label %10 %11 = phi %struct.drm_i915_gem_object.436033* [ %16, %27 ], [ %9, %8 ] %12 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 7 %13 = bitcast %union.anon.26* %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 -528 %16 = bitcast i8* %15 to %struct.drm_i915_gem_object.436033* %17 = tail call i32 @__SCT__might_resched() #83 %18 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 1 %19 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %18, align 8 %20 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %19, i64 0, i32 10 %21 = load void (%struct.drm_i915_gem_object.436033*)*, void (%struct.drm_i915_gem_object.436033*)** %20, align 8 %22 = icmp eq void (%struct.drm_i915_gem_object.436033*)* %21, null br i1 %22, label %24, label %23 tail call void @__i915_gem_object_pages_fini(%struct.drm_i915_gem_object.436033* %11) #83 Function:__i915_gem_object_pages_fini %2 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 2, i32 1 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %4 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %5 = icmp eq %struct.list_head* %4, %2 br i1 %5, label %34, label %6 %7 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 2, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #83 %8 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %9 = icmp eq %struct.list_head* %8, %2 %10 = getelementptr %struct.list_head, %struct.list_head* %8, i64 -36, i32 1 %11 = icmp eq %struct.list_head** %10, null %12 = or i1 %9, %11 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %7) #83 br i1 %12, label %34, label %13 %14 = phi %struct.list_head* [ %29, %28 ], [ %8, %6 ] %15 = getelementptr %struct.list_head, %struct.list_head* %14, i64 -36, i32 1 %16 = getelementptr inbounds %struct.list_head*, %struct.list_head** %15, i64 35 %17 = bitcast %struct.list_head** %16 to %struct.seqcount_spinlock* %18 = bitcast %struct.list_head** %16 to i32* %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 -1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 1 br i1 %20, label %26, label %21 %22 = add i32 %19, -1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %25, !prof !5, !misexpect !6 tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #83 %29 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %30 = icmp eq %struct.list_head* %29, %2 %31 = getelementptr %struct.list_head, %struct.list_head* %29, i64 -36, i32 1 %32 = icmp eq %struct.list_head** %31, null %33 = or i1 %30, %32 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %7) #83 br i1 %33, label %34, label %13 %35 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 8 %36 = load i32, i32* %35, align 8 %37 = icmp eq i32 %36, 0 br i1 %37, label %39, label %38 tail call void @i915_gem_object_release_mmap_gtt(%struct.drm_i915_gem_object.436033* %0) #83 br label %39 %40 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 10, i32 1 %41 = getelementptr inbounds %struct.rb_root, %struct.rb_root* %40, i64 0, i32 0 %42 = load volatile %struct.rb_node*, %struct.rb_node** %41, align 8 %43 = icmp eq %struct.rb_node* %42, null br i1 %43, label %69, label %44 %70 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 18, i32 0, i32 0 store volatile i32 0, i32* %70, align 4 %71 = tail call i32 @__i915_gem_object_put_pages(%struct.drm_i915_gem_object.436033* %0) #83 Function:__i915_gem_object_put_pages %2 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 18, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %15 tail call void @i915_gem_object_release_mmap_offset(%struct.drm_i915_gem_object.436033* %0) #83 Function:i915_gem_object_release_mmap_offset %2 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 10, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 10, i32 1 %4 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %3) #83 %5 = icmp eq %struct.rb_node* %4, null %6 = getelementptr %struct.rb_node, %struct.rb_node* %4, i64 -9, i32 1 %7 = icmp eq %struct.rb_node** %6, null %8 = or i1 %5, %7 br i1 %8, label %43, label %9 %10 = bitcast %struct.rb_node** %6 to %struct.i915_mmap_offset.436120* %11 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 0, i32 0, i32 0, i32 2 br label %12 %13 = phi %struct.i915_mmap_offset.436120* [ %10, %9 ], [ %19, %41 ] %14 = getelementptr inbounds %struct.i915_mmap_offset.436120, %struct.i915_mmap_offset.436120* %13, i64 0, i32 3 %15 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %14) #83 %16 = icmp eq %struct.rb_node* %15, null %17 = getelementptr %struct.rb_node, %struct.rb_node* %15, i64 -9, i32 1 %18 = bitcast %struct.rb_node** %17 to %struct.i915_mmap_offset.436120* %19 = select i1 %16, %struct.i915_mmap_offset.436120* null, %struct.i915_mmap_offset.436120* %18 %20 = getelementptr inbounds %struct.i915_mmap_offset.436120, %struct.i915_mmap_offset.436120* %13, i64 0, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %41, label %23 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %2) #83 %24 = load %struct.drm_device.373290*, %struct.drm_device.373290** %11, align 8 %25 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %24, i64 0, i32 12 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 9 %28 = load %struct.address_space*, %struct.address_space** %27, align 8 %29 = getelementptr inbounds %struct.i915_mmap_offset.436120, %struct.i915_mmap_offset.436120* %13, i64 0, i32 0, i32 1, i32 12 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 1 %32 = icmp eq i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr inbounds %struct.i915_mmap_offset.436120, %struct.i915_mmap_offset.436120* %13, i64 0, i32 0, i32 1, i32 1 %35 = load i64, i64* %34, align 8 %36 = shl i64 %35, 12 %37 = getelementptr inbounds %struct.i915_mmap_offset.436120, %struct.i915_mmap_offset.436120* %13, i64 0, i32 0, i32 1, i32 2 %38 = load i64, i64* %37, align 8 %39 = shl i64 %38, 12 tail call void @unmap_mapping_range(%struct.address_space* %28, i64 %36, i64 %39, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_object_release_mmap_offset 1 __i915_gem_object_put_pages 2 __i915_gem_object_pages_fini 3 i915_gem_flush_free_objects 4 __i915_gem_object_create_user_ext 5 i915_gem_create_ioctl ------------- Path:  Function:i915_gem_create_ioctl %4 = alloca %struct.intel_memory_region.473294*, align 8 %5 = bitcast %struct.drm_device.373290* %0 to %struct.drm_i915_private.473291* %6 = bitcast %struct.intel_memory_region.473294** %4 to i8* %7 = tail call %struct.intel_memory_region.473294* bitcast (%struct.intel_memory_region.415924* (%struct.drm_i915_private.415921*, i32)* @intel_memory_region_by_type to %struct.intel_memory_region.473294* (%struct.drm_i915_private.473291*, i32)*)(%struct.drm_i915_private.473291* %5, i32 0) #83 store %struct.intel_memory_region.473294* %7, %struct.intel_memory_region.473294** %4, align 8 %8 = bitcast i8* %1 to i64* %9 = load i64, i64* %8, align 8 %10 = call fastcc %struct.drm_i915_gem_object.473306* @__i915_gem_object_create_user_ext(%struct.drm_i915_private.473291* %5, i64 %9, %struct.intel_memory_region.473294** nonnull %4, i32 1, i32 0) #83 Function:__i915_gem_object_create_user_ext %6 = bitcast %struct.intel_memory_region.473294** %2 to i8* %7 = load %struct.intel_memory_region.473294*, %struct.intel_memory_region.473294** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.436298*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.473291*)*)(%struct.drm_i915_private.473291* %0) #83 Function:i915_gem_flush_free_objects %2 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %0, i64 0, i32 68, i32 6, i32 0 %3 = tail call %struct.llist_node* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.llist_node** %2, %struct.llist_node* null, %struct.llist_node** %2) #6, !srcloc !4 %4 = icmp eq %struct.llist_node* %3, null br i1 %4, label %29, label %5, !prof !5, !misexpect !6 %6 = getelementptr %struct.llist_node, %struct.llist_node* %3, i64 -66 %7 = icmp eq %struct.llist_node* %6, inttoptr (i64 -528 to %struct.llist_node*) br i1 %7, label %29, label %8 %9 = bitcast %struct.llist_node* %6 to %struct.drm_i915_gem_object.436033* br label %10 %11 = phi %struct.drm_i915_gem_object.436033* [ %16, %27 ], [ %9, %8 ] %12 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 7 %13 = bitcast %union.anon.26* %12 to i8** %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 -528 %16 = bitcast i8* %15 to %struct.drm_i915_gem_object.436033* %17 = tail call i32 @__SCT__might_resched() #83 %18 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %11, i64 0, i32 1 %19 = load %struct.drm_i915_gem_object_ops.436016*, %struct.drm_i915_gem_object_ops.436016** %18, align 8 %20 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436016, %struct.drm_i915_gem_object_ops.436016* %19, i64 0, i32 10 %21 = load void (%struct.drm_i915_gem_object.436033*)*, void (%struct.drm_i915_gem_object.436033*)** %20, align 8 %22 = icmp eq void (%struct.drm_i915_gem_object.436033*)* %21, null br i1 %22, label %24, label %23 tail call void @__i915_gem_object_pages_fini(%struct.drm_i915_gem_object.436033* %11) #83 Function:__i915_gem_object_pages_fini %2 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 2, i32 1 %3 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %4 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %5 = icmp eq %struct.list_head* %4, %2 br i1 %5, label %34, label %6 %7 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 2, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #83 %8 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %9 = icmp eq %struct.list_head* %8, %2 %10 = getelementptr %struct.list_head, %struct.list_head* %8, i64 -36, i32 1 %11 = icmp eq %struct.list_head** %10, null %12 = or i1 %9, %11 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %7) #83 br i1 %12, label %34, label %13 %14 = phi %struct.list_head* [ %29, %28 ], [ %8, %6 ] %15 = getelementptr %struct.list_head, %struct.list_head* %14, i64 -36, i32 1 %16 = getelementptr inbounds %struct.list_head*, %struct.list_head** %15, i64 35 %17 = bitcast %struct.list_head** %16 to %struct.seqcount_spinlock* %18 = bitcast %struct.list_head** %16 to i32* %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 -1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 1 br i1 %20, label %26, label %21 %22 = add i32 %19, -1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %28, label %25, !prof !5, !misexpect !6 tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #83 %29 = load volatile %struct.list_head*, %struct.list_head** %3, align 8 %30 = icmp eq %struct.list_head* %29, %2 %31 = getelementptr %struct.list_head, %struct.list_head* %29, i64 -36, i32 1 %32 = icmp eq %struct.list_head** %31, null %33 = or i1 %30, %32 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %7) #83 br i1 %33, label %34, label %13 %35 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 8 %36 = load i32, i32* %35, align 8 %37 = icmp eq i32 %36, 0 br i1 %37, label %39, label %38 tail call void @i915_gem_object_release_mmap_gtt(%struct.drm_i915_gem_object.436033* %0) #83 br label %39 %40 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 10, i32 1 %41 = getelementptr inbounds %struct.rb_root, %struct.rb_root* %40, i64 0, i32 0 %42 = load volatile %struct.rb_node*, %struct.rb_node** %41, align 8 %43 = icmp eq %struct.rb_node* %42, null br i1 %43, label %69, label %44 %70 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 18, i32 0, i32 0 store volatile i32 0, i32* %70, align 4 %71 = tail call i32 @__i915_gem_object_put_pages(%struct.drm_i915_gem_object.436033* %0) #83 Function:__i915_gem_object_put_pages %2 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 18, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %15 tail call void @i915_gem_object_release_mmap_offset(%struct.drm_i915_gem_object.436033* %0) #83 Function:i915_gem_object_release_mmap_offset %2 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 10, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 %3 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 10, i32 1 %4 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %3) #83 %5 = icmp eq %struct.rb_node* %4, null %6 = getelementptr %struct.rb_node, %struct.rb_node* %4, i64 -9, i32 1 %7 = icmp eq %struct.rb_node** %6, null %8 = or i1 %5, %7 br i1 %8, label %43, label %9 %10 = bitcast %struct.rb_node** %6 to %struct.i915_mmap_offset.436120* %11 = getelementptr inbounds %struct.drm_i915_gem_object.436033, %struct.drm_i915_gem_object.436033* %0, i64 0, i32 0, i32 0, i32 0, i32 2 br label %12 %13 = phi %struct.i915_mmap_offset.436120* [ %10, %9 ], [ %19, %41 ] %14 = getelementptr inbounds %struct.i915_mmap_offset.436120, %struct.i915_mmap_offset.436120* %13, i64 0, i32 3 %15 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %14) #83 %16 = icmp eq %struct.rb_node* %15, null %17 = getelementptr %struct.rb_node, %struct.rb_node* %15, i64 -9, i32 1 %18 = bitcast %struct.rb_node** %17 to %struct.i915_mmap_offset.436120* %19 = select i1 %16, %struct.i915_mmap_offset.436120* null, %struct.i915_mmap_offset.436120* %18 %20 = getelementptr inbounds %struct.i915_mmap_offset.436120, %struct.i915_mmap_offset.436120* %13, i64 0, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %41, label %23 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %2) #83 %24 = load %struct.drm_device.373290*, %struct.drm_device.373290** %11, align 8 %25 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %24, i64 0, i32 12 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 9 %28 = load %struct.address_space*, %struct.address_space** %27, align 8 %29 = getelementptr inbounds %struct.i915_mmap_offset.436120, %struct.i915_mmap_offset.436120* %13, i64 0, i32 0, i32 1, i32 12 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 1 %32 = icmp eq i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr inbounds %struct.i915_mmap_offset.436120, %struct.i915_mmap_offset.436120* %13, i64 0, i32 0, i32 1, i32 1 %35 = load i64, i64* %34, align 8 %36 = shl i64 %35, 12 %37 = getelementptr inbounds %struct.i915_mmap_offset.436120, %struct.i915_mmap_offset.436120* %13, i64 0, i32 0, i32 1, i32 2 %38 = load i64, i64* %37, align 8 %39 = shl i64 %38, 12 tail call void @unmap_mapping_range(%struct.address_space* %28, i64 %36, i64 %39, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_clear_invalid_mapping 1 nfs_revalidate_mapping 2 nfs_readdir ------------- Path:  Function:nfs_readdir %3 = alloca [2 x i32], align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 67108864 %10 = icmp eq i32 %9, 0 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = phi %struct.dentry* [ %18, %11 ], [ %6, %2 ] %21 = getelementptr inbounds %struct.dentry, %struct.dentry* %20, i64 0, i32 5 %22 = load %struct.inode*, %struct.inode** %21, align 8 %23 = getelementptr %struct.inode, %struct.inode* %22, i64 -1, i32 24, i32 4 %24 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.nfs_open_dir_context** %26 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %22, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 28 %30 = bitcast i8** %29 to %struct.nfs_server.212651** %31 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %30, align 16 %32 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %31, i64 0, i32 6 %33 = load %struct.nfs_iostats*, %struct.nfs_iostats** %32, align 8 %34 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %33, i64 0, i32 1, i64 12 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !6 %35 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %41, label %38 %39 = tail call i32 bitcast (i32 (%struct.inode.214835*)* @nfs_attribute_cache_expired to i32 (%struct.inode*)*)(%struct.inode* %22) #83 %40 = icmp eq i32 %39, 0 br i1 %40, label %46, label %41 %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %43 = load %struct.address_space*, %struct.address_space** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.inode.214835*, %struct.address_space.214836*)* @nfs_revalidate_mapping to i32 (%struct.inode*, %struct.address_space*)*)(%struct.inode* %22, %struct.address_space* %43) #83 Function:nfs_revalidate_mapping %3 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 256 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %59 %8 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 9, i32 1 %10 = bitcast %struct.list_head** %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 256 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %49 %15 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %16 = load %struct.super_block.214819*, %struct.super_block.214819** %15, align 8 %17 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.214962** %19 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %19, i64 0, i32 0 %21 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %20, align 8 %22 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %21, i64 0, i32 12 %23 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %22, align 8 %24 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %23, i64 0, i32 47 %25 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %24, align 8 %26 = tail call i32 %25(%struct.inode.214835* %0, i32 1) #83 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %43 %44 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 9 %45 = bitcast %struct.list_head* %44 to i64* %46 = load volatile i64, i64* %45, align 8 %47 = and i64 %46, 2 %48 = icmp eq i64 %47, 0 br i1 %48, label %57, label %49 %58 = tail call i32 @nfs_clear_invalid_mapping(%struct.address_space.214836* %1) #84 Function:nfs_clear_invalid_mapping %2 = getelementptr inbounds %struct.address_space.214836, %struct.address_space.214836* %0, i64 0, i32 0 %3 = load %struct.inode.214835*, %struct.inode.214835** %2, align 8 %4 = getelementptr %struct.inode.214835, %struct.inode.214835* %3, i64 -1, i32 24, i32 4 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 9 %6 = bitcast %struct.list_head* %5 to i64* %7 = bitcast %struct.list_head* %5 to i8* %8 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %3, i64 0, i32 18, i32 0, i32 0 br label %9 %10 = tail call i32 @__SCT__might_resched() #83 %11 = load volatile i64, i64* %6, align 8 %12 = and i64 %11, 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %17, label %14 tail call void @_raw_spin_lock(%struct.raw_spinlock* %8) #83 %18 = load volatile i64, i64* %6, align 8 %19 = and i64 %18, 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 9, i32 1 %24 = bitcast %struct.list_head** %23 to i64* %25 = load i64, i64* %24, align 8 %26 = and i64 %25, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %29 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 8, i8* %7) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = load i64, i64* %24, align 8 %31 = and i64 %30, -8195 store i64 %31, i64* %24, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %8) #83 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_invalidate_mapping_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_clear_invalid_mapping, %32)) #6 to label %52 [label %32], !srcloc !6 %53 = getelementptr inbounds %struct.address_space.214836, %struct.address_space.214836* %0, i64 0, i32 7 %54 = load i64, i64* %53, align 8 %55 = icmp eq i64 %54, 0 br i1 %55, label %68, label %56 %57 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %3, i64 0, i32 0 %58 = load i16, i16* %57, align 8 %59 = and i16 %58, -4096 %60 = icmp eq i16 %59, -32768 br i1 %60, label %61, label %65 tail call void bitcast (void (%struct.address_space*, i64, i64, i32)* @unmap_mapping_range to void (%struct.address_space.214836*, i64, i64, i32)*)(%struct.address_space.214836* %0, i64 0, i64 0, i32 0) #83 ------------- Good: 53 Bad: 3 Ignored: 74 Check Use of Function:intel_modeset_driver_remove_nogem Check Use of Function:i915_gem_driver_remove Check Use of Function:unregister_pernet_device Check Use of Function:i915_gem_suspend Check Use of Function:enable_swap_slots_cache Check Use of Function:__ieee80211_tx Check Use of Function:intel_modeset_driver_remove_noirq Check Use of Function:i915_reset_error_state Check Use of Function:flush_itimer_signals Check Use of Function:i915_driver_release Check Use of Function:drm_minor_release Check Use of Function:flush_sigqueue Check Use of Function:i915_driver_lastclose Check Use of Function:acpi_evaluate_ej0 Check Use of Function:security_kernel_load_data Check Use of Function:acpi_evaluate_lck Check Use of Function:intel_overlay_release_old_vid Check Use of Function:acpi_handle_printk Check Use of Function:acpi_lock_hp_context Check Use of Function:alloc_netdev_mqs Check Use of Function:acpi_scan_lock_release Check Use of Function:ata_acpi_dev_uevent Check Use of Function:sysfs_notify Check Use of Function:drop_super Check Use of Function:sparse_keymap_report_event Check Use of Function:sync_mm_rss Check Use of Function:thermal_zone_device_critical Check Use of Function:ieee80211_check_queues Check Use of Function:thermal_cooling_device_unregister Check Use of Function:swap_type_of Check Use of Function:acpi_processor_ignore_ppc_init Check Use of Function:acpi_processor_throttling_init Check Use of Function:cpufreq_register_notifier Check Use of Function:msdos_rename Check Use of Function:drm_crtc_vblank_get Check Use of Function:__cpuhp_setup_state Check Use of Function:round_jiffies_relative Check Use of Function:cpu_hotplug_enable Check Use of Function:vfs_symlink Check Use of Function:acpi_processor_power_exit Check Use of Function:neigh_destroy Use: =BAD PATH= Call Stack: 0 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %490, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.841818*, i32)*)(%struct.sk_buff.841818* %0, i32 %33) #83 %35 = icmp eq i8* %34, null br i1 %35, label %490, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %490 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2361 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2366 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2376 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2388 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 15 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %131, label %86 %87 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.841612* %91 = icmp eq i64 %89, 0 br i1 %91, label %484, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.841612, %struct.dst_entry.841612* %90, i64 0, i32 1 %95 = load %struct.dst_ops.841594*, %struct.dst_ops.841594** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.841594, %struct.dst_ops.841594* %95, i64 0, i32 14 %97 = load %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)*, %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.841593* %97(%struct.dst_entry.841612* nonnull %90, %struct.sk_buff.841818* null, i8* %93) #83 %99 = icmp ugt %struct.neighbour.841593* %98, inttoptr (i64 -4096 to %struct.neighbour.841593*) %100 = icmp eq %struct.neighbour.841593* %98, null %101 = or i1 %99, %100 br i1 %101, label %484, label %102 %103 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %98, i64 0, i32 27 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #83 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %98, i64 0, i32 6 %121 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %120, i64 0, i32 0, i32 0 %122 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %121, i32 -1, i32* %121) #6, !srcloc !7 %123 = icmp eq i32 %122, 1 br i1 %123, label %129, label %124 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.841593*)*)(%struct.neighbour.841593* nonnull %98) #83 ------------- Use: =BAD PATH= Call Stack: 0 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %490, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.841818*, i32)*)(%struct.sk_buff.841818* %0, i32 %33) #83 %35 = icmp eq i8* %34, null br i1 %35, label %490, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %490 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2361 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2366 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2376 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 0, i64 2388 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %1, i64 0, i32 15 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %131, label %86 %87 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.841612* %91 = icmp eq i64 %89, 0 br i1 %91, label %484, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.841612, %struct.dst_entry.841612* %90, i64 0, i32 1 %95 = load %struct.dst_ops.841594*, %struct.dst_ops.841594** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.841594, %struct.dst_ops.841594* %95, i64 0, i32 14 %97 = load %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)*, %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.841593* %97(%struct.dst_entry.841612* nonnull %90, %struct.sk_buff.841818* null, i8* %93) #83 %99 = icmp ugt %struct.neighbour.841593* %98, inttoptr (i64 -4096 to %struct.neighbour.841593*) %100 = icmp eq %struct.neighbour.841593* %98, null %101 = or i1 %99, %100 br i1 %101, label %484, label %102 %103 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %98, i64 0, i32 27 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #83 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %98, i64 0, i32 6 %121 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %120, i64 0, i32 0, i32 0 %122 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %121, i32 -1, i32* %121) #6, !srcloc !7 %123 = icmp eq i32 %122, 1 br i1 %123, label %129, label %124 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.841593*)*)(%struct.neighbour.841593* nonnull %98) #83 br label %130 br i1 %119, label %484, label %131 %132 = phi i32 [ %68, %80 ], [ %118, %130 ] %133 = icmp eq i32 %132, 0 br i1 %133, label %134, label %196 %135 = getelementptr inbounds i8, i8* %59, i64 24 %136 = bitcast i8* %135 to i16* %137 = load i16, i16* %136, align 4 %138 = icmp eq i16 %137, 544 br i1 %138, label %139, label %144 %140 = getelementptr i8, i8* %135, i64 2 %141 = bitcast i8* %140 to i32* %142 = load i32, i32* %141, align 2 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %196 %145 = getelementptr inbounds %struct.sk_buff.841818, %struct.sk_buff.841818* %0, i64 0, i32 4, i32 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = and i64 %146, -2 %148 = inttoptr i64 %147 to %struct.dst_entry.841612* %149 = icmp eq i64 %147, 0 br i1 %149, label %484, label %150 %151 = getelementptr inbounds %struct.dst_entry.841612, %struct.dst_entry.841612* %148, i64 0, i32 1 %152 = load %struct.dst_ops.841594*, %struct.dst_ops.841594** %151, align 8 %153 = getelementptr inbounds %struct.dst_ops.841594, %struct.dst_ops.841594* %152, i64 0, i32 14 %154 = load %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)*, %struct.neighbour.841593* (%struct.dst_entry.841612*, %struct.sk_buff.841818*, i8*)** %153, align 8 %155 = tail call %struct.neighbour.841593* %154(%struct.dst_entry.841612* nonnull %148, %struct.sk_buff.841818* null, i8* %135) #83 %156 = icmp ugt %struct.neighbour.841593* %155, inttoptr (i64 -4096 to %struct.neighbour.841593*) %157 = icmp eq %struct.neighbour.841593* %155, null %158 = or i1 %156, %157 br i1 %158, label %484, label %159 %160 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %155, i64 0, i32 27 %161 = bitcast [0 x i8]* %160 to %struct.in6_addr* %162 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %161) #83 %163 = and i32 %162, 65535 %164 = icmp eq i32 %163, 0 br i1 %164, label %165, label %174 %166 = load i8*, i8** %11, align 8 %167 = load i16, i16* %13, align 4 %168 = zext i16 %167 to i64 %169 = getelementptr i8, i8* %166, i64 %168 %170 = getelementptr inbounds i8, i8* %169, i64 24 %171 = bitcast i8* %170 to %struct.in6_addr* %172 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %171) #83 %173 = and i32 %172, 65535 br label %174 %175 = phi %struct.in6_addr* [ %171, %165 ], [ %161, %159 ] %176 = phi i32 [ %173, %165 ], [ %163, %159 ] %177 = trunc i32 %176 to i8 %178 = icmp sgt i8 %177, -1 br i1 %178, label %182, label %179 %180 = getelementptr %struct.in6_addr, %struct.in6_addr* %175, i64 0, i32 0, i32 0, i64 3 %181 = load i32, i32* %180, align 4 br label %182 %183 = phi i32 [ %181, %179 ], [ 0, %174 ] %184 = phi i1 [ false, %179 ], [ true, %174 ] %185 = getelementptr inbounds %struct.neighbour.841593, %struct.neighbour.841593* %155, i64 0, i32 6 %186 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %185, i64 0, i32 0, i32 0 %187 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %186, i32 -1, i32* %186) #6, !srcloc !7 %188 = icmp eq i32 %187, 1 br i1 %188, label %194, label %189 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.841593*)*)(%struct.neighbour.841593* nonnull %155) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_detect_death 1 fib_select_path 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.830475* %0 to %struct.inet_sock.830497* %4 = bitcast %struct.sock.830475* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void @__rcu_read_lock() #83 %7 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.830298*, %struct.dst_entry.830298** %7, align 8 %9 = icmp eq %struct.dst_entry.830298* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.830298, %struct.dst_entry.830298* %8, i64 0, i32 1 %16 = load %struct.dst_ops.830299*, %struct.dst_ops.830299** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.830299, %struct.dst_ops.830299* %16, i64 0, i32 3 %18 = load %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)*, %struct.dst_entry.830298* (%struct.dst_entry.830298*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.830298* %18(%struct.dst_entry.830298* nonnull %8, i32 0) #83 %20 = icmp eq %struct.dst_entry.830298* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.830327*, %struct.net.830327** %36, align 8 %38 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.51* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 47 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.830497, %struct.inet_sock.830497* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.830475* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 33 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.830475, %struct.sock.830475* %0, i64 0, i32 56, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.830475*, %struct.flowi_common*)*)(%struct.sock.830475* nonnull %0, %struct.flowi_common* nonnull %89) #83 br label %105 %106 = call %struct.rtable.830478* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.830478* (%struct.net.830327*, %struct.flowi4*, %struct.sock.830475*)*)(%struct.net.830327* %37, %struct.flowi4* nonnull %2, %struct.sock.830475* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.748927** %5 to i8* store %struct.fib_info.748927* null, %struct.fib_info.748927** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.748927* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.838365* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.838365* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.748927** %82 = load %struct.fib_info.748927*, %struct.fib_info.748927** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 18 %123 = load %struct.nexthop.748932*, %struct.nexthop.748932** %122, align 8 %124 = icmp eq %struct.nexthop.748932* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.748926* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.748927* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %74, i32 %75, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %175) #83 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.838365* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.838365* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.748927* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.838365* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.748927* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.748927* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %228, i32 %227, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %240) #83 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %0, i64 0, i32 18 %7 = load %struct.nexthop.748932*, %struct.nexthop.748932** %6, align 8 %8 = icmp eq %struct.nexthop.748932* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 12 %15 = bitcast %union.anon.113.748931* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.748926* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.902452** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.748907*, %struct.neigh_table.748907** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 0 %52 = load %struct.net_device.749113*, %struct.net_device.749113** %51, align 8 %53 = tail call %struct.neighbour.748910* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.748910* (%struct.neigh_table.748907*, i8*, %struct.net_device.749113*)*)(%struct.neigh_table.748907* %48, i8* %50, %struct.net_device.749113* %52) #83 br label %54 %55 = phi %struct.neighbour.748910* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.748910* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 12 %59 = load i8, i8* %58, align 4 %60 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.748910*)*)(%struct.neighbour.748910* nonnull %55) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_detect_death 1 fib_select_path 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ipip6_tunnel_bind_dev 5 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.841805** store %struct.net_device.841805* %0, %struct.net_device.841805** %3, align 8 %4 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 110, i32 0 %5 = bitcast %struct.net.841722** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #83 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.841805* %0) #83 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2272 %10 = bitcast i8* %9 to %struct.net.841722** %11 = load %struct.net.841722*, %struct.net.841722** %10, align 8 %12 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2372 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.841805, %struct.net_device.841805* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.841674* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable.841674* (%struct.net.841722*, %struct.flowi4*, %struct.sock.841619*)*)(%struct.net.841722* %11, %struct.flowi4* nonnull %2, %struct.sock.841619* null) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.748927** %5 to i8* store %struct.fib_info.748927* null, %struct.fib_info.748927** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.748927* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.838365* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.838365* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.748927** %82 = load %struct.fib_info.748927*, %struct.fib_info.748927** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 18 %123 = load %struct.nexthop.748932*, %struct.nexthop.748932** %122, align 8 %124 = icmp eq %struct.nexthop.748932* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.748926* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.748927* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %74, i32 %75, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %175) #83 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.838365* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.838365* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.748927* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.838365* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.748927* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.748927* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %228, i32 %227, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %240) #83 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %0, i64 0, i32 18 %7 = load %struct.nexthop.748932*, %struct.nexthop.748932** %6, align 8 %8 = icmp eq %struct.nexthop.748932* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 12 %15 = bitcast %union.anon.113.748931* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.748926* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.902452** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.748907*, %struct.neigh_table.748907** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 0 %52 = load %struct.net_device.749113*, %struct.net_device.749113** %51, align 8 %53 = tail call %struct.neighbour.748910* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.748910* (%struct.neigh_table.748907*, i8*, %struct.net_device.749113*)*)(%struct.neigh_table.748907* %48, i8* %50, %struct.net_device.749113* %52) #83 br label %54 %55 = phi %struct.neighbour.748910* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.748910* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 12 %59 = load i8, i8* %58, align 4 %60 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.748910*)*)(%struct.neighbour.748910* nonnull %55) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_detect_death 1 fib_select_path 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca %struct.icmphdr, align 4 %7 = alloca %struct.pingfakehdr, align 8 %8 = alloca %struct.rtable*, align 8 %9 = alloca %struct.ip_options_data, align 8 %10 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %11 = load %struct.net*, %struct.net** %10, align 8 %12 = bitcast %struct.flowi4* %4 to i8* %13 = bitcast %struct.sock* %0 to %struct.inet_sock* %14 = bitcast %struct.ipcm_cookie* %5 to i8* %15 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %7, i64 0, i32 0, i32 0 %17 = bitcast %struct.rtable** %8 to i8* store %struct.rtable* null, %struct.rtable** %8, align 8 %18 = bitcast %struct.ip_options_data* %9 to i8* %19 = icmp ugt i64 %2, 65535 br i1 %19, label %331, label %20 %21 = icmp ult i64 %2, 8 br i1 %21, label %331, label %22 %23 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %331 %28 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %29 = call i64 @_copy_from_iter(i8* nonnull %15, i64 8, %struct.iov_iter* %28) #83 %30 = icmp eq i64 %29, 8 br i1 %30, label %32, label %31, !prof !4, !misexpect !5 %33 = getelementptr inbounds i8, i8* %15, i64 1 %34 = load i8, i8* %33, align 1 %35 = load i8, i8* %15, align 4 %36 = icmp eq i8 %35, 8 %37 = icmp eq i8 %34, 0 %38 = icmp eq i8 %35, 42 %39 = or i1 %36, %38 %40 = and i1 %37, %39 br i1 %40, label %41, label %331 %42 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %43 = load i8*, i8** %42, align 8 %44 = icmp eq i8* %43, null br i1 %44, label %56, label %45 %46 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %47 = load i32, i32* %46, align 8 %48 = icmp ult i32 %47, 16 br i1 %48, label %331, label %49 %50 = bitcast i8* %43 to i16* %51 = load i16, i16* %50, align 4 %52 = icmp eq i16 %51, 2 br i1 %52, label %53, label %331 %54 = getelementptr inbounds i8, i8* %43, i64 4 %55 = bitcast i8* %54 to i32* br label %62 %63 = phi i32* [ %55, %53 ], [ %61, %60 ] %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %65, align 2 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %67 = bitcast i8* %66 to i32* store i32 0, i32* %67, align 4 %68 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 33 %69 = load i32, i32* %68, align 4 %70 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %69, i32* %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 64 %72 = load i16, i16* %71, align 8 %73 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %72, i16* %73, align 4 %74 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %75 = load i32, i32* %74, align 4 %76 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %75, i32* %76, align 4 %77 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %78 = load i32, i32* %77, align 8 %79 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %78, i32* %79, align 8 %80 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %85 %86 = call i32 bitcast (i32 (%struct.sock.813299*, %struct.msghdr.813273*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #83 %87 = icmp eq i32 %86, 0 %88 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %89 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %88, align 8 br i1 %87, label %92, label %90, !prof !4, !misexpect !6 %93 = icmp eq %struct.ip_options_rcu* %89, null %94 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %95 = icmp eq %struct.ip_options_rcu* %89, null br i1 %95, label %98, label %96 %97 = load i32, i32* %79, align 8 store i32 %64, i32* %79, align 8 br label %116 %117 = phi %struct.ip_options_rcu** [ %94, %96 ], [ %99, %112 ] %118 = phi i1 [ %93, %96 ], [ %100, %112 ] %119 = phi i32 [ %97, %96 ], [ %114, %112 ] %120 = phi %struct.ip_options_rcu* [ %89, %96 ], [ %113, %112 ] %121 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %120, i64 0, i32 1, i32 3 %122 = load i8, i8* %121, align 1 %123 = icmp eq i8 %122, 0 br i1 %123, label %129, label %124 %130 = phi %struct.ip_options_rcu** [ %117, %126 ], [ %117, %116 ], [ %99, %112 ] %131 = phi i1 [ %118, %126 ], [ %118, %116 ], [ %100, %112 ] %132 = phi i1 [ false, %126 ], [ false, %116 ], [ true, %112 ] %133 = phi i32 [ %119, %126 ], [ %119, %116 ], [ %114, %112 ] %134 = phi %struct.ip_options_rcu* [ %120, %126 ], [ %120, %116 ], [ null, %112 ] %135 = phi i32 [ %128, %126 ], [ %64, %116 ], [ %64, %112 ] %136 = load i16, i16* %65, align 2 %137 = icmp eq i16 %136, -1 br i1 %137, label %140, label %138 %139 = trunc i16 %136 to i8 br label %143 %144 = phi i8 [ %139, %138 ], [ %142, %140 ] %145 = and i8 %144, 30 %146 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %147 = load volatile i64, i64* %146, align 8 %148 = and i64 %147, 8192 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %160 %151 = load i32, i32* %23, align 8 %152 = and i32 %151, 4 %153 = icmp eq i32 %152, 0 br i1 %153, label %154, label %160 br i1 %132, label %162, label %155 %156 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %134, i64 0, i32 1, i32 6 %157 = load i8, i8* %156, align 4 %158 = and i8 %157, 1 %159 = icmp eq i8 %158, 0 br i1 %159, label %162, label %160 %163 = phi i8 [ %161, %160 ], [ %145, %155 ], [ %145, %154 ] %164 = and i32 %64, 240 %165 = icmp eq i32 %164, 224 %166 = load i32, i32* %76, align 4 %167 = icmp eq i32 %166, 0 br i1 %165, label %168, label %179 br i1 %167, label %169, label %173 %174 = phi i32 [ %166, %168 ], [ %172, %169 ] %175 = icmp eq i32 %133, 0 br i1 %175, label %176, label %183 %184 = phi i32 [ %174, %173 ], [ %174, %176 ], [ %166, %179 ], [ %182, %180 ] %185 = phi i32 [ %133, %173 ], [ %178, %176 ], [ %133, %179 ], [ %133, %180 ] %186 = load i32, i32* %70, align 8 %187 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %188 = load i16, i16* %187, align 4 %189 = trunc i16 %188 to i8 %190 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %191 = bitcast %struct.hlist_node*** %190 to i16* %192 = load i16, i16* %191, align 8 %193 = and i16 %192, 40 %194 = icmp ne i16 %193, 0 %195 = zext i1 %194 to i8 %196 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 56, i32 0 %197 = load i32, i32* %196, align 8 %198 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %184, i32* %198, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %199, align 4 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %186, i32* %200, align 8 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %163, i8* %201, align 4 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %202, align 1 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %189, i8* %203, align 2 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %195, i8* %204, align 1 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %205, align 8 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %197, i32* %207, align 4 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %135, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %185, i32* %209, align 8 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %211 = bitcast %struct.kuid_t* %210 to %struct.raw_hdlc_proto* %212 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %211, i64 0, i32 1 store i16 0, i16* %212, align 2 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %213, align 8 %214 = load i8, i8* %15, align 4 %215 = bitcast %struct.kuid_t* %210 to %struct.nd_opt_hdr* %216 = bitcast %struct.kuid_t* %210 to i8* store i8 %214, i8* %216, align 8 %217 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %6, i64 0, i32 1 %218 = load i8, i8* %217, align 1 %219 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %215, i64 0, i32 1 store i8 %218, i8* %219, align 1 %220 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %220) #83 %221 = call %struct.rtable* bitcast (%struct.rtable.813060* (%struct.net.813150*, %struct.flowi4*, %struct.sock.813299*)* @ip_route_output_flow to %struct.rtable* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %11, %struct.flowi4* nonnull %4, %struct.sock* %0) #83 Function:ip_route_output_flow %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.813405* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void @__rcu_read_lock() #83 %14 = call %struct.rtable.813060* @ip_route_output_key_hash_rcu(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, %struct.sk_buff.813309* null) #83 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.813395* bitcast (%struct.net_device.744736* (%struct.net.744609*, i32)* @dev_get_by_index_rcu to %struct.net_device.813395* (%struct.net.813150*, i32)*)(%struct.net.813150* %0, i32 %41) #83 %45 = icmp eq %struct.net_device.813395* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.813353*, %struct.in_device.813353** %52, align 8 %54 = icmp eq %struct.in_device.813353* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.813395* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %0, %struct.flowi4* %1, %struct.fib_result.813405* %2, i32 1) #83 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.813405, %struct.fib_result.813405* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %0, %struct.fib_result.813405* %2, %struct.flowi4* %1, %struct.sk_buff.813309* %3) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.748927** %5 to i8* store %struct.fib_info.748927* null, %struct.fib_info.748927** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.748927* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.838365* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.838365* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.748927** %82 = load %struct.fib_info.748927*, %struct.fib_info.748927** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 18 %123 = load %struct.nexthop.748932*, %struct.nexthop.748932** %122, align 8 %124 = icmp eq %struct.nexthop.748932* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.748926* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.748927* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %74, i32 %75, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %175) #83 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.838365* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.838365* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.748927* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.838365* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.748927* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.748927* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %228, i32 %227, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %240) #83 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %0, i64 0, i32 18 %7 = load %struct.nexthop.748932*, %struct.nexthop.748932** %6, align 8 %8 = icmp eq %struct.nexthop.748932* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 12 %15 = bitcast %union.anon.113.748931* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.748926* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.902452** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.748907*, %struct.neigh_table.748907** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 0 %52 = load %struct.net_device.749113*, %struct.net_device.749113** %51, align 8 %53 = tail call %struct.neighbour.748910* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.748910* (%struct.neigh_table.748907*, i8*, %struct.net_device.749113*)*)(%struct.neigh_table.748907* %48, i8* %50, %struct.net_device.749113* %52) #83 br label %54 %55 = phi %struct.neighbour.748910* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.748910* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 12 %59 = load i8, i8* %58, align 4 %60 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.748910*)*)(%struct.neighbour.748910* nonnull %55) #83 ------------- Use: =BAD PATH= Call Stack: 0 fib_detect_death 1 fib_select_path 2 __ip_rt_update_pmtu 3 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.813309* %2, null br i1 %8, label %56, label %9 %10 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.813395*, %struct.net_device.813395** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.813309, %struct.sk_buff.813309* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.813299* %1, null br i1 %27, label %121, label %28 %29 = bitcast %struct.sock.813299* %1 to %struct.inet_sock.813439* %30 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 33 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.813439, %struct.inet_sock.813439* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 47 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.813299, %struct.sock.813299* %1, i64 0, i32 56, i32 0 %55 = load i32, i32* %54, align 8 br label %121 %122 = phi i32 [ %31, %52 ], [ %19, %9 ] %123 = phi i8 [ %42, %52 ], [ %22, %9 ] %124 = phi i8 [ %53, %52 ], [ %24, %9 ] %125 = phi i32 [ %33, %52 ], [ %26, %9 ] %126 = phi i32 [ %55, %52 ], [ 0, %9 ] %127 = getelementptr inbounds i8, i8* %17, i64 16 %128 = bitcast i8* %127 to i32* %129 = load i32, i32* %128, align 4 %130 = getelementptr inbounds i8, i8* %17, i64 12 %131 = bitcast i8* %130 to i32* %132 = load i32, i32* %131, align 4 %133 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %122, i32* %133, align 8 %134 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %134, align 4 %135 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %125, i32* %135, align 8 %136 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %123, i8* %136, align 4 %137 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %137, align 1 %138 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %124, i8* %138, align 2 %139 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %139, align 1 %140 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %140, align 8 %141 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %141, align 8 %142 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %126, i32* %142, align 4 %143 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %129, i32* %143, align 4 %144 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %132, i32* %144, align 8 %145 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %146 = bitcast %struct.kuid_t* %145 to %struct.raw_hdlc_proto* %147 = bitcast %struct.kuid_t* %145 to i16* store i16 0, i16* %147, align 8 %148 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %146, i64 0, i32 1 store i16 0, i16* %148, align 2 %149 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %149, align 8 %150 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %11, i64 0, i32 15 %151 = load i32, i32* %150, align 4 %152 = and i32 %151, 1536 %153 = icmp eq i32 %152, 0 br i1 %153, label %155, label %154 %156 = bitcast %struct.dst_entry.813038* %0 to %struct.rtable.813060* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.813060* %156, %struct.flowi4* nonnull %6, i32 %3) #84 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.813405, align 8 %5 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.813395*, %struct.net_device.813395** %5, align 8 %7 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 110, i32 0 %8 = load %struct.net.813150*, %struct.net.813150** %7, align 8 %9 = bitcast %struct.fib_result.813405* %4 to i8* %10 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %101 %15 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %101 %23 = lshr i32 %11, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %31, label %25 %26 = load volatile i64, i64* @jiffies, align 64 %27 = getelementptr inbounds %struct.rtable.813060, %struct.rtable.813060* %0, i64 0, i32 0, i32 3 %28 = load i64, i64* %27, align 8 %29 = sub i64 %26, %28 %30 = icmp slt i64 %29, 0 br i1 %30, label %38, label %31 %32 = getelementptr i32, i32* %18, i64 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %36 = getelementptr inbounds %struct.net_device.813395, %struct.net_device.813395* %6, i64 0, i32 20 %37 = load volatile i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %23, %25 ], [ %33, %31 ], [ %37, %35 ] %40 = icmp ult i32 %39, 65535 %41 = select i1 %40, i32 %39, i32 65535 %42 = icmp ult i32 %41, %2 br i1 %42, label %101, label %43 %44 = load i32, i32* @ip_rt_min_pmtu, align 4 %45 = icmp ugt i32 %44, %2 %46 = icmp ult i32 %41, %44 %47 = select i1 %46, i32 %41, i32 %44 %48 = select i1 %45, i32 %47, i32 %2 %49 = icmp ne i32 %23, %48 %50 = or i1 %45, %49 br i1 %50, label %61, label %51 tail call void @__rcu_read_lock() #83 %62 = getelementptr inbounds %struct.net.813150, %struct.net.813150* %8, i64 0, i32 34, i32 14 %63 = load i8, i8* %62, align 4, !range !4 %64 = icmp eq i8 %63, 0 br i1 %64, label %67, label %65 %66 = call i32 bitcast (i32 (%struct.net.749003*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.813150*, %struct.flowi4*, %struct.fib_result.813405*, i32)*)(%struct.net.813150* %8, %struct.flowi4* %1, %struct.fib_result.813405* nonnull %4, i32 1) #83 br label %88 %89 = phi i32 [ %66, %65 ], [ %87, %86 ] %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %100 call void bitcast (void (%struct.net.749003*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.749126*)* @fib_select_path to void (%struct.net.813150*, %struct.fib_result.813405*, %struct.flowi4*, %struct.sk_buff.813309*)*)(%struct.net.813150* %8, %struct.fib_result.813405* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.813309* null) #83 Function:fib_select_path %5 = alloca %struct.fib_info.748927*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.748927*, %struct.fib_info.748927** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 18 %19 = load %struct.nexthop.748932*, %struct.nexthop.748932** %18, align 8 %20 = icmp eq %struct.nexthop.748932* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %19, i64 0, i32 12 %27 = bitcast %union.anon.113.748931* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.748927** %5 to i8* store %struct.fib_info.748927* null, %struct.fib_info.748927** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.748927* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.838365* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.838365* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.748927** %82 = load %struct.fib_info.748927*, %struct.fib_info.748927** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 18 %123 = load %struct.nexthop.748932*, %struct.nexthop.748932** %122, align 8 %124 = icmp eq %struct.nexthop.748932* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.748927, %struct.fib_info.748927* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.748926* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.748927* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %74, i32 %75, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %175) #83 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.838365* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.838365* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.748927* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.838365* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.748927* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.748927* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.838365, %struct.fib_alias.838365* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.748927* nonnull %228, i32 %227, %struct.fib_info.748927** nonnull %5, i32* nonnull %6, i32 %240) #83 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.748927, %struct.fib_info.748927* %0, i64 0, i32 18 %7 = load %struct.nexthop.748932*, %struct.nexthop.748932** %6, align 8 %8 = icmp eq %struct.nexthop.748932* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.748932, %struct.nexthop.748932* %7, i64 0, i32 12 %15 = bitcast %union.anon.113.748931* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.748926* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.902452** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.748907*, %struct.neigh_table.748907** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.748926, %struct.fib_nh_common.748926* %36, i64 0, i32 0 %52 = load %struct.net_device.749113*, %struct.net_device.749113** %51, align 8 %53 = tail call %struct.neighbour.748910* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.748910* (%struct.neigh_table.748907*, i8*, %struct.net_device.749113*)*)(%struct.neigh_table.748907* %48, i8* %50, %struct.net_device.749113* %52) #83 br label %54 %55 = phi %struct.neighbour.748910* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.748910* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 12 %59 = load i8, i8* %58, align 4 %60 = getelementptr inbounds %struct.neighbour.748910, %struct.neighbour.748910* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.748910*)*)(%struct.neighbour.748910* nonnull %55) #83 ------------- Good: 119 Bad: 6 Ignored: 219 Check Use of Function:mq_clear_sbinfo Check Use of Function:refcount_dec_and_lock Use: =BAD PATH= Call Stack: 0 nfs4_put_open_state 1 __nfs4_close 2 nfs4_close_sync 3 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %0, i64 0, i32 5 %4 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %3, align 8 %5 = icmp eq %struct.nfs4_state.233157* %4, null br i1 %5, label %16, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3 %11 = lshr i32 %9, 5 %12 = and i32 %11, 1 %13 = or i32 %12, %10 br i1 %7, label %15, label %14 tail call void bitcast (void (%struct.nfs4_state.234728*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.233157*, i32)*)(%struct.nfs4_state.233157* nonnull %4, i32 %13) #83 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.234728* %0, i32 %1, i32 3264, i32 1) #83 Function:__nfs4_close %5 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %5, align 8 %7 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %6, i64 0, i32 6 %8 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %7, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %6, i64 0, i32 5, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #83 %10 = and i32 %1, 3 switch i32 %10, label %23 [ i32 1, label %11 i32 2, label %15 i32 3, label %19 ] %20 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 12 %21 = load i32, i32* %20, align 4 %22 = add i32 %21, -1 store i32 %22, i32* %20, align 4 br label %23 %24 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 12 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %62 %28 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 10 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %40 %32 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 5 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = load volatile i64, i64* %32, align 8 %36 = and i64 %35, 32 %37 = or i64 %36, %34 %38 = icmp ne i64 %37, 0 %39 = zext i1 %38 to i32 br label %40 %41 = phi i32 [ %39, %31 ], [ 0, %27 ] %42 = phi i32 [ 2, %31 ], [ 3, %27 ] %43 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 11 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %62 %63 = phi i32 [ %58, %60 ], [ %58, %46 ], [ 0, %23 ], [ %41, %40 ] %64 = phi i32 [ 0, %60 ], [ 1, %46 ], [ 3, %23 ], [ %42, %40 ] %65 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 13 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, %64 br i1 %67, label %94, label %68 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %9) #83 %95 = icmp eq i32 %63, 0 br i1 %95, label %96, label %115 tail call void @nfs4_put_open_state(%struct.nfs4_state.234728* %0) #84 Function:nfs4_put_open_state %2 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 4 %3 = load %struct.inode*, %struct.inode** %2, align 8 %4 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.234724*, %struct.nfs4_state_owner.234724** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.nfs4_state_owner.234724, %struct.nfs4_state_owner.234724* %5, i64 0, i32 5 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 2, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %127 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.234730* %2, null br i1 %14, label %79, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %79, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.234730, %struct.nfs_lock_context.234730* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.234730, %struct.nfs_lock_context.234730* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.234729*, %struct.nfs_open_context.234729** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.234729, %struct.nfs_open_context.234729* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 2 %28 = bitcast %struct.list_head* %27 to %struct.nfs4_lock_state.234758** %29 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %28, align 8 %30 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %29, i64 0, i32 0 %31 = icmp eq %struct.list_head* %30, %27 br i1 %31, label %75, label %32 %76 = phi %struct.nfs4_lock_state.234758* [ %46, %68 ], [ %46, %64 ], [ %46, %59 ], [ null, %45 ], [ null, %19 ] %77 = phi i1 [ false, %68 ], [ false, %64 ], [ true, %59 ], [ false, %45 ], [ false, %19 ] %78 = phi i32 [ 0, %68 ], [ -2, %64 ], [ -5, %59 ], [ -2, %45 ], [ -2, %19 ] tail call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.234758* %76) #83 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.234758* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 1, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %127 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.234730* %2, null br i1 %14, label %79, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %79, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.234730, %struct.nfs_lock_context.234730* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.234730, %struct.nfs_lock_context.234730* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.234729*, %struct.nfs_open_context.234729** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.234729, %struct.nfs_open_context.234729* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 6, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #83 %27 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %0, i64 0, i32 2 %28 = bitcast %struct.list_head* %27 to %struct.nfs4_lock_state.234758** %29 = load %struct.nfs4_lock_state.234758*, %struct.nfs4_lock_state.234758** %28, align 8 %30 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %29, i64 0, i32 0 %31 = icmp eq %struct.list_head* %30, %27 br i1 %31, label %75, label %32 %76 = phi %struct.nfs4_lock_state.234758* [ %46, %68 ], [ %46, %64 ], [ %46, %59 ], [ null, %45 ], [ null, %19 ] %77 = phi i1 [ false, %68 ], [ false, %64 ], [ true, %59 ], [ false, %45 ], [ false, %19 ] %78 = phi i32 [ 0, %68 ], [ -2, %64 ], [ -5, %59 ], [ -2, %45 ], [ -2, %19 ] tail call void @_raw_spin_unlock(%struct.raw_spinlock* %26) #83 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.234758* %76) #83 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.234758* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.234728*, %struct.nfs4_state.234728** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.234758, %struct.nfs4_lock_state.234758* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.234728, %struct.nfs4_state.234728* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #83 ------------- Use: =BAD PATH= Call Stack: 0 ipcns_put ------------- Path:  Function:ipcns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -34, i32 2 %3 = getelementptr inbounds i32, i32* %2, i64 205 %4 = bitcast i32* %3 to %struct.seqcount_spinlock* %5 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %4, %struct.spinlock* nonnull @mq_lock) #83 ------------- Use: =BAD PATH= Call Stack: 0 put_ipc_ns 1 shm_release ------------- Path:  Function:shm_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %5, i64 0, i32 1 %7 = load %struct.ipc_namespace*, %struct.ipc_namespace** %6, align 8 tail call void @put_ipc_ns(%struct.ipc_namespace* %7) #83 Function:put_ipc_ns %2 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 24, i32 3 %3 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %2, %struct.spinlock* nonnull @mq_lock) #83 ------------- Good: 157 Bad: 5 Ignored: 195 Check Use of Function:__rt_mutex_start_proxy_lock Check Use of Function:vma_is_shmem Check Use of Function:aio_complete_rw Check Use of Function:acpi_scan_init Check Use of Function:ieee80211_smps_mode_to_smps_mode Check Use of Function:eventfd_read Check Use of Function:sock_release Check Use of Function:ip_tunnel_update Check Use of Function:fib_table_insert Check Use of Function:page_vma_mapped_walk Check Use of Function:read_iter_zero Check Use of Function:generic_file_read_iter Use: =BAD PATH= Call Stack: 0 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.289133, %struct.kiocb.289133* %0, i64 0, i32 0 %4 = load %struct.file.289341*, %struct.file.289341** %3, align 8 %5 = getelementptr inbounds %struct.file.289341, %struct.file.289341* %4, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.block_device.289220** %7 = load %struct.block_device.289220*, %struct.block_device.289220** %6, align 8 %8 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %7, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = shl i64 %9, 9 %11 = getelementptr inbounds %struct.kiocb.289133, %struct.kiocb.289133* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, %12 %16 = icmp ugt i64 %15, %10 br i1 %16, label %17, label %22, !prof !4, !misexpect !5 %18 = icmp sgt i64 %10, %12 br i1 %18, label %19, label %31 %20 = sub i64 %10, %12 %21 = icmp ugt i64 %14, %20 br i1 %21, label %24, label %22 %23 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.289133*, %struct.iov_iter*)*)(%struct.kiocb.289133* %0, %struct.iov_iter* %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.289133, %struct.kiocb.289133* %0, i64 0, i32 0 %4 = load %struct.file.289341*, %struct.file.289341** %3, align 8 %5 = getelementptr inbounds %struct.file.289341, %struct.file.289341* %4, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.block_device.289220** %7 = load %struct.block_device.289220*, %struct.block_device.289220** %6, align 8 %8 = getelementptr inbounds %struct.block_device.289220, %struct.block_device.289220* %7, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = shl i64 %9, 9 %11 = getelementptr inbounds %struct.kiocb.289133, %struct.kiocb.289133* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, %12 %16 = icmp ugt i64 %15, %10 br i1 %16, label %17, label %22, !prof !4, !misexpect !5 %18 = icmp sgt i64 %10, %12 br i1 %18, label %19, label %31 %20 = sub i64 %10, %12 %21 = icmp ugt i64 %14, %20 br i1 %21, label %24, label %22 %25 = sub i64 %14, %20 store i64 %20, i64* %13, align 8 %26 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.289133*, %struct.iov_iter*)*)(%struct.kiocb.289133* %0, %struct.iov_iter* %1) #83 ------------- Good: 2 Bad: 2 Ignored: 1 Check Use of Function:sock_read_iter Check Use of Function:hung_up_tty_read Check Use of Function:read_iter_null Check Use of Function:dev_pm_attach_wake_irq Check Use of Function:qdisc_lookup Check Use of Function:proc_reg_read_iter Check Use of Function:__netdev_alloc_skb Check Use of Function:hugetlbfs_read_iter Check Use of Function:blkdev_write_iter Check Use of Function:devkmsg_write Check Use of Function:sock_write_iter Check Use of Function:down_read_interruptible Check Use of Function:nfs_file_write Check Use of Function:redirected_tty_write Check Use of Function:selinux_policy_commit Check Use of Function:xt_copy_counters Check Use of Function:proc_misc_d_revalidate Check Use of Function:xt_find_table_lock Check Use of Function:intel_display_finish_reset Check Use of Function:kernfs_iop_rename Check Use of Function:xt_compat_match_from_user Check Use of Function:xt_compat_lock Check Use of Function:xt_compat_init_offsets Check Use of Function:arch_uprobe_skip_sstep Check Use of Function:xt_request_find_target Check Use of Function:walk_component Check Use of Function:perf_install_in_context Check Use of Function:xt_compat_target_offset Check Use of Function:timens_commit Check Use of Function:destroy_local_trace_kprobe Check Use of Function:kobject_uevent_env Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 uevent_store.48328 ------------- Path:  Function:uevent_store.48328 %4 = getelementptr inbounds %struct.device_driver, %struct.device_driver* %0, i64 0, i32 18 %5 = load %struct.driver_private*, %struct.driver_private** %4, align 8 %6 = getelementptr inbounds %struct.driver_private, %struct.driver_private* %5, i64 0, i32 0 %7 = tail call i32 @kobject_synth_uevent(%struct.kobject* %6, i8* %1, i64 %2) #83 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #83 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.30025, i64 0, i64 0), i8* %1, i64 %21) #83 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.30026, i64 0, i64 0), i8* %1, i64 %21) #83 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.30027, i64 0, i64 0), i8* %1, i64 %21) #83 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.30028, i64 0, i64 0), i8* %1, i64 %21) #83 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.30029, i64 0, i64 0), i8* %1, i64 %21) #83 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.30030, i64 0, i64 0), i8* %1, i64 %21) #83 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.30031, i64 0, i64 0), i8* %1, i64 %21) #83 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.30032, i64 0, i64 0), i8* %1, i64 %21) #83 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %62 = getelementptr inbounds [2 x i8*], [2 x i8*]* %4, i64 0, i64 0 %63 = call i32 @kobject_uevent_env(%struct.kobject* %0, i32 %59, i8** nonnull %62) #84 ------------- Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 bus_uevent_store ------------- Path:  Function:bus_uevent_store %4 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %0, i64 0, i32 20 %5 = load %struct.subsys_private*, %struct.subsys_private** %4, align 8 %6 = getelementptr inbounds %struct.subsys_private, %struct.subsys_private* %5, i64 0, i32 0, i32 2 %7 = tail call i32 @kobject_synth_uevent(%struct.kobject* %6, i8* %1, i64 %2) #83 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #83 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.30025, i64 0, i64 0), i8* %1, i64 %21) #83 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.30026, i64 0, i64 0), i8* %1, i64 %21) #83 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.30027, i64 0, i64 0), i8* %1, i64 %21) #83 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.30028, i64 0, i64 0), i8* %1, i64 %21) #83 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.30029, i64 0, i64 0), i8* %1, i64 %21) #83 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.30030, i64 0, i64 0), i8* %1, i64 %21) #83 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.30031, i64 0, i64 0), i8* %1, i64 %21) #83 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.30032, i64 0, i64 0), i8* %1, i64 %21) #83 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %62 = getelementptr inbounds [2 x i8*], [2 x i8*]* %4, i64 0, i64 0 %63 = call i32 @kobject_uevent_env(%struct.kobject* %0, i32 %59, i8** nonnull %62) #84 ------------- Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 uevent_store ------------- Path:  Function:uevent_store %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 0 %6 = tail call i32 @kobject_synth_uevent(%struct.kobject* %5, i8* %2, i64 %3) #83 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #83 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.30025, i64 0, i64 0), i8* %1, i64 %21) #83 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.30026, i64 0, i64 0), i8* %1, i64 %21) #83 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.30027, i64 0, i64 0), i8* %1, i64 %21) #83 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.30028, i64 0, i64 0), i8* %1, i64 %21) #83 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.30029, i64 0, i64 0), i8* %1, i64 %21) #83 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.30030, i64 0, i64 0), i8* %1, i64 %21) #83 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.30031, i64 0, i64 0), i8* %1, i64 %21) #83 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.30032, i64 0, i64 0), i8* %1, i64 %21) #83 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %62 = getelementptr inbounds [2 x i8*], [2 x i8*]* %4, i64 0, i64 0 %63 = call i32 @kobject_uevent_env(%struct.kobject* %0, i32 %59, i8** nonnull %62) #84 ------------- Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 store_uevent ------------- Path:  Function:store_uevent %5 = getelementptr inbounds %struct.module_kobject, %struct.module_kobject* %1, i64 0, i32 0 %6 = tail call i32 @kobject_synth_uevent(%struct.kobject* %5, i8* %2, i64 %3) #83 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #83 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.30025, i64 0, i64 0), i8* %1, i64 %21) #83 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.30026, i64 0, i64 0), i8* %1, i64 %21) #83 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.30027, i64 0, i64 0), i8* %1, i64 %21) #83 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.30028, i64 0, i64 0), i8* %1, i64 %21) #83 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.30029, i64 0, i64 0), i8* %1, i64 %21) #83 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.30030, i64 0, i64 0), i8* %1, i64 %21) #83 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.30031, i64 0, i64 0), i8* %1, i64 %21) #83 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.30032, i64 0, i64 0), i8* %1, i64 %21) #83 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %62 = getelementptr inbounds [2 x i8*], [2 x i8*]* %4, i64 0, i64 0 %63 = call i32 @kobject_uevent_env(%struct.kobject* %0, i32 %59, i8** nonnull %62) #84 ------------- Good: 48 Bad: 4 Ignored: 26 Check Use of Function:netlbl_unlabel_defconf Check Use of Function:xt_target_to_user Check Use of Function:compat_table_info.69872 Check Use of Function:xt_request_find_table_lock Check Use of Function:hibernate Use: =BAD PATH= Call Stack: 0 state_store ------------- Path:  Function:state_store %5 = tail call i8* @memchr(i8* %2, i32 10, i64 %3) #83 %6 = icmp eq i8* %5, null %7 = ptrtoint i8* %5 to i64 %8 = ptrtoint i8* %2 to i64 %9 = sub i64 %7, %8 %10 = select i1 %6, i64 %3, i64 %9 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 4 br i1 %12, label %13, label %16 %14 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.32.7842, i64 0, i64 0), i64 4) #83 %15 = icmp eq i32 %14, 0 br i1 %15, label %50, label %16 %51 = tail call i32 @hibernate() #83 ------------- Good: 1 Bad: 1 Ignored: 0 Check Use of Function:dev_disable_lro Check Use of Function:bitmap_parse Use: =BAD PATH= Call Stack: 0 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = icmp eq i32 %1, 0 br i1 %9, label %58, label %10 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %11, i32 64) #83 ------------- Use: =BAD PATH= Call Stack: 0 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #83 ------------- Good: 5 Bad: 2 Ignored: 1 Check Use of Function:rtnetlink_send Check Use of Function:inet_netconf_notify_devconf Check Use of Function:is_vmalloc_addr Use: =BAD PATH= Call Stack: 0 netlink_deliver_tap 1 netlink_sendskb 2 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #83 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 104 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 8 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 22, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #83 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #83 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void @__rcu_read_lock() #83 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void @__rcu_read_unlock() #83 tail call void @__rcu_read_lock() #83 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 47 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 110, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 102 %46 = load i32*, i32** %45, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !6 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 %53 = icmp ugt %struct.__key_reference_with_attributes* %52, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %53, label %54, label %56 %57 = call %struct.__key_reference_with_attributes* @key_create_or_update(%struct.__key_reference_with_attributes* %52, i8* nonnull %10, i8* %42, i8* %51, i64 %3, i32 -1, i64 0) #83 %58 = icmp ugt %struct.__key_reference_with_attributes* %57, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) %59 = ptrtoint %struct.__key_reference_with_attributes* %57 to i64 br i1 %58, label %66, label %60 %61 = and i64 %59, -2 %62 = inttoptr i64 %61 to %struct.key.264430* %63 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %62, i64 0, i32 1 %64 = load i32, i32* %63, align 4 %65 = sext i32 %64 to i64 call void bitcast (void (%struct.key.237885*)* @key_put to void (%struct.key.264430*)*)(%struct.key.264430* %62) #83 br label %66 %67 = phi i64 [ %65, %60 ], [ %59, %56 ] %68 = ptrtoint %struct.__key_reference_with_attributes* %52 to i64 %69 = and i64 %68, -2 %70 = inttoptr i64 %69 to %struct.key.264430* call void bitcast (void (%struct.key.237885*)* @key_put to void (%struct.key.264430*)*)(%struct.key.264430* %70) #83 br label %71 %72 = phi i8* [ %45, %47 ], [ %51, %54 ], [ %51, %66 ] %73 = phi i64 [ -14, %47 ], [ %55, %54 ], [ %67, %66 ] call void @kvfree_sensitive(i8* %72, i64 %3) #83 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %8, label %4, !prof !4, !misexpect !5 tail call void asm sideeffect "", "r,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %0) #6, !srcloc !6 %5 = tail call zeroext i1 @is_vmalloc_addr(i8* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #83 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #83 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.25540, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call noalias i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #84 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #83 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #83 %53 = icmp ugt %struct.__key_reference_with_attributes* %52, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %53, label %54, label %56 %57 = call %struct.__key_reference_with_attributes* @key_create_or_update(%struct.__key_reference_with_attributes* %52, i8* nonnull %10, i8* %42, i8* %51, i64 %3, i32 -1, i64 0) #83 %58 = icmp ugt %struct.__key_reference_with_attributes* %57, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) %59 = ptrtoint %struct.__key_reference_with_attributes* %57 to i64 br i1 %58, label %66, label %60 %61 = and i64 %59, -2 %62 = inttoptr i64 %61 to %struct.key.264430* %63 = getelementptr inbounds %struct.key.264430, %struct.key.264430* %62, i64 0, i32 1 %64 = load i32, i32* %63, align 4 %65 = sext i32 %64 to i64 call void bitcast (void (%struct.key.237885*)* @key_put to void (%struct.key.264430*)*)(%struct.key.264430* %62) #83 br label %66 %67 = phi i64 [ %65, %60 ], [ %59, %56 ] %68 = ptrtoint %struct.__key_reference_with_attributes* %52 to i64 %69 = and i64 %68, -2 %70 = inttoptr i64 %69 to %struct.key.264430* call void bitcast (void (%struct.key.237885*)* @key_put to void (%struct.key.264430*)*)(%struct.key.264430* %70) #83 br label %71 %72 = phi i8* [ %45, %47 ], [ %51, %54 ], [ %51, %66 ] %73 = phi i64 [ -14, %47 ], [ %55, %54 ], [ %67, %66 ] call void @kvfree_sensitive(i8* %72, i64 %3) #83 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %8, label %4, !prof !4, !misexpect !5 tail call void asm sideeffect "", "r,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %0) #6, !srcloc !6 %5 = tail call zeroext i1 @is_vmalloc_addr(i8* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 keyctl_update_key 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %27 = inttoptr i64 %9 to i8* %28 = tail call i64 @keyctl_update_key(i32 %17, i8* %27, i64 %12) #83 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call noalias i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #83 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #84 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %26 = phi i8* [ %8, %10 ], [ %14, %17 ], [ %14, %19 ] %27 = phi i64 [ -14, %10 ], [ %18, %17 ], [ %21, %19 ] tail call void @kvfree_sensitive(i8* %26, i64 %2) #84 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %8, label %4, !prof !4, !misexpect !5 tail call void asm sideeffect "", "r,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %0) #6, !srcloc !6 %5 = tail call zeroext i1 @is_vmalloc_addr(i8* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 keyctl_update_key 2 __se_sys_keyctl 3 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #83 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call noalias i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #83 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #84 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %26 = phi i8* [ %8, %10 ], [ %14, %17 ], [ %14, %19 ] %27 = phi i64 [ -14, %10 ], [ %18, %17 ], [ %21, %19 ] tail call void @kvfree_sensitive(i8* %26, i64 %2) #84 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %8, label %4, !prof !4, !misexpect !5 tail call void asm sideeffect "", "r,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %0) #6, !srcloc !6 %5 = tail call zeroext i1 @is_vmalloc_addr(i8* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 keyctl_update_key 2 __se_sys_keyctl 3 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #83 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #83 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call noalias i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #83 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #84 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %26 = phi i8* [ %8, %10 ], [ %14, %17 ], [ %14, %19 ] %27 = phi i64 [ -14, %10 ], [ %18, %17 ], [ %21, %19 ] tail call void @kvfree_sensitive(i8* %26, i64 %2) #84 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %8, label %4, !prof !4, !misexpect !5 tail call void asm sideeffect "", "r,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %0) #6, !srcloc !6 %5 = tail call zeroext i1 @is_vmalloc_addr(i8* %0) #83 ------------- Good: 349 Bad: 7 Ignored: 172 Check Use of Function:attach_pid Check Use of Function:unlock_device_hotplug Check Use of Function:lock_device_hotplug Check Use of Function:modify_user_hw_breakpoint_check Check Use of Function:snapshot_write_finalize Check Use of Function:hibernation_snapshot Check Use of Function:flush_delayed_work Check Use of Function:hibernation_restore Check Use of Function:calipso_exit Check Use of Function:suspend_devices_and_enter Check Use of Function:__audit_inode Check Use of Function:intel_gt_reset Check Use of Function:free_all_swap_pages Check Use of Function:sd_ioctl Check Use of Function:hibernation_platform_enter Check Use of Function:swsusp_swap_in_use Check Use of Function:security_vm_enough_memory_mm Use: =BAD PATH= Call Stack: 0 __shmem_file_setup 1 shmem_zero_setup 2 mmap_zero ------------- Path:  Function:mmap_zero %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 8 %6 = icmp eq i64 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @shmem_zero_setup(%struct.vm_area_struct* %1) #83 Function:shmem_zero_setup %2 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = sub i64 %3, %5 %7 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %8 = load i64, i64* %7, align 8 %9 = load %struct.vfsmount*, %struct.vfsmount** @shm_mnt, align 8 %10 = tail call fastcc %struct.file* @__shmem_file_setup(%struct.vfsmount* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.13.13690, i64 0, i64 0), i64 %6, i64 %8, i32 512) #83 Function:__shmem_file_setup %6 = icmp ugt %struct.vfsmount* %0, inttoptr (i64 -4096 to %struct.vfsmount*) br i1 %6, label %7, label %9 %10 = icmp slt i64 %2, 0 br i1 %10, label %42, label %11 %12 = and i64 %3, 2097152 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 47 %18 = load %struct.mm_struct*, %struct.mm_struct** %17, align 8 %19 = add nuw i64 %2, 4095 %20 = ashr i64 %19, 12 %21 = tail call i32 @security_vm_enough_memory_mm(%struct.mm_struct* %18, i64 %20) #83 ------------- Good: 22 Bad: 1 Ignored: 9 Check Use of Function:__detach_mounts Check Use of Function:dma_unmap_page_attrs Check Use of Function:unlock_two_nondirectories Check Use of Function:shrink_dcache_parent Check Use of Function:ext4_create Check Use of Function:fsnotify_move Check Use of Function:security_inode_rename Check Use of Function:ext4_rename2 Check Use of Function:dev_valid_name Check Use of Function:d_move Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 tail call void bitcast (void (%struct.dentry.148048*, %struct.dentry.148048*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #83 ------------- Good: 4 Bad: 3 Ignored: 3 Check Use of Function:logfc Check Use of Function:bad_inode_rename2 Check Use of Function:security_inode_rmdir Check Use of Function:msdos_rmdir Check Use of Function:ext4_lookup Check Use of Function:iommu_change_dev_def_domain Check Use of Function:vfs_rename Check Use of Function:nfs_rmdir Check Use of Function:bad_inode_rmdir Check Use of Function:cfg80211_sched_scan_stopped_locked Check Use of Function:autofs_dir_rmdir Check Use of Function:ldsem_down_write Check Use of Function:security_set_bools Check Use of Function:filename_create Check Use of Function:bad_inode_unlink Check Use of Function:d_lookup Use: =BAD PATH= Call Stack: 0 proc_sys_fill_cache 1 proc_sys_readdir ------------- Path:  Function:proc_sys_readdir %3 = alloca %struct.ctl_table_header*, align 8 %4 = alloca %struct.ctl_table*, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 2 %9 = bitcast %struct.list_head* %8 to %struct.ctl_table_header** %10 = load %struct.ctl_table_header*, %struct.ctl_table_header** %9, align 8 %11 = icmp eq %struct.ctl_table_header* %10, null %12 = select i1 %11, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #83 %13 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 0, i32 1 %14 = load %struct.completion*, %struct.completion** %13, align 8 %15 = icmp eq %struct.completion* %14, null br i1 %15, label %17, label %16, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 0, i32 0, i32 0, i32 1 %19 = load i32, i32* %18, align 8 %20 = add i32 %19, 1 store i32 %20, i32* %18, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #83 %21 = icmp ugt %struct.ctl_table_header* %12, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %21, label %22, label %26 %27 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %28 = load i64, i64* %27, align 8 switch i64 %28, label %57 [ i64 0, label %29 i64 1, label %41 ] %30 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %31 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %30, align 8 %32 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %33 = load %struct.dentry*, %struct.dentry** %32, align 8 %34 = getelementptr inbounds %struct.dentry, %struct.dentry* %33, i64 0, i32 5 %35 = load %struct.inode*, %struct.inode** %34, align 8 %36 = getelementptr inbounds %struct.inode, %struct.inode* %35, i64 0, i32 11 %37 = load i64, i64* %36, align 8 %38 = tail call i32 %31(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.22.19350, i64 0, i64 0), i32 1, i64 0, i64 %37, i32 4) #83 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %206 store i64 1, i64* %27, align 8 br label %41 %42 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %43 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %42, align 8 %44 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %45 = load %struct.dentry*, %struct.dentry** %44, align 8 %46 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 7, i32 0 %47 = bitcast %struct.anon.1* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #83 %48 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 3 %49 = load %struct.dentry*, %struct.dentry** %48, align 8 %50 = getelementptr inbounds %struct.dentry, %struct.dentry* %49, i64 0, i32 5 %51 = load %struct.inode*, %struct.inode** %50, align 8 %52 = getelementptr inbounds %struct.inode, %struct.inode* %51, i64 0, i32 11 %53 = load i64, i64* %52, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* %47) #83 %54 = tail call i32 %43(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.23.19351, i64 0, i64 0), i32 2, i64 1, i64 %53, i32 4) #83 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %206 store i64 2, i64* %27, align 8 br label %57 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #83 %58 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 1 %59 = bitcast %struct.ctl_table_header* %58 to %struct.rb_root* %60 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %59) #83 %61 = icmp eq %struct.rb_node* %60, null br i1 %61, label %73, label %62 %63 = phi %struct.rb_node* [ %71, %70 ], [ %60, %57 ] %64 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %63, i64 1 %65 = bitcast %struct.rb_node* %64 to %struct.ctl_table_header** %66 = load %struct.ctl_table_header*, %struct.ctl_table_header** %65, align 8 %67 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %66, i64 0, i32 1 %68 = load %struct.completion*, %struct.completion** %67, align 8 %69 = icmp eq %struct.completion* %68, null br i1 %69, label %74, label %70, !prof !4, !misexpect !5 %75 = bitcast %struct.rb_node* %64 to %struct.ctl_table_header** %76 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %66, i64 0, i32 0, i32 0, i32 1 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, 1 store i32 %78, i32* %76, align 8 tail call void @_raw_spin_unlock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #83 %79 = load %struct.ctl_table_header*, %struct.ctl_table_header** %75, align 8 %80 = icmp eq %struct.ctl_table_header* %79, null br i1 %80, label %206, label %81 %82 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %79, i64 0, i32 0, i32 0, i32 0 %83 = load %struct.ctl_table*, %struct.ctl_table** %82, align 8 %84 = ptrtoint %struct.rb_node* %63 to i64 %85 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %79, i64 0, i32 6 %86 = bitcast %struct.ctl_node** %85 to i64* %87 = load i64, i64* %86, align 8 %88 = sub i64 %84, %87 %89 = ashr exact i64 %88, 5 %90 = getelementptr %struct.ctl_table, %struct.ctl_table* %83, i64 %89 %91 = bitcast %struct.ctl_table_header** %3 to i8* %92 = bitcast %struct.ctl_table** %4 to i8* br label %93 %94 = phi i64 [ %87, %81 ], [ %200, %190 ] %95 = phi i64 [ 2, %81 ], [ %99, %190 ] %96 = phi %struct.ctl_table* [ %90, %81 ], [ %204, %190 ] %97 = phi %struct.ctl_table_header* [ %79, %81 ], [ %195, %190 ] %98 = inttoptr i64 %94 to %struct.ctl_node* %99 = add i64 %95, 1 %100 = load i64, i64* %27, align 8 %101 = icmp ult i64 %95, %100 br i1 %101, label %158, label %102 %103 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %96, i64 0, i32 3 %104 = load i16, i16* %103, align 4 %105 = and i16 %104, -4096 %106 = icmp eq i16 %105, -24576 br i1 %106, label %107, label %142, !prof !6, !misexpect !5 %143 = tail call fastcc zeroext i1 @proc_sys_fill_cache(%struct.file* %0, %struct.dir_context* %1, %struct.ctl_table_header* nonnull %97, %struct.ctl_table* %96) #83 Function:proc_sys_fill_cache %5 = alloca %struct.qstr, align 8 %6 = alloca %struct.wait_queue_head, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = bitcast %struct.qstr* %5 to i8* %10 = bitcast %struct.ctl_table* %3 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.qstr, %struct.qstr* %5, i64 0, i32 1 %13 = bitcast i8** %12 to i64* store i64 %11, i64* %13, align 8 %14 = inttoptr i64 %11 to i8* %15 = tail call i64 @strlen(i8* %14) #83 %16 = trunc i64 %15 to i32 %17 = bitcast %struct.qstr* %5 to %struct.static_call_site* %18 = getelementptr inbounds %struct.static_call_site, %struct.static_call_site* %17, i64 0, i32 1 store i32 %16, i32* %18, align 4 %19 = bitcast %struct.dentry* %8 to i8* %20 = tail call i32 @full_name_hash(i8* %19, i8* %14, i32 %16) #84 %21 = bitcast %struct.qstr* %5 to i32* store i32 %20, i32* %21, align 8 %22 = call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_lookup to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %8, %struct.qstr* nonnull %5) #85 ------------- Good: 15 Bad: 1 Ignored: 0 Check Use of Function:shmem_unlink Use: =BAD PATH= Call Stack: 0 shmem_rmdir ------------- Path:  Function:shmem_rmdir %3 = tail call i32 bitcast (i32 (%struct.dentry.151783*)* @simple_empty to i32 (%struct.dentry*)*)(%struct.dentry* %1) #83 %4 = icmp eq i32 %3, 0 br i1 %4, label %9, label %5 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 tail call void bitcast (void (%struct.inode.148552*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* %7) #83 tail call void bitcast (void (%struct.inode.148552*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* %0) #83 %8 = tail call i32 @shmem_unlink(%struct.inode* %0, %struct.dentry* %1) #84 ------------- Use: =BAD PATH= Call Stack: 0 shmem_rename2 ------------- Path:  Function:shmem_rename2 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 0 %10 = load i16, i16* %9, align 8 %11 = and i16 %10, -4096 %12 = icmp eq i16 %11, 16384 %13 = icmp ult i32 %5, 8 br i1 %13, label %14, label %67 %15 = and i32 %5, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %20 = tail call i32 bitcast (i32 (%struct.dentry.151783*)* @simple_empty to i32 (%struct.dentry*)*)(%struct.dentry* %4) #83 %21 = icmp eq i32 %20, 0 br i1 %21, label %67, label %22 %23 = and i32 %5, 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 3 %27 = load %struct.dentry*, %struct.dentry** %26, align 8 %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %29 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %27, %struct.qstr* %28) #83 %30 = icmp eq %struct.dentry* %29, null br i1 %30, label %67, label %31 %32 = tail call i32 @shmem_mknod(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.inode* %1, %struct.dentry* nonnull %29, i16 zeroext 8192, i32 0) #83 tail call void bitcast (void (%struct.dentry.148048*)* @dput to void (%struct.dentry*)*)(%struct.dentry* nonnull %29) #83 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %67 tail call void bitcast (void (%struct.dentry.148048*)* @d_rehash to void (%struct.dentry*)*)(%struct.dentry* nonnull %29) #83 br label %35 %36 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %37 = load %struct.inode*, %struct.inode** %36, align 8 %38 = icmp eq %struct.inode* %37, null br i1 %38, label %43, label %39 %40 = tail call i32 @shmem_unlink(%struct.inode* %3, %struct.dentry* %4) #84 ------------- Good: 0 Bad: 2 Ignored: 0 Check Use of Function:msdos_unlink Check Use of Function:set_page_dirty_lock Check Use of Function:ipv6_chk_prefix Check Use of Function:io_arm_poll_handler Check Use of Function:local_bh_enable.68604 Check Use of Function:init_symlink Check Use of Function:translate_table Check Use of Function:alarmtimer_do_nsleep Check Use of Function:rt_mutex_futex_trylock Check Use of Function:synchronize_net Check Use of Function:fib_table_delete Check Use of Function:ext4_iomap_swap_activate Check Use of Function:vfs_fchmod Check Use of Function:fib_new_table Check Use of Function:tty_ioctl Use: =BAD PATH= Call Stack: 0 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %15 = and i64 %2, 4294967295 %16 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %15) #83 ------------- Use: =BAD PATH= Call Stack: 0 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %15 = and i64 %2, 4294967295 %16 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %15) #83 ------------- Good: 3 Bad: 4 Ignored: 6 Check Use of Function:generic_swapfile_activate Check Use of Function:try_to_unuse Check Use of Function:percpu_ref_kill_and_confirm Check Use of Function:inet6_addr_del Check Use of Function:nfs_swap_deactivate Check Use of Function:audit_inode_permission Check Use of Function:clockevents_config_and_register Check Use of Function:dev_get_flags Check Use of Function:qdisc_graft Check Use of Function:qdisc_get_stab Check Use of Function:drm_internal_framebuffer_create Check Use of Function:qdisc_create Check Use of Function:ipv6_chk_addr_and_flags Check Use of Function:mq_walk Check Use of Function:tg3_phy_start Check Use of Function:fifo_hd_init Check Use of Function:percpu_ref_init Check Use of Function:tcf_chain_tp_delete_empty Check Use of Function:max_swapfile_size Check Use of Function:blkdev_issue_discard Check Use of Function:__netlink_dump_start Check Use of Function:do_trace_netlink_extack Check Use of Function:ieee80211_calculate_rx_timestamp Check Use of Function:ext4_force_commit Check Use of Function:security_load_policy Check Use of Function:rtc_set_offset Use: =BAD PATH= Call Stack: 0 offset_store ------------- Path:  Function:offset_store %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* %7 = call i32 @kstrtoll(i8* %2, i32 10, i64* nonnull %5) #83 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = bitcast %struct.device* %0 to %struct.rtc_device* %11 = load i64, i64* %5, align 8 %12 = call i32 @rtc_set_offset(%struct.rtc_device* %10, i64 %11) #83 ------------- Good: 1 Bad: 1 Ignored: 0 Check Use of Function:xt_compat_unlock Check Use of Function:__perf_remove_from_context Check Use of Function:pin_kill Check Use of Function:vfs_unlink Check Use of Function:perf_event_alloc Check Use of Function:irq_domain_free_irqs Check Use of Function:ipip6_tunnel_update Check Use of Function:proc_net_d_revalidate Check Use of Function:ipip6_tunnel_create Check Use of Function:security_sid_to_context Use: =BAD PATH= Call Stack: 0 sel_read_initcon ------------- Path:  Function:sel_read_initcon %5 = alloca i8*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i8** %5 to i8* %15 = bitcast i32* %6 to i8* %16 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %17 to i32 %19 = and i32 %18, 16777215 %20 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %13, i64 0, i32 9 %21 = load %struct.selinux_state*, %struct.selinux_state** %20, align 8 %22 = call i32 @security_sid_to_context(%struct.selinux_state* %21, i32 %19, i8** nonnull %5, i32* nonnull %6) #83 ------------- Good: 7 Bad: 1 Ignored: 12 Check Use of Function:recalc_sigpending Check Use of Function:perf_kprobe_init Check Use of Function:kernel_restart Check Use of Function:reboot_pid_ns Check all other indirect call sites Check callee group: mq_walk Check callee group: mq_walk Check callee group: mq_walk Check callee group: mq_walk Check callee group: mq_walk Check callee group: nfs_swap_deactivate Check callee group: nfs_swap_deactivate Check callee group: aio_complete_rw Check callee group: aio_complete_rw Check callee group: aio_complete_rw Check callee group: aio_complete_rw Check callee group: aio_complete_rw Check callee group: i915_driver_lastclose Check callee group: i915_driver_lastclose Check callee group: i915_driver_release Check callee group: i915_driver_release Check callee group: i915_driver_release Check callee group: drm_atomic_helper_set_config Check callee group: drm_gem_fb_create_handle intel_user_framebuffer_create_handle Check callee group: mq_select_queue Check callee group: fifo_hd_init fifo_init Check callee group: fifo_init fifo_hd_init Check callee group: seq_read_iter Use: =BAD PATH= Call Stack: 0 proc_reg_read_iter ------------- Path:  Function:proc_reg_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 22 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %16 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 6, i32 0 %17 = load %struct.proc_ops.77375*, %struct.proc_ops.77375** %16, align 8 %18 = getelementptr inbounds %struct.proc_ops.77375, %struct.proc_ops.77375* %17, i64 0, i32 3 %19 = load i64 (%struct.kiocb*, %struct.iov_iter*)*, i64 (%struct.kiocb*, %struct.iov_iter*)** %18, align 8 %20 = tail call i64 %19(%struct.kiocb* %0, %struct.iov_iter* %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_reg_read_iter ------------- Path:  Function:proc_reg_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 22 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %16 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 6, i32 0 %17 = load %struct.proc_ops.77375*, %struct.proc_ops.77375** %16, align 8 %18 = getelementptr inbounds %struct.proc_ops.77375, %struct.proc_ops.77375* %17, i64 0, i32 3 %19 = load i64 (%struct.kiocb*, %struct.iov_iter*)*, i64 (%struct.kiocb*, %struct.iov_iter*)** %18, align 8 %20 = tail call i64 %19(%struct.kiocb* %0, %struct.iov_iter* %1) #83 ------------- Check callee group: pndisc_destructor Check callee group: sock_wfree Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #83 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %39 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff* nonnull %0) #84 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff* %0) #83 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff*)*, void (%struct.sk_buff*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #83 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %39 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff* nonnull %0) #84 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff* %0) #83 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff*)*, void (%struct.sk_buff*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff* %0) #83 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #83 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #83 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 114 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 8 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %200 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* %27 = tail call %struct.sk_buff* @__alloc_skb(i32 32, i32 3264, i32 0, i32 -1) #83 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %60, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #83 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %58 %37 = tail call i8* @skb_put(%struct.sk_buff* nonnull %27, i32 32) #83 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #83 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %197 %198 = phi %struct.sk_buff* [ %192, %191 ], [ %27, %58 ], [ %27, %62 ] %199 = phi i32 [ %194, %191 ], [ %59, %58 ], [ -9, %62 ] call void @consume_skb(%struct.sk_buff* %198) #83 Function:consume_skb %2 = icmp eq %struct.sk_buff* %0, null br i1 %2, label %40, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@consume_skb, %19)) #6 to label %39 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff* nonnull %0) #84 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff* %0) #83 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff*)*, void (%struct.sk_buff*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff* %0) #83 ------------- Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Use: =BAD PATH= Call Stack: 0 sock_queue_err_skb 1 __skb_tstamp_tx 2 __dev_queue_xmit 3 dev_queue_xmit 4 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.flow_keys_basic, align 4 %5 = alloca %struct.sockcm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %9 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %8, align 8 %10 = bitcast %struct.sockcm_cookie* %5 to i8* %11 = icmp eq %struct.sockaddr_pkt* %9, null br i1 %11, label %291, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 16 br i1 %15, label %291, label %16 %17 = icmp eq i32 %14, 18 br i1 %17, label %18, label %21 %22 = phi i16 [ %20, %18 ], [ 0, %16 ] %23 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 13 store i8 0, i8* %23, align 1 %24 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %25 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %9, i64 0, i32 1, i64 0 %26 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 13, i32 0 %27 = trunc i64 %2 to i32 %28 = shl i64 %2, 32 %29 = ashr exact i64 %28, 32 %30 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %31 = icmp slt i32 %27, 0 br label %32 %33 = phi i32 [ 0, %21 ], [ %53, %115 ] %34 = phi %struct.sk_buff* [ null, %21 ], [ %83, %115 ] tail call void @__rcu_read_lock() #83 %35 = load %struct.net*, %struct.net** %24, align 8 %36 = tail call %struct.net_device* bitcast (%struct.net_device.744736* (%struct.net.744609*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %35, i8* %25) #83 %37 = icmp eq %struct.net_device* %36, null br i1 %37, label %286, label %38 %39 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 14 %40 = load i32, i32* %39, align 64 %41 = and i32 %40, 1 %42 = icmp eq i32 %41, 0 br i1 %42, label %286, label %43 %44 = load volatile i64, i64* %26, align 8 %45 = and i64 %44, 1048576 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %47, !prof !4, !misexpect !5 %48 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 15 %49 = load i32, i32* %48, align 4 %50 = and i32 %49, 16384 %51 = icmp eq i32 %50, 0 br i1 %51, label %286, label %52 %53 = phi i32 [ %33, %43 ], [ 4, %47 ] %54 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %55 = load i32, i32* %54, align 8 %56 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %57 = load i16, i16* %56, align 2 %58 = zext i16 %57 to i32 %59 = add i32 %53, 4 %60 = add i32 %59, %55 %61 = add i32 %60, %58 %62 = zext i32 %61 to i64 %63 = icmp ult i64 %62, %2 br i1 %63, label %286, label %64 %65 = icmp eq %struct.sk_buff* %34, null br i1 %65, label %66, label %119 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 20 %121 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 19 %122 = zext i16 %57 to i32 %123 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 41 %124 = load i8*, i8** %123, align 8 %125 = icmp sgt i32 %122, %27 br i1 %125, label %126, label %150, !prof !6, !misexpect !9 %151 = load i32, i32* %120, align 8 %152 = load i16, i16* %121, align 2 %153 = zext i16 %152 to i32 %154 = add i32 %151, %53 %155 = add i32 %154, %153 %156 = zext i32 %155 to i64 %157 = icmp ult i64 %156, %2 br i1 %157, label %158, label %178 %159 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 32 %160 = load i16, i16* %159, align 32 %161 = icmp eq i16 %160, 1 br i1 %161, label %162, label %286, !prof !4, !misexpect !5 %163 = bitcast i8** %123 to i64* %164 = load i64, i64* %163, align 8 %165 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %166 = bitcast i8** %165 to i64* %167 = load i64, i64* %166, align 8 %168 = sub i64 %164, %167 %169 = trunc i64 %168 to i16 %170 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %169, i16* %170, align 2 %171 = inttoptr i64 %167 to i8* %172 = and i64 %168, 65535 %173 = getelementptr i8, i8* %171, i64 %172 %174 = getelementptr inbounds i8, i8* %173, i64 12 %175 = bitcast i8* %174 to i16* %176 = load i16, i16* %175, align 1 %177 = icmp eq i16 %176, 129 br i1 %177, label %178, label %286 %179 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 64 %180 = load i16, i16* %179, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 0 store i64 0, i64* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 1 store i32 0, i32* %182, align 8 %183 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %5, i64 0, i32 2 store i16 %180, i16* %183, align 4 %184 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %185 = load i64, i64* %184, align 8 %186 = icmp eq i64 %185, 0 br i1 %186, label %193, label %187 %188 = call i32 @sock_cmsg_send(%struct.sock* %7, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %5) #83 %189 = icmp eq i32 %188, 0 br i1 %189, label %190, label %286, !prof !4, !misexpect !5 %191 = load i64, i64* %181, align 8 %192 = load i16, i16* %183, align 4 br label %193 %194 = phi i16 [ %192, %190 ], [ %180, %178 ] %195 = phi i64 [ %191, %190 ], [ 0, %178 ] %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 33 store i16 %22, i16* %196, align 8 %197 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %197, align 8 %198 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 32 %199 = load i32, i32* %198, align 8 %200 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 21 store i32 %199, i32* %200, align 4 %201 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 33 %202 = load i32, i32* %201, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 28, i32 0 store i32 %202, i32* %203, align 4 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 2, i32 0 store i64 %195, i64* %204, align 8 %205 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 1, i32 0 %206 = load %struct.sock*, %struct.sock** %205, align 8 %207 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 40 %208 = load i8*, i8** %207, align 8 %209 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 39 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = getelementptr i8, i8* %208, i64 %211 %213 = getelementptr inbounds i8, i8* %212, i64 3 %214 = getelementptr inbounds i8, i8* %212, i64 28 %215 = bitcast i8* %214 to i32* %216 = icmp eq i16 %194, 0 br i1 %216, label %227, label %217, !prof !4, !misexpect !5 call void @__sock_tx_timestamp(i16 zeroext %194, i8* %213) #83 %218 = trunc i16 %194 to i8 %219 = icmp sgt i8 %218, -1 %220 = and i16 %194, 771 %221 = icmp eq i16 %220, 0 %222 = or i1 %221, %219 br i1 %222, label %227, label %223 %224 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 67 %225 = load i32, i32* %224, align 4 %226 = add i32 %225, 1 store i32 %226, i32* %224, align 4 store i32 %225, i32* %215, align 4 br label %227 %228 = getelementptr inbounds %struct.sock, %struct.sock* %206, i64 0, i32 0, i32 13, i32 0 %229 = load volatile i64, i64* %228, align 8 %230 = and i64 %229, 524288 %231 = icmp eq i64 %230, 0 br i1 %231, label %235, label %232, !prof !4, !misexpect !5 %236 = icmp eq i32 %53, 4 br i1 %236, label %237, label %241, !prof !6, !misexpect !5 %238 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 16 %239 = load i16, i16* %238, align 8 %240 = or i16 %239, 4096 store i16 %240, i16* %238, align 8 br label %241 %242 = load i16, i16* %196, align 8 switch i16 %242, label %267 [ i16 0, label %243 i16 768, label %243 ] %244 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %245 = load i16, i16* %244, align 4 %246 = icmp eq i16 %245, 3 br i1 %246, label %247, label %267 %248 = bitcast i8** %123 to i64* %249 = load i64, i64* %248, align 8 %250 = bitcast i8** %207 to i64* %251 = load i64, i64* %250, align 8 %252 = sub i64 %249, %251 %253 = trunc i64 %252 to i16 %254 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 36 store i16 %253, i16* %254, align 2 %255 = load %struct.net_device*, %struct.net_device** %197, align 8 %256 = getelementptr inbounds %struct.net_device, %struct.net_device* %255, i64 0, i32 44 %257 = load %struct.header_ops*, %struct.header_ops** %256, align 16 %258 = icmp eq %struct.header_ops* %257, null br i1 %258, label %265, label %259 %260 = getelementptr inbounds %struct.header_ops, %struct.header_ops* %257, i64 0, i32 5 %261 = load i16 (%struct.sk_buff*)*, i16 (%struct.sk_buff*)** %260, align 8 %262 = icmp eq i16 (%struct.sk_buff*)* %261, null br i1 %262, label %265, label %263 %264 = call zeroext i16 %261(%struct.sk_buff* nonnull %34) #83 br label %265 %266 = phi i16 [ %264, %263 ], [ 0, %259 ], [ 0, %247 ] store i16 %266, i16* %196, align 8 br label %267 %268 = bitcast %struct.flow_keys_basic* %4 to i8* %269 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %34, i64 0, i32 34 %270 = load i16, i16* %269, align 2 %271 = icmp eq i16 %270, -1 br i1 %271, label %272, label %284 %285 = call i32 bitcast (i32 (%struct.sk_buff.744749*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %34) #83 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.744749* %0, %struct.net_device.744736* null) #83 Function:__dev_queue_xmit %3 = alloca %struct.tcf_result, align 8 %4 = alloca %struct.nf_hook_state.744586, align 8 %5 = alloca %struct.tcphdr, align 4 %6 = alloca %struct.winsize, align 2 %7 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %8 = load %struct.net_device.744736*, %struct.net_device.744736** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 41 %10 = bitcast i8** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 40 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 8 %15 = sub i64 %11, %14 %16 = trunc i64 %15 to i16 %17 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 36 store i16 %16, i16* %17, align 2 %18 = inttoptr i64 %14 to i8* %19 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 39 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr i8, i8* %18, i64 %21 %23 = getelementptr inbounds i8, i8* %22, i64 3 %24 = load i8, i8* %23, align 1 %25 = and i8 %24, 64 %26 = icmp eq i8 %25, 0 br i1 %26, label %30, label %27, !prof !4, !misexpect !5 %28 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 1, i32 0 %29 = load %struct.sock.744507*, %struct.sock.744507** %28, align 8 tail call void bitcast (void (%struct.sk_buff*, %struct.sk_buff*, %struct.anon.1*, %struct.sock*, i32)* @__skb_tstamp_tx to void (%struct.sk_buff.744749*, %struct.sk_buff.744749*, %struct.anon.1*, %struct.sock.744507*, i32)*)(%struct.sk_buff.744749* %0, %struct.sk_buff.744749* null, %struct.anon.1* null, %struct.sock.744507* %29, i32 1) #83 Function:__skb_tstamp_tx %6 = icmp eq %struct.sock* %3, null br i1 %6, label %164, label %7 %8 = icmp eq %struct.anon.1* %2, null %9 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 64 %10 = load i16, i16* %9, align 8 %11 = and i16 %10, 16384 %12 = icmp eq i16 %11, 0 %13 = and i1 %8, %12 br i1 %13, label %14, label %25 %26 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 64 %27 = and i16 %10, 2048 %28 = icmp ne i16 %27, 0 %29 = load i32, i32* @sysctl_tstamp_allow_data, align 4 %30 = icmp ne i32 %29, 0 %31 = or i1 %30, %28 br i1 %31, label %44, label %32, !prof !4, !misexpect !5 br i1 %28, label %45, label %65 %66 = tail call %struct.sk_buff* @skb_clone(%struct.sk_buff* %0, i32 2592) #84 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %164, label %100 %101 = phi %struct.sk_buff* [ %62, %68 ], [ %66, %65 ] %102 = phi i8 [ %63, %68 ], [ 0, %65 ] br i1 %8, label %114, label %103 %115 = tail call i64 @ktime_get_with_offset(i32 0) #83 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 2, i32 0 store i64 %115, i64* %116, align 8 br label %117 %118 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 3, i64 0 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i32* store i32 42, i32* %120, align 4 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 3, i64 28 store i8 4, i8* %121, align 4 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 3, i64 32 %123 = bitcast i8* %122 to i32* store i32 %4, i32* %123, align 4 %124 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 3, i64 44 store i8 %102, i8* %124, align 4 %125 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 0, i32 0, i32 2, i32 0 %126 = load %struct.net_device*, %struct.net_device** %125, align 8 %127 = icmp eq %struct.net_device* %126, null br i1 %127, label %131, label %128 %129 = getelementptr inbounds %struct.net_device, %struct.net_device* %126, i64 0, i32 17 %130 = load i32, i32* %129, align 16 br label %131 %132 = phi i32 [ %130, %128 ], [ 0, %117 ] %133 = bitcast i8* %118 to i32* store i32 %132, i32* %133, align 4 %134 = load i16, i16* %26, align 8 %135 = trunc i16 %134 to i8 %136 = icmp sgt i8 %135, -1 br i1 %136, label %160, label %137 %138 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 40 %139 = load i8*, i8** %138, align 8 %140 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 39 %141 = load i32, i32* %140, align 4 %142 = zext i32 %141 to i64 %143 = getelementptr i8, i8* %139, i64 %142 %144 = getelementptr inbounds i8, i8* %143, i64 28 %145 = bitcast i8* %144 to i32* %146 = load i32, i32* %145, align 4 %147 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 3, i64 36 %148 = bitcast i8* %147 to i32* store i32 %146, i32* %148, align 4 %149 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 47 %150 = load i16, i16* %149, align 4 %151 = icmp eq i16 %150, 6 br i1 %151, label %152, label %160 %153 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 46 %154 = load i16, i16* %153, align 2 %155 = icmp eq i16 %154, 1 br i1 %155, label %156, label %160 %157 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 67 %158 = load i32, i32* %157, align 4 %159 = sub i32 %146, %158 store i32 %159, i32* %148, align 4 br label %160 %161 = tail call i32 @sock_queue_err_skb(%struct.sock* nonnull %3, %struct.sk_buff* nonnull %101) #83 Function:sock_queue_err_skb %3 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 42 %6 = load i32, i32* %5, align 8 %7 = add i32 %6, %4 %8 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 11 %9 = load volatile i32, i32* %8, align 8 %10 = icmp ult i32 %7, %9 br i1 %10, label %11, label %80 %12 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 4, i32 0, i32 1 %13 = load void (%struct.sk_buff*)*, void (%struct.sk_buff*)** %12, align 8 %14 = icmp eq void (%struct.sk_buff*)* %13, null br i1 %14, label %18, label %15 tail call void %13(%struct.sk_buff* %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 sock_queue_err_skb 1 __skb_tstamp_tx 2 __dev_queue_xmit 3 dev_queue_xmit 4 netlink_deliver_tap 5 netlink_sendskb 6 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #83 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 104 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 8 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 22, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #83 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #83 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void @__rcu_read_lock() #83 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void @__rcu_read_unlock() #83 tail call void @__rcu_read_lock() #83 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 47 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 110, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 102 %46 = load i32*, i32** %45, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !6 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #83 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* @skb_clone(%struct.sk_buff* %1, i32 2592) #83 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 47 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.744749*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #83 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.744749* %0, %struct.net_device.744736* null) #83 Function:__dev_queue_xmit %3 = alloca %struct.tcf_result, align 8 %4 = alloca %struct.nf_hook_state.744586, align 8 %5 = alloca %struct.tcphdr, align 4 %6 = alloca %struct.winsize, align 2 %7 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %8 = load %struct.net_device.744736*, %struct.net_device.744736** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 41 %10 = bitcast i8** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 40 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 8 %15 = sub i64 %11, %14 %16 = trunc i64 %15 to i16 %17 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 36 store i16 %16, i16* %17, align 2 %18 = inttoptr i64 %14 to i8* %19 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 39 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr i8, i8* %18, i64 %21 %23 = getelementptr inbounds i8, i8* %22, i64 3 %24 = load i8, i8* %23, align 1 %25 = and i8 %24, 64 %26 = icmp eq i8 %25, 0 br i1 %26, label %30, label %27, !prof !4, !misexpect !5 %28 = getelementptr inbounds %struct.sk_buff.744749, %struct.sk_buff.744749* %0, i64 0, i32 1, i32 0 %29 = load %struct.sock.744507*, %struct.sock.744507** %28, align 8 tail call void bitcast (void (%struct.sk_buff*, %struct.sk_buff*, %struct.anon.1*, %struct.sock*, i32)* @__skb_tstamp_tx to void (%struct.sk_buff.744749*, %struct.sk_buff.744749*, %struct.anon.1*, %struct.sock.744507*, i32)*)(%struct.sk_buff.744749* %0, %struct.sk_buff.744749* null, %struct.anon.1* null, %struct.sock.744507* %29, i32 1) #83 Function:__skb_tstamp_tx %6 = icmp eq %struct.sock* %3, null br i1 %6, label %164, label %7 %8 = icmp eq %struct.anon.1* %2, null %9 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 64 %10 = load i16, i16* %9, align 8 %11 = and i16 %10, 16384 %12 = icmp eq i16 %11, 0 %13 = and i1 %8, %12 br i1 %13, label %14, label %25 %26 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 64 %27 = and i16 %10, 2048 %28 = icmp ne i16 %27, 0 %29 = load i32, i32* @sysctl_tstamp_allow_data, align 4 %30 = icmp ne i32 %29, 0 %31 = or i1 %30, %28 br i1 %31, label %44, label %32, !prof !4, !misexpect !5 br i1 %28, label %45, label %65 %66 = tail call %struct.sk_buff* @skb_clone(%struct.sk_buff* %0, i32 2592) #84 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %164, label %100 %101 = phi %struct.sk_buff* [ %62, %68 ], [ %66, %65 ] %102 = phi i8 [ %63, %68 ], [ 0, %65 ] br i1 %8, label %114, label %103 %115 = tail call i64 @ktime_get_with_offset(i32 0) #83 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 2, i32 0 store i64 %115, i64* %116, align 8 br label %117 %118 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 3, i64 0 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i32* store i32 42, i32* %120, align 4 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 3, i64 28 store i8 4, i8* %121, align 4 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 3, i64 32 %123 = bitcast i8* %122 to i32* store i32 %4, i32* %123, align 4 %124 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 3, i64 44 store i8 %102, i8* %124, align 4 %125 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 0, i32 0, i32 2, i32 0 %126 = load %struct.net_device*, %struct.net_device** %125, align 8 %127 = icmp eq %struct.net_device* %126, null br i1 %127, label %131, label %128 %129 = getelementptr inbounds %struct.net_device, %struct.net_device* %126, i64 0, i32 17 %130 = load i32, i32* %129, align 16 br label %131 %132 = phi i32 [ %130, %128 ], [ 0, %117 ] %133 = bitcast i8* %118 to i32* store i32 %132, i32* %133, align 4 %134 = load i16, i16* %26, align 8 %135 = trunc i16 %134 to i8 %136 = icmp sgt i8 %135, -1 br i1 %136, label %160, label %137 %138 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 40 %139 = load i8*, i8** %138, align 8 %140 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 39 %141 = load i32, i32* %140, align 4 %142 = zext i32 %141 to i64 %143 = getelementptr i8, i8* %139, i64 %142 %144 = getelementptr inbounds i8, i8* %143, i64 28 %145 = bitcast i8* %144 to i32* %146 = load i32, i32* %145, align 4 %147 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %101, i64 0, i32 3, i64 36 %148 = bitcast i8* %147 to i32* store i32 %146, i32* %148, align 4 %149 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 47 %150 = load i16, i16* %149, align 4 %151 = icmp eq i16 %150, 6 br i1 %151, label %152, label %160 %153 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 46 %154 = load i16, i16* %153, align 2 %155 = icmp eq i16 %154, 1 br i1 %155, label %156, label %160 %157 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 67 %158 = load i32, i32* %157, align 4 %159 = sub i32 %146, %158 store i32 %159, i32* %148, align 4 br label %160 %161 = tail call i32 @sock_queue_err_skb(%struct.sock* nonnull %3, %struct.sk_buff* nonnull %101) #83 Function:sock_queue_err_skb %3 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 42 %6 = load i32, i32* %5, align 8 %7 = add i32 %6, %4 %8 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 11 %9 = load volatile i32, i32* %8, align 8 %10 = icmp ult i32 %7, %9 br i1 %10, label %11, label %80 %12 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 4, i32 0, i32 1 %13 = load void (%struct.sk_buff*)*, void (%struct.sk_buff*)** %12, align 8 %14 = icmp eq void (%struct.sk_buff*)* %13, null br i1 %14, label %18, label %15 tail call void %13(%struct.sk_buff* %1) #83 ------------- Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: ext4_iomap_swap_activate nfs_swap_activate Check callee group: ata_acpi_dev_uevent ata_acpi_ap_uevent Check callee group: ata_acpi_dev_uevent ata_acpi_ap_uevent Check callee group: drm_atomic_helper_dirtyfb intel_user_framebuffer_dirty Check callee group: drm_atomic_helper_dirtyfb intel_user_framebuffer_dirty Check callee group: ipip6_newlink Check callee group: ata_acpi_dev_notify_dock ata_acpi_ap_notify_dock Check callee group: ndisc_hash arp_hash Check callee group: ndisc_hash arp_hash Check callee group: ndisc_hash arp_hash Check callee group: ndisc_hash arp_hash Check callee group: ndisc_hash arp_hash Check callee group: sr_reset Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_attribute_cache_expired 1 nfs_readdir ------------- Path:  Function:nfs_readdir %3 = alloca [2 x i32], align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 67108864 %10 = icmp eq i32 %9, 0 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = phi %struct.dentry* [ %18, %11 ], [ %6, %2 ] %21 = getelementptr inbounds %struct.dentry, %struct.dentry* %20, i64 0, i32 5 %22 = load %struct.inode*, %struct.inode** %21, align 8 %23 = getelementptr %struct.inode, %struct.inode* %22, i64 -1, i32 24, i32 4 %24 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.nfs_open_dir_context** %26 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %22, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 28 %30 = bitcast i8** %29 to %struct.nfs_server.212651** %31 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %30, align 16 %32 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %31, i64 0, i32 6 %33 = load %struct.nfs_iostats*, %struct.nfs_iostats** %32, align 8 %34 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %33, i64 0, i32 1, i64 12 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !6 %35 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %41, label %38 %39 = tail call i32 bitcast (i32 (%struct.inode.214835*)* @nfs_attribute_cache_expired to i32 (%struct.inode*)*)(%struct.inode* %22) #83 Function:nfs_attribute_cache_expired %2 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %3 = load %struct.super_block.214819*, %struct.super_block.214819** %2, align 8 %4 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %3, i64 0, i32 28 %5 = bitcast i8** %4 to %struct.nfs_server.214962** %6 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %5, align 16 %7 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %6, i64 0, i32 0 %8 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %7, align 8 %9 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %8, i64 0, i32 12 %10 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %9, align 8 %11 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %10, i64 0, i32 47 %12 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %11, align 8 %13 = tail call i32 %12(%struct.inode.214835* %0, i32 1) #83 ------------- Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_update_inode 1 nfs_refresh_inode_locked 2 nfs_post_op_update_inode_force_wcc_locked 3 nfs_writeback_update_inode 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 2, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %44 = bitcast {}** %43 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %45 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %44, align 8 %46 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %45, null br i1 %46, label %49, label %47 %50 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = load i32, i32* %6, align 4 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %61 %62 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %63 = load %struct.super_block*, %struct.super_block** %62, align 8 %64 = getelementptr inbounds %struct.super_block, %struct.super_block* %63, i64 0, i32 28 %65 = bitcast i8** %64 to %struct.nfs_server.233131** %66 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %65, align 16 %67 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 22 %68 = load i64, i64* %67, align 8 %69 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %66, i64 0, i32 0 %70 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %69, align 8 %71 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %70, i64 0, i32 23, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %71) #83 %72 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %70, i64 0, i32 25 %73 = load i64, i64* %72, align 8 %74 = sub i64 %73, %68 %75 = icmp slt i64 %74, 0 br i1 %75, label %76, label %77 call void @_raw_spin_unlock(%struct.raw_spinlock* %71) #83 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.233175*)*)(%struct.nfs_pgio_header.233175* %1) #83 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %9 = load i64, i64* %8, align 8 %10 = add i64 %9, %7 %11 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 64 %14 = icmp eq i32 %13, 0 %15 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %14, label %18, label %16 store i64 %10, i64* %15, align 8 br label %19 %20 = phi i64 [ %17, %16 ], [ %10, %18 ] %21 = icmp ult i64 %20, 9223372036854775807 %22 = select i1 %21, i64 %20, i64 9223372036854775807 %23 = load %struct.inode*, %struct.inode** %3, align 8 %24 = getelementptr inbounds %struct.inode, %struct.inode* %23, i64 0, i32 14 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %22, %25 br i1 %26, label %27, label %29 %30 = icmp eq i64 %10, %20 br i1 %30, label %31, label %36 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #83 %32 = load i32, i32* %11, align 8 %33 = or i32 %32, 64 br label %34 %35 = phi i32 [ %28, %27 ], [ %33, %31 ] store i32 %35, i32* %11, align 8 br label %36 %37 = tail call i32 bitcast (i32 (%struct.inode.214835*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #83 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 11, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %58, label %11 %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %13 = sub i64 %6, %12 %14 = icmp sgt i64 %13, 0 br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %17 = load %struct.super_block.214819*, %struct.super_block.214819** %16, align 8 %18 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %17, i64 0, i32 28 %19 = bitcast i8** %18 to %struct.nfs_server.214962** %20 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %19, align 16 %21 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %20, i64 0, i32 26 %22 = load i32, i32* %21, align 8 switch i32 %22, label %38 [ i32 4, label %23 i32 3, label %26 ] %27 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = and i32 %28, 131072 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 33, i32 0 %35 = load volatile i64, i64* %34, align 8 %36 = sub i64 %33, %35 %37 = icmp sgt i64 %36, 0 br i1 %37, label %58, label %50 %59 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 162943 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %67 %68 = and i32 %60, 393216 %69 = icmp eq i32 %68, 131072 br i1 %69, label %70, label %75 %76 = phi i32 [ %60, %67 ], [ %74, %70 ] %77 = and i32 %76, 81920 %78 = icmp eq i32 %77, 16384 br i1 %78, label %79, label %85 %86 = phi i32 [ %76, %75 ], [ %84, %79 ] %87 = and i32 %86, 40960 %88 = icmp eq i32 %87, 8192 br i1 %88, label %89, label %95 %96 = phi i32 [ %86, %85 ], [ %94, %89 ] %97 = and i32 %96, 192 %98 = icmp eq i32 %97, 64 br i1 %98, label %99, label %104 %105 = phi i32* [ %59, %95 ], [ %59, %99 ], [ %65, %63 ] %106 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 0 %107 = load i16, i16* %106, align 8 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, 16384 %110 = select i1 %109, i64 18178, i64 18176 tail call void @nfs_set_cache_invalid(%struct.inode.214835* %0, i64 %110) #83 %111 = load i32, i32* %105, align 8 %112 = and i32 %111, 162943 %113 = icmp eq i32 %112, 0 br i1 %113, label %116, label %114 %115 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.214835* %0, %struct.nfs_fattr* %1) #83 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 11, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %51, label %11 %52 = phi i32 [ %50, %43 ], [ %37, %28 ], [ 1, %11 ], [ 0, %38 ], [ 0, %23 ], [ 0, %15 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %53)) #6 to label %73 [label %53], !srcloc !4 %74 = icmp sgt i32 %52, 0 br i1 %74, label %104, label %75 %76 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %77 = bitcast %struct.list_head** %76 to i64* %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %80 = load %struct.super_block.214819*, %struct.super_block.214819** %79, align 8 %81 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %80, i64 0, i32 28 %82 = bitcast i8** %81 to %struct.nfs_server.214962** %83 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %82, align 16 %84 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %83, i64 0, i32 26 %85 = load i32, i32* %84, align 8 %86 = icmp eq i32 %85, 4 %87 = and i64 %78, 256 %88 = icmp ne i64 %87, 0 %89 = or i1 %88, %86 %90 = and i64 %78, 89604 %91 = icmp eq i64 %90, 0 %92 = or i1 %91, %89 br i1 %92, label %106, label %93 %94 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %95 = load i32, i32* %94, align 8 %96 = and i32 %95, 131072 %97 = icmp eq i32 %96, 0 br i1 %97, label %106, label %98 %99 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 33, i32 0 %102 = load volatile i64, i64* %101, align 8 %103 = icmp eq i64 %100, %102 br i1 %103, label %104, label %106 %105 = tail call fastcc i32 @nfs_update_inode(%struct.inode.214835* %0, %struct.nfs_fattr* %1) #84 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %4 = load %struct.super_block.214819*, %struct.super_block.214819** %3, align 8 %5 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.214962** %7 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %6, align 16 %8 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %9 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 26 %14 = bitcast %struct.list_head* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %23 ], [ %33, %28 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = bitcast %struct.list_head* %8 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %78 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 0 %79 = icmp ne i16 %16, 16384 %80 = and i32 %37, 1024 %81 = icmp eq i32 %80, 0 %82 = or i1 %81, %79 br i1 %82, label %109, label %83 %84 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %7, i64 0, i32 27 %85 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %84, i64 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %85, i64 0, i32 0 %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %87, %89 br i1 %90, label %91, label %97 %92 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %7, i64 0, i32 27, i32 1 %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8, i32 1 %95 = load i64, i64* %94, align 8 %96 = icmp eq i64 %93, %95 br i1 %96, label %109, label %97 %110 = phi %struct.nfs_server.214962* [ %7, %91 ], [ %7, %77 ], [ %7, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %110, i64 0, i32 0 %112 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %111, align 8 %113 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %112, i64 0, i32 12 %114 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %113, align 8 %115 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %114, i64 0, i32 47 %116 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %115, align 8 %117 = tail call i32 %116(%struct.inode.214835* %0, i32 1) #84 ------------- Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_revalidate_mapping 1 nfs_readdir ------------- Path:  Function:nfs_readdir %3 = alloca [2 x i32], align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 67108864 %10 = icmp eq i32 %9, 0 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = phi %struct.dentry* [ %18, %11 ], [ %6, %2 ] %21 = getelementptr inbounds %struct.dentry, %struct.dentry* %20, i64 0, i32 5 %22 = load %struct.inode*, %struct.inode** %21, align 8 %23 = getelementptr %struct.inode, %struct.inode* %22, i64 -1, i32 24, i32 4 %24 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.nfs_open_dir_context** %26 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %22, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 28 %30 = bitcast i8** %29 to %struct.nfs_server.212651** %31 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %30, align 16 %32 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %31, i64 0, i32 6 %33 = load %struct.nfs_iostats*, %struct.nfs_iostats** %32, align 8 %34 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %33, i64 0, i32 1, i64 12 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !6 %35 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %41, label %38 %39 = tail call i32 bitcast (i32 (%struct.inode.214835*)* @nfs_attribute_cache_expired to i32 (%struct.inode*)*)(%struct.inode* %22) #83 %40 = icmp eq i32 %39, 0 br i1 %40, label %46, label %41 %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %43 = load %struct.address_space*, %struct.address_space** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.inode.214835*, %struct.address_space.214836*)* @nfs_revalidate_mapping to i32 (%struct.inode*, %struct.address_space*)*)(%struct.inode* %22, %struct.address_space* %43) #83 Function:nfs_revalidate_mapping %3 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 256 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %59 %8 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 9, i32 1 %10 = bitcast %struct.list_head** %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 256 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %49 %15 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %16 = load %struct.super_block.214819*, %struct.super_block.214819** %15, align 8 %17 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.214962** %19 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %19, i64 0, i32 0 %21 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %20, align 8 %22 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %21, i64 0, i32 12 %23 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %22, align 8 %24 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %23, i64 0, i32 47 %25 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %24, align 8 %26 = tail call i32 %25(%struct.inode.214835* %0, i32 1) #83 ------------- Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_getattr ------------- Path:  Function:nfs_getattr %6 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 1 %7 = load %struct.dentry.214823*, %struct.dentry.214823** %6, align 8 %8 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %7, i64 0, i32 5 %9 = load %struct.inode.214835*, %struct.inode.214835** %8, align 8 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %37 [label %17], !srcloc !4 %38 = and i32 %3, 2047 %39 = and i32 %4, 16384 %40 = icmp eq i32 %39, 0 %41 = xor i1 %16, true %42 = or i1 %40, %41 br i1 %42, label %60, label %43 %61 = and i32 %3, 192 %62 = icmp eq i32 %61, 0 br i1 %62, label %73, label %63 %64 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 0 %65 = load i16, i16* %64, align 8 %66 = and i16 %65, -4096 %67 = icmp eq i16 %66, -32768 br i1 %67, label %68, label %73 %69 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 9 %70 = load %struct.address_space.214836*, %struct.address_space.214836** %69, align 8 %71 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.214836*, i64, i64)*)(%struct.address_space.214836* %70, i64 0, i64 9223372036854775807) #83 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %297 %74 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 0 %75 = load %struct.vfsmount.214820*, %struct.vfsmount.214820** %74, align 8 %76 = getelementptr inbounds %struct.vfsmount.214820, %struct.vfsmount.214820* %75, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = and i32 %77, 8 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %88 %81 = and i32 %77, 16 %82 = icmp eq i32 %81, 0 br i1 %82, label %90, label %83 %91 = phi i32 [ %89, %88 ], [ %38, %83 ], [ %38, %80 ] %92 = and i32 %91, 1790 %93 = icmp eq i32 %92, 0 br i1 %93, label %237, label %94 br i1 %16, label %95, label %125 %96 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %97 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %96, i64 0, i32 28 %98 = bitcast i8** %97 to %struct.nfs_server.214962** %99 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %98, align 16 %100 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %99, i64 0, i32 0 %101 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %100, align 8 %102 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %101, i64 0, i32 12 %103 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %102, align 8 %104 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %103, i64 0, i32 47 %105 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %104, align 8 %106 = tail call i32 %105(%struct.inode.214835* %9, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_getattr 1 nfs_namespace_getattr ------------- Path:  Function:nfs_namespace_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %9, i64 -1, i32 24, i32 4, i32 1 %11 = bitcast %struct.list_head** %10 to i16* %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.path.214263*, %struct.kstat*, i32, i32)* @nfs_getattr to i32 (%struct.user_namespace*, %struct.path*, %struct.kstat*, i32, i32)*)(%struct.user_namespace* %0, %struct.path* %1, %struct.kstat* %2, i32 %3, i32 %4) #83 Function:nfs_getattr %6 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 1 %7 = load %struct.dentry.214823*, %struct.dentry.214823** %6, align 8 %8 = getelementptr inbounds %struct.dentry.214823, %struct.dentry.214823* %7, i64 0, i32 5 %9 = load %struct.inode.214835*, %struct.inode.214835** %8, align 8 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %37 [label %17], !srcloc !4 %38 = and i32 %3, 2047 %39 = and i32 %4, 16384 %40 = icmp eq i32 %39, 0 %41 = xor i1 %16, true %42 = or i1 %40, %41 br i1 %42, label %60, label %43 %61 = and i32 %3, 192 %62 = icmp eq i32 %61, 0 br i1 %62, label %73, label %63 %64 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 0 %65 = load i16, i16* %64, align 8 %66 = and i16 %65, -4096 %67 = icmp eq i16 %66, -32768 br i1 %67, label %68, label %73 %69 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %9, i64 0, i32 9 %70 = load %struct.address_space.214836*, %struct.address_space.214836** %69, align 8 %71 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.214836*, i64, i64)*)(%struct.address_space.214836* %70, i64 0, i64 9223372036854775807) #83 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %297 %74 = getelementptr inbounds %struct.path.214263, %struct.path.214263* %1, i64 0, i32 0 %75 = load %struct.vfsmount.214820*, %struct.vfsmount.214820** %74, align 8 %76 = getelementptr inbounds %struct.vfsmount.214820, %struct.vfsmount.214820* %75, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = and i32 %77, 8 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %88 %81 = and i32 %77, 16 %82 = icmp eq i32 %81, 0 br i1 %82, label %90, label %83 %91 = phi i32 [ %89, %88 ], [ %38, %83 ], [ %38, %80 ] %92 = and i32 %91, 1790 %93 = icmp eq i32 %92, 0 br i1 %93, label %237, label %94 br i1 %16, label %95, label %125 %96 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %97 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %96, i64 0, i32 28 %98 = bitcast i8** %97 to %struct.nfs_server.214962** %99 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %98, align 16 %100 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %99, i64 0, i32 0 %101 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %100, align 8 %102 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %101, i64 0, i32 12 %103 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %102, align 8 %104 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %103, i64 0, i32 47 %105 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %104, align 8 %106 = tail call i32 %105(%struct.inode.214835* %9, i32 1) #83 ------------- Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs4_xattr_get_nfs4_acl ------------- Path:  Function:nfs4_xattr_get_nfs4_acl %7 = getelementptr inbounds %struct.inode, %struct.inode* %2, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.233131** %11 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %11, i64 0, i32 10 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %58, label %16 %17 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %2, i64 256) #83 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs3_get_acl ------------- Path:  Function:nfs3_get_acl %4 = alloca [7 x %struct.page.232204*], align 16 %5 = alloca %struct.nfs3_getaclargs, align 8 %6 = alloca %struct.nfs3_getaclres, align 8 %7 = alloca %struct.rpc_message.232335, align 8 %8 = getelementptr inbounds %struct.inode.232196, %struct.inode.232196* %0, i64 0, i32 8 %9 = load %struct.super_block.232179*, %struct.super_block.232179** %8, align 8 %10 = getelementptr inbounds %struct.super_block.232179, %struct.super_block.232179* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.232431** %12 = load %struct.nfs_server.232431*, %struct.nfs_server.232431** %11, align 16 %13 = bitcast [7 x %struct.page.232204*]* %4 to i8* %14 = bitcast %struct.nfs3_getaclargs* %5 to i8* %15 = getelementptr %struct.inode.232196, %struct.inode.232196* %0, i64 -1, i32 24, i32 4, i32 1 %16 = bitcast %struct.nfs3_getaclargs* %5 to %struct.list_head*** store %struct.list_head** %15, %struct.list_head*** %16, align 8 %17 = getelementptr inbounds %struct.nfs3_getaclargs, %struct.nfs3_getaclargs* %5, i64 0, i32 1 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.nfs3_getaclargs, %struct.nfs3_getaclargs* %5, i64 0, i32 2 %19 = getelementptr inbounds [7 x %struct.page.232204*], [7 x %struct.page.232204*]* %4, i64 0, i64 0 store %struct.page.232204** %19, %struct.page.232204*** %18, align 8 %20 = bitcast %struct.nfs3_getaclres* %6 to i8* %21 = bitcast %struct.rpc_message.232335* %7 to i8* %22 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 0 store %struct.rpc_procinfo.232334* null, %struct.rpc_procinfo.232334** %22, align 8 %23 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs3_getaclargs** store %struct.nfs3_getaclargs* %5, %struct.nfs3_getaclargs** %24, align 8 %25 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs3_getaclres** store %struct.nfs3_getaclres* %6, %struct.nfs3_getaclres** %26, align 8 %27 = getelementptr inbounds %struct.rpc_message.232335, %struct.rpc_message.232335* %7, i64 0, i32 3 store %struct.cred* null, %struct.cred** %27, align 8 br i1 %2, label %243, label %28 %29 = getelementptr inbounds %struct.nfs_server.232431, %struct.nfs_server.232431* %12, i64 0, i32 10 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 8 %32 = icmp eq i32 %31, 0 br i1 %32, label %243, label %33 %34 = call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode.232196*, i64)*)(%struct.inode.232196* %0, i64 256) #83 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.214835*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #84 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_rmdir ------------- Path:  Function:nfs_rmdir callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rmdir_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rmdir, %3)) #6 to label %23 [label %3], !srcloc !4 %24 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %25 = load %struct.inode*, %struct.inode** %24, align 8 %26 = icmp eq %struct.inode* %25, null br i1 %26, label %59, label %27 %60 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %61 = load %struct.super_block*, %struct.super_block** %60, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.212651** %64 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %63, align 16 %65 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %64, i64 0, i32 0 %66 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %65, align 8 %67 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %66, i64 0, i32 12 %68 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %67, align 8 %69 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %68, i64 0, i32 26 %70 = load i32 (%struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.qstr*)** %69, align 8 %71 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %72 = tail call i32 %70(%struct.inode* %0, %struct.qstr* %71) #83 br label %73 %74 = phi i32 [ %43, %54 ], [ %72, %59 ] switch i32 %74, label %116 [ i32 -2, label %75 i32 0, label %76 ] tail call void bitcast (void (%struct.dentry.148048*)* @d_delete to void (%struct.dentry*)*)(%struct.dentry* %1) #83 br label %76 %77 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %77, i64 14, i32 1 %79 = bitcast %struct.list_head** %78 to i64* %80 = load i64, i64* %79, align 8 %81 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %82 = bitcast %struct.anon.1* %81 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %82) #83 %83 = load %struct.inode*, %struct.inode** %24, align 8 %84 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 3 %85 = load %struct.dentry*, %struct.dentry** %84, align 8 %86 = getelementptr inbounds %struct.dentry, %struct.dentry* %85, i64 0, i32 5 %87 = load %struct.inode*, %struct.inode** %86, align 8 %88 = and i64 %80, -2 %89 = getelementptr %struct.inode, %struct.inode* %87, i64 -1, i32 24, i32 4 %90 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 14, i32 1 %91 = bitcast %struct.list_head** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = icmp eq i64 %88, %92 br i1 %93, label %94, label %115 %95 = icmp eq %struct.inode* %83, null br i1 %95, label %112, label %96 %97 = getelementptr inbounds %struct.inode, %struct.inode* %83, i64 0, i32 8 %98 = load %struct.super_block*, %struct.super_block** %97, align 8 %99 = getelementptr inbounds %struct.super_block, %struct.super_block* %98, i64 0, i32 28 %100 = bitcast i8** %99 to %struct.nfs_server.212651** %101 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %100, align 16 %102 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %101, i64 0, i32 0 %103 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %102, align 8 %104 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %103, i64 0, i32 12 %105 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %104, align 8 %106 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %105, i64 0, i32 47 %107 = load i32 (%struct.inode*, i32)*, i32 (%struct.inode*, i32)** %106, align 8 %108 = tail call i32 %107(%struct.inode* nonnull %83, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_rmdir ------------- Path:  Function:nfs_rmdir callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rmdir_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rmdir, %3)) #6 to label %23 [label %3], !srcloc !4 %24 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %25 = load %struct.inode*, %struct.inode** %24, align 8 %26 = icmp eq %struct.inode* %25, null br i1 %26, label %59, label %27 %60 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %61 = load %struct.super_block*, %struct.super_block** %60, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.212651** %64 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %63, align 16 %65 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %64, i64 0, i32 0 %66 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %65, align 8 %67 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %66, i64 0, i32 12 %68 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %67, align 8 %69 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %68, i64 0, i32 26 %70 = load i32 (%struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.qstr*)** %69, align 8 %71 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %72 = tail call i32 %70(%struct.inode* %0, %struct.qstr* %71) #83 br label %73 %74 = phi i32 [ %43, %54 ], [ %72, %59 ] switch i32 %74, label %116 [ i32 -2, label %75 i32 0, label %76 ] tail call void bitcast (void (%struct.dentry.148048*)* @d_delete to void (%struct.dentry*)*)(%struct.dentry* %1) #83 br label %76 %77 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %77, i64 14, i32 1 %79 = bitcast %struct.list_head** %78 to i64* %80 = load i64, i64* %79, align 8 %81 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %82 = bitcast %struct.anon.1* %81 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %82) #83 %83 = load %struct.inode*, %struct.inode** %24, align 8 %84 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 3 %85 = load %struct.dentry*, %struct.dentry** %84, align 8 %86 = getelementptr inbounds %struct.dentry, %struct.dentry* %85, i64 0, i32 5 %87 = load %struct.inode*, %struct.inode** %86, align 8 %88 = and i64 %80, -2 %89 = getelementptr %struct.inode, %struct.inode* %87, i64 -1, i32 24, i32 4 %90 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 14, i32 1 %91 = bitcast %struct.list_head** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = icmp eq i64 %88, %92 br i1 %93, label %94, label %115 %95 = icmp eq %struct.inode* %83, null br i1 %95, label %112, label %96 %97 = getelementptr inbounds %struct.inode, %struct.inode* %83, i64 0, i32 8 %98 = load %struct.super_block*, %struct.super_block** %97, align 8 %99 = getelementptr inbounds %struct.super_block, %struct.super_block* %98, i64 0, i32 28 %100 = bitcast i8** %99 to %struct.nfs_server.212651** %101 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %100, align 16 %102 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %101, i64 0, i32 0 %103 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %102, align 8 %104 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %103, i64 0, i32 12 %105 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %104, align 8 %106 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %105, i64 0, i32 47 %107 = load i32 (%struct.inode*, i32)*, i32 (%struct.inode*, i32)** %106, align 8 %108 = tail call i32 %107(%struct.inode* nonnull %83, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_rmdir ------------- Path:  Function:nfs_rmdir callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rmdir_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rmdir, %3)) #6 to label %23 [label %3], !srcloc !4 %24 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %25 = load %struct.inode*, %struct.inode** %24, align 8 %26 = icmp eq %struct.inode* %25, null br i1 %26, label %59, label %27 %60 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %61 = load %struct.super_block*, %struct.super_block** %60, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.212651** %64 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %63, align 16 %65 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %64, i64 0, i32 0 %66 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %65, align 8 %67 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %66, i64 0, i32 12 %68 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %67, align 8 %69 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %68, i64 0, i32 26 %70 = load i32 (%struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.qstr*)** %69, align 8 %71 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %72 = tail call i32 %70(%struct.inode* %0, %struct.qstr* %71) #83 br label %73 %74 = phi i32 [ %43, %54 ], [ %72, %59 ] switch i32 %74, label %116 [ i32 -2, label %75 i32 0, label %76 ] tail call void bitcast (void (%struct.dentry.148048*)* @d_delete to void (%struct.dentry*)*)(%struct.dentry* %1) #83 br label %76 %77 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %77, i64 14, i32 1 %79 = bitcast %struct.list_head** %78 to i64* %80 = load i64, i64* %79, align 8 %81 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %82 = bitcast %struct.anon.1* %81 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %82) #83 %83 = load %struct.inode*, %struct.inode** %24, align 8 %84 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 3 %85 = load %struct.dentry*, %struct.dentry** %84, align 8 %86 = getelementptr inbounds %struct.dentry, %struct.dentry* %85, i64 0, i32 5 %87 = load %struct.inode*, %struct.inode** %86, align 8 %88 = and i64 %80, -2 %89 = getelementptr %struct.inode, %struct.inode* %87, i64 -1, i32 24, i32 4 %90 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 14, i32 1 %91 = bitcast %struct.list_head** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = icmp eq i64 %88, %92 br i1 %93, label %94, label %115 %95 = icmp eq %struct.inode* %83, null br i1 %95, label %112, label %96 %97 = getelementptr inbounds %struct.inode, %struct.inode* %83, i64 0, i32 8 %98 = load %struct.super_block*, %struct.super_block** %97, align 8 %99 = getelementptr inbounds %struct.super_block, %struct.super_block* %98, i64 0, i32 28 %100 = bitcast i8** %99 to %struct.nfs_server.212651** %101 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %100, align 16 %102 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %101, i64 0, i32 0 %103 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %102, align 8 %104 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %103, i64 0, i32 12 %105 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %104, align 8 %106 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %105, i64 0, i32 47 %107 = load i32 (%struct.inode*, i32)*, i32 (%struct.inode*, i32)** %106, align 8 %108 = tail call i32 %107(%struct.inode* nonnull %83, i32 1) #83 ------------- Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: serial8250_pm Check callee group: serial8250_pm Check callee group: serial8250_pm Check callee group: serial8250_pm Check callee group: serial8250_pm Check callee group: aio_complete_rw Check callee group: serial8250_pm Check callee group: i915_driver_lastclose Check callee group: serial8250_pm Check callee group: x86_pmu_aux_output_match Check callee group: x86_pmu_aux_output_match Check callee group: e1000e_phc_enable tg3_ptp_enable Check callee group: e1000e_phc_enable tg3_ptp_enable Check callee group: e1000e_phc_enable tg3_ptp_enable Check callee group: e1000e_phc_enable tg3_ptp_enable Check callee group: mq_leaf Check callee group: mq_leaf Check callee group: seq_read_iter ext4_file_read_iter read_iter_null proc_reg_read_iter blkdev_read_iter hugetlbfs_read_iter generic_file_read_iter proc_sys_read shmem_file_read_iter kernfs_fop_read_iter read_iter_zero tty_read eventfd_read sock_read_iter nfs_file_read hung_up_tty_read pipe_read Check callee group: sock_wfree Check callee group: seq_read_iter ext4_file_read_iter read_iter_null proc_reg_read_iter blkdev_read_iter hugetlbfs_read_iter generic_file_read_iter proc_sys_read shmem_file_read_iter kernfs_fop_read_iter read_iter_zero tty_read eventfd_read sock_read_iter nfs_file_read hung_up_tty_read pipe_read Check callee group: seq_read_iter ext4_file_read_iter read_iter_null proc_reg_read_iter blkdev_read_iter hugetlbfs_read_iter generic_file_read_iter proc_sys_read shmem_file_read_iter kernfs_fop_read_iter read_iter_zero tty_read eventfd_read sock_read_iter nfs_file_read hung_up_tty_read pipe_read Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.152564, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.152564* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.152964*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.152964* %2, i64 %3) #83 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 18 %24 = load %struct.address_space.152957*, %struct.address_space.152957** %23, align 8 %25 = getelementptr inbounds %struct.address_space.152957, %struct.address_space.152957* %24, i64 0, i32 0 %26 = load %struct.inode.152950*, %struct.inode.152950** %25, align 8 %27 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %26, i64 0, i32 8 %28 = load %struct.super_block.152933*, %struct.super_block.152933** %27, align 8 %29 = getelementptr inbounds %struct.super_block.152933, %struct.super_block.152933* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 2 %47 = load %struct.inode.152950*, %struct.inode.152950** %46, align 8 %48 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.152858** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.152858**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.152858* %55 = getelementptr inbounds %struct.task_struct.152858, %struct.task_struct.152858* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 0 store %struct.file.152865* %0, %struct.file.152865** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 7 store %struct.wait_page_queue.152563* null, %struct.wait_page_queue.152563** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 3 %79 = load %struct.file_operations.152636*, %struct.file_operations.152636** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.152636, %struct.file_operations.152636* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.152564*, %struct.iov_iter*)*, i64 (%struct.kiocb.152564*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.152564* nonnull %7, %struct.iov_iter* nonnull %6) #83 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.152564, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.152564* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.152964*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.152964* %2, i64 %3) #83 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 18 %24 = load %struct.address_space.152957*, %struct.address_space.152957** %23, align 8 %25 = getelementptr inbounds %struct.address_space.152957, %struct.address_space.152957* %24, i64 0, i32 0 %26 = load %struct.inode.152950*, %struct.inode.152950** %25, align 8 %27 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %26, i64 0, i32 8 %28 = load %struct.super_block.152933*, %struct.super_block.152933** %27, align 8 %29 = getelementptr inbounds %struct.super_block.152933, %struct.super_block.152933* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 2 %47 = load %struct.inode.152950*, %struct.inode.152950** %46, align 8 %48 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.152858** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.152858**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.152858* %55 = getelementptr inbounds %struct.task_struct.152858, %struct.task_struct.152858* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 0 store %struct.file.152865* %0, %struct.file.152865** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 7 store %struct.wait_page_queue.152563* null, %struct.wait_page_queue.152563** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 3 %79 = load %struct.file_operations.152636*, %struct.file_operations.152636** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.152636, %struct.file_operations.152636* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.152564*, %struct.iov_iter*)*, i64 (%struct.kiocb.152564*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.152564* nonnull %7, %struct.iov_iter* nonnull %6) #83 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read 1 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket** %8 = load %struct.socket*, %struct.socket** %7, align 8 %9 = getelementptr inbounds %struct.socket, %struct.socket* %8, i64 0, i32 5 %10 = load %struct.proto_ops*, %struct.proto_ops** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %10, i64 0, i32 21 %12 = load i64 (%struct.socket*, i64*, %struct.pipe_inode_info*, i64, i32)*, i64 (%struct.socket*, i64*, %struct.pipe_inode_info*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket*, i64*, %struct.pipe_inode_info*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.152865*, i64*, %struct.pipe_inode_info.152964*, i64, i32)* @generic_file_splice_read to i64 (%struct.file*, i64*, %struct.pipe_inode_info*, i64, i32)*)(%struct.file* %0, i64* %1, %struct.pipe_inode_info* %2, i64 %3, i32 %4) #83 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.152564, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.152564* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.152964*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.152964* %2, i64 %3) #83 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 18 %24 = load %struct.address_space.152957*, %struct.address_space.152957** %23, align 8 %25 = getelementptr inbounds %struct.address_space.152957, %struct.address_space.152957* %24, i64 0, i32 0 %26 = load %struct.inode.152950*, %struct.inode.152950** %25, align 8 %27 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %26, i64 0, i32 8 %28 = load %struct.super_block.152933*, %struct.super_block.152933** %27, align 8 %29 = getelementptr inbounds %struct.super_block.152933, %struct.super_block.152933* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 2 %47 = load %struct.inode.152950*, %struct.inode.152950** %46, align 8 %48 = getelementptr inbounds %struct.inode.152950, %struct.inode.152950* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.152858** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.152858**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.152858* %55 = getelementptr inbounds %struct.task_struct.152858, %struct.task_struct.152858* %54, i64 0, i32 132 %56 = load %struct.io_context*, %struct.io_context** %55, align 16 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 16388, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 0 store %struct.file.152865* %0, %struct.file.152865** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.152564, %struct.kiocb.152564* %7, i64 0, i32 7 store %struct.wait_page_queue.152563* null, %struct.wait_page_queue.152563** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.152865, %struct.file.152865* %0, i64 0, i32 3 %79 = load %struct.file_operations.152636*, %struct.file_operations.152636** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.152636, %struct.file_operations.152636* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.152564*, %struct.iov_iter*)*, i64 (%struct.kiocb.152564*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.152564* nonnull %7, %struct.iov_iter* nonnull %6) #83 ------------- Check callee group: seq_read_iter ext4_file_read_iter read_iter_null proc_reg_read_iter blkdev_read_iter hugetlbfs_read_iter generic_file_read_iter proc_sys_read shmem_file_read_iter kernfs_fop_read_iter read_iter_zero tty_read eventfd_read sock_read_iter nfs_file_read hung_up_tty_read pipe_read Check callee group: seq_read_iter ext4_file_read_iter read_iter_null proc_reg_read_iter blkdev_read_iter hugetlbfs_read_iter generic_file_read_iter proc_sys_read shmem_file_read_iter kernfs_fop_read_iter read_iter_zero tty_read eventfd_read sock_read_iter nfs_file_read hung_up_tty_read pipe_read Check callee group: seq_read_iter ext4_file_read_iter read_iter_null proc_reg_read_iter blkdev_read_iter hugetlbfs_read_iter generic_file_read_iter proc_sys_read shmem_file_read_iter kernfs_fop_read_iter read_iter_zero tty_read eventfd_read sock_read_iter nfs_file_read hung_up_tty_read pipe_read Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: aio_complete_rw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: fifo_init fifo_hd_init Check callee group: nfs_umount_begin Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mq_walk Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: sock_wfree Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000e_phc_enable tg3_ptp_enable Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: drm_connector_free drm_property_free_blob drm_framebuffer_free Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_walk Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: e1000e_phc_enable tg3_ptp_enable Use: =BAD PATH= Call Stack: 0 extts_enable_store ------------- Path:  Function:extts_enable_store %5 = alloca %struct.ptp_clock_request, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds i8, i8* %8, i64 968 %10 = bitcast i8* %9 to %struct.ptp_clock_info.683310** %11 = load %struct.ptp_clock_info.683310*, %struct.ptp_clock_info.683310** %10, align 8 %12 = bitcast %struct.ptp_clock_request* %5 to i8* %13 = bitcast i32* %6 to i8* %14 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1 %15 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.2.59016, i64 0, i64 0), %union.anon.186.630210* %14, i32* nonnull %6) #83 %16 = icmp eq i32 %15, 2 br i1 %16, label %17, label %31 %18 = bitcast %union.anon.186.630210* %14 to i32* %19 = load i32, i32* %18, align 8 %20 = getelementptr inbounds %struct.ptp_clock_info.683310, %struct.ptp_clock_info.683310* %11, i64 0, i32 4 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %19, %21 br i1 %22, label %23, label %31 %24 = getelementptr inbounds %struct.ptp_clock_info.683310, %struct.ptp_clock_info.683310* %11, i64 0, i32 17 %25 = load i32 (%struct.ptp_clock_info.683310*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.683310*, %struct.ptp_clock_request*, i32)** %24, align 8 %26 = load i32, i32* %6, align 4 %27 = icmp ne i32 %26, 0 %28 = zext i1 %27 to i32 %29 = call i32 %25(%struct.ptp_clock_info.683310* %11, %struct.ptp_clock_request* nonnull %5, i32 %28) #84 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: dm_pr_clear sd_pr_clear Check callee group: tg3_read_indirect_reg32 Check callee group: sd_ioctl lo_ioctl md_ioctl sr_block_ioctl dm_blk_ioctl Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: dm_pr_reserve sd_pr_reserve Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: serial8250_get_mctrl Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: generic_access_phys kernfs_vma_access vm_access_ttm vm_access ttm_bo_vm_access Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_leaf Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: pid_revalidate map_files_d_revalidate proc_net_d_revalidate kernfs_dop_revalidate proc_misc_d_revalidate tid_fd_revalidate nfs4_lookup_revalidate proc_sys_revalidate vfat_revalidate_ci nfs_lookup_revalidate vfat_revalidate Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: drm_atomic_helper_dirtyfb intel_user_framebuffer_dirty Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_get_mctrl Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: aio_complete_rw Check callee group: seq_read_iter ext4_file_read_iter read_iter_null proc_reg_read_iter blkdev_read_iter hugetlbfs_read_iter generic_file_read_iter proc_sys_read shmem_file_read_iter kernfs_fop_read_iter read_iter_zero tty_read eventfd_read sock_read_iter nfs_file_read hung_up_tty_read pipe_read Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_config_port Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: dm_pr_preempt sd_pr_preempt Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: pid_revalidate map_files_d_revalidate proc_net_d_revalidate kernfs_dop_revalidate proc_misc_d_revalidate tid_fd_revalidate nfs4_lookup_revalidate proc_sys_revalidate vfat_revalidate_ci nfs_lookup_revalidate vfat_revalidate Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: serial8250_pm Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: timens_install pidns_install ipcns_install cgroupns_install utsns_install mntns_install netns_install Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_release_port Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_connector_free drm_property_free_blob drm_framebuffer_free Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: device_reset Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: i915_driver_release Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_atomic_helper_page_flip Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_file_llseek ------------- Path:  Function:nfs_file_llseek %4 = icmp ult i32 %2, 2 br i1 %4, label %25, label %5 %6 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %0, i64 0, i32 18 %7 = load %struct.address_space.212830*, %struct.address_space.212830** %6, align 8 %8 = getelementptr inbounds %struct.address_space.212830, %struct.address_space.212830* %7, i64 0, i32 0 %9 = load %struct.inode.213279*, %struct.inode.213279** %8, align 8 %10 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %9, i64 0, i32 8 %11 = load %struct.super_block.213267*, %struct.super_block.213267** %10, align 8 %12 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.213423** %14 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %13, align 16 %15 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %0, i64 0, i32 7 %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 16384 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %21 %20 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode.213279*, i64)*)(%struct.inode.213279* %9, i64 2048) #83 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 94 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.212651** %12 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.212651** %44 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %44, i64 0, i32 0 %46 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #83 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, %struct.nfs_access_entry* nonnull %4, i1 zeroext %7) #84 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 tail call void @__rcu_read_lock() #83 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 9, i32 1 %7 = bitcast %struct.list_head** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %37 tail call void @__rcu_read_unlock() #83 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #83 %39 = load i64, i64* %7, align 8 %40 = and i64 %39, 8 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %109 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 12 %44 = bitcast %struct.list_head* %43 to %struct.rb_node** %45 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %46 %47 = phi i1 [ false, %42 ], [ true, %79 ] %48 = load %struct.rb_node*, %struct.rb_node** %44, align 8 %49 = icmp eq %struct.rb_node* %48, null br i1 %49, label %107, label %50 %51 = phi %struct.rb_node* [ %65, %63 ], [ %48, %46 ] %52 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %51, i64 1, i32 2 %53 = bitcast %struct.rb_node** %52 to %struct.cred** %54 = load %struct.cred*, %struct.cred** %53, align 8 %55 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %54) #83 %56 = icmp slt i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i32 %55, 0 br i1 %60, label %67, label %61 %68 = tail call zeroext i1 bitcast (i1 (%struct.inode.214835*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #83 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %11 = load %struct.super_block.214819*, %struct.super_block.214819** %10, align 8 %12 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.214962** %14 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %14, i64 0, i32 0 %16 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.214835* %0, i32 1) #83 ------------- Check callee group: generic_file_write_iter sock_write_iter pipe_write proc_sys_write write_iter_null redirected_tty_write kernfs_fop_write_iter hung_up_tty_write nfs_file_write devkmsg_write tty_write blkdev_write_iter ext4_file_write_iter Check callee group: ndisc_hash arp_hash Check callee group: tg3_read_indirect_reg32 Check callee group: sd_ioctl lo_ioctl md_ioctl sr_block_ioctl dm_blk_ioctl Use: =BAD PATH= Call Stack: 0 blkdev_compat_ptr_ioctl ------------- Path:  Function:blkdev_compat_ptr_ioctl %5 = getelementptr inbounds %struct.block_device.297091, %struct.block_device.297091* %0, i64 0, i32 17 %6 = load %struct.gendisk.296830*, %struct.gendisk.296830** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296830, %struct.gendisk.296830* %6, i64 0, i32 8 %8 = load %struct.block_device_operations.296785*, %struct.block_device_operations.296785** %7, align 8 %9 = getelementptr inbounds %struct.block_device_operations.296785, %struct.block_device_operations.296785* %8, i64 0, i32 4 %10 = bitcast {}** %9 to i32 (%struct.block_device.297091*, i32, i32, i64)** %11 = load i32 (%struct.block_device.297091*, i32, i32, i64)*, i32 (%struct.block_device.297091*, i32, i32, i64)** %10, align 8 %12 = icmp eq i32 (%struct.block_device.297091*, i32, i32, i64)* %11, null br i1 %12, label %16, label %13 %14 = and i64 %3, 4294967295 %15 = tail call i32 %11(%struct.block_device.297091* %0, i32 %1, i32 %2, i64 %14) #83 ------------- Use: =BAD PATH= Call Stack: 0 blkdev_compat_ptr_ioctl ------------- Path:  Function:blkdev_compat_ptr_ioctl %5 = getelementptr inbounds %struct.block_device.297091, %struct.block_device.297091* %0, i64 0, i32 17 %6 = load %struct.gendisk.296830*, %struct.gendisk.296830** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296830, %struct.gendisk.296830* %6, i64 0, i32 8 %8 = load %struct.block_device_operations.296785*, %struct.block_device_operations.296785** %7, align 8 %9 = getelementptr inbounds %struct.block_device_operations.296785, %struct.block_device_operations.296785* %8, i64 0, i32 4 %10 = bitcast {}** %9 to i32 (%struct.block_device.297091*, i32, i32, i64)** %11 = load i32 (%struct.block_device.297091*, i32, i32, i64)*, i32 (%struct.block_device.297091*, i32, i32, i64)** %10, align 8 %12 = icmp eq i32 (%struct.block_device.297091*, i32, i32, i64)* %11, null br i1 %12, label %16, label %13 %14 = and i64 %3, 4294967295 %15 = tail call i32 %11(%struct.block_device.297091* %0, i32 %1, i32 %2, i64 %14) #83 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: i915_driver_release Use: =BAD PATH= Call Stack: 0 drm_dev_put 1 singleton_release ------------- Path:  Function:singleton_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_i915_private.436298** %5 = load %struct.drm_i915_private.436298*, %struct.drm_i915_private.436298** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %5, i64 0, i32 109, i32 1 %7 = bitcast %struct.file** %6 to i64* %8 = tail call %struct.file* asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, %struct.file* null, %struct.file* %1, i64* %7) #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_private.436298, %struct.drm_i915_private.436298* %5, i64 0, i32 0 tail call void @drm_dev_put(%struct.drm_device.373290* %9) #83 Function:drm_dev_put %2 = icmp eq %struct.drm_device.373290* %0, null br i1 %2, label %28, label %3 %4 = getelementptr inbounds %struct.drm_device.373290, %struct.drm_device.373290* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -1 %16 = bitcast %struct.qspinlock* %15 to %struct.drm_device.373290* %17 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 11 %18 = bitcast %struct.qspinlock* %17 to %struct.drm_driver** %19 = load %struct.drm_driver*, %struct.drm_driver** %18, align 8 %20 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %19, i64 0, i32 5 %21 = load void (%struct.drm_device.373290*)*, void (%struct.drm_device.373290*)** %20, align 8 %22 = icmp eq void (%struct.drm_device.373290*)* %21, null br i1 %22, label %24, label %23 tail call void %21(%struct.drm_device.373290* %16) #83 ------------- Check callee group: serial8250_release_port Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: aio_complete_rw Check callee group: mq_find Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_invalidate_atime 2 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 1, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %44 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %43, align 8 %45 = icmp eq %struct.rpc_procinfo* %44, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %45, label %46, label %64 %65 = load i32, i32* %15, align 4 br label %66 %67 = phi i32 [ %65, %64 ], [ %59, %58 ] %68 = icmp sgt i32 %67, 0 br i1 %68, label %69, label %72 %70 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %71 = load %struct.inode*, %struct.inode** %70, align 8 call void bitcast (void (%struct.inode.214835*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %71) #83 Function:nfs_invalidate_atime %2 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %2) #83 tail call void @nfs_set_cache_invalid(%struct.inode.214835* %0, i64 4) #84 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %5 = load %struct.super_block.214819*, %struct.super_block.214819** %4, align 8 %6 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.214962** %8 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %8, i64 0, i32 0 %10 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_post_op_update_inode_force_wcc_locked 2 nfs_writeback_update_inode 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 2, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %44 = bitcast {}** %43 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %45 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %44, align 8 %46 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %45, null br i1 %46, label %49, label %47 %50 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = load i32, i32* %6, align 4 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %61 %62 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %63 = load %struct.super_block*, %struct.super_block** %62, align 8 %64 = getelementptr inbounds %struct.super_block, %struct.super_block* %63, i64 0, i32 28 %65 = bitcast i8** %64 to %struct.nfs_server.233131** %66 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %65, align 16 %67 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 22 %68 = load i64, i64* %67, align 8 %69 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %66, i64 0, i32 0 %70 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %69, align 8 %71 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %70, i64 0, i32 23, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %71) #83 %72 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %70, i64 0, i32 25 %73 = load i64, i64* %72, align 8 %74 = sub i64 %73, %68 %75 = icmp slt i64 %74, 0 br i1 %75, label %76, label %77 call void @_raw_spin_unlock(%struct.raw_spinlock* %71) #83 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.233175*)*)(%struct.nfs_pgio_header.233175* %1) #83 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %9 = load i64, i64* %8, align 8 %10 = add i64 %9, %7 %11 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 64 %14 = icmp eq i32 %13, 0 %15 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %14, label %18, label %16 store i64 %10, i64* %15, align 8 br label %19 %20 = phi i64 [ %17, %16 ], [ %10, %18 ] %21 = icmp ult i64 %20, 9223372036854775807 %22 = select i1 %21, i64 %20, i64 9223372036854775807 %23 = load %struct.inode*, %struct.inode** %3, align 8 %24 = getelementptr inbounds %struct.inode, %struct.inode* %23, i64 0, i32 14 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %22, %25 br i1 %26, label %27, label %29 %30 = icmp eq i64 %10, %20 br i1 %30, label %31, label %36 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #83 %32 = load i32, i32* %11, align 8 %33 = or i32 %32, 64 br label %34 %35 = phi i32 [ %28, %27 ], [ %33, %31 ] store i32 %35, i32* %11, align 8 br label %36 %37 = tail call i32 bitcast (i32 (%struct.inode.214835*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #83 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 11, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %58, label %11 %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %13 = sub i64 %6, %12 %14 = icmp sgt i64 %13, 0 br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %17 = load %struct.super_block.214819*, %struct.super_block.214819** %16, align 8 %18 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %17, i64 0, i32 28 %19 = bitcast i8** %18 to %struct.nfs_server.214962** %20 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %19, align 16 %21 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %20, i64 0, i32 26 %22 = load i32, i32* %21, align 8 switch i32 %22, label %38 [ i32 4, label %23 i32 3, label %26 ] %27 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = and i32 %28, 131072 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 33, i32 0 %35 = load volatile i64, i64* %34, align 8 %36 = sub i64 %33, %35 %37 = icmp sgt i64 %36, 0 br i1 %37, label %58, label %50 %59 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 162943 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %67 %68 = and i32 %60, 393216 %69 = icmp eq i32 %68, 131072 br i1 %69, label %70, label %75 %76 = phi i32 [ %60, %67 ], [ %74, %70 ] %77 = and i32 %76, 81920 %78 = icmp eq i32 %77, 16384 br i1 %78, label %79, label %85 %86 = phi i32 [ %76, %75 ], [ %84, %79 ] %87 = and i32 %86, 40960 %88 = icmp eq i32 %87, 8192 br i1 %88, label %89, label %95 %96 = phi i32 [ %86, %85 ], [ %94, %89 ] %97 = and i32 %96, 192 %98 = icmp eq i32 %97, 64 br i1 %98, label %99, label %104 %105 = phi i32* [ %59, %95 ], [ %59, %99 ], [ %65, %63 ] %106 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 0 %107 = load i16, i16* %106, align 8 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, 16384 %110 = select i1 %109, i64 18178, i64 18176 tail call void @nfs_set_cache_invalid(%struct.inode.214835* %0, i64 %110) #83 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %5 = load %struct.super_block.214819*, %struct.super_block.214819** %4, align 8 %6 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.214962** %8 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %8, i64 0, i32 0 %10 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs4_update_changeattr_locked 2 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.233145** %6 = load %struct.nfs_unlinkdata.233145*, %struct.nfs_unlinkdata.233145** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %17, label %10 %18 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 1 %19 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %18, align 8 %20 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 6 %21 = bitcast %struct.nfs4_exception* %3 to i8* %22 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = load i32, i32* %22, align 4 %25 = icmp sgt i32 %24, -1 br i1 %25, label %47, label %26 %48 = phi i32 [ %24, %17 ], [ %45, %44 ] %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %57 %51 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 3 %52 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 2 %53 = load %struct.nfs_fattr*, %struct.nfs_fattr** %52, align 8 %54 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %53, i64 0, i32 19 %55 = load i64, i64* %54, align 8 %56 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %56) #83 call fastcc void @nfs4_update_changeattr_locked(%struct.inode* %1, %struct.perf_guest_switch_msr* %51, i64 %55, i64 2) #83 Function:nfs4_update_changeattr_locked %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = select i1 %11, i64 1538, i64 1536 %13 = or i64 %12, %3 %14 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %15 = load %struct.super_block*, %struct.super_block** %14, align 8 %16 = getelementptr inbounds %struct.super_block, %struct.super_block* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.233131** %18 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %17, align 16 %19 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %18, i64 0, i32 26 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 4 %22 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 2 %23 = load i64, i64* %22, align 8 br i1 %21, label %24, label %26 %27 = sub i64 %7, %23 %28 = icmp sgt i64 %27, -1 br i1 %28, label %83, label %29 %84 = phi i64 [ %13, %24 ], [ %70, %69 ], [ %13, %26 ] tail call void bitcast (void (%struct.inode.214835*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* %0, i64 %84) #83 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %5 = load %struct.super_block.214819*, %struct.super_block.214819** %4, align 8 %6 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.214962** %8 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %8, i64 0, i32 0 %10 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs4_update_changeattr_locked 2 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.233148** %7 = load %struct.nfs_renamedata.233148*, %struct.nfs_renamedata.233148** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %8, align 8 %10 = icmp eq %struct.nfs4_slot.233140* %9, null br i1 %10, label %18, label %11 %19 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 1 %20 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %19, align 8 %21 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 10 %22 = bitcast %struct.nfs4_exception* %4 to i8* %23 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = load i32, i32* %23, align 4 %26 = icmp sgt i32 %25, -1 br i1 %26, label %48, label %27 %49 = phi i32 [ %25, %18 ], [ %46, %45 ] %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %67 %52 = icmp eq %struct.inode* %2, %1 %53 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 2 %54 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 3 %55 = load %struct.nfs_fattr*, %struct.nfs_fattr** %54, align 8 %56 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %55, i64 0, i32 19 %57 = load i64, i64* %56, align 8 %58 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %58) #83 br i1 %52, label %66, label %59 call fastcc void @nfs4_update_changeattr_locked(%struct.inode* %2, %struct.perf_guest_switch_msr* %53, i64 %57, i64 2) #83 Function:nfs4_update_changeattr_locked %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = select i1 %11, i64 1538, i64 1536 %13 = or i64 %12, %3 %14 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %15 = load %struct.super_block*, %struct.super_block** %14, align 8 %16 = getelementptr inbounds %struct.super_block, %struct.super_block* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.233131** %18 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %17, align 16 %19 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %18, i64 0, i32 26 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 4 %22 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 2 %23 = load i64, i64* %22, align 8 br i1 %21, label %24, label %26 %27 = sub i64 %7, %23 %28 = icmp sgt i64 %27, -1 br i1 %28, label %83, label %29 %84 = phi i64 [ %13, %24 ], [ %70, %69 ], [ %13, %26 ] tail call void bitcast (void (%struct.inode.214835*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* %0, i64 %84) #83 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %5 = load %struct.super_block.214819*, %struct.super_block.214819** %4, align 8 %6 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.214962** %8 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %8, i64 0, i32 0 %10 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.inode, %struct.inode* %90, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %122) #83 %123 = getelementptr inbounds %struct.inode, %struct.inode* %90, i64 0, i32 12, i32 0 %124 = load i32, i32* %123, align 8 %125 = icmp eq i32 %124, 0 br i1 %125, label %127, label %126 %128 = tail call i64 @nfs_inc_attr_generation_counter() #83 %129 = getelementptr %struct.inode, %struct.inode* %90, i64 -1, i32 24, i32 4 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 11, i32 1 %131 = bitcast %struct.list_head** %130 to i64* store i64 %128, i64* %131, align 8 tail call void bitcast (void (%struct.inode.214835*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* nonnull %90, i64 66304) #83 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %5 = load %struct.super_block.214819*, %struct.super_block.214819** %4, align 8 %6 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.214962** %8 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %8, i64 0, i32 0 %10 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.inode, %struct.inode* %90, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %122) #83 %123 = getelementptr inbounds %struct.inode, %struct.inode* %90, i64 0, i32 12, i32 0 %124 = load i32, i32* %123, align 8 %125 = icmp eq i32 %124, 0 br i1 %125, label %127, label %126 %128 = tail call i64 @nfs_inc_attr_generation_counter() #83 %129 = getelementptr %struct.inode, %struct.inode* %90, i64 -1, i32 24, i32 4 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 11, i32 1 %131 = bitcast %struct.list_head** %130 to i64* store i64 %128, i64* %131, align 8 tail call void bitcast (void (%struct.inode.214835*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* nonnull %90, i64 66304) #83 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %5 = load %struct.super_block.214819*, %struct.super_block.214819** %4, align 8 %6 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.214962** %8 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %8, i64 0, i32 0 %10 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp eq %struct.inode* %10, null br i1 %34, label %61, label %35 %36 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 %39 = icmp eq i16 %38, 16384 br i1 %39, label %61, label %40 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %42 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %41, align 8 %43 = icmp eq %struct.hlist_bl_node** %42, null br i1 %43, label %45, label %44 %46 = phi %struct.dentry* [ null, %40 ], [ %4, %44 ] %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %48 = bitcast %struct.anon.1* %47 to %struct.swap_cluster_info* %49 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %48, i64 0, i32 1 %50 = load i32, i32* %49, align 4 %51 = icmp ugt i32 %50, 2 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %54 = load %struct.dentry*, %struct.dentry** %53, align 8 %55 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %56 = tail call %struct.dentry* bitcast (%struct.dentry.148048* (%struct.dentry.148048*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %54, %struct.qstr* %55) #83 %57 = icmp eq %struct.dentry* %56, null br i1 %57, label %89, label %58 %59 = tail call i32 bitcast (i32 (%struct.inode.220132*, %struct.dentry.220135*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #83 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %89 %90 = phi %struct.inode* [ %62, %68 ], [ %62, %83 ], [ %62, %79 ], [ %62, %74 ], [ %10, %58 ], [ %10, %52 ] %91 = phi %struct.dentry* [ %63, %68 ], [ %63, %83 ], [ %63, %79 ], [ %63, %74 ], [ %56, %58 ], [ null, %52 ] %92 = phi %struct.dentry* [ %64, %68 ], [ %64, %83 ], [ %64, %79 ], [ %64, %74 ], [ %46, %58 ], [ %46, %52 ] %93 = phi %struct.dentry* [ %65, %68 ], [ %65, %83 ], [ %65, %79 ], [ %65, %74 ], [ %4, %58 ], [ %4, %52 ] %94 = phi i32 [ %70, %68 ], [ 0, %83 ], [ %81, %79 ], [ %72, %74 ], [ -16, %58 ], [ -16, %52 ] %95 = icmp eq %struct.dentry* %92, null br i1 %95, label %97, label %96 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %98)) #6 to label %118 [label %98], !srcloc !4 switch i32 %94, label %180 [ i32 0, label %119 i32 -2, label %172 ] %120 = icmp eq %struct.inode* %90, null br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.inode, %struct.inode* %90, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %122) #83 %123 = getelementptr inbounds %struct.inode, %struct.inode* %90, i64 0, i32 12, i32 0 %124 = load i32, i32* %123, align 8 %125 = icmp eq i32 %124, 0 br i1 %125, label %127, label %126 %128 = tail call i64 @nfs_inc_attr_generation_counter() #83 %129 = getelementptr %struct.inode, %struct.inode* %90, i64 -1, i32 24, i32 4 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 11, i32 1 %131 = bitcast %struct.list_head** %130 to i64* store i64 %128, i64* %131, align 8 tail call void bitcast (void (%struct.inode.214835*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* nonnull %90, i64 66304) #83 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %5 = load %struct.super_block.214819*, %struct.super_block.214819** %4, align 8 %6 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.214962** %8 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %8, i64 0, i32 0 %10 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_safe_remove 2 nfs_unlink ------------- Path:  Function:nfs_unlink callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_unlink_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_unlink, %3)) #6 to label %23 [label %3], !srcloc !4 %24 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %25 = bitcast %struct.anon.1* %24 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %25) #83 %26 = bitcast %struct.anon.1* %24 to %struct.swap_cluster_info* %27 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, 1 br i1 %29, label %30, label %35 %36 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 2, i32 1 %37 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %36, align 8 %38 = icmp eq %struct.hlist_bl_node** %37, null br i1 %38, label %40, label %39 %41 = phi i1 [ true, %35 ], [ false, %39 ] tail call void @_raw_spin_unlock(%struct.raw_spinlock* %25) #83 %42 = tail call fastcc i32 @nfs_safe_remove(%struct.dentry* %1) #84 Function:nfs_safe_remove %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %3 = load %struct.dentry*, %struct.dentry** %2, align 8 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %3, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %91 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_remove_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_safe_remove, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp ne %struct.inode* %7, null %35 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %36 = load %struct.super_block*, %struct.super_block** %35, align 8 %37 = getelementptr inbounds %struct.super_block, %struct.super_block* %36, i64 0, i32 28 %38 = bitcast i8** %37 to %struct.nfs_server.212651** %39 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %38, align 16 %40 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %39, i64 0, i32 0 %41 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %40, align 8 %42 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %41, i64 0, i32 12 %43 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %42, align 8 %44 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %43, i64 0, i32 16 %45 = load i32 (%struct.inode*, %struct.dentry*)*, i32 (%struct.inode*, %struct.dentry*)** %44, align 8 %46 = tail call i32 %45(%struct.inode* %5, %struct.dentry* %0) #83 %47 = icmp eq i32 %46, 0 %48 = and i1 %34, %47 br i1 %48, label %49, label %60 %50 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %50) #83 %51 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %52 = load i32, i32* %51, align 8 %53 = icmp eq i32 %52, 0 br i1 %53, label %55, label %54 tail call void bitcast (void (%struct.inode.148552*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* nonnull %7) #83 br label %55 %56 = tail call i64 @nfs_inc_attr_generation_counter() #83 %57 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 24, i32 4 %58 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 11, i32 1 %59 = bitcast %struct.list_head** %58 to i64* store i64 %56, i64* %59, align 8 tail call void bitcast (void (%struct.inode.214835*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* nonnull %7, i64 66304) #83 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %5 = load %struct.super_block.214819*, %struct.super_block.214819** %4, align 8 %6 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.214962** %8 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %8, i64 0, i32 0 %10 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_safe_remove 2 nfs_unlink ------------- Path:  Function:nfs_unlink callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_unlink_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_unlink, %3)) #6 to label %23 [label %3], !srcloc !4 %24 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %25 = bitcast %struct.anon.1* %24 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %25) #83 %26 = bitcast %struct.anon.1* %24 to %struct.swap_cluster_info* %27 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, 1 br i1 %29, label %30, label %35 %36 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 2, i32 1 %37 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %36, align 8 %38 = icmp eq %struct.hlist_bl_node** %37, null br i1 %38, label %40, label %39 %41 = phi i1 [ true, %35 ], [ false, %39 ] tail call void @_raw_spin_unlock(%struct.raw_spinlock* %25) #83 %42 = tail call fastcc i32 @nfs_safe_remove(%struct.dentry* %1) #84 Function:nfs_safe_remove %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %3 = load %struct.dentry*, %struct.dentry** %2, align 8 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %3, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %91 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_remove_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_safe_remove, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp ne %struct.inode* %7, null %35 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %36 = load %struct.super_block*, %struct.super_block** %35, align 8 %37 = getelementptr inbounds %struct.super_block, %struct.super_block* %36, i64 0, i32 28 %38 = bitcast i8** %37 to %struct.nfs_server.212651** %39 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %38, align 16 %40 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %39, i64 0, i32 0 %41 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %40, align 8 %42 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %41, i64 0, i32 12 %43 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %42, align 8 %44 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %43, i64 0, i32 16 %45 = load i32 (%struct.inode*, %struct.dentry*)*, i32 (%struct.inode*, %struct.dentry*)** %44, align 8 %46 = tail call i32 %45(%struct.inode* %5, %struct.dentry* %0) #83 %47 = icmp eq i32 %46, 0 %48 = and i1 %34, %47 br i1 %48, label %49, label %60 %50 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %50) #83 %51 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %52 = load i32, i32* %51, align 8 %53 = icmp eq i32 %52, 0 br i1 %53, label %55, label %54 tail call void bitcast (void (%struct.inode.148552*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* nonnull %7) #83 br label %55 %56 = tail call i64 @nfs_inc_attr_generation_counter() #83 %57 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 24, i32 4 %58 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 11, i32 1 %59 = bitcast %struct.list_head** %58 to i64* store i64 %56, i64* %59, align 8 tail call void bitcast (void (%struct.inode.214835*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* nonnull %7, i64 66304) #83 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %5 = load %struct.super_block.214819*, %struct.super_block.214819** %4, align 8 %6 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.214962** %8 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %8, i64 0, i32 0 %10 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.214835* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_safe_remove 2 nfs_unlink ------------- Path:  Function:nfs_unlink callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_unlink_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_unlink, %3)) #6 to label %23 [label %3], !srcloc !4 %24 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %25 = bitcast %struct.anon.1* %24 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %25) #83 %26 = bitcast %struct.anon.1* %24 to %struct.swap_cluster_info* %27 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp ugt i32 %28, 1 br i1 %29, label %30, label %35 %36 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 2, i32 1 %37 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %36, align 8 %38 = icmp eq %struct.hlist_bl_node** %37, null br i1 %38, label %40, label %39 %41 = phi i1 [ true, %35 ], [ false, %39 ] tail call void @_raw_spin_unlock(%struct.raw_spinlock* %25) #83 %42 = tail call fastcc i32 @nfs_safe_remove(%struct.dentry* %1) #84 Function:nfs_safe_remove %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %3 = load %struct.dentry*, %struct.dentry** %2, align 8 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %3, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %91 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_remove_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_safe_remove, %13)) #6 to label %33 [label %13], !srcloc !4 %34 = icmp ne %struct.inode* %7, null %35 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %36 = load %struct.super_block*, %struct.super_block** %35, align 8 %37 = getelementptr inbounds %struct.super_block, %struct.super_block* %36, i64 0, i32 28 %38 = bitcast i8** %37 to %struct.nfs_server.212651** %39 = load %struct.nfs_server.212651*, %struct.nfs_server.212651** %38, align 16 %40 = getelementptr inbounds %struct.nfs_server.212651, %struct.nfs_server.212651* %39, i64 0, i32 0 %41 = load %struct.nfs_client.212645*, %struct.nfs_client.212645** %40, align 8 %42 = getelementptr inbounds %struct.nfs_client.212645, %struct.nfs_client.212645* %41, i64 0, i32 12 %43 = load %struct.nfs_rpc_ops.212628*, %struct.nfs_rpc_ops.212628** %42, align 8 %44 = getelementptr inbounds %struct.nfs_rpc_ops.212628, %struct.nfs_rpc_ops.212628* %43, i64 0, i32 16 %45 = load i32 (%struct.inode*, %struct.dentry*)*, i32 (%struct.inode*, %struct.dentry*)** %44, align 8 %46 = tail call i32 %45(%struct.inode* %5, %struct.dentry* %0) #83 %47 = icmp eq i32 %46, 0 %48 = and i1 %34, %47 br i1 %48, label %49, label %60 %50 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %50) #83 %51 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %52 = load i32, i32* %51, align 8 %53 = icmp eq i32 %52, 0 br i1 %53, label %55, label %54 tail call void bitcast (void (%struct.inode.148552*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* nonnull %7) #83 br label %55 %56 = tail call i64 @nfs_inc_attr_generation_counter() #83 %57 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 24, i32 4 %58 = getelementptr inbounds %struct.list_head, %struct.list_head* %57, i64 11, i32 1 %59 = bitcast %struct.list_head** %58 to i64* store i64 %56, i64* %59, align 8 tail call void bitcast (void (%struct.inode.214835*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* nonnull %7, i64 66304) #83 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %5 = load %struct.super_block.214819*, %struct.super_block.214819** %4, align 8 %6 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.214962** %8 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %8, i64 0, i32 0 %10 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.214835* %0, i32 1) #83 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: ext4_xattr_trusted_get shmem_xattr_handler_get nfs4_xattr_get_nfs4_acl ext4_xattr_security_get sockfs_xattr_get kernfs_vfs_xattr_get ext4_xattr_user_get ext4_xattr_hurd_get posix_acl_xattr_get Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: bad_inode_atomic_open nfs_atomic_open Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: aio_complete_rw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: ndisc_hash arp_hash Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: seq_read_iter ext4_file_read_iter read_iter_null proc_reg_read_iter blkdev_read_iter hugetlbfs_read_iter generic_file_read_iter proc_sys_read shmem_file_read_iter kernfs_fop_read_iter read_iter_zero tty_read eventfd_read sock_read_iter nfs_file_read hung_up_tty_read pipe_read Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mq_find Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: timens_install pidns_install ipcns_install cgroupns_install utsns_install mntns_install netns_install Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_get_mctrl Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000e_phc_enable tg3_ptp_enable Use: =BAD PATH= Call Stack: 0 period_store ------------- Path:  Function:period_store %5 = alloca %struct.ptp_clock_request, align 8 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds i8, i8* %7, i64 968 %9 = bitcast i8* %8 to %struct.ptp_clock_info.683310** %10 = load %struct.ptp_clock_info.683310*, %struct.ptp_clock_info.683310** %9, align 8 %11 = bitcast %struct.ptp_clock_request* %5 to i8* %12 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 0 store i32 1, i32* %12, align 8 %13 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 2 %14 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 %15 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 0, i32 0, i32 1 %16 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 0 %17 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 1 %18 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.6.59012, i64 0, i64 0), i32* %13, i64* %14, i32* %15, i64* %16, i32* %17) #83 %19 = icmp eq i32 %18, 5 br i1 %19, label %20, label %36 %21 = load i32, i32* %13, align 8 %22 = getelementptr inbounds %struct.ptp_clock_info.683310, %struct.ptp_clock_info.683310* %10, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp ult i32 %21, %23 br i1 %24, label %25, label %36 %26 = load i64, i64* %16, align 8 %27 = icmp ne i64 %26, 0 %28 = load i32, i32* %17, align 8 %29 = icmp ne i32 %28, 0 %30 = or i1 %27, %29 %31 = zext i1 %30 to i32 %32 = getelementptr inbounds %struct.ptp_clock_info.683310, %struct.ptp_clock_info.683310* %10, i64 0, i32 17 %33 = load i32 (%struct.ptp_clock_info.683310*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.683310*, %struct.ptp_clock_request*, i32)** %32, align 8 %34 = call i32 %33(%struct.ptp_clock_info.683310* %10, %struct.ptp_clock_request* nonnull %5, i32 %31) #84 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: i915_driver_release Check callee group: ext4_xattr_trusted_get shmem_xattr_handler_get nfs4_xattr_get_nfs4_acl ext4_xattr_security_get sockfs_xattr_get kernfs_vfs_xattr_get ext4_xattr_user_get ext4_xattr_hurd_get posix_acl_xattr_get Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_config_port Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: timens_install pidns_install ipcns_install cgroupns_install utsns_install mntns_install netns_install Check callee group: timens_install pidns_install ipcns_install cgroupns_install utsns_install mntns_install netns_install Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_refresh_inode_locked 1 nfs_post_op_update_inode_force_wcc_locked 2 nfs_writeback_update_inode 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %4, align 8 %6 = icmp eq %struct.nfs4_slot.233140* %5, null br i1 %6, label %14, label %7 %15 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %16 = load i32, i32* %15, align 4 switch i32 %16, label %42 [ i32 -10087, label %17 i32 -10047, label %17 i32 -10025, label %17 i32 -10023, label %17 i32 -10024, label %17 i32 -10038, label %17 i32 -10011, label %17 ] %18 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4 %19 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 2 %20 = load %struct.nfs_open_context.233158*, %struct.nfs_open_context.233158** %19, align 8 %21 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 3 %22 = load %struct.nfs_lock_context.233159*, %struct.nfs_lock_context.233159** %21, align 8 %23 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %24 = getelementptr inbounds %struct.nfs_open_context.233158, %struct.nfs_open_context.233158* %20, i64 0, i32 5 %25 = load %struct.nfs4_state.233157*, %struct.nfs4_state.233157** %24, align 8 %26 = call i32 bitcast (i32 (%struct.nfs4_state.234728*, i32, %struct.nfs_lock_context.234730*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.233157*, i32, %struct.nfs_lock_context.233159*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.233157* %25, i32 2, %struct.nfs_lock_context.233159* %22, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #83 %27 = icmp eq i32 %26, -5 br i1 %27, label %28, label %29 %30 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 20, i32 4, i32 1 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %31, %33 br i1 %34, label %36, label %35 %37 = bitcast %struct.nfs4_stateid_struct* %18 to i8* %38 = call i32 @bcmp(i8* dereferenceable(16) %37, i8* nonnull dereferenceable(16) %23, i64 16) #6 %39 = icmp eq i32 %38, 0 br i1 %39, label %42, label %40 %43 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 23 %44 = bitcast {}** %43 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %45 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)** %44, align 8 %46 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.233175*)* %45, null br i1 %46, label %49, label %47 %50 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.233175* %1) #84 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %28 [label %8], !srcloc !4 %29 = load i32, i32* %6, align 4 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %61 %62 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %63 = load %struct.super_block*, %struct.super_block** %62, align 8 %64 = getelementptr inbounds %struct.super_block, %struct.super_block* %63, i64 0, i32 28 %65 = bitcast i8** %64 to %struct.nfs_server.233131** %66 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %65, align 16 %67 = getelementptr inbounds %struct.nfs_pgio_header.233175, %struct.nfs_pgio_header.233175* %1, i64 0, i32 22 %68 = load i64, i64* %67, align 8 %69 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %66, i64 0, i32 0 %70 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %69, align 8 %71 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %70, i64 0, i32 23, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %71) #83 %72 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %70, i64 0, i32 25 %73 = load i64, i64* %72, align 8 %74 = sub i64 %73, %68 %75 = icmp slt i64 %74, 0 br i1 %75, label %76, label %77 call void @_raw_spin_unlock(%struct.raw_spinlock* %71) #83 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.233175*)*)(%struct.nfs_pgio_header.233175* %1) #83 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #83 %6 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %9 = load i64, i64* %8, align 8 %10 = add i64 %9, %7 %11 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 64 %14 = icmp eq i32 %13, 0 %15 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %14, label %18, label %16 store i64 %10, i64* %15, align 8 br label %19 %20 = phi i64 [ %17, %16 ], [ %10, %18 ] %21 = icmp ult i64 %20, 9223372036854775807 %22 = select i1 %21, i64 %20, i64 9223372036854775807 %23 = load %struct.inode*, %struct.inode** %3, align 8 %24 = getelementptr inbounds %struct.inode, %struct.inode* %23, i64 0, i32 14 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %22, %25 br i1 %26, label %27, label %29 %30 = icmp eq i64 %10, %20 br i1 %30, label %31, label %36 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #83 %32 = load i32, i32* %11, align 8 %33 = or i32 %32, 64 br label %34 %35 = phi i32 [ %28, %27 ], [ %33, %31 ] store i32 %35, i32* %11, align 8 br label %36 %37 = tail call i32 bitcast (i32 (%struct.inode.214835*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #83 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 11, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %58, label %11 %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %13 = sub i64 %6, %12 %14 = icmp sgt i64 %13, 0 br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %17 = load %struct.super_block.214819*, %struct.super_block.214819** %16, align 8 %18 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %17, i64 0, i32 28 %19 = bitcast i8** %18 to %struct.nfs_server.214962** %20 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %19, align 16 %21 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %20, i64 0, i32 26 %22 = load i32, i32* %21, align 8 switch i32 %22, label %38 [ i32 4, label %23 i32 3, label %26 ] %27 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = and i32 %28, 131072 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 33, i32 0 %35 = load volatile i64, i64* %34, align 8 %36 = sub i64 %33, %35 %37 = icmp sgt i64 %36, 0 br i1 %37, label %58, label %50 %59 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 162943 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %67 %68 = and i32 %60, 393216 %69 = icmp eq i32 %68, 131072 br i1 %69, label %70, label %75 %76 = phi i32 [ %60, %67 ], [ %74, %70 ] %77 = and i32 %76, 81920 %78 = icmp eq i32 %77, 16384 br i1 %78, label %79, label %85 %86 = phi i32 [ %76, %75 ], [ %84, %79 ] %87 = and i32 %86, 40960 %88 = icmp eq i32 %87, 8192 br i1 %88, label %89, label %95 %96 = phi i32 [ %86, %85 ], [ %94, %89 ] %97 = and i32 %96, 192 %98 = icmp eq i32 %97, 64 br i1 %98, label %99, label %104 %105 = phi i32* [ %59, %95 ], [ %59, %99 ], [ %65, %63 ] %106 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 0 %107 = load i16, i16* %106, align 8 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, 16384 %110 = select i1 %109, i64 18178, i64 18176 tail call void @nfs_set_cache_invalid(%struct.inode.214835* %0, i64 %110) #83 %111 = load i32, i32* %105, align 8 %112 = and i32 %111, 162943 %113 = icmp eq i32 %112, 0 br i1 %113, label %116, label %114 %115 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.214835* %0, %struct.nfs_fattr* %1) #83 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.214835, %struct.inode.214835* %0, i64 -1, i32 24, i32 4 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 11, i32 1 %5 = bitcast %struct.list_head** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %51, label %11 %52 = phi i32 [ %50, %43 ], [ %37, %28 ], [ 1, %11 ], [ 0, %38 ], [ 0, %23 ], [ 0, %15 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %53)) #6 to label %73 [label %53], !srcloc !4 %74 = icmp sgt i32 %52, 0 br i1 %74, label %104, label %75 %76 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 9, i32 1 %77 = bitcast %struct.list_head** %76 to i64* %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.inode.214835, %struct.inode.214835* %0, i64 0, i32 8 %80 = load %struct.super_block.214819*, %struct.super_block.214819** %79, align 8 %81 = getelementptr inbounds %struct.super_block.214819, %struct.super_block.214819* %80, i64 0, i32 28 %82 = bitcast i8** %81 to %struct.nfs_server.214962** %83 = load %struct.nfs_server.214962*, %struct.nfs_server.214962** %82, align 16 %84 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %83, i64 0, i32 26 %85 = load i32, i32* %84, align 8 %86 = icmp eq i32 %85, 4 %87 = and i64 %78, 256 %88 = icmp ne i64 %87, 0 %89 = or i1 %88, %86 %90 = and i64 %78, 89604 %91 = icmp eq i64 %90, 0 %92 = or i1 %91, %89 br i1 %92, label %106, label %93 %107 = icmp eq i32 %52, 0 br i1 %107, label %108, label %309 %109 = getelementptr inbounds %struct.nfs_server.214962, %struct.nfs_server.214962* %83, i64 0, i32 0 %110 = load %struct.nfs_client.214956*, %struct.nfs_client.214956** %109, align 8 %111 = getelementptr inbounds %struct.nfs_client.214956, %struct.nfs_client.214956* %110, i64 0, i32 12 %112 = load %struct.nfs_rpc_ops.214939*, %struct.nfs_rpc_ops.214939** %111, align 8 %113 = getelementptr inbounds %struct.nfs_rpc_ops.214939, %struct.nfs_rpc_ops.214939* %112, i64 0, i32 47 %114 = load i32 (%struct.inode.214835*, i32)*, i32 (%struct.inode.214835*, i32)** %113, align 8 %115 = tail call i32 %114(%struct.inode.214835* %0, i32 1) #83 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: md_set_read_only Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_atomic_helper_set_config Check callee group: serial8250_request_port Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_write_indirect_reg32 Check callee group: ata_acpi_dev_notify_dock ata_acpi_ap_notify_dock Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: generic_file_write_iter sock_write_iter pipe_write proc_sys_write write_iter_null redirected_tty_write kernfs_fop_write_iter hung_up_tty_write nfs_file_write devkmsg_write tty_write blkdev_write_iter ext4_file_write_iter Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: serial8250_request_port Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: timens_install pidns_install ipcns_install cgroupns_install utsns_install mntns_install netns_install Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: pndisc_destructor Check callee group: i915_ttm_adjust_lru Check callee group: dm_pr_reserve sd_pr_reserve Check callee group: tg3_read_indirect_reg32 Check callee group: pci_fastcom335_setup pci_xr17v35x_setup pci_xr17c154_setup pci_connect_tech_setup Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: perf_ioctl fat_generic_ioctl hpet_ioctl snd_timer_user_ioctl blkdev_ioctl i915_perf_ioctl seccomp_notify_ioctl fat_dir_ioctl hidraw_ioctl rfkill_fop_ioctl rtc_dev_ioctl sync_file_ioctl inotify_ioctl sock_ioctl dma_buf_ioctl tty_ioctl usblp_ioctl ext4_ioctl usbdev_ioctl posix_clock_ioctl hung_up_tty_ioctl pipe_ioctl snd_ctl_ioctl autofs_root_ioctl rpc_pipe_ioctl msr_ioctl loop_control_ioctl ns_ioctl autofs_dev_ioctl proc_reg_unlocked_ioctl cache_ioctl_pipefs random_ioctl pps_cdev_ioctl snapshot_ioctl nvram_misc_ioctl snd_disconnect_ioctl bsg_ioctl hiddev_ioctl drm_ioctl evdev_ioctl mon_bin_ioctl dm_ctl_ioctl snd_hwdep_ioctl snd_seq_ioctl sg_ioctl Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: ext4_xattr_trusted_get shmem_xattr_handler_get nfs4_xattr_get_nfs4_acl ext4_xattr_security_get sockfs_xattr_get kernfs_vfs_xattr_get ext4_xattr_user_get ext4_xattr_hurd_get posix_acl_xattr_get Check callee group: serial8250_release_port Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: autofs_dir_rmdir bad_inode_rmdir nfs_rmdir vfat_rmdir tracefs_syscall_rmdir shmem_rmdir kernfs_iop_rmdir ext4_rmdir simple_rmdir msdos_rmdir Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: ipip6_dellink Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_find Check callee group: perf_ioctl fat_generic_ioctl hpet_ioctl snd_timer_user_ioctl blkdev_ioctl i915_perf_ioctl seccomp_notify_ioctl fat_dir_ioctl hidraw_ioctl rfkill_fop_ioctl rtc_dev_ioctl sync_file_ioctl inotify_ioctl sock_ioctl dma_buf_ioctl tty_ioctl usblp_ioctl ext4_ioctl usbdev_ioctl posix_clock_ioctl hung_up_tty_ioctl pipe_ioctl snd_ctl_ioctl autofs_root_ioctl rpc_pipe_ioctl msr_ioctl loop_control_ioctl ns_ioctl autofs_dev_ioctl proc_reg_unlocked_ioctl cache_ioctl_pipefs random_ioctl pps_cdev_ioctl snapshot_ioctl nvram_misc_ioctl snd_disconnect_ioctl bsg_ioctl hiddev_ioctl drm_ioctl evdev_ioctl mon_bin_ioctl dm_ctl_ioctl snd_hwdep_ioctl snd_seq_ioctl sg_ioctl Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: i915_driver_release Check callee group: tg3_read_indirect_reg32 Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000e_phc_enable tg3_ptp_enable Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: pid_revalidate map_files_d_revalidate proc_net_d_revalidate kernfs_dop_revalidate proc_misc_d_revalidate tid_fd_revalidate nfs4_lookup_revalidate proc_sys_revalidate vfat_revalidate_ci nfs_lookup_revalidate vfat_revalidate Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: pid_revalidate map_files_d_revalidate proc_net_d_revalidate kernfs_dop_revalidate proc_misc_d_revalidate tid_fd_revalidate nfs4_lookup_revalidate proc_sys_revalidate vfat_revalidate_ci nfs_lookup_revalidate vfat_revalidate Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: perf_ioctl fat_generic_ioctl hpet_ioctl snd_timer_user_ioctl blkdev_ioctl i915_perf_ioctl seccomp_notify_ioctl fat_dir_ioctl hidraw_ioctl rfkill_fop_ioctl rtc_dev_ioctl sync_file_ioctl inotify_ioctl sock_ioctl dma_buf_ioctl tty_ioctl usblp_ioctl ext4_ioctl usbdev_ioctl posix_clock_ioctl hung_up_tty_ioctl pipe_ioctl snd_ctl_ioctl autofs_root_ioctl rpc_pipe_ioctl msr_ioctl loop_control_ioctl ns_ioctl autofs_dev_ioctl proc_reg_unlocked_ioctl cache_ioctl_pipefs random_ioctl pps_cdev_ioctl snapshot_ioctl nvram_misc_ioctl snd_disconnect_ioctl bsg_ioctl hiddev_ioctl drm_ioctl evdev_ioctl mon_bin_ioctl dm_ctl_ioctl snd_hwdep_ioctl snd_seq_ioctl sg_ioctl Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_atomic_helper_update_plane intel_legacy_cursor_update drm_primary_helper_update Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_release_port Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_release_port Check callee group: empty_dir_lookup proc_tgid_net_lookup proc_map_files_lookup ext4_lookup proc_tid_base_lookup proc_lookupfd proc_attr_dir_lookup proc_ns_dir_lookup proc_root_lookup proc_lookup isofs_lookup msdos_lookup proc_lookupfdinfo bad_inode_lookup proc_tgid_base_lookup proc_task_lookup vfat_lookup autofs_lookup proc_sys_lookup kernfs_iop_lookup simple_lookup nfs_lookup Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: fifo_hd_init fifo_init Check callee group: i915_driver_open Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: timens_install pidns_install ipcns_install cgroupns_install utsns_install mntns_install netns_install Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_verify_port Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: generic_file_write_iter sock_write_iter pipe_write proc_sys_write write_iter_null redirected_tty_write kernfs_fop_write_iter hung_up_tty_write nfs_file_write devkmsg_write tty_write blkdev_write_iter ext4_file_write_iter Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: tg3_write_indirect_reg32 Check callee group: empty_dir_lookup proc_tgid_net_lookup proc_map_files_lookup ext4_lookup proc_tid_base_lookup proc_lookupfd proc_attr_dir_lookup proc_ns_dir_lookup proc_root_lookup proc_lookup isofs_lookup msdos_lookup proc_lookupfdinfo bad_inode_lookup proc_tgid_base_lookup proc_task_lookup vfat_lookup autofs_lookup proc_sys_lookup kernfs_iop_lookup simple_lookup nfs_lookup Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: ipip6_dellink Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_open e1000e_open Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: drm_atomic_helper_set_config Check callee group: tg3_write_indirect_reg32 Check callee group: sock_wfree Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: drm_connector_free drm_property_free_blob drm_framebuffer_free Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_lock ------------- Path:  Function:nfs_lock %4 = getelementptr inbounds %struct.file.213286, %struct.file.213286* %0, i64 0, i32 18 %5 = load %struct.address_space.212830*, %struct.address_space.212830** %4, align 8 %6 = getelementptr inbounds %struct.address_space.212830, %struct.address_space.212830* %5, i64 0, i32 0 %7 = load %struct.inode.213279*, %struct.inode.213279** %6, align 8 %8 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %7, i64 0, i32 8 %9 = load %struct.super_block.213267*, %struct.super_block.213267** %8, align 8 %10 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.213423** %12 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 16 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !4 %16 = getelementptr inbounds %struct.file_lock.213275, %struct.file_lock.213275* %2, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 4096 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %86 %21 = load %struct.super_block.213267*, %struct.super_block.213267** %8, align 8 %22 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %21, i64 0, i32 28 %23 = bitcast i8** %22 to %struct.nfs_server.213423** %24 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %23, align 16 %25 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %24, i64 0, i32 8 %26 = load i32, i32* %25, align 8 %27 = lshr i32 %26, 21 %28 = and i32 %27, 1 %29 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %24, i64 0, i32 0 %30 = load %struct.nfs_client.213417*, %struct.nfs_client.213417** %29, align 8 %31 = getelementptr inbounds %struct.nfs_client.213417, %struct.nfs_client.213417* %30, i64 0, i32 12 %32 = load %struct.nfs_rpc_ops.213400*, %struct.nfs_rpc_ops.213400** %31, align 8 %33 = getelementptr inbounds %struct.nfs_rpc_ops.213400, %struct.nfs_rpc_ops.213400* %32, i64 0, i32 43 %34 = load i32 (%struct.file_lock.213275*)*, i32 (%struct.file_lock.213275*)** %33, align 8 %35 = icmp eq i32 (%struct.file_lock.213275*)* %34, null br i1 %35, label %39, label %36 %40 = icmp eq i32 %1, 5 br i1 %40, label %41, label %78 %42 = load %struct.address_space.212830*, %struct.address_space.212830** %4, align 8 %43 = getelementptr inbounds %struct.address_space.212830, %struct.address_space.212830* %42, i64 0, i32 0 %44 = load %struct.inode.213279*, %struct.inode.213279** %43, align 8 %45 = getelementptr inbounds %struct.file_lock.213275, %struct.file_lock.213275* %2, i64 0, i32 7 %46 = load i8, i8* %45, align 4 tail call void bitcast (void (%struct.file*, %struct.file_lock*)* @posix_test_lock to void (%struct.file.213286*, %struct.file_lock.213275*)*)(%struct.file.213286* %0, %struct.file_lock.213275* %2) #83 %47 = load i8, i8* %45, align 4 %48 = icmp eq i8 %47, 2 br i1 %48, label %49, label %86 store i8 %46, i8* %45, align 4 %50 = getelementptr inbounds %struct.inode.213279, %struct.inode.213279* %44, i64 0, i32 8 %51 = load %struct.super_block.213267*, %struct.super_block.213267** %50, align 8 %52 = getelementptr inbounds %struct.super_block.213267, %struct.super_block.213267* %51, i64 0, i32 28 %53 = bitcast i8** %52 to %struct.nfs_server.213423** %54 = load %struct.nfs_server.213423*, %struct.nfs_server.213423** %53, align 16 %55 = getelementptr inbounds %struct.nfs_server.213423, %struct.nfs_server.213423* %54, i64 0, i32 0 %56 = load %struct.nfs_client.213417*, %struct.nfs_client.213417** %55, align 8 %57 = getelementptr inbounds %struct.nfs_client.213417, %struct.nfs_client.213417* %56, i64 0, i32 12 %58 = load %struct.nfs_rpc_ops.213400*, %struct.nfs_rpc_ops.213400** %57, align 8 %59 = getelementptr inbounds %struct.nfs_rpc_ops.213400, %struct.nfs_rpc_ops.213400* %58, i64 0, i32 47 %60 = load i32 (%struct.inode.213279*, i32)*, i32 (%struct.inode.213279*, i32)** %59, align 8 %61 = tail call i32 %60(%struct.inode.213279* %44, i32 1) #83 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_atomic_helper_update_plane intel_legacy_cursor_update drm_primary_helper_update Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: fifo_init fifo_hd_init Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: uart_set_ldisc Check callee group: tg3_write_indirect_reg32 Check callee group: ipip6_dellink Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: ata_acpi_dev_notify_dock ata_acpi_ap_notify_dock Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs4_update_changeattr_locked 1 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.233145** %6 = load %struct.nfs_unlinkdata.233145*, %struct.nfs_unlinkdata.233145** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %7, align 8 %9 = icmp eq %struct.nfs4_slot.233140* %8, null br i1 %9, label %17, label %10 %18 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 1 %19 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %18, align 8 %20 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 6 %21 = bitcast %struct.nfs4_exception* %3 to i8* %22 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = load i32, i32* %22, align 4 %25 = icmp sgt i32 %24, -1 br i1 %25, label %47, label %26 %48 = phi i32 [ %24, %17 ], [ %45, %44 ] %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %57 %51 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 3 %52 = getelementptr inbounds %struct.nfs_unlinkdata.233145, %struct.nfs_unlinkdata.233145* %6, i64 0, i32 1, i32 2 %53 = load %struct.nfs_fattr*, %struct.nfs_fattr** %52, align 8 %54 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %53, i64 0, i32 19 %55 = load i64, i64* %54, align 8 %56 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %56) #83 call fastcc void @nfs4_update_changeattr_locked(%struct.inode* %1, %struct.perf_guest_switch_msr* %51, i64 %55, i64 2) #83 Function:nfs4_update_changeattr_locked %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = select i1 %11, i64 1538, i64 1536 %13 = or i64 %12, %3 %14 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %15 = load %struct.super_block*, %struct.super_block** %14, align 8 %16 = getelementptr inbounds %struct.super_block, %struct.super_block* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.233131** %18 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %17, align 16 %19 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %18, i64 0, i32 26 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 4 %22 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 2 %23 = load i64, i64* %22, align 8 br i1 %21, label %24, label %26 %27 = sub i64 %7, %23 %28 = icmp sgt i64 %27, -1 br i1 %28, label %83, label %29 store volatile i64 %23, i64* %6, align 8 %30 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 0 %31 = load i32, i32* %30, align 8 %32 = icmp eq i32 %31, 0 br i1 %32, label %37, label %33 %34 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, %7 br i1 %36, label %69, label %37 br i1 %11, label %38, label %40 tail call void @nfs_force_lookup_revalidate(%struct.inode* %0) #83 %39 = load %struct.super_block*, %struct.super_block** %14, align 8 br label %40 %41 = phi %struct.super_block* [ %39, %38 ], [ %15, %37 ] %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.233131** %44 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %44, i64 0, i32 0 %46 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.233184*, %struct.nfs_rpc_ops.233184** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.233184, %struct.nfs_rpc_ops.233184* %48, i64 0, i32 47 %50 = load i32 (%struct.inode*, i32)*, i32 (%struct.inode*, i32)** %49, align 8 %51 = tail call i32 %50(%struct.inode* %0, i32 1) #83 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_update_changeattr_locked 1 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.233148** %7 = load %struct.nfs_renamedata.233148*, %struct.nfs_renamedata.233148** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.233140*, %struct.nfs4_slot.233140** %8, align 8 %10 = icmp eq %struct.nfs4_slot.233140* %9, null br i1 %10, label %18, label %11 %19 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 1 %20 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %19, align 8 %21 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 10 %22 = bitcast %struct.nfs4_exception* %4 to i8* %23 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = load i32, i32* %23, align 4 %26 = icmp sgt i32 %25, -1 br i1 %26, label %48, label %27 %49 = phi i32 [ %25, %18 ], [ %46, %45 ] %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %67 %52 = icmp eq %struct.inode* %2, %1 %53 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 2 %54 = getelementptr inbounds %struct.nfs_renamedata.233148, %struct.nfs_renamedata.233148* %7, i64 0, i32 1, i32 3 %55 = load %struct.nfs_fattr*, %struct.nfs_fattr** %54, align 8 %56 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %55, i64 0, i32 19 %57 = load i64, i64* %56, align 8 %58 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %58) #83 br i1 %52, label %66, label %59 call fastcc void @nfs4_update_changeattr_locked(%struct.inode* %2, %struct.perf_guest_switch_msr* %53, i64 %57, i64 2) #83 Function:nfs4_update_changeattr_locked %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 4 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = select i1 %11, i64 1538, i64 1536 %13 = or i64 %12, %3 %14 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %15 = load %struct.super_block*, %struct.super_block** %14, align 8 %16 = getelementptr inbounds %struct.super_block, %struct.super_block* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.233131** %18 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %17, align 16 %19 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %18, i64 0, i32 26 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 4 %22 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 2 %23 = load i64, i64* %22, align 8 br i1 %21, label %24, label %26 %27 = sub i64 %7, %23 %28 = icmp sgt i64 %27, -1 br i1 %28, label %83, label %29 store volatile i64 %23, i64* %6, align 8 %30 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 0 %31 = load i32, i32* %30, align 8 %32 = icmp eq i32 %31, 0 br i1 %32, label %37, label %33 %34 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, %7 br i1 %36, label %69, label %37 br i1 %11, label %38, label %40 tail call void @nfs_force_lookup_revalidate(%struct.inode* %0) #83 %39 = load %struct.super_block*, %struct.super_block** %14, align 8 br label %40 %41 = phi %struct.super_block* [ %39, %38 ], [ %15, %37 ] %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.233131** %44 = load %struct.nfs_server.233131*, %struct.nfs_server.233131** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.233131, %struct.nfs_server.233131* %44, i64 0, i32 0 %46 = load %struct.nfs_client.233190*, %struct.nfs_client.233190** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.233190, %struct.nfs_client.233190* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.233184*, %struct.nfs_rpc_ops.233184** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.233184, %struct.nfs_rpc_ops.233184* %48, i64 0, i32 47 %50 = load i32 (%struct.inode*, i32)*, i32 (%struct.inode*, i32)** %49, align 8 %51 = tail call i32 %50(%struct.inode* %0, i32 1) #83 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_request_port Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: tg3_write_indirect_reg32 Check callee group: ata_acpi_dev_uevent ata_acpi_ap_uevent Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: pid_revalidate map_files_d_revalidate proc_net_d_revalidate kernfs_dop_revalidate proc_misc_d_revalidate tid_fd_revalidate nfs4_lookup_revalidate proc_sys_revalidate vfat_revalidate_ci nfs_lookup_revalidate vfat_revalidate Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: sock_wfree Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_pm Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mq_find Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: generic_access_phys kernfs_vma_access vm_access_ttm vm_access ttm_bo_vm_access Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: device_reset Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: drm_gem_fb_create_handle intel_user_framebuffer_create_handle Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: dm_pr_preempt sd_pr_preempt Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: dm_pr_register sd_pr_register Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mq_find Check callee group: mq_walk Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: autofs_dir_unlink bad_inode_unlink mqueue_unlink nfs_unlink ext4_unlink msdos_unlink shmem_unlink simple_unlink vfat_unlink Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mq_find Check callee group: e1000e_phc_enable tg3_ptp_enable Check callee group: tg3_read_indirect_reg32 Check callee group: generic_file_write_iter sock_write_iter pipe_write proc_sys_write write_iter_null redirected_tty_write kernfs_fop_write_iter hung_up_tty_write nfs_file_write devkmsg_write tty_write blkdev_write_iter ext4_file_write_iter Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: dm_pr_release sd_pr_release Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: timens_install pidns_install ipcns_install cgroupns_install utsns_install mntns_install netns_install Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: ipip6_dellink Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: sock_wfree Check callee group: seq_read_iter ext4_file_read_iter read_iter_null proc_reg_read_iter blkdev_read_iter hugetlbfs_read_iter generic_file_read_iter proc_sys_read shmem_file_read_iter kernfs_fop_read_iter read_iter_zero tty_read eventfd_read sock_read_iter nfs_file_read hung_up_tty_read pipe_read Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: nv_set_multicast Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_get_mctrl Check callee group: tg3_write_indirect_reg32 Check callee group: e1000e_phc_enable tg3_ptp_enable Check callee group: tg3_write_indirect_reg32 Check callee group: dm_pr_register sd_pr_register Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: drm_atomic_helper_update_plane intel_legacy_cursor_update drm_primary_helper_update Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mq_find Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: pid_revalidate map_files_d_revalidate proc_net_d_revalidate kernfs_dop_revalidate proc_misc_d_revalidate tid_fd_revalidate nfs4_lookup_revalidate proc_sys_revalidate vfat_revalidate_ci nfs_lookup_revalidate vfat_revalidate Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: nfs4_have_delegation Check callee group: e1000_update_phy_info_task Check callee group: aio_complete_rw Check callee group: serial8250_pm Check callee group: e1000_update_phy_info_task Check callee group: seq_read_iter Use: =BAD PATH= Call Stack: 0 proc_reg_read_iter ------------- Path:  Function:proc_reg_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 22 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %22 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 0, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp sgt i32 %23, -1 br i1 %24, label %25, label %46, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add nuw i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %35, !prof !7, !misexpect !5 %36 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 6, i32 0 %37 = load %struct.proc_ops.77375*, %struct.proc_ops.77375** %36, align 8 %38 = getelementptr inbounds %struct.proc_ops.77375, %struct.proc_ops.77375* %37, i64 0, i32 3 %39 = load i64 (%struct.kiocb*, %struct.iov_iter*)*, i64 (%struct.kiocb*, %struct.iov_iter*)** %38, align 8 %40 = tail call i64 %39(%struct.kiocb* %0, %struct.iov_iter* %1) #83 ------------- Use: =BAD PATH= Call Stack: 0 proc_reg_read_iter ------------- Path:  Function:proc_reg_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 22 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %22 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 0, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp sgt i32 %23, -1 br i1 %24, label %25, label %46, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add nuw i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %35, !prof !7, !misexpect !5 %36 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 6, i32 0 %37 = load %struct.proc_ops.77375*, %struct.proc_ops.77375** %36, align 8 %38 = getelementptr inbounds %struct.proc_ops.77375, %struct.proc_ops.77375* %37, i64 0, i32 3 %39 = load i64 (%struct.kiocb*, %struct.iov_iter*)*, i64 (%struct.kiocb*, %struct.iov_iter*)** %38, align 8 %40 = tail call i64 %39(%struct.kiocb* %0, %struct.iov_iter* %1) #83 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: e1000_update_phy_info_task Check callee group: e1000_update_phy_info_task Check callee group: ndisc_hash arp_hash Check callee group: e1000_update_phy_info_task Check callee group: e1000_update_phy_info_task Check callee group: e1000_update_phy_info_task Check callee group: mdio_ctrl_hw Check callee group: e1000_update_phy_info_task Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: e1000_update_phy_info_task Check callee group: e1000_update_phy_info_task Check callee group: nv_set_multicast Check callee group: xhci_run Check callee group: sd_ioctl lo_ioctl md_ioctl sr_block_ioctl dm_blk_ioctl Check callee group: blkdev_compat_ptr_ioctl lo_compat_ioctl md_compat_ioctl Check callee group: dm_pr_preempt sd_pr_preempt Check callee group: tg3_read_indirect_reg32 Check callee group: dm_pr_release sd_pr_release Check callee group: snapshot_compat_ioctl autofs_dev_ioctl_compat rtc_dev_compat_ioctl i915_ioc32_compat_ioctl compat_ptr_ioctl autofs_root_compat_ioctl snd_disconnect_ioctl evdev_ioctl_compat snd_hwdep_ioctl_compat ext4_compat_ioctl perf_compat_ioctl loop_control_ioctl msr_ioctl snd_seq_ioctl_compat pps_cdev_compat_ioctl usblp_ioctl i915_perf_ioctl fat_compat_dir_ioctl compat_sock_ioctl compat_blkdev_ioctl snd_ctl_ioctl_compat hung_up_tty_compat_ioctl snd_timer_user_ioctl_compat tty_compat_ioctl seccomp_notify_ioctl dm_compat_ctl_ioctl mon_bin_compat_ioctl posix_clock_compat_ioctl inotify_ioctl proc_reg_compat_ioctl hpet_compat_ioctl Check callee group: i915_ttm_adjust_lru Check callee group: perf_ioctl fat_generic_ioctl hpet_ioctl snd_timer_user_ioctl blkdev_ioctl i915_perf_ioctl seccomp_notify_ioctl fat_dir_ioctl hidraw_ioctl rfkill_fop_ioctl rtc_dev_ioctl sync_file_ioctl inotify_ioctl sock_ioctl dma_buf_ioctl tty_ioctl usblp_ioctl ext4_ioctl usbdev_ioctl posix_clock_ioctl hung_up_tty_ioctl pipe_ioctl snd_ctl_ioctl autofs_root_ioctl rpc_pipe_ioctl msr_ioctl loop_control_ioctl ns_ioctl autofs_dev_ioctl proc_reg_unlocked_ioctl cache_ioctl_pipefs random_ioctl pps_cdev_ioctl snapshot_ioctl nvram_misc_ioctl snd_disconnect_ioctl bsg_ioctl hiddev_ioctl drm_ioctl evdev_ioctl mon_bin_ioctl dm_ctl_ioctl snd_hwdep_ioctl snd_seq_ioctl sg_ioctl Use: =BAD PATH= Call Stack: 0 compat_ptr_ioctl ------------- Path:  Function:compat_ptr_ioctl %4 = getelementptr inbounds %struct.file.146485, %struct.file.146485* %0, i64 0, i32 3 %5 = load %struct.file_operations.146438*, %struct.file_operations.146438** %4, align 8 %6 = getelementptr inbounds %struct.file_operations.146438, %struct.file_operations.146438* %5, i64 0, i32 10 %7 = bitcast {}** %6 to i64 (%struct.file.146485*, i32, i64)** %8 = load i64 (%struct.file.146485*, i32, i64)*, i64 (%struct.file.146485*, i32, i64)** %7, align 8 %9 = icmp eq i64 (%struct.file.146485*, i32, i64)* %8, null br i1 %9, label %13, label %10 %11 = and i64 %2, 4294967295 %12 = tail call i64 %8(%struct.file.146485* %0, i32 %1, i64 %11) #83 ------------- Use: =BAD PATH= Call Stack: 0 compat_ptr_ioctl ------------- Path:  Function:compat_ptr_ioctl %4 = getelementptr inbounds %struct.file.146485, %struct.file.146485* %0, i64 0, i32 3 %5 = load %struct.file_operations.146438*, %struct.file_operations.146438** %4, align 8 %6 = getelementptr inbounds %struct.file_operations.146438, %struct.file_operations.146438* %5, i64 0, i32 10 %7 = bitcast {}** %6 to i64 (%struct.file.146485*, i32, i64)** %8 = load i64 (%struct.file.146485*, i32, i64)*, i64 (%struct.file.146485*, i32, i64)** %7, align 8 %9 = icmp eq i64 (%struct.file.146485*, i32, i64)* %8, null br i1 %9, label %13, label %10 %11 = and i64 %2, 4294967295 %12 = tail call i64 %8(%struct.file.146485* %0, i32 %1, i64 %11) #83 ------------- Check callee group: nfs4_have_delegation Check callee group: perf_ioctl fat_generic_ioctl hpet_ioctl snd_timer_user_ioctl blkdev_ioctl i915_perf_ioctl seccomp_notify_ioctl fat_dir_ioctl hidraw_ioctl rfkill_fop_ioctl rtc_dev_ioctl sync_file_ioctl inotify_ioctl sock_ioctl dma_buf_ioctl tty_ioctl usblp_ioctl ext4_ioctl usbdev_ioctl posix_clock_ioctl hung_up_tty_ioctl pipe_ioctl snd_ctl_ioctl autofs_root_ioctl rpc_pipe_ioctl msr_ioctl loop_control_ioctl ns_ioctl autofs_dev_ioctl proc_reg_unlocked_ioctl cache_ioctl_pipefs random_ioctl pps_cdev_ioctl snapshot_ioctl nvram_misc_ioctl snd_disconnect_ioctl bsg_ioctl hiddev_ioctl drm_ioctl evdev_ioctl mon_bin_ioctl dm_ctl_ioctl snd_hwdep_ioctl snd_seq_ioctl sg_ioctl Check callee group: tg3_read_indirect_reg32 Check callee group: generic_file_write_iter sock_write_iter pipe_write proc_sys_write write_iter_null redirected_tty_write kernfs_fop_write_iter hung_up_tty_write nfs_file_write devkmsg_write tty_write blkdev_write_iter ext4_file_write_iter Check callee group: generic_file_write_iter sock_write_iter pipe_write proc_sys_write write_iter_null redirected_tty_write kernfs_fop_write_iter hung_up_tty_write nfs_file_write devkmsg_write tty_write blkdev_write_iter ext4_file_write_iter Check callee group: tg3_read_indirect_reg32 Check callee group: generic_file_write_iter sock_write_iter pipe_write proc_sys_write write_iter_null redirected_tty_write kernfs_fop_write_iter hung_up_tty_write nfs_file_write devkmsg_write tty_write blkdev_write_iter ext4_file_write_iter Check callee group: security_msg_queue_associate security_sem_associate security_shm_associate Check callee group: tg3_read32_mbox_5906 tg3_read32 tg3_read_indirect_mbox Check callee group: bad_inode_create mqueue_create nfs_create shmem_create msdos_create ext4_create hugetlbfs_create vfat_create ramfs_create Check callee group: bad_inode_create mqueue_create nfs_create shmem_create msdos_create ext4_create hugetlbfs_create vfat_create ramfs_create Check callee group: empty_dir_lookup proc_tgid_net_lookup proc_map_files_lookup ext4_lookup proc_tid_base_lookup proc_lookupfd proc_attr_dir_lookup proc_ns_dir_lookup proc_root_lookup proc_lookup isofs_lookup msdos_lookup proc_lookupfdinfo bad_inode_lookup proc_tgid_base_lookup proc_task_lookup vfat_lookup autofs_lookup proc_sys_lookup kernfs_iop_lookup simple_lookup nfs_lookup Check callee group: mdio_ctrl_hw Check callee group: udp_abort raw_abort tcp_abort Check callee group: pid_revalidate map_files_d_revalidate proc_net_d_revalidate kernfs_dop_revalidate proc_misc_d_revalidate tid_fd_revalidate nfs4_lookup_revalidate proc_sys_revalidate vfat_revalidate_ci nfs_lookup_revalidate vfat_revalidate Check callee group: timens_install pidns_install ipcns_install cgroupns_install utsns_install mntns_install netns_install Check callee group: pid_revalidate map_files_d_revalidate proc_net_d_revalidate kernfs_dop_revalidate proc_misc_d_revalidate tid_fd_revalidate nfs4_lookup_revalidate proc_sys_revalidate vfat_revalidate_ci nfs_lookup_revalidate vfat_revalidate Check callee group: pid_revalidate map_files_d_revalidate proc_net_d_revalidate kernfs_dop_revalidate proc_misc_d_revalidate tid_fd_revalidate nfs4_lookup_revalidate proc_sys_revalidate vfat_revalidate_ci nfs_lookup_revalidate vfat_revalidate Check callee group: pid_revalidate map_files_d_revalidate proc_net_d_revalidate kernfs_dop_revalidate proc_misc_d_revalidate tid_fd_revalidate nfs4_lookup_revalidate proc_sys_revalidate vfat_revalidate_ci nfs_lookup_revalidate vfat_revalidate Check callee group: ipip6_dellink Check callee group: ipip6_dellink Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: dm_pr_clear sd_pr_clear Check callee group: ipip6_dellink Check callee group: tg3_read_indirect_reg32 Check callee group: device_reset Check callee group: serial8250_config_port Check callee group: tg3_write_indirect_reg32 Check callee group: mq_find Check callee group: mq_find Check callee group: mq_find Check callee group: mq_find Check callee group: i915_ttm_adjust_lru Check callee group: bad_inode_rename2 nfs_rename kernfs_iop_rename shmem_rename2 ext4_rename2 simple_rename msdos_rename vfat_rename Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Good: 4620 Bad: 56 Ignored: 1716 Thread 0 Done! STOP WATCH[0]: 1473129.561000 ms =NON-Kernel Init Functions= __x64_sys_setgroups ata_scsi_ioctl __se_sys_setns unshare_nsproxy_namespaces tty_ldisc_reinit tty_open drm_ioctl drm_client_init bprintf __trace_bprintk trace_vbprintk __ftrace_vbprintk seq_bprintf __x64_sys_pivot_root __ia32_sys_pivot_root __x64_sys_syslog __ia32_sys_syslog kmsg_poll kmsg_release kmsg_read kmsg_open scsi_ioctl scsi_bsg_register_queue sg_ioctl sg_write perf_trace_init perf_kprobe_init perf_uprobe_init mqueue_create_attr perf_event_create_kernel_counter modify_user_hw_breakpoint ptrace_attach ptrace_may_access proc_ns_get_link __ia32_sys_msgctl compat_ksys_msgctl compat_ksys_old_msgctl cache_disable_0_store ip_rcv_finish ip_rcv_finish_core ip_sublist_rcv ip_list_rcv ipv4_link_failure cipso_v4_error __x64_sys_mq_open do_mq_open hw_breakpoint_event_init __x64_sys_ioprio_set __se_sys_ioprio_set __ia32_sys_ioprio_set __x64_sys_sched_setparam __x64_sys_sched_setattr __se_sys_sched_setattr sched_setattr_nocheck sched_set_normal sched_set_fifo_low request_any_context_irq devm_request_any_context_irq hpet_cpuhp_online setup_default_timer_irq hpet_time_init smbalert_probe i801_probe devm_request_threaded_irq pci_request_irq acpi_ec_dsdt_probe acpi_ec_ecdt_probe acpi_bus_init acpi_init acpi_ec_setup acpi_ged_request_interrupt do_dma_probe hpet_compat_ioctl hpet_ioctl_common hpet_ioctl state_next amd_iommu_init amd_iommu_enable_interrupts amd_iommu_resume enable_drhd_fault_handling dmar_iommu_hotplug dmar_set_interrupt init_dmars dev_pm_set_dedicated_wake_irq_reverse sync_global_pgds_l4 __ia32_sys_ptrace path_getxattr dquot_transfer p4d_populate_init flush_tlb_local vm_iomap_memory __up put_dec_full8 try_module_get __mpol_dup selinux_bprm_committing_creds irq_domain_deactivate_irq cfg80211_init add_event_to_ctx acpi_ps_free_op skb_under_panic get_pfnblock_flags_mask __handle_mm_fault __fsnotify_vfsmount_delete free_swap_and_cache sysvec_thermal __pm_runtime_disable __next_zones_zonelist proc_mkdir kill_fasync get_cached_acl_rcu generic_permission do_unblank_screen walk_to_pmd cgroup_can_fork device_register vma_interval_tree_insert_after free_huge_page_vmemmap alloc_huge_page_vmemmap vm_munmap set_task_rq_fair free_contig_range restore_reserve_on_error lookup_memtype __early_pfn_to_nid account_idle_ticks __x64_sys_setgid16 acpi_ns_validate_handle check_object kmsg_dump kernfs_find_ns remap_p4d_range mce_read_aux propagate_entity_load_avg __warn_printk _dev_warn arch_uprobe_analyze_insn inode_io_list_del drm_mode_rmfb early_memremap swap_page_sector pte_alloc_one timekeeping_advance _raw_read_unlock_bh nf_hook_slow kernfs_put register_irq_proc arch_asym_cpu_priority xfrm_state_hold_rcu selinux_msg_queue_alloc_security dst_cache_destroy sha1_transform dst_release_immediate acpi_ut_get_expected_return_types ip_route_output_flow acpi_button_notify call_netevent_notifiers vma_mmu_pagesize stop_machine_cpuslocked acpi_os_wait_events_complete ring_buffer_event_length rcu_eqs_enter __do_once_done ___skb_get_hash __se_sys_get_mempolicy perf_output_begin netdev_pick_tx netdev_core_pick_tx __qdisc_run blk_mq_add_to_requeue_list kmalloc_order __cfg80211_stop_sched_scan kmalloc_order_trace trace_buffered_event_enable blk_mq_free_plug_rqs sch_direct_xmit skb_network_protocol oom_score_adj_write dev_driver_string get_next_ino acpi_ut_walk_package_tree acpi_hw_get_bit_register_info fd_install skb_ensure_writable debugfs_remove __local_bh_enable_ip nexthop_select_path phys_pmd_init vfs_getxattr selinux_quota_on __d_drop __down_timeout isolate_migratepages_block adjust_managed_page_count set_memory_4k kernfs_drain_open_files mqueue_create down_timeout pick_next_task_fair dev_queue_xmit_nit dma_mmap_pages __finish_swait kmalloc_array.11486 tracefs_create_file add_tracer_options node_page_state_pages copy_from_user_nmi nl80211_send_connect_result tick_clock_notify extfrag_for_order ring_buffer_resize io_wqe_enqueue ring_buffer_record_disable ring_buffer_normalize_time_stamp tsx_enable __ia32_sys_setgid get_random_u32 register_tracer prctl_set_seccomp tracepoint_probe_register_prio __mod_node_page_state kernfs_find_and_get_ns set_tracer_flag ring_buffer_free acpi_os_write_port rcu_idle_enter __cpuhp_remove_state_cpuslocked fsnotify_recalc_mask load_direct_gdt cgroup_apply_control_enable audit_log_pid_context kmalloc_large_node audit_reset_context fib_table_lookup dev_printk_emit execlists_context_cancel_request sysfs_create_file_ns blk_rq_merge_ok pwq_dec_nr_in_flight sysfs_slab_release mod_delayed_work_on rb_first acpi_hw_write_multiple ieee80211_channel_switch __sta_info_flush selinux_bprm_committed_creds irq_to_desc ip4_addr_string_sa irq_init_percpu_irqstack fib4_rule_suppress pud_clear_huge radix_tree_insert name_to_int kvasprintf tk_debug_account_sleep_time ring_buffer_time_stamp insn_decode __irq_domain_add vfs_get_tree __cgroup_account_cputime amd_filter_mce copy_hugetlb_page_range memblock_is_region_memory neigh_destroy __ia32_sys_renameat __mark_inode_dirty console_trylock pagevec_lookup_range_tag mntput_no_expire __writeback_single_inode zap_page_range_single delete_from_page_cache truncate_inode_pages_final clear_inode delete_from_swap_cache inode_has_buffers __destroy_inode cpupri_init set_rq_online clear_shadow_from_swap_cache evict acpi_pci_wakeup add_timer klist_iter_init list_lru_del acpi_ns_get_node_unlocked print_trailer __pagevec_release collect_cpu_info_early groups_search sort_extable __reset_isolation_pfn request_percpu_nmi follow_huge_addr format_decode acpi_get_table_by_index native_tss_update_io_bitmap alloc_workqueue __update_load_avg_blocked_se native_set_fixmap __swp_swapcount acpi_ev_install_sci_handler acpi_os_write_memory __jump_label_update acpi_hw_write __do_once_start __x64_sys_setfsgid16 acpi_ut_method_error is_swbp_insn ieee80211_sta_expire __ia32_sys_chroot acpi_write_bit_register acpi_ev_init_global_lock_handler static_key_slow_inc_cpuslocked errname static_key_slow_inc mutex_spin_on_owner free_p4d_range __show_regs __free_slab alloc_fs_context deactivate_locked_super acpi_gsi_to_irq __ia32_sys_swapoff sk_free trace_print_printk_msg_only pm_runtime_remove __mmap_lock_do_trace_acquire_returned deferred_error_interrupt_enable isolate_lru_page down_write cgroup_post_fork flush_tlb_mm_range kernfs_get_inode __pte_alloc region_add vma_interval_tree_insert path_put raise_softirq_irqoff uprobe_clear_state selinux_task_kill cmos_platform_probe is_vmalloc_addr acpi_hw_read __se_sys_mbind jump_label_update pm_qos_sysfs_remove_resume_latency sbitmap_get __x64_sys_mount acpi_enable_subsystem device_reorder_to_tail acpi_ns_internalize_name stop_one_cpu_nowait acpi_os_table_override acpi_ns_externalize_name register_lapic_address acpi_ns_get_normalized_pathname do_try_to_free_pages acpi_ex_resolve_to_value __down_read_common cgroup_free acpi_get_name walk_mem_res shm_init_ns __kernel_text_address sysfs_create_group device_del security_capable acpi_ut_get_descriptor_name acpi_ex_start_trace_method sbitmap_queue_clear umount_tree init_cgroup_root cea_set_pte kernfs_path_from_node truncate_inode_pages_range invoke_rcu_core alloc_pages_vma request_threaded_irq rcu_force_quiescent_state d_walk rcu_gp_is_expedited _find_first_zero_bit hrtimer_forward xas_clear_mark synchronize_rcu netlbl_init trace_buffered_event_disable idr_preload radix_tree_iter_replace acpi_enable_gpe __bio_advance biovec_slab do_anonymous_page bio_endio __alloc_pages_direct_compact folio_unlock acpi_tb_init_table_descriptor drain_slots_cache_cpu kill_ioctx kobject_uevent device_remove_file nsec_to_clock_t lsm_append bdevname __x64_sys_timerfd_create skb_crc32c_csum_help __vma_link_list fc_drop_locked trace_handle_return ___pud_free_tlb trace_printk_init_buffers __module_address xas_create_range syscall_exit_to_user_mode skb_expand_head radix_tree_node_rcu_free inc_node_page_state async_schedule_node try_to_release_page get_swap_page amd_iommu_detect mutex_lock_killable acpi_ex_unlink_mutex unaccount_page_cache_page xas_init_marks add_to_avail_list crng_backtrack_protect xas_find try_to_free_swap ___neigh_create folio_migrate_mapping lru_add_drain_cpu_zone unregister_console migrate_page lru_add_drain vprintk_default load_builtin_intel_microcode _raw_read_lock_bh disable_msi_reset_irq xlate_dir rmap_walk_anon trace_seq_putc snd_dma_iram_mmap trace_seq_puts mod_zone_page_state __x64_sys_setresuid clear_page_dirty_for_io irq_disable acpi_tb_get_next_table_descriptor huge_pmd_unshare mce_amd_feature_init io_schedule rcu_sync_init x86_stepping try_to_free_buffers putback_lru_page migrate_pages page_add_new_anon_rmap lru_cache_add irq_shutdown xfd_validate_state __page_mapcount __dev_kfree_skb_irq efi_mem_reserve read_pci_config_16 audit_tree_match trace_clock_local folio_mapped profile_hits efi_mem_desc_lookup fragmentation_index sched_numa_find_closest selinux_file_lock shrink_node __sigqueue_alloc wake_up_bit async_synchronize_full ext4_quota_write try_to_grab_pending ipv4_mtu devres_log kernfs_path_from_node_locked handle_mm_fault vprintk_store __update_load_avg_cfs_rq __x64_sys_setreuid device_get_devnode memblock_is_region_reserved acpi_ut_remove_whitespace acpi_ex_convert_to_integer free_pgd_range acpi_ds_is_result_used acpi_ns_opens_scope acpi_ps_set_name text_poke_finish __ia32_sys_setfsgid16 dmar_hp_remove_drhd inet_bind optimize_nops acpi_ut_push_generic_state __ia32_sys_mremap __bitmap_complement __vmalloc acpi_ps_push_scope acpi_ps_parse_aml univ8250_setup_irq __x64_sys_clone print_tainted bus_add_device pgd_clear_bad release_user_cpus_ptr fib_get_table __down acpi_ps_get_arg pty_unix98_ioctl __x64_sys_lgetxattr __rcu_read_lock crash_save_vmcoreinfo destroy_worker __kmem_cache_alias machine_kexec __cpuhp_state_add_instance fsnotify_put_mark __irq_domain_alloc_fwnode audit_log_untrustedstring complement_pos invert_screen acpi_ns_install_node clear_selection is_console_locked do_update_region vt_event_post __fib_lookup __unwind_start down_trylock do_send_sig_info __printk_ratelimit __update_idle_core vfs_kern_mount make_alloc_exact intel_iommu_init __neigh_create down rebalance_domains mtrr_type_lookup_variable rht_bucket_nested disable_err_thresholding prb_first_valid_seq rcu_nmi_exit __pageblock_pfn_to_page console_flush_on_panic acpi_ds_create_operand user_path_create __uprobe_register vprintk SEQ_printf __register_sysctl_table lockref_put_return tick_get_tick_sched print_cpu tick_get_broadcast_device find_task_by_pid_ns __rcu_read_unlock ptrace_trap_notify print_tickdevice memblock_find_in_range_node sysrq_timer_list_show rhashtable_init trace_empty acpi_tb_check_dsdt_header trace_seq_printf rmap_walk_file e100_resume _raw_write_unlock_bh _raw_spin_lock_irq trace_seq_putmem_hex do_softirq uprobe_register_refctr pcpu_mem_zalloc put_ucounts __pm_pr_dbg hex_dump_to_buffer acpi_ut_allocate_object_desc_dbg timer_reduce drm_master_open dmi_check_system ops_init ___perf_sw_event putback_active_hugepage nmi_uaccess_okay sysfs_notify acpi_ut_valid_nameseg idr_alloc_cyclic software_node_notify iomem_map_sanity_check __ia32_sys_swapon zone_watermark_ok_safe compact_zone emergency_restart selinux_file_mprotect walk_system_ram_range shm_exit_ns __ioremap_caller fsnotify __split_vma dmi_match ida_alloc_range md_compat_ioctl list_lru_add flush_all_cpus_locked rcu_segcblist_pend_cbs mm_init.4965 flush_tlb_one_kernel security_fs_context_parse_param __mm_populate __xfrm_state_lookup fprop_fraction_percpu has_bh_in_lru register_pernet_operations date_str acpi_ut_get_node_name strcmp ieee80211_add_pending_skb writeback_single_inode mce_setup task_participate_group_stop rmap_walk stop_machine e100_diag_test __tasklet_schedule poll_state_synchronize_srcu flush_workqueue_prep_pwqs vfs_path_lookup insn_get_modrm selinux_sem_semctl mark_page_accessed __pte_alloc_kernel __perf_event_overflow __dev_queue_xmit __kernfs_create_file lmce_supported hrtimer_cancel __mpol_put __e820__range_update dentry_unlink_inode cfg80211_sta_opmode_change_notify tsx_disable __ia32_sys_sethostname blk_finish_plug get_cached_acl native_flush_tlb_multi close_pdeo xas_load d_find_any_alias pud_clear_bad __cpuset_node_allowed bit_waitqueue set_one_prio _raw_write_unlock in_lock_functions to_ratio sched_show_task eth_type_trans acpi_handle_printk node_page_state nf_queue mutex_trylock get_gate_vma lruvec_init __sys_setreuid alloc_pages tg3_start hrtimer_init _find_last_bit apply_alternatives clocksource_mark_unstable acpi_ut_create_generic_state selinux_file_ioctl acpi_ev_delete_gpe_block lru_add_drain_all clear_sched_clock_stable vsnprintf __ptrace_link using_native_sched_clock sched_clock_stable proc_ipc_dointvec_minmax_orphans do_unlinkat acpi_ex_start_trace_opcode __x64_sys_sched_setaffinity percpu_counter_add_batch schedule_idle swake_up_all_locked sprint_symbol gen_pool_alloc_algo_owner device_pm_unlock bitmap_string inat_get_last_prefix_id blk_dump_rq_flags bsearch arch_dup_task_struct set_page_dirty acpi_ps_append_arg vmap_pages_range_noflush pty_unix98_compat_ioctl do_set_thread_area acpi_ut_copy_eobject_to_iobject open_softirq acpi_ps_peek_opcode uprobe_end_dup_mmap region_del __vm_munmap task_curr sysfs_add_file_mode_ns send_sigio fwnode_get_name tty_audit_fork acpi_ps_is_leading_char core_kernel_text create_worker_cb ieee80211_remain_on_channel selinux_msg_queue_msgrcv memblock_reserve seq_vprintf ___pte_free_tlb security_inode_getsecid __audit_uring_exit __printk_cpu_unlock send_signal change_mnt_propagation acpi_ut_predefined_bios_error follow_huge_pud __do_sys_brk _prb_read_valid jiffies_to_usecs uart_port_activate clockevents_switch_state unblank_screen do_trace_write_msr dentry_name page_add_file_rmap cpu_stop_queue_work __mmu_notifier_invalidate_range_end sync_rcu_exp_select_node_cpus kernfs_activate acpi_ut_create_buffer_object idr_destroy deactivate_slab vma_interval_tree_iter_next kobject_add_internal __purge_vmap_area_lazy __d_lookup_done timerqueue_iterate_next _raw_read_unlock mce_rdmsrl drain_workqueue fwnode_remove_software_node fsnotify_free_mark search_module_extables time64_to_tm acpi_ds_create_walk_state timerqueue_add fpu__init_cpu acpi_ex_enter_interpreter text_poke_bp acpi_ns_delete_namespace_subtree kblockd_mod_delayed_work_on acpi_ps_update_parameter_list ctx_sched_in acpi_sci_ioapic_setup fwnode_count_parents get_random_u64 restore_boot_irq_mode audit_filter_uring selinux_ip_postroute path_get ieee80211_nan_func_terminated raise_softirq acpi_ps_get_opcode_size uprobe_start_dup_mmap strcat driver_bound load_elf_library.18499 perf_event_text_poke _raw_spin_lock_bh i915_driver_remove sched_clock_cpu rcu_dynticks_eqs_enter __swap_duplicate acpi_error __x64_sys_sched_setscheduler kthread_set_per_cpu __skb_ext_put fib4_rule_match unwind_get_return_address_ptr kernel_thread __ftrace_event_enable_disable driver_deferred_probe_add mod_node_page_state is_hpet_enabled acpi_tb_get_table in_gate_area __sys_setresuid strstr put_css_set_locked ptep_clear_flush cpuset_mems_allowed_intersects acpi_ns_build_prefixed_pathname sum_zone_node_page_state nl80211_send_mlme_timeout wake_up_process acpi_ps_get_next_namestring cpuidle_select defer_console_output trace_rpm_usage_rcuidle e100_set_ringparam integrity_inode_free acpi_os_acquire_lock cpu_init __x64_sys_renameat2 memblock_phys_alloc_range early_pci_allowed skb_warn_bad_offload groups_free group_balance_cpu __fprop_add_percpu_max alloc_huge_page selinux_shm_shmat __d_instantiate acpi_ds_result_push balance_dirty_pages_ratelimited rb_insert_color ieee80211_dfs_cac_timer_work strsep hrtimer_sleeper_start_expires do_send_specific acpi_os_allocate_zeroed.33861 symbol_string tracepoint_probe_unregister trace_rpm_return_int_rcuidle fget_raw __update_and_free_page memtype_reserve swap_duplicate kern_mount kill_pgrp memblock_alloc_try_nid msr_read.29739 update_attr memblock_alloc_internal __blk_mq_try_issue_directly msr_write.29740 set_origin insert_vmap_area __ia32_sys_setreuid neigh_carrier_down __mnt_want_write slab_unmergeable ring_buffer_record_enable folio_wake_bit nv_start_xmit_optimized peernet_has_id recalc_sigpending __oom_reap_task_mm __cpuhp_setup_state_cpuslocked d_find_alias spp_getpage sk_filter_trim_cap key_set_index_key __zerocopy_sg_from_iter kzalloc.29991 acpi_ns_get_next_node workingset_eviction acpi_ns_get_node spurious_interrupt __skb_checksum kmem_cache_alloc_bulk find_vm_area device_remove_properties acpi_ev_gpe_dispatch __jump_label_patch acpi_ut_get_simple_object_size _atomic_dec_and_lock vfs_rmdir __get_free_pages get_stack_info_noinstr complete pin_kill kobject_del print_track rcu_spawn_gp_kthread acpi_ut_insert_digit memblock_setclr_flag efi_runtime_disabled balance_push_set ns_capable __ia32_sys_timerfd_settime radix_tree_extend dev_queue_xmit sugov_init rcu_nmi_enter put_unused_fd e1000_xmit_frame init_espfix_ap __thaw_task __pti_set_user_pgtbl __x64_sys_symlink __percpu_rwsem_trylock deactivate_super futex_wake register_die_notifier get_shadow_from_swap_cache __printk_cpu_trylock __send_signal _free_event acpi_ps_cleanup_scope vmap_p4d_range _find_next_bit ksize user_enable_single_step unreserve_highatomic_pageblock genl_unregister_family fsnotify_get_mark __blk_mq_sched_restart task_will_free_mem register_module_notifier __nodes_weight.15628 get_unused_fd_flags bus_remove_device early_memunmap kernfs_get update_misfit_status __x64_sys_setuid16 _raw_spin_trylock __netif_schedule panic kmem_cache_create_usercopy first_online_pgdat irq_chip_retrigger_hierarchy acpi_ds_get_buffer_arguments ring_buffer_empty_cpu ioremap_cache raw_spin_rq_unlock acpi_ut_delete_object_desc __note_gp_changes slab_bug rht_key_hashfn.68685 acpi_os_delete_semaphore __radix_tree_preload rtmsg_ifinfo cpumask_next_and rpm_resume rb_check_pages __pagevec_lru_add_fn e820_print_type acpi_ut_get_reference_name timekeeping_notify free_pid __irq_put_desc_unlock is_bad_inode ieee80211_txq_setup_flows activate_task dst_destroy d_set_d_op _parse_integer_limit search_extable synchronize_rcu_expedited_wait vmacache_find lookup_one_common selinux_task_movememory nl80211_stop_sched_scan plist_add acpi_cppc_processor_probe rtnetlink_send stack_type_name __kernfs_remove mutex_is_locked kmemdup_nul do_writepages kmem_cache_alloc audit_log_exit parse_slub_debug_flags __dev_forward_skb2 __x64_sys_setreuid16 next_zone strlen cyc2ns_init_boot_cpu msg_zerocopy_alloc refcount_warn_saturate acpi_ns_evaluate huge_pte_offset folio_copy profile_init efi_mem_type del_timer memcpy_fromio in_task_stack klist_next ieee80211_mgmt_tx kfree kobject_init_and_add audit_alloc_name vscnprintf mutex_lock isolate_movable_page acpi_ex_allocate_name_string ieee80211_free_keys_iface tick_nohz_idle_stop_tick __lookup_slow submit_bio ieee80211_dfs_radar_detected_work wakeup_flusher_threads skb_set_owner_w acpi_ut_add_reference _extract_crng generic_processor_info schedule_timeout_idle sync_mm_rss vm_area_free fwnode_get_next_available_child_node acpi_ex_release_global_lock perf_pmu_register do_arch_prctl_64 efi_arch_mem_reserve cpuset_mem_spread_node __put_net send_sig rcu_barrier_trace numa_add_memblk_to acpi_container_offline kmalloc_slab __put_task_struct interval_tree_insert ttm_bo_vm_dummy_page cpumask_weight.7206 pm_runtime_drop_link write_cache_pages submit_bio_noacct acpi_ds_clear_implicit_return try_to_compact_pages __ia32_sys_setuid16 srcu_gp_start_if_needed free_reserved_area ip_options_compile idle_cpu mnt_change_mountpoint acpi_ds_terminate_control_method selinux_file_permission trace_find_cmdline fourcc_string get_slabinfo tick_get_device ring_buffer_record_off log_buf_len_update pps_cdev_compat_ioctl csum_partial rcu_sync_exit perf_iterate_sb skip_spaces queued_write_lock_slowpath acpi_tb_validate_rsdp acpi_device_sleep_wake __free_one_page rb_next __irq_set_trigger __prepare_to_swait fput __skb_clone up_write __x64_sys_execveat memchr audit_log_start remove_vm_area tracing_stop_cmdline_record osq_lock __blk_mq_delay_run_hw_queue __put_mountpoint arch_cpu_idle_enter tracepoint_add_func __vm_insert_mixed klist_node_attached ip_route_output_key_hash_rcu may_create cfg80211_probe_status acpi_ps_has_completed_scope kobject_get_ownership tracepoint_probe_register idt_setup_from_table ns2usecs expand_stack rt_set_nexthop do_SAK_work jiffies_to_clock_t acpi_ps_delete_parse_tree text_poke_bp_batch __mmu_notifier_invalidate_range audit_log_vformat nl80211_exit page_vma_mapped_walk acpi_ds_method_data_get_node ktime_get_coarse_real_ts64 cpumask_next radix_tree_next_chunk rtmsg_ifinfo_newnet flush_signal_handlers msg_print_ext_body ieee80211_build_data_template mpol_set_nodemask tlb_gather_mmu unmap_mapping_range add_to_swap_cache init_idle cfg80211_netdev_notifier_call kern_path_locked acpi_ds_execute_arguments xfrm_state_mtu dmi_matches verify_patch kernfs_remove_by_name_ns __register_sysctl_paths rcu_irq_exit_irqson check_preempt_curr arch_vma_name errseq_sample io_wqe_dec_running do_set_mempolicy si_mem_available newidle_balance skb_release_head_state tick_do_update_jiffies64 new_inode acpi_get_table_header acpi_remove_pm_notifier wait_task_inactive netlbl_mgmt_genl_init nv_request_irq bust_spinlocks send_sigio_to_task hrtimer_init_sleeper acpi_get_table refcount_dec_and_lock acpi_os_map_memory __create_dir acpi_ut_predefined_warning vm_normal_page cpu_startup_entry apply_wqattrs_prepare ieee80211_txq_teardown_flows hrtimer_active acpi_tb_put_table in_gate_area_no_mm __x64_sys_setresgid ieee80211_tx_prepare_skb dpm_sysfs_add ieee80211_ibss_work selinux_sctp_assoc_request put_unbound_pool drm_mode_setplane machine_emergency_restart create_worker put_ipc_ns ieee80211_send_pspoll __x64_sys_setfsgid wait_for_completion_killable __printk_safe_exit ieee80211_resume acpi_disable_gpe alloc_perf_context set_user_nice fc_mount get_task_exe_file tag_pages_for_writeback __submit_bio do_set_cpus_allowed reweight_entity prb_next_seq __blk_account_io_start trace_set_options ieee80211_add_station out_of_memory scnprintf idr_find __cfg80211_send_event_skb acpi_disable_wakeup_device_power acpi_ut_add_address_range __acct_reclaim_writeback calc_wheel_index efi_update_mappings kernel_fpu_begin_mask signal_wake_up_state set_cpus_allowed_ptr clocksource_default_clock init_dl_bw cgroup_fork switch_mm submit_bio_wait proc_create_data lapic_get_maxlvt set_memory_nx debugfs_lookup __set_cyc2ns_scale rcu_barrier acpi_os_map_iomem security_sk_free swap_slot_free_notify firmware_map_add_entry __ia32_sys_get_mempolicy __wakeup_flusher_threads_bdi kthread_unpark __early_set_fixmap sprintf task_active_pid_ns sysfs_slab_add rb_advance_reader vmf_insert_mixed_prot workingset_age_nonresident acpi_os_execute _dev_info print_stop_info access_process_vm ieee80211_if_add do_page_add_anon_rmap queue_stop_cpus_work perf_swevent_event acpi_ds_method_error should_reclaim_retry acpi_clear_event iounmap exit_aio clean_path warn_alloc __perf_event_account_interrupt rcu_irq_exit e1000_open register_sysctl_table kthread_should_stop __se_sys_process_madvise acpi_ds_get_buffer_field_arguments sched_set_fifo wakeup_sysfs_remove page_mapped insn_get_seg_base __ia32_sys_io_uring_enter __sk_free __ia32_compat_sys_rt_sigqueueinfo __ia32_sys_rmdir __kthread_create_on_node ip_options_get namespace_unlock acpi_ns_attach_object __cpuset_memory_pressure_bump acpi_ds_result_pop selinux_shm_shmctl blk_mq_request_issue_directly prepare_to_wait_exclusive wake_q_add_safe string blk_io_schedule acpi_unbind_one should_compact_retry acpi_ds_begin_method_execution wb_wakeup_delayed visit_groups_merge __ring_buffer_alloc kmem_cache_alloc_trace put_pid __read_swap_cache_async insn_get_addr_ref ieee80211_request_smps_mgd_work internal_create_group __fsnotify_inode_delete proc_free_inum swapin_readahead down_read_killable try_to_free_pages blk_mq_free_request print_trace_line __folio_alloc selinux_inode_create reset_vma_resv_huge_pages pnp_check_irq __dev_pm_qos_remove_request strncmp vunmap_range_noflush hrtimer_start_range_ns acpi_table_parse_entries_array insn_rip_relative selinux_sem_semop e100_tx_timeout_task netlink_trim __ia32_compat_sys_msgctl rcu_start_this_gp locks_release_private vzalloc __ia32_sys_setresuid cfg80211_rx_assoc_resp neigh_app_ns __set_pte_vaddr enqueue_hrtimer schedule_hrtimeout __bpf_redirect _nohz_idle_balance mtrr_type_lookup __fget_files ring_buffer_iter_peek acpi_enable_event __next_mem_range_rev internal_get_user_pages_fast shmem_read_mapping_page_gfp remove_wait_queue acpi_hw_register_read match_string copy_mnt_ns ieee80211_start_nan do_idle alloc_ucounts nl80211_send_disassoc numa_default_policy read_pci_config_byte enqueue_timer free_cgroup_ns tick_program_event acpi_ut_remove_leading_zeros vfs_create_mount blk_mq_end_request skb_do_redirect xa_erase do_sched_yield kthread_bind_mask tick_resume_check_broadcast __filemap_fdatawait_range bio_attempt_discard_merge exc_simd_coprocessor_error ip_del_fnhe reg_check_chans_work bio_chain xfrm_selector_match _raw_read_lock_irqsave local_bh_enable.67856 __vfs_getxattr phys_pte_init selinux_file_fcntl init_srcu_struct_fields filename_create assoc_array_insert_set_object atomic_dec_and_mutex_lock __migration_entry_wait __text_poke shmem_listxattr xas_find_marked alternatives_smp_module_add check_slab cgroup_finalize_control ieee80211_ibss_rx_queued_mgmt io_worker_cancel_cb cgroup_migrate_execute prepare_creds __lock_task_sighand __printk_wait_on_cpu_lock pid_task setup_net i915_gem_mmap_ioctl hard_smp_processor_id invalidate_batched_entropy bitmap_ord_to_pos exc_coprocessor_error trace_seq_bprintf css_set_move_task vfree early_ioremap io_queue_worker_create __this_cpu_preempt_check down_write_killable handle_futex_death rebind_subsystems identify_cpu acpi_ns_wrap_with_package cpudl_cleanup set_regdom dev_fwnode skb_dump acpi_hw_set_mode exc_stack_segment __dentry_kill io_submit_sqes wake_up_state __dev_pm_set_dedicated_wake_irq alloc_file_pseudo devres_release_all __skb_flow_dissect intel_guc_engine_failure_process_msg get_cmdline wake_const_ops __x64_sys_setuid tk_setup_internals inode_permission set_normalized_timespec64 __change_page_attr_set_clr alloc_empty_file _swap_info_get __audit_inode_child cfg80211_auth_timeout flush_smp_call_function_from_idle __ia32_sys_sched_setscheduler flush_smp_call_function_queue tracing_set_clock validate_xmit_skb vt_ioctl update_wall_time seq_buf_vprintf update_cache_mode_entry get_symbol_pos _raw_spin_unlock tlb_gather_mmu_fullmm calc_global_load housekeeping_any_cpu compat_ksys_old_shmctl alloc_vmap_area acpi_ut_create_package_object cfg80211_update_owe_info_event rcu_accelerate_cbs bio_poll folio_clear_dirty_for_io perf_log_throttle __se_sys_fsetxattr __mix_pool_bytes wiphy_unregister vma_is_special_mapping blk_mq_get_tag acpi_ut_set_integer_width acpi_ut_create_integer_object selinux_inode_init_security_anon strlcpy put_swap_page reclaim_throttle __blk_account_io_done security_sb_set_mnt_opts io_issue_sqe _ieee80211_start_next_roc housekeeping_enabled __delete_from_page_cache copy_page_range phys_p4d_init retrigger_next_event perf_output_copy apply_trace_boot_options bio_add_page ieee80211_gtk_rekey_add tick_resume_oneshot clockevents_tick_resume pm_qos_sysfs_remove_flags acpi_pm_read_verified cpu_idle_poll __skb_gso_segment fpstate_free fs_context_for_mount refresh_cpu_vm_stats cpumask_next_wrap tick_nohz_next_event shmem_swapin_page perf_event_header__init_id __next_timer_interrupt _printk acpi_ds_get_predicate_value putname inc_ucount nl80211_send_auth_timeout mpc_ioapic_id vma_interval_tree_iter_first get_eff_addr_modrm audit_log_key dmar_device_add __ia32_sys_setresgid16 vfree_atomic __gup_longterm_locked percpu_counter_destroy gen_pool_destroy __static_call_update __se_sys_quotactl _dev_err srcu_gp_start dup_fd module_address_lookup ctx_sched_out follow_invalidate_pte acpi_ns_delete_node selinux_inode_getattr find_kallsyms_symbol __next_node_in int_sqrt pm_runtime_init acpi_hw_gpe_read tick_get_broadcast_oneshot_mask page_frag_free blk_mq_get_tags tg3_open __lock_parent rcu_segcblist_accelerate audit_log_n_untrustedstring __bitmap_set set_tls_desc page_swap_info put_dec acpi_hw_get_mode acpi_pm_set_device_wakeup exc_alignment_check sta_info_insert_rcu cgroup_file_notify copy_tree handle_eject_request tick_oneshot_mode_active bio_attempt_front_merge kill_engines local_bh_enable.68022 __printk_safe_enter security_perf_event_alloc __key_link_lock blk_mq_flush_busy_ctxs xfrm_policy_inexact_lookup_rcu ieee80211_suspend acpi_battery_notify perf_lock_task_context neigh_del exit_sem __efi_memmap_alloc_late xa_load nl80211_set_wiphy selinux_inode_link acpi_ev_get_gpe_xrupt_block device_initial_probe acpi_ps_get_next_package_end ieee80211_ibss_leave shm_destroy_orphaned bio_split trace_console_rcuidle do_wp_page keyring_alloc __wake_up_parent skb_trim d_instantiate search_exception_tables drm_client_framebuffer_delete fpu__drop zone_absent_pages_in_node audit_log_task_info ring_buffer_consume ieee80211_tx_prepare wake_up_q vm_stat_account acpi_ns_convert_to_buffer rcu_irq_enter_irqson rb_get_reader_page cmpxchg_double_slab cfg80211_rx_mlme_mgmt e820__mapped_any capable _parse_integer_fixup_radix kernfs_node_from_dentry in_group_p migrate_disable __fsnotify_update_child_dentry_flags selinux_inode_getsecctx put_io_context ti12xx_override shmem_getpage_gfp bio_attempt_back_merge i915_gem_context_close synchronize_hardirq acpi_ex_interpreter_trace_enabled atomic_notifier_chain_register select_fallback_rq pwq_adjust_max_active simple_strtoull rb_event_length kobject_set_name_vargs cfg80211_sched_scan_stopped_locked record_print_text strscpy do_swap_page ioremap_wc tsx_clear_cpuid __ia32_sys_setfsuid acpi_os_remove_interrupt_handler capable_wrt_inode_uidgid install_breakpoint acpi_warning exit_thread bus_for_each_drv mce_gen_pool_add x86_fsbase_read_task ieee80211_remove_interfaces tcf_classify unmap_region threshold_restart_bank hugetlb_fault do_coredump pat_disable nfnetlink_send cfg80211_stop_ap update_curr ieee80211_subif_start_xmit_8023 acpi_ut_get_object_type_name __ktime_get_real_seconds pcpu_create_chunk vm_area_dup __x64_sys_mmap_pgoff alloc_surplus_huge_page nlmsg_notify __mmu_notifier_invalidate_range_start mq_init_ns locks_remove_posix xas_store locks_get_lock_context ieee80211_send_addba_with_timeout netlink_attachskb filp_close ftrace_set_clr_event audit_put_chunk mempool_alloc sysvec_irq_work acpi_osi_setup slab_pad_check kobj_kset_leave tick_broadcast_oneshot_active rcu_inkernel_boot_has_ended __mutex_unlock_slowpath skb_over_panic n_tty_ioctl_helper native_write_cr4 perf_event_namespaces vsscanf dmar_hp_add_drhd __ia32_sys_setfsuid16 ieee80211_sta_monitor_work insert_header acpi_os_wait_semaphore strnlen alloc_desc alloc_file idr_for_each ieee80211_rx_handlers x86_match_cpu __x64_sys_rename lockref_get_not_dead load_elf_binary expand_downwards inherit_event simple_strntoull __kernel_physical_mapping_init ring_buffer_attach prepare_signal cgroup_migrate_finish find_next_best_node ntp_get_next_leap bio_devname acpi_ut_delete_internal_object_list perf_group_detach rtnl_dump_ifinfo __ia32_compat_sys_io_submit strim ftrace_find_event out_of_line_wait_on_bit __static_call_init set_pfnblock_flags_mask ns_to_timespec64 klist_remove prepare_to_swait_event wakeup_sysfs_add page_mapping drain_local_pages noist_exc_machine_check swap_free bio_alloc_bioset finish_mkwrite_fault ext4_claim_free_clusters make_empty_dir_inode __dev_printk blk_mq_do_dispatch_ctx ext4_new_meta_blocks __blk_queue_split drm_mode_getplane mq_clear_sbinfo tsc_read_refs fib_select_multipath ktime_get_update_offsets_now apply_wqattrs_commit preempt_count_add _raw_spin_lock __cancel_work_timer sha1_init file_ns_capable set_fs_root d_delete show_mem __trace_early_add_events __clockevents_switch_state vmap move_queued_task kernfs_remove clocks_calc_mult_shift ipcget xas_set_mark __clocksource_register_scale sched_clock_tick read_cache_page vma_is_secretmem number kernfs_link_sibling __do_munmap local_bh_enable.65230 cpumask_weight.10918 anon_vma_interval_tree_remove write_inode_now local_bh_enable.65373 raw_notifier_call_chain acpi_ut_prefixed_namespace_error get_option __x64_sys_setns put_device clear_huge_page pktsched_init audit_log_end nl80211_init __neigh_notify queue_rcu_work __ia32_sys_mknod __mmap_lock_do_trace_released futex_unlock_pi lru_note_cost ieee80211_rx_mgmt_beacon __e820__mapped_all mntget blk_mq_dequeue_from_ctx lwt_seg6local_func_proto __ia32_sys_perf_event_open shmctl_do_lock arch_stack_walk is_ucounts_overlimit ktime_get __sbitmap_queue_get_shallow init_and_link_css proc_entry_rundown perf_clear_dirty_counters memblock_free_late ieee80211_cqm_rssi_notify arch_jump_label_transform_queue acpi_ev_finish_gpe free_exit_list vfs_dedupe_file_range acpi_ut_get_region_name audit_alloc check_nnp_nosuid lru_add_drain_cpu reset_disabled_cpu_buffer _raw_write_unlock_irq acpi_os_create_semaphore __nodes_weight.15742 __pm_runtime_barrier drm_framebuffer_lookup selinux_inode_getxattr kernel_fpu_end copy_namespaces memtype_lookup rtnetlink_init early_pfn_to_nid clone_mnt get_mm_exe_file inat_get_avx_attribute plist_del rtmsg_ifinfo_build_skb ll_back_merge_fn key_schedule_gc rtnl_bridge_dellink acpi_os_unmap_memory kernfs_notify prealloc_shrinker alloc_chunk xfrm_state_afinfo_get_rcu audit_tree_lookup get_swap_device shrink_inactive_list unwind_next_frame timekeeping_update security_file_send_sigiotask static_key_count hsw_hw_config acpi_tb_install_standard_table acpi_power_on acpi_enable_wakeup_device_power acpi_find_root_pointer vmf_insert_mixed_mkwrite __x64_sys_rt_sigqueueinfo prune_tree_chunks register_shrinker isolate_or_dissolve_huge_page fprop_global_init send_call_function_single_ipi cfg80211_cqm_txe_notify azx_probe_work sysvec_call_function_single pgd_free update_srbds_msr housekeeping_cpumask acpi_tb_resize_root_table_list ieee80211_report_used_skb genlmsg_multicast_allns netlink_set_err try_to_del_timer_sync acpi_ex_system_wait_semaphore timerqueue_del strrchr __unfreeze_partials split_lock_verify_msr acpi_execute_simple_method timerfd_resume ktime_get_real_ts64 cgroup_propagate_control k8_check_syscfg_dram_mod_en klist_add_tail pm_runtime_enable __blkdev_issue_discard wakeup_kcompactd acpi_tb_release_temp_table user_path_at_empty dst_alloc complete_signal drm_mode_create_lease_ioctl rtnl_notify ktime_get_mono_fast_ns sched_clock_idle_wakeup_event page_is_ram dump_stack selinux_file_receive acpi_ec_add nv_resume lookup_constant next_demotion_node ieee80211_prep_connection zap_page_range list_lru_destroy klist_iter_init_node ieee80211_mgmt_tx_cancel_wait acpi_ns_get_type hugetlb_total_pages __vma_unlink_list parse_monolithic_mount_data folio_alloc __clk_get_name need_update __wrgsbase_inactive ieee80211_sdata_stop blk_mq_delay_run_hw_queues __key_link_end ieee80211_rx_h_michael_mic_verify __flush_tlb_all io_bitmap_share rpm_idle is_acpi_device_node __blk_mq_alloc_requests __ia32_sys_kill sg_io unregister_shrinker ieee80211_sta_restart get_next_timer_interrupt __next_mem_pfn_range acpi_table_parse perform_atomic_semop cgroup_rstat_init _set_memory_wb blk_mq_rq_ctx_init xas_pause sched_clock_idle_sleep_event ptrace_stop sscanf acpi_ns_search_one_scope prepare_set intel_gt_handle_error siphash_1u64 inet_select_addr __get_locked_pte cfg80211_pernet_exit mp_save_irq cancel_work_sync vbin_printf ptrace_notify e820__mapped_all blk_start_plug inc_rlimit_ucounts kexec_crash_loaded __page_file_index device_add ieee80211_color_change_finalize_work kobject_create_and_add iput __mutex_lock_slowpath consume_skb strcpy acpi_ev_add_gpe_reference neigh_delete __se_sys_shmctl acpi_ev_remove_gpe_reference device_pm_move_last acpi_get_override_irq do_file_open_root cgroup_apply_control ktime_get_seconds security_prepare_creds rcu_report_exp_cpu_mult linear_hugepage_index rcu_segcblist_first_pend_cb irq_startup change_page_attr_set_clr pit_hpet_ptimer_calibrate_cpu __next_mem_range acpi_enable acpi_os_release_lock exit_io_context swap_do_scheduled_discard account get_task_pid rtnl_net_getid filemap_fdatawait_range memparse debugfs_create_dir pcpu_find_block_fit pci_mmap_resource_uc cache_disable_1_store vmacache_update cpuset_mems_allowed uprobe_mmap try_lookup_one_len __irq_get_desc_lock __task_pid_nr_ns css_tryget_online_from_dir arch_jump_label_transform_static i915_gem_context_destroy_ioctl pat_init proc_register kmem_cache_alloc_node_trace do_set_pte bstr_printf irq_work_sync oom_kill_process down_read_trylock put_cred_rcu nf_conntrack_destroy copy_from_kernel_nofault_allowed rq_attach_root ieee80211_prepare_and_rx_handle audit_log_n_hex try_grab_compound_head scan_swap_map_slots get_device_parent bcmp setup_clear_cpu_cap kill_pid_info _raw_write_lock_irq wb_start_background_writeback blk_queue_enter xfrm_lookup_with_ifid acpi_video_bus_add async_synchronize_cookie_domain ___pskb_trim pat_bp_init numa_nodemask_from_meminfo key_user_lookup io_wq_enqueue cfg80211_cqm_beacon_loss_notify drm_sysfs_lease_event backlight_force_update cachemode2protval acpi_ut_get_event_name __wake_up_sync_key __x64_sys_epoll_ctl autofs_root_compat_ioctl try_enable_new_console __ia32_sys_move_pages rtnl_net_dumpid tick_broadcast_oneshot_control audit_log_n_string wake_up_var __put_super __acpi_map_table tracing_update_buffers __setup_irq second_overflow __free_pages ip_check_mc_rcu acpi_ex_acquire_mutex_object anon_inode_getfile flush_tlb_batched_pending selinux_task_setscheduler ___slab_alloc __set_cpus_allowed_ptr_locked __audit_free audit_log_lost cfg80211_switch_netns wakeup_source_register iget_locked expand_files interval_tree_remove alloc_fd debugfs_slab_release ieee80211_leave_ocb copy_process add_taint restore_fpregs_from_fpstate __alloc_file ___xfrm_state_destroy mmput huge_node drm_dev_unplug kobject_get_path user_disable_single_step __wb_update_bandwidth trace_rcu_this_gp __netlink_lookup cfg80211_dfs_channels_update_work posix_lock_inode audit_match_class get_seccomp_filter mm_trace_rss_stat filter_assign_type resource_string ldt_dup_context irq_work_queue drm_crtc_get_sequence_ioctl task_set_jobctl_pending unix_seqpacket_sendmsg irq_pm_remove_action acpi_table_parse_madt dquot_free_inode rht_key_hashfn.66149 cn_netlink_send release_pages mp_override_legacy_irq alloc_unbound_pwq free_ipc apply_workqueue_attrs tick_setup_periodic unmap_mapping_page unlock_new_inode audit_get_tty dst_release memblock_add_range assoc_array_apply_edit __acpi_get_override_irq audit_panic net_disable_timestamp fwnode_get_name_prefix fq_flow_reset munlock_vma_pages_range clocksource_select_watchdog attach_pid io_bitmap_exit queued_spin_lock_slowpath dev_hard_start_xmit generic_exec_single update_blocked_averages pgprot2cachemode uevent_net_rcv_skb trace_event_enable_cmd_record __percpu_counter_sum __efi_memmap_init newseg security_release_secctx trace_pid_list_first update_dl_rq_load_avg __update_ref_ctr debug_locks_off acpi_os_physical_table_override put_compound_head neigh_ifdown acpi_pci_root_remove audit_ctl_unlock flow_hash_from_keys memblock_insert_region __pm_runtime_idle uart_parse_earlycon mp_find_ioapic_pin acpi_device_power_add_dependent ieee80211_mgd_stop sbitmap_any_bit_set xfrm_send_state_notify check_vma_flags security_inode_free ___ratelimit dump_stack_print_info region_intersects tick_nohz_idle_restart_tick nl80211_send_rx_assoc file_update_time aio_write cgroup1_check_for_release lookup_swap_cache __drain_all_pages ieee80211_set_power_mgmt __percpu_ref_switch_mode kernfs_destroy_root calc_load_nohz_start housekeeping_test_cpu exit_shm acpi_ps_create_scope_op __pud_alloc simple_recursive_removal mmap_mem security_sb_free radix_tree_delete_item propagate_mount_unlock move_hugetlb_state shm_close blk_mq_sched_assign_ioc __cond_resched_lock unregister_filesystem __ia32_sys_setresuid16 __get_user_pages_remote neigh_remove_one folio_wait_bit_common vfs_parse_fs_string show_state_filter percpu_counter_set rcu_report_qs_rnp find_vma perf_event_init_task hpet_readl set_swbp prandom_u32 pcpu_populate_chunk acpi_ut_get_type_name audit_log_task_context nl80211_send_ap_stopped cfg80211_exit __vma_link_rb acpi_pci_root_add nl80211_common_reg_change_event audit_ctl_lock debugfs_create_file pcpu_alloc ring_buffer_event_data pci_mmap_resource_wc kvfree_call_rcu early_memremap_prot __find_next_entry add_wait_queue_exclusive audit_remove_mark pcc_mbox_request_channel audit_filter __cpuhp_state_remove_instance nl80211_send_scan_start acpi_processor_driver_init list_del_event rtnl_newlink _get_random_bytes pid_vnr skb_release_data fsnotify_put_group page_remove_rmap ieee80211_cancel_roc security_set_bools attach_entity_load_avg key_payload_reserve do_read_cache_page drm_mode_getcrtc determine_cpu_tsc_frequencies wake_up_new_task ext4_mb_new_blocks unlock_page sel_write_enforce acpi_ds_get_package_arguments pid_nr_ns rtnl_net_newid fib4_rule_action security_inode_alloc pmd_set_huge do_notify_parent_cldstop try_to_wake_up __node_reclaim set_pte_vaddr schedule_hrtimeout_range_clock get_rps_cpu ip6_mtu scsi_bsg_sg_io_fn acpi_tb_verify_checksum stack_trace_save __ia32_sys_mq_open vfs_parse_fs_param add_to_page_cache_lru machine_crash_shutdown clear_nlink __kmalloc __key_instantiate_and_link cfg80211_event_work follow_p4d_mask cfg80211_radar_event ieee80211_send_bar calculate_sizes cgroup_freezing efi_memmap_insert cgroup_rstat_exit free_fib_info remove_arg_zero uprobe_register nla_put_64bit put_files_struct apply_retpolines __wait_rcu_gp get_task_policy skb_scrub_packet drm_client_dev_unregister d_path ieee80211_request_scan __rb_insert_augmented fsnotify_grab_connector print_modules percpu_ref_exit pointer cgroup_setup_root destroy_context_ldt io_schedule_timeout cgroup_addrm_files static_key_enable_cpuslocked ieee80211_ibss_process_chanswitch css_populate_dir pskb_expand_head nl80211_send_roamed llist_add_batch sel_write_relabel proc_create_single_data klist_del console_sysfs_notify register_pm_notifier percpu_ref_kill_and_confirm tick_get_broadcast_mask __percpu_init_rwsem task_work_add __x64_sys_socketcall vmap_small_pages_range_noflush audit_log_format igrab nl80211_radar_notify pm_runtime_reinit perf_output_end mempolicy_slab_node device_unregister __zone_watermark_ok sysfs_add_bin_file_mode_ns __add_preferred_console e820__update_table local_bh_enable ieee80211_auth __srcu_read_lock __kfree_skb wait_for_common efi_memmap_install proc_mkdir_mode cpuhp_report_idle_dead blk_mq_flush_plug_list __kmalloc_node_track_caller put_dec_trunc8 acpi_ex_exit_interpreter __radix_tree_delete memblock_alloc_try_nid_raw free_uid compaction_defer_reset allow_direct_reclaim ida_free acpi_os_printf trace_seq_putmem link_css_set dock_notify chacha_permute enable_irq acpi_remove_notify_handler copy_thread acpi_info ieee80211_scan_cancel add_timer_on in_entry_stack __put_anon_vma reserve_pfn_range widen_string tsc_enable_sched_clock audit_filter_inodes fib_select_path __access_remote_vm atomic_notifier_call_chain __ieee80211_suspend ieee80211_send_auth msr_clear_bit redraw_screen time_and_date acpi_install_fixed_event_handler mod_timer vmf_insert_pfn klist_dec_and_del __se_sys_pidfd_send_signal timekeeping_suspend siphash_1u32 prb_read_valid __ia32_compat_sys_ioctl kmem_cache_free __proc_create acpi_ut_valid_object_type sbitmap_queue_wake_up kmem_cache_alloc_node __se_sys_keyctl strnchr __blk_mq_free_request scan_microcode acpi_ut_copy_iobject_to_eobject acpi_hw_low_set_gpe cfg80211_report_wowlan_wakeup smp_call_function_single rtnl_bridge_notify intel_overlay_put_image_ioctl __percpu_counter_init efi_memmap_unmap acpi_ex_read_data_from_field kernfs_create_link nohz_run_idle_balance cleanup_mnt mnt_release_group_id arch_cpu_idle perf_output_put_handle blk_queue_flag_set schedule_timeout_uninterruptible net_ratelimit acpi_ev_get_gpe_event_info node_random syscall_init crng_reseed acpi_ev_acquire_global_lock __ia32_sys_prctl perf_event_update_userpage acpi_ex_access_region mark_tsc_unstable mca_msr_reg cfg80211_process_wdev_events kick_process __folio_cancel_dirty compaction_suitable get_vfs_caps_from_disk gfp_pfmemalloc_allowed acpi_ut_create_internal_object_dbg __queue_work snprintf oom_badness selinux_binder_transfer_binder replace_chunk radix_tree_lookup next_online_pgdat __x64_sys_setrlimit folio_end_writeback deactivate_task acpi_ds_init_aml_walk idr_replace do_madvise is_subdir acpi_ut_create_string_object mpol_shared_policy_lookup pti_user_pagetable_walk_pmd cache_from_obj proc_symlink lockdep_assert_cpus_held ring_buffer_iter_advance compat_ksys_ipc audit_gid_comparator __ia32_sys_io_submit blk_flush_plug __virt_addr_valid __x64_sys_reboot simple_release_fs __p4d_alloc add_device_randomness kmem_cache_open fwnode_handle_get sysfs_merge_group __ia32_sys_open_by_handle_at __vmalloc_node_range device_initialize __get_user_pages __ia32_compat_sys_shmat crash_setup_regs extend_brk acpi_ex_extract_from_field genl_register_family parse_args up __io_uring_free tty_register_ldisc __append_e820_table assoc_array_cancel_edit vm_unmap_aliases task_work_run fsnotify_destroy_marks vfs_unlink __module_get kobject_add timekeeping_resume acpi_bind_one pci_find_host_bridge folio_wait_bit ieee80211_restart_work isolate_huge_page local_bh_enable.65068 proc_alloc_inum free_unref_page_list acpi_ut_acquire_mutex alloc_mnt_ns switch_to_new_gdt unix_stream_sendmsg dmar_device_remove ieee80211_stop_nan irq_thread acpi_install_notify_handler io_sq_thread acpi_is_valid_space_id wake_q_add blk_mq_handle_dev_resource __io_queue_sqe free_buffer_head acpi_processor_stop __kmalloc_node delayed_superblock_init migrate_enable prot_none_hugetlb_entry _atomic_dec_and_lock_irqsave folio_migrate_flags __vma_adjust __skb_get_hash irq_do_set_affinity file_dentry_name sysfs_create_groups sta_info_insert device_wakeup_enable skb_mac_gso_segment blk_rq_init acpi_ns_check_acpi_compliance memcmp acpi_tb_notify_table rwsem_mark_wake do_execveat_common acpi_hw_clear_gpe copy_fs_struct count_subheaders __const_udelay synchronize_rcu_expedited cgroup_leave_frozen acpi_ns_check_object_type perf_adjust_period device_remove_groups memtype_free device_release_driver_internal cfg80211_ch_switch_started_notify calibrate_delay __ia32_sys_socketcall elf_map.18508 skb_put arch_smt_update device_remove_attrs vfs_rename ipc_obtain_object_check xfrm_lookup_route __blk_mq_run_hw_queue microcode_sanity_check key_put on_freelist blk_attempt_plug_merge free_unref_page acpi_bios_error tick_nohz_stop_tick skb_checksum_help __mcheck_cpu_init_clear_banks time64_str sock_setsockopt acpi_tb_install_table_with_override acpi_ut_delete_generic_state acpi_ns_delete_namespace_by_owner selinux_inode_removexattr pmd_clear_bad device_bind_driver acpi_os_vprintf acpi_ut_allocate_owner_id device_set_wakeup_capable create_io_worker selinux_key_permission __update_load_avg_se skb_push rcu_is_watching ieee80211_start_tx_ba_cb cpumask_any_but acpi_ut_valid_internal_object pti_user_pagetable_walk_p4d acpi_ut_remove_reference __siphash_unaligned acpi_evaluate_object xfrm_policy_lookup kernel_clone on_each_cpu_cond_mask freezing_slow_path __ia32_sys_process_vm_writev __sbitmap_queue_get acpi_ut_validate_exception ktime_get_real_seconds proc_create_seq_private acpi_ex_insert_into_field __ia32_sys_setreuid16 hrtimer_reprogram ieee80211_gtk_rekey_notify __bitmap_clear ioremap_page_range acpi_ps_pop_scope create_new_namespaces get_device early_iounmap ieee80211_sched_scan_stopped_work acpi_ns_handle_to_pathname jump_label_transform acpi_ev_detect_gpe ieee80211_tx_status_8023 static_key_disable bdev_read_page get_stack_info __blk_mq_end_request __key_link add_uevent_var __se_sys_io_setup netlink_has_listeners ieee80211_build_hdr signalfd_cleanup ptrace_readdata cpumask_any_and_distribute folio_mapping validate_xmit_skb_list shrink_page_list alloc_large_system_hash acpi_hw_read_multiple fput_many acpi_ex_resolve_node_to_value security_key_alloc memchr_inv cmci_recheck __x64_sys_seccomp skb_copy_ubufs prepare_to_wait_event perf_event_mmap tty_name _raw_spin_unlock_irqrestore register_earlycon acpi_hw_read_port init_wait_entry __ia32_sys_io_uring_setup tick_nohz_tick_stopped lockref_put_or_lock kfree_skb lookup_one_len_unlocked nl80211_send_port_authorized acpi_hw_disable_gpe_block cgroup_apply_cftypes netlink_deliver_tap yield key_instantiate_and_link cfg80211_rfkill_block_work downgrade_write futex_exec_release _set_memory_wt sysfs_unmerge_group wait_on_page_writeback skb_queue_tail calculate_node_totalpages kernfs_iop_listxattr ieee80211_send_deauth_disassoc skb_checksum unpin_user_pages arch_release_task_struct trace_pid_list_next __d_lookup_rcu security_task_getsecid_subj __acpi_device_wakeup_enable address_val trace_find_tgid tlb_finish_mmu acpi_ns_get_secondary_object cfg80211_cqm_rssi_notify resched_curr mlock_vma_page acpi_add_pm_notifier __perf_sw_event selinux_binder_set_context_mgr kobject_get folio_wait_writeback __alloc_skb rcuwait_wake_up pin_user_pages_remote msleep unregister_handler_proc proc_invalidate_siblings_dcache machine_check_poll rcu_cpu_starting vma_dup_policy cpuidle_enter memtype_kernel_map_sync device_release_driver inat_get_opcode_attribute __x64_sys_io_uring_enter device_links_read_lock __key_link_begin find_get_entries __prep_compound_gigantic_page setup_earlycon oom_adj_write prepare_to_wait hrtimer_try_to_cancel nr_context_switches device_links_read_unlock find_lock_entries unwind_get_return_address cr4_update_irqsoff __msecs_to_jiffies selinux_kernel_module_request __percpu_counter_compare _printk_deferred drain_zone_pages mntput put_pid_ns clockevents_program_event get_random_bytes blocking_notifier_chain_register cpuhp_online_idle acpi_ps_get_parent_scope __ia32_sys_unshare rtl8139_open acpi_ds_init_object_from_op __ip_dev_find acpi_table_initrd_scan check_bytes_and_report __update_stats_wait_end check_multiple_madt software_node_notify_remove acpi_ev_create_gpe_block __acpi_osi_setup_darwin cleanup_glue_dir acpi_ut_release_owner_id sysfs_remove_groups fpu_clone ieee80211_disassoc __mcheck_cpu_init_vendor vt_compat_ioctl kallsyms_lookup_buildid register_reboot_notifier _raw_spin_unlock_bh put_task_struct_rcu_user kretprobe_find_ret_addr __kernfs_setattr pci_mmap_page_range secretmem_mmap acpi_ps_alloc_op rcu_segcblist_advance efi_sync_low_kernel_mappings __mmap_lock_do_trace_start_locking __x64_sys_quotactl_fd cpu_bugs_smt_update dev_pm_enable_wake_irq_check acpi_ds_get_region_arguments cpumask_weight __alloc_percpu_gfp __srcu_read_unlock nl80211_ch_switch_notify __slab_free skb_clone pm_qos_update_target __remove_mapping down_read wakeup_kswapd __ia32_sys_setgroups post_set store_uevent blocking_notifier_call_chain blk_mq_try_issue_directly lwt_in_func_proto acpi_format_exception __x64_sys_fsmount set_default_qdisc clocksource_resume disable_irq_nosync group_sched_out _raw_spin_unlock_irq lockref_get __wake_up device_link_drop_managed rcu_preempt_deferred_qs_irqrestore do_smart_update simple_pin_fs lookup_one_len trace_print_lat_context string_escape_mem __io_register_rsrc_update skb_copy_bits task_rq_lock update_vsyscall __detach_mounts start_creating security_vm_enough_memory_mm next_arg acpi_ds_dump_method_stack module_put __init_rwsem kthread_create_on_node inode_init_always free_pcppages_bulk security_cred_free __udelay cgroup_enter_frozen e1000e_tx_hwtstamp_work nl80211_send_deauth dev_ethtool netlink_unicast _raw_write_lock_bh perf_event_comm ns_get_path intel_irq_install is_trap_insn inat_get_escape_attribute vmalloc_to_page slab_out_of_memory i915_gem_object_userptr_submit_init new_inode_pseudo netlink_broadcast exc_bounds ieee80211_vht_handle_opmode vprintk_emit __page_cache_release mp_register_ioapic_irq vfs_setlease dnotify_flush idr_alloc acpi_tb_checksum __alloc_percpu blkdev_issue_discard __pm_runtime_set_status _raw_read_unlock_irqrestore apply_wqattrs_cleanup preempt_count_sub bio_will_gap fwnode_handle_put __kmem_cache_create cmci_discover kvmalloc_node dec_ucount blk_status_to_errno e1000_io_resume.54076 acpi_ds_delete_walk_state idr_remove audit_log_uring static_key_disable_cpuslocked __ieee80211_sta_join_ibss selinux_ip_forward kmem_cache_destroy blk_update_request vc_is_sel ieee80211_sta_rx_queued_mgmt queued_read_lock_slowpath mce_severity ieee80211_mgd_probe_ap acpi_ds_method_data_get_value update_queue __unmap_hugepage_range __vm_enough_memory cfg80211_mgmt_tx_status nl80211_trigger_scan io_sqe_buffers_register is_software_node acpi_locate_initial_tables sysfs_create_link acpi_ns_get_pathname_length print_hex_dump selinux_move_mount gcd hugetlb_acct_memory __xfrm_state_destroy flush_tlb_kernel_range ieee80211_register_hw x86_model __reset_isolation_suitable folio_account_cleaned mix_pool_bytes hide_cursor fold_diff __d_alloc get_nohz_timer_target dst_dev_put memblock_merge_regions debug_smp_processor_id uprobe_write_opcode __ieee80211_stop_rx_ba_session schedule_timeout futex_wait_multiple acpi_exception sel_write_member acpi_ut_copy_isimple_to_esimple blk_bio_list_merge dev_get_by_index_rcu complete_all __cpuhp_setup_state ieee80211_offchannel_stop_vifs x86_family rcu_sync_enter blk_mq_sched_mark_restart_hctx __ia32_sys_symlinkat check_flush_dependency unregister_sysctl_table __nlmsg_put folio_rotate_reclaimable ieee80211_sta_rx_queued_ext shrink_active_list kill_rules flush_work _raw_write_lock __mcheck_cpu_init_generic radix_tree_node_alloc sync_rcu_exp_select_cpus set_cursor p4d_clear_bad setup_APIC_eilvt __get_task_comm blk_queue_exit bus_probe_device selinux_setprocattr dequeue_huge_page_nodemask rcu_exp_wait_wake simple_strtoul sysfs_remove_link __clocksource_select restricted_pointer call_usermodehelper_exec_work phy_connect genl_ctrl_event acpi_hw_write_port finish_wait cfg80211_notify_new_peer_candidate mce_wrmsrl kfree_skb_list ieee80211_unregister_hw __schedule __kthread_should_park nl80211_send_disconnected get_cpu_entry_area device_links_driver_cleanup firmware_request_builtin _raw_spin_lock_irqsave per_cpu_ptr_to_phys cgroup_rstat_flush_locked node_reclaim sock_queue_err_skb try_to_migrate get_state_synchronize_rcu rb_set_head_page __e820__range_add __put_page rmqueue_pcplist cpus_read_unlock neigh_timer_handler __refrigerator sprint_backtrace_build_id mce_available __synchronize_srcu read_pci_config refcount_dec_not_one uprobe_copy_process __mutex_init nl80211_notify_wiphy mutex_unlock security_locked_down can_migrate_task __ia32_sys_lsetxattr scan_containers get_user_pages_fast_only I_BDEV allocate_trace_buffers pr_cont_kernfs_name remove_nodes wake_up_nohz_cpu sync_global_pgds hrtimers_resume_local __ia32_compat_sys_mq_open put_fs_context acpi_ev_release_global_lock ring_buffer_iter_dropped get_links acpi_os_signal_semaphore lookup_positive_unlocked kthread_stop tick_nohz_restart_sched_tick filename_parentat kobject_put slab_fix find_extend_vma inherit_task_group mask_irq synchronize_srcu timens_commit kobject_uevent_env __x64_sys_io_setup apply_constraint rcu_gp_is_normal __mutex_lock folio_mkclean __device_attach alloc_fresh_huge_page acpi_ns_get_attached_object proc_remove blk_mq_insert_requests __kmalloc_track_caller perf_event__output_id_sample __d_lookup __vunmap selinux_socket_listen enqueue_to_backlog register_filesystem raw_spin_rq_lock_nested ieee80211_mgd_disassoc cgroup_migrate_prepare_dst early_enable_events acpi_os_unmap_iomem rtnl_bridge_setlink acpi_ds_obj_stack_push selinux_sem_associate selnl_notify __mmdrop PageMovable ieee80211_release_reorder_timeout list_sort percpu_down_write free_percpu console_verbose __dev_xmit_skb show_pwq acpi_tb_validate_table __cgroup_task_count acpi_put_table can_stop_idle_tick acpi_bios_warning set_page_dirty_lock pud_set_huge exit_creds kvfree __init_waitqueue_head kzalloc.25928 neigh_fill_info free_unref_page_commit neigh_lookup __insert_resource allocate_file_region_entries kmem_cache_create sk_error_report __x64_sys_init_module set_direct_map_default_noflush logfc shm_try_destroy_orphaned reg_process_self_managed_hint __blk_mq_tag_busy fib_rules_lookup ieee80211_stop_p2p_device finish_swait selinux_netlink_send cpu_smt_disable __oom_kill_process switch_ldt kmemdup cpudl_init sysvec_error_interrupt pmu_dev_alloc __free_pages_ok acpi_ps_get_opcode_info set_fs_pwd d_alloc_parallel set_task_cpu percpu_ref_init acpi_ds_scope_stack_push fsnotify_find_mark is_module_text_address fsnotify_destroy_mark sprint_symbol_no_offset __rb_erase_color ptep_set_access_flags __ns_get_path selinux_shm_alloc_security _raw_read_lock blk_mq_run_hw_queue selnl_notify_setenforce __get_vm_area_node ipc_init_ids subtract_range init_wait_var_entry __x64_sys_setpriority put_task_stack ieee80211_deauth kernfs_create_dir_ns __clocksource_update_freq_scale tick_check_broadcast_expired do_smart_wakeup_zero __tlb_remove_page_size filemap_add_folio shmem_add_to_page_cache drm_setmaster_ioctl update_rt_rq_load_avg update_ref_ctr __mmu_notifier_change_pte __ia32_sys_setxattr free_irq munlock_vma_page __blk_mq_insert_request kill_pid copy_net_ns ieee80211_start_p2p_device pmd_clear_huge copy_creds free_area_init_core __delayacct_tsk_init acct_clear_integrals perf_try_init_event get_callchain_buffers security_task_alloc add_to_page_cache_locked check_irq_resend copy_ipcs copy_pid_ns copy_time_ns alloc_pid alloc_fdtable clear_posix_cputimers_work ieee80211_handle_filtered_frame proc_fork_connector audit_string_contains_control get_gate_page __ia32_compat_sys_old_shmctl follow_hugetlb_page clockevents_shutdown e100_up __mnt_want_write_file rcu_segcblist_entrain inode_update_time drm_mode_list_lessees_ioctl balance_dirty_pages pageout __swap_count blk_mq_poll swap_cluster_readahead exit_fs d_alloc_anon __neigh_update perf_event_fork put_io_context_active device_link_add ti1250_override sched_fork cpuacct_charge free_uts_ns free_time_ns set_nlink kauditd_thread __wake_up_pollfree audit_filter_rules __cfg80211_stop_ap disconnect_work match_file security_audit_rule_match acpi_ut_hex_to_ascii_char audit_exe_compare security_perf_event_free perf_event_free_task acpi_ex_convert_to_string post_init_entity_util_avg acpi_ds_restart_control_method filter_mce srcu_funnel_exp_start acpi_ut_release_mutex clocksource_arch_init pcpu_alloc_area pick_next_task_idle rcu_needs_cpu irq_setup_affinity change_console irq_work_needs_cpu timekeeping_max_deferment tick_nohz_idle_enter arch_cpu_idle_dead acpi_ev_is_notify_object default_idle_call tick_suspend clocksource_suspend nv_self_test tick_resume acpi_video_bus_remove tick_set_periodic_handler __x64_sys_rmdir cpuidle_find_deepest_state tick_nohz_idle_retain_tick __x64_sys_madvise pgd_populate_init clock_was_set_delayed timer_clear_idle acpi_ut_detect_octal_prefix irq_work_single sched_ttwu_pending ntp_clear ops_free_list acpi_ut_short_shift_right __radix_tree_lookup ieee80211_sta_create_ibss radix_tree_tag_get hugetlb_basepage_index cgroup_freezer_migrate_task purge_fragmented_blocks_allcpus __ia32_sys_timerfd_create selinux_socket_sendmsg rb_advance_iter find_cpio_data setup_percpu_irq __pskb_pull_tail acpi_ds_do_implicit_return punt_bios_to_rescuer wp_page_copy get_task_mm drm_mode_cursor_common dev_vprintk_emit ieee80211_sta_pspoll blk_mq_sched_bio_merge __ieee80211_request_smps_mgd __alloc_pages __blk_mq_get_tag sbitmap_prepare_to_wait __x64_sys_mount_setattr sched_dynamic_update sbitmap_finish_wait __se_sys_mount blk_mq_request_bypass_insert destroy_workqueue create_task_io_context auditsc_get_stamp list_slab_objects fcntl_setlease __kmem_cache_shutdown __x64_sys_process_vm_writev blk_attempt_bio_merge sysfs_slab_unlink acpi_os_allocate_zeroed.34422 pm_qos_update_flags __hrtimer_start_range_ns __sk_destruct reweight_task acpi_ex_convert_to_ascii vdso_join_timens acpi_ns_convert_to_string kzalloc.65234 queue_work_on __ia32_sys_rename __nodes_weight init_scattered_cpuid_features acpi_ns_get_internal_name_length cd_forget cgroup_update_populated unmask_irq fault_dirty_shared_page __irq_domain_activate_irq cfg80211_register_netdevice irq_activate acpi_pm_device_can_wakeup copy_semundo efi_memmap_alloc __ia32_compat_sys_sched_setaffinity ioremap_wt __x64_sys_swapon kernel_map_pages_in_pgd blk_mq_sched_dispatch_requests load_current_idt tty_ldisc_init sysctl_err madvise_populate sysctl_print_dir kobject_synth_uevent drop_sysctl_table anon_vma_interval_tree_iter_next detect_ht do_symlink ip_multipath_l3_keys shmctl_down acpi_tb_acquire_temp_table seq_buf_putc trace_printk_control arch_static_call_transform kernfs_create_root panic_smp_self_stop cfg80211_process_rdev_events kernfs_create_empty_dir trace_rpm_idle_rcuidle trace_rpm_suspend_rcuidle wakeup_source_sysfs_remove vma_interval_tree_remove pcpu_get_vm_areas __audit_syscall_exit arch_perf_update_userpage __ia32_sys_setns dev_pm_enable_wake_irq_complete compaction_zonelist_suitable rcu_idle_exit try_to_unmap_flush extract_entropy chacha_block_generic strreplace trace_print_lat_fmt read_current_timer get_pfn_range_for_nid laptop_io_completion set_rq_offline get_fixed_ranges ieee80211_ba_session_work acpi_ev_update_gpe_enable_mask acpi_tb_uninstall_table uart_ioctl acpi_ds_call_control_method do_symlinkat cfg80211_pmksa_candidate_notify __x64_sys_kill driver_deferred_probe_del free_area_init_node __folio_end_writeback _mix_pool_bytes __ieee80211_subif_start_xmit __x64_sys_fremovexattr vunmap_p4d_range __x64_sys_setfsuid acpi_ns_build_normalized_path __ia32_sys_symlink cfg80211_gtk_rekey_notify build_id_parse dev_set_name get_swap_pages ___pmd_free_tlb acpi_ex_system_wait_mutex __ia32_sys_linkat __queue_delayed_work __x64_sys_tkill acpi_ds_method_data_init_args acpi_ut_match_predefined_method inode_wait_for_writeback memblock_double_array calibrate_delay_is_known alloc_buddy_huge_page PageHuge init_srcu_struct tlb_flush_mmu fw_devlink_parse_fwtree device_links_driver_bound kernfs_new_node kobj_ns_ops do_get_mempolicy numa_add_cpu acpi_ps_parse_loop security_sock_rcv_skb escaped_string selinux_ipc_permission phy_connect_direct klist_init devtmpfs_delete_node normalize_rt_tasks skb_panic acpi_ut_explicit_strtoul64 exit_mmap task_join_group_stop netlbl_netlink_init __init_swait_queue_head selinux_bprm_creds_for_exec device_pm_remove clear_IO_APIC audit_comparator do_filp_open interval_tree_iter_first acpi_device_notify_remove acpi_ex_read_serial_bus __debugfs_create_file __ia32_sys_tkill initialize_tlbstate_and_flush cgroup_cancel_fork ihold rwsem_spin_on_owner calibration_delay_done ttwu_queue_wakelist cr4_read_shadow fsnotify_detach_mark __sprint_symbol dev_pm_disable_wake_irq_check acpi_hw_validate_io_request sky2_open futex_exit_release __down_write_common enter_lazy_tlb cgroup_css_set_put_fork retain_dentry acpi_device_notify drm_wait_vblank_ioctl load_mm_ldt acpi_ds_method_data_set_value dump_header fsnotify_compare_groups acpi_os_allocate cpuhp_issue_call page_referenced sched_post_fork strnlen_user load_ucode_ap cfg80211_stop_p2p_device __ia32_sys_setrlimit destroy_compound_gigantic_page fib_detect_death anon_vma_interval_tree_insert exp_funnel_lock __se_sys_fremovexattr clockevents_program_min_delta __rcu_report_exp_rnp is_cpu_allowed pwq_activate_first_inactive xas_create free_pcp_prepare pgd_page_get_mm arch_cpu_idle_exit leave_mm init_dl_task_timer ttwu_do_wakeup trace_rpm_resume_rcuidle acpi_os_allocate_zeroed.33375 __kmem_cache_free_bulk init_dl_inactive_task_timer start_poll_synchronize_srcu pcpu_free_area percpu_rwsem_wait vmap_pages_p4d_range drm_mode_setcrtc selinux_socket_getsockopt uprobe_munmap cpuset_nodemask_valid_mems_allowed tick_nohz_idle_exit worker_enter_idle cfg80211_ft_event acpi_install_gpe_block memblock_alloc_range_nid __delayacct_thrashing_end get_data remove_proc_subtree __x64_sys_ioctl acpi_ut_validate_buffer ieee80211_del_iface ttwu_do_activate arch_cpu_idle_prepare zap_p4d_range clear_asid_other __wake_up_locked device_links_force_bind __ia32_compat_sys_setrlimit ttwu_stat put_mnt_ns acpi_ut_get_object_size d_invalidate _vm_unmap_aliases selinux_socket_accept security_task_free lockref_mark_dead copy_utsname apic_smt_update parse_options.36215 __schedule_bug __delayacct_thrashing_start selinux_file_open pm_runtime_new_link __ia32_sys_sched_setparam account_kernel_stack acpi_hw_get_gpe_register_bit kernfs_add_one yenta_probe irq_pm_install_action arch_irq_work_raise hugetlb_cow smca_set_misc_banks_map tty_set_ldisc cpu_detect audit_serial page_anon_vma huge_pmd_share smca_configure begin_new_exec init_worker_pool rcu_segcblist_init sel_write_checkreqprot uuid_string __anon_vma_prepare track_pfn_copy node_dirty_ok show_free_areas __x64_sys_remap_file_pages selinux_ptrace_traceme __wait_on_bit vt_set_leds_compute_shiftstate call_rcu acpi_ns_check_package selinux_quotactl swake_up_locked acpi_ns_detach_object set_kthread_struct prepare_task_switch acpi_ns_handle_to_name bad_page free_debug_processing blk_mq_put_tag get_page_from_freelist sel_write_validatetrans print_bad_pte clockevents_suspend move_freepages_block genl_notify acpi_tb_initialize_facs sysfs_update_groups hw_breakpoint_restore arch_get_vdso_data selinux_socket_connect_helper copy_cgroup_ns acpi_ns_check_argument_count kfree_const intel_init_cmci __x64_sys_pidfd_send_signal __x64_sys_execve profile_handoff_task drm_mode_rmfb_ioctl cpa_flush rcu_init_geometry clear_cpu_cap set_secondary_fwnode acpi_ex_release_mutex_object security_kernfs_init_security vmemmap_remap_free __ieee80211_scan_completed netdev_bits insert_vmap_area_augment uart_set_info_user map_ldt_struct mark_oom_victim security_secid_to_secctx __kobject_del slab_err tracing_stop_tgid_record text_poke_loc_init vsprintf io_wq_worker_sleeping mn_itree_inv_end ieee80211_csa_finalize_work __is_insn_slot_addr selinux_capset __perf_event_task_sched_in selinux_mount wait_for_common_io sysfs_delete_link folio_mark_accessed xfrm_resolve_and_create_bundle d_alloc_pseudo sg_new_write folio_wait_stable acpi_ds_init_callbacks __ia32_sys_fsetxattr __rq_qos_requeue ring_buffer_peek acpi_hw_gpe_write do_linkat is_string_insn __mmu_notifier_release tracing_start_cmdline_record selinux_socket_unix_may_send assoc_array_insert __smp_call_single_queue dup_mm __cmpxchg_double_slab selinux_socket_getpeername rcu_segcblist_enqueue llist_del_first sel_write_create swap_count_continued fib_multipath_hash e1000_resume acpi_penalize_sci_irq move_to_new_page acpi_tb_create_local_fadt acpi_ut_get_mutex_name ntp_tick_length acpi_ex_stop_trace_method i915_driver_postclose memtype_erase clock device_pm_check_callbacks ip_addr_string acpi_hw_validate_register crash_smp_send_stop selinux_syslog neigh_periodic_work check_tsc_unstable show_stack device_pm_lock bitmap_list_string drm_vblank_init trace_print_bputs_msg_only show_iret_regs kasprintf netlink_sendmsg alloc_pages_bulk_array_mempolicy pgdat_init_internals __delayacct_blkio_start alloc_low_pages load_balance __x64_sys_setfsuid16 ttm_bo_vm_fault pagevec_lru_move_fn ring_buffer_size __wake_up_locked_key_bookmark vmemmap_p4d_range zone_spanned_pages_in_node __delayacct_blkio_end shrink_zones set_primary_fwnode do_clear_cpu_cap cpuset_print_current_mems_allowed acpi_ns_normalize_pathname __vfs_setxattr_locked acpi_install_table domain_dirty_limits __mnt_drop_write_file select_idle_routine zone_watermark_ok mcheck_cpu_init intel_init_lmce error_context __synchronize_hardirq ex_get_fixup_type dec_rlimit_put_ucounts acpi_ns_check_return_value PageHeadHuge get_eff_addr_sib i8042_probe acpi_ns_search_and_enter insn_get_displacement bitmap_fold io_worker_handle_work selinux_getprocattr mce_severity_amd mce_intel_feature_init e1000e_open __ia32_compat_sys_execve vzalloc_node pgd_alloc lookup_address_in_pgd acpi_ns_check_argument_types acpi_os_release_object x86_init_rdrand __x64_sys_renameat filter_cpuid_features huge_add_to_page_cache memcmp_pages wake_up_sem_queue_prepare __sys_setuid cpuidle_not_available acpi_tb_invalidate_table __acpi_unmap_table __alloc_pages_slowpath acpi_tb_verify_temp_table get_user_pages_remote __dquot_free_space need_active_balance put_ctx __se_sys_tkill ieee80211_tx_status_irqsafe seq_buf_bprintf acpi_tb_acquire_table pmd_huge rcu_eqs_exit try_to_unmap_flush_dirty acpi_ps_init_scope tg3_set_channels free_vm_area acpi_parse_entries_array __fw_devlink_link_to_consumers acpi_ds_get_current_walk_state sk_destruct constrained_alloc get_vm_area_caller seq_buf_putmem_hex seq_buf_putmem trace_print_bprintk_msg_only ring_buffer_iter_empty __percpu_down_read tick_get_wakeup_device memblock_free_pages console_unblank fn_boot_it pagecache_get_page __delayacct_freepages_start __crash_kexec peernet2id sysvec_threshold acpi_ds_pop_walk_state wait_for_device_probe acpi_ns_print_node_pathname try_to_unmap tracing_start_tgid_record selinux_socket_connect security_file_alloc acpi_ex_get_name_string acpi_ex_get_protocol_buffer_length ieee80211_free_keys acpi_ut_implicit_strtoul64 __lookup_mnt fprop_reflect_period_percpu wb_update_dirty_ratelimit acpi_ds_push_walk_state acpi_get_subtable_type put_prev_entity __rq_qos_done __ia32_sys_lgetxattr nl80211_stop_p2p_device acpi_ut_create_thread_state acpi_ps_get_next_package_length rcu_note_context_switch start_creating.25255 move_pages_to_lru __rb_allocate_pages event_define_fields e820__range_remove __acpi_acquire_global_lock fpu__init_cpu_xstate folio_add_lru flush_tlb_func sort_r exar_pci_probe anon_vma_interval_tree_iter_first compact_finished dump_stack_lvl rcu_dynticks_inc page_get_anon_vma tracefs_create_dir wakeup_source_sysfs_add unmap_mapping_pages __delete_from_swap_cache add_to_swap xas_nomem acpi_ex_acquire_global_lock zone_reclaimable_pages __try_to_reclaim_swap snd_dma_continuous_mmap workingset_refault acpi_ns_lookup device_links_busy acpi_ex_truncate_for32bit_table device_create_file scan_swap_map_try_ssd_cluster ___p4d_free_tlb acpi_initialize_tables swapcache_free_entries isolate_lru_pages __isolate_lru_page_prepare dm_compat_ctl_ioctl find_css_set tty_ldisc_failto trace_event_enable_tgid_record dup_user_cpus_ptr __kernfs_new_node __radix_tree_replace delete_node __call_rcu propagate_umount peernet2id_alloc sysfs_create_dir_ns blk_recalc_rq_segments print_worker_info pud_huge rcu_dynticks_eqs_exit drm_mode_getencoder __delayacct_freepages_end acpi_os_allocate_zeroed.33451 free_pgtables unmap_vmas css_has_online_children cond_mitigation sched_idle_set_state rtc_str clear_page_mlock follow_phys follow_page_mask e820__range_add lru_cache_add_inactive_or_unevictable ioremap_change_attr sysfs_remove_group _set_memory_uc hex_string device_pm_sleep_init show_swap_cache_info freq_qos_apply cn_netlink_send_mult nl80211_frame_tx_status dput_to_list inat_get_group_attribute acpi_hw_get_access_bit_width acpi_ev_install_xrupt_handlers bpf_flow_dissect d_lookup prepend_path lookup_node page_mlock acpi_ev_initialize_events device_is_dependent acpi_hw_validate_io_block __dl_clear_params free_swap_slot __filemap_add_folio fwnode_get_next_parent_dev skip_atoi ring_buffer_reset_online_cpus acpi_ex_release_all_mutexes __se_sys_setgroups16 delete_from_page_cache_batch _set_memory_wc write_inode find_get_pages_range_tag trace_event_follow_fork perf_compat_ioctl __tick_broadcast_oneshot_control inc_rlimit_get_ucounts hugetlb_page_mapping_lock_write text_poke_early uprobe_dup_mmap acpi_ps_complete_this_op choose_new_asid rb_prev ring_buffer_change_overwrite invoke_tx_handlers_late alloc_page_interleave acpi_ut_create_update_state_and_push clockevents_resume cpus_read_lock rmqueue_bulk __cpuhp_state_add_instance_cpuslocked io_req_task_submit arch_jump_label_transform_apply truncate_exceptional_pvec_entries __mmu_notifier_subscriptions_destroy wq_worker_sleeping klist_iter_exit devtmpfs_create_node dequeue_skb osq_unlock dev_forward_skb_nomtu get_xps_queue acpi_ut_create_pkg_state packet_sendmsg_spkt register_handler_proc xfrm_spi_hash get_dump_page tcp_get_timestamping_opt_stats alloc_vfsmnt __early_ioremap rb_update_pages xfeature_size __pagevec_lru_add shrink_lock_dentry get_zeroed_page fsnotify_handle_inode_event flags_string acpi_ds_scope_stack_clear selinux_msg_queue_msgsnd __vma_reservation_common policy_nodemask blk_stat_add_callback ksys_mmap_pgoff free_huge_page current_cpuset_is_being_rebound __cpuhp_remove_state locks_free_lock_context posix_acl_permission sysvec_reboot mnt_pin_kill exit_files patch_retpoline audit_kill_trees __vmalloc_node vmalloc_to_pfn ieee80211_ibss_finish_sta alloc_uevent_skb ioctx_alloc acpi_ut_update_object_reference strncpy rtnl_net_notifyid show_trace_log_lvl __blk_mq_issue_directly __mmput trace_find_next_entry cpuidle_reflect __mpol_equal rcu_report_dead intel_ppin_init current_save_fsgs __init_cache_modes efi_memmap_split_count e820__range_update phys_pud_init __ia32_compat_sys_ptrace getxattr acpi_tb_override_table __rpm_callback ieee80211_purge_tx_queue acpi_tb_parse_root_table earlycon_map __pm_runtime_resume aio_setup_ring earlycon_init earlycon_print_info memblock_search_pfn_nid __ia32_sys_renameat2 acpi_ut_remove_hex_prefix acpi_ex_convert_to_buffer init_entity_runnable_average available_idle_cpu migration_entry_wait_huge msg_init_ns timens_on_fork blk_queue_flag_test_and_set irq_domain_activate_irq finish_fault ieee80211_tx_8023 ieee80211_scan_state_send_probe find_mergeable_anon_vma do_shrink_slab __fw_devlink_link_to_suppliers swp_swap_info ieee80211_txq_purge audit_classify_syscall audit_mark_compare __ia32_compat_sys_fcntl pm_wakeup_source_sysfs_add acpi_ns_remove_node selinux_inode_setxattr acpi_ut_convert_decimal_string io_register_rsrc pcpu_next_fit_region pcpu_block_update_hint_alloc extract_buf sync_global_pgds_l5 acpi_target_system_state hrtimer_get_next_event nohz_balance_enter_idle acpi_ut_pop_generic_state local_touch_nmi __x64_sys_setresuid16 tick_freeze key_schedule_gc_links tick_resume_broadcast wq_worker_running blk_account_io_merge_bio tick_unfreeze acpi_ds_method_data_init crda_timeout_work cfg80211_nan_func_terminated io_wq_worker_running tick_nohz_get_next_hrtimer acpi_ns_local rb_erase pcmcia_request_irq dump_cpu_task do_shm_rmid __acpi_release_global_lock device_pm_add mac_address_string sysrq_handle_unrt __ia32_sys_umount ioc_lookup_icq ioc_create_icq ene_override get_io_context blk_mq_submit_bio __bio_queue_enter submit_bio_checks dump_unreclaimable_slab acpi_ps_complete_final_op fill_pud switch_hrtimer_base vmemmap_remap_alloc cfg80211_bss_color_notify xmit_one show_one_workqueue get_task_io_context acpi_tb_validate_temp_table dump_page acpi_os_install_interrupt_handler __free_pages_core update_rq_clock get_filesystem __blk_mq_get_driver_tag __blk_mq_sched_dispatch_requests neigh_xmit strchrnul fault_in_kernel_space __put_cred p4d_clear_huge reuse_swap_page put_links __static_call_transform __unmap_hugepage_range_final prepare_threshold_block tracing_start_sched_switch selinux_socket_create install_thread_keyring_to_cred kmalloc_fix_flags acpi_ns_check_package_elements rcu_exp_gp_seq_snap io_async_task_func cpuset_cpus_allowed_fallback exc_invalid_op acpi_ps_complete_op hugetlb_show_meminfo ip4_addr_string sb_clear_inode_writeback kernel_execve acpi_ds_method_data_delete_all pci_acpi_setup __perf_event_header__init_id acpi_ex_field_datum_io gen_pool_add_owner dev_pm_qos_constraints_destroy cfg80211_stop_sched_scan_req blk_stat_add acpi_ut_convert_hex_string drm_mode_destroyblob_ioctl load_ucode_intel_ap huge_pte_alloc acpi_ns_build_internal_name page_rmapping acpi_ps_get_next_arg kmem_cache_flags __cpa_process_fault sprint_backtrace __x64_sys_symlinkat acpi_ut_remove_address_range flush_tlb_all exc_overflow acpi_ps_create_op blk_mq_sched_insert_requests alloc_debug_processing xfrm_state_find prb_reserve_in_last sprint_symbol_build_id prb_reserve pci_acpi_cleanup free_swap_cache cyc2ns_read_end get_any_partial static_protections load_ucode_amd_ap blk_mq_plug_issue_direct arch_tlbbatch_flush remap_pfn_range_notrack stop_machine_unpark hugepage_add_new_anon_rmap get_user_pages_locked __dquot_alloc_space wakeup_source_deactivate ip6_addr_string cpu_init_exception_handling plist_requeue dquot_alloc_inode pin_user_pages detach_tasks pfn_range_is_mapped do_trace_read_msr _copy_from_user process_vm_rw free_nsproxy fw_devlink_purge_absent_suppliers tsc_store_and_check_tsc_adjust device_wakeup_disable set_direct_map_invalid_noflush acpi_ns_complex_repairs wakeup_source_destroy clocksource_stop_suspend_timing special_hex_number acpi_ut_predefined_info fwnode_full_name_string follow_huge_pmd return_unused_surplus_pages __x64_sys_brk __x64_sys_open_by_handle_at check_preemption_disabled memblock_find_in_range text_poke_queue __ieee80211_start_scan sk_filter_uncharge unlink_file_vma insn_get_sib acpi_tb_print_table_header acpi_os_get_root_pointer slab_is_available fwnode_get_nth_parent __perf_event_task_sched_out ip6_addr_string_sa cyc2ns_read_begin __ia32_compat_sys_shmctl cpuidle_enter_state find_mergeable prb_final_commit __ia32_sys_ioctl find_microcode_in_initrd ieee80211_del_key intel_filter_mce tty_compat_ioctl __raise_softirq_irqoff acpi_ut_repair_name rmqueue __mcheck_cpu_cap_init wake_up_idle_cpu acpi_ut_valid_name_char device_links_unbind_consumers acpi_ns_create_node selinux_inode_setattr acpi_ps_get_next_simple_arg kvasprintf_const hcd_died_work acpi_ps_next_parse_state acpi_ut_detect_hex_prefix prb_commit do_vfs_ioctl strncpy_from_user ieee80211_add_key lru_note_cost_folio acpi_ps_get_next_namepath irq_work_queue_on fwnode_is_ancestor_of ldt_arch_exit_mmap get_partial_node xas_find_conflict free_pages_and_swap_cache acpi_ex_name_segment ieee80211_free_sta_keys free_pud_range acpi_ev_gpe_initialize fw_devlink_create_devlink finish_task_switch kthread_probe_data __ia32_sys_timerfd_settime32 __qdisc_calculate_pkt_len x86_gsbase_read_task mce_gen_pool_init dup_mmap cfg80211_sched_scan_stop_wk update_page_count up_read inc_nlink acpi_tb_parse_fadt ieee80211_tx_status adjust_zone_range_for_zone_movable io_queue_async_work __ia32_compat_sys_open_by_handle_at cleanup_single_sta __absent_pages_in_range __folio_lock_or_retry cpuidle_get_cpu_driver ia32_classify_syscall __x64_sys_acct pcpu_block_refresh_hint quiet_vmstat calc_load_nohz_stop put_filesystem blk_mq_dispatch_rq_list acpi_ps_get_opcode_name exc_invalid_tss init_timer_key __memblock_find_range_bottom_up pin_user_pages_fast_only __memblock_find_range_top_down migration_entry_wait sbitmap_get_shallow follow_page ring_buffer_overruns __rq_qos_track blk_insert_flush blk_partition_remap usb_add_hcd fw_devlink_relax_cycle __x64_sys_msgctl acpi_ns_simple_repair acpi_irq_stats_init blk_mq_do_dispatch_sched path_lookupat ip6_compressed_string security_inode_setxattr acpi_ex_register_overflow device_property_read_u8_array acpi_ns_remove_null_elements acpi_ns_check_package_list acpi_ps_init_op acpi_device_power_remove_dependent sysfs_create_mount_point __se_sys_setpriority nl80211_send_sched_scan time_str data_alloc ieee80211_add_iface show_opcodes blk_mq_try_issue_list_directly data_push_tail pcie_pme_probe pde_put __se_sys_ioctl acpi_ut_initialize_buffer ieee80211_change_iface exc_divide_error sem_init_ns acpi_ps_build_named_op shrink_dentry_list ieee80211_stop_tx_ba_cb exc_segment_not_present acpi_ps_get_argument_count populate_pgd ip4_string gen_pool_create pmd_free_pte_page wakeup_source_unregister clocksource_start_suspend_timing pud_free_pmd_page ip6_string acpi_ut_create_update_state zap_pte_range copy_user_huge_page reg_query_database memblock_remove_region ieee80211_tx_frags acpi_install_global_event_handler krealloc blk_mq_handle_zone_resource __rq_qos_throttle rb_buffer_peek cn_cb_equal __ia32_sys_fremovexattr try_grab_page __se_sys_msgctl acpi_ns_repair_null_element rcu_sync_func acpi_ns_convert_to_integer kcalloc.32509 __efi_memmap_free clear_gigantic_page acpi_ex_stop_trace_opcode azx_acquire_irq pm_suspended_storage reciprocal_value unmap_pmd_range populate_pmd key_remove_domain acpi_ut_ascii_char_to_hex copy_user_gigantic_page wiphy_update_regulatory copy_p4d_range acpi_ut_strtoul64 __unmap_pmd_range copy_pte_range acpi_ut_convert_octal_string nl80211_start_sched_scan lwt_xmit_func_proto __mod_timer rtnetlink_rcv do_setlink net_ns_init acpi_ev_address_space_dispatch unix_dgram_sendmsg msg_zerocopy_realloc reuseport_detach_sock uevent_store.48328 pick_next_entity __ia32_compat_sys_socketcall __sys_setsockopt __x64_sys_setsockopt task_work_cancel_match __se_sys_socketcall do_compat_fcntl64 mp_find_ioapic cfg80211_cac_event do_fcntl ieee80211_rx_napi io_uring_create __ia32_sys_fcntl __se_sys_fcntl audit_compare_dname_path __x64_sys_fcntl cond_synchronize_rcu compat_sock_ioctl __x64_sys_io_uring_setup __x64_sys_timerfd_settime nl80211_send_rx_auth __ia32_compat_sys_ipc blk_flush_complete_seq do_shmat cpuidle_enter_s2idle __ia32_sys_shmat neigh_event_ns ieee80211_ibss_add_sta selinux_socket_setsockopt __x64_sys_shmat acpi_ns_walk_namespace sysvec_spurious_apic_interrupt register_pernet_subsys __ia32_compat_sys_io_setup __ia32_sys_io_setup __ia32_compat_sys_ia32_mmap __x64_sys_mmap __ia32_sys_mmap __ia32_sys_mmap_pgoff size_to_hstate dec_rlimit_ucounts vm_mmap load_elf_binary.18498 elf_map load_elf_library __ia32_sys_remap_file_pages acpi_hw_register_write __do_sys_remap_file_pages ptr_to_id __ia32_sys_mlock fwnode_string __ia32_sys_mlock2 __ia32_compat_sys_execveat bdev_name irq_set_affinity __x64_sys_mlock irq_set_affinity_locked __x64_sys_mlock2 loopback_xmit drm_mode_obj_set_property_ioctl e100_xmit_frame set_memory_rw ieee80211_recalc_sw_work sock_diag_broadcast_destroy_work e100_xmit_prepare e1000_xmit_frame.54187 drop_nlink nv_start_xmit sr_block_ioctl tcp_setsockopt selinux_ptrace_access_check ksys_unshare __x64_sys_unshare io_sq_offload_create create_io_thread load_fixmap_gdt __ia32_compat_sys_ia32_clone __ia32_sys_clone drm_mode_obj_get_properties_ioctl __ia32_sys_clone3 __se_sys_clone3 __x64_sys_clone3 acpi_ut_update_ref_count __do_sys_fork insn_get_opcode __ia32_sys_setdomainname __x64_sys_setdomainname security_free_mnt_opts __ia32_sys_kexec_load __ia32_sys_setgid16 __x64_sys_setgid __x64_sys_sethostname __ia32_sys_setpriority __neigh_for_each_release refcount_dec_and_lock_irqsave kcalloc.15121 lo_compat_ioctl init_umount __ia32_sys_oldumount __x64_sys_umount cn_proc_init find_suitable_fallback cap_inode_getsecurity vfs_getxattr_alloc init_rescuer nl80211_send_ibss_bssid populate_vma_page_range __rq_qos_merge __ia32_sys_fgetxattr __x64_sys_fgetxattr __x64_sys_getxattr has_capability_noaudit vfs_removexattr acpi_os_read_memory __vfs_removexattr_locked __x64_sys_adjtimex_time32 update_group_capacity get_user_pages_fast __ia32_sys_lremovexattr path_removexattr __ia32_sys_removexattr ieee80211_roc_notify_destroy acpi_os_stall __x64_sys_removexattr setxattr vfs_setxattr hugetlb_file_setup cfg80211_del_sta_sinfo __x64_sys_fsetxattr path_setxattr __x64_sys_ptrace ieee80211_send_nullfunc __x64_sys_lsetxattr __x64_sys_setxattr alloc_pages_exact __ia32_compat_sys_keyctl __ia32_sys_keyctl __ia32_sys_open_tree __x64_sys_keyctl __ia32_compat_sys_fcntl64 tc_filter_init proc_tcp_congestion_control selinux_perf_event_read __mcheck_cpu_check_banks tcp_congestion_default __kill_pgrp_info __do_SAK abort_creds group_send_sig_info acpi_ps_execute_method zap_pid_ns_processes bio_put __se_sys_kill fn_spawn_con tracing_reset_online_cpus netif_skb_features complete_change_console sel_write_avc_cache_threshold ctrl_alt_del __ia32_sys_pidfd_send_signal enable_step __ia32_sys_rt_sigqueueinfo do_mmap __ia32_compat_sys_rt_tgsigqueueinfo __ia32_sys_rt_tgsigqueueinfo ktime_get_with_offset __ia32_sys_tgkill __x64_sys_rt_tgsigqueueinfo unmap_page_range ieee80211_destroy_auth_data __x64_sys_tgkill dev_ioctl device_add_groups proc_loginuid_write early_printk __ia32_sys_quotactl __x64_sys_quotactl wake_up_klogd __ia32_sys_quotactl_fd __se_sys_quotactl_fd selinux_secmark_relabel_packet file_modified prot_none_pte_entry remap_pfn_range nr_iowait_cpu usbdev_mmap iommu_dma_mmap purge_old_ps_buffers kernfs_setattr pci_mmap_resource_range e100_open sel_mmap_handle_status io_uring_mmap do_fast_syscall_32 snd_dma_noncoherent_mmap get_futex_key allocate_slab dma_direct_mmap ged_probe dma_common_mmap snd_pcm_lib_mmap_iomem do_SYSENTER_32 __se_sys_rt_sigqueueinfo swap_readpage vmf_insert_mixed vmf_insert_pfn_prot acpi_read_bit_register add_wait_queue vm_fault_ttm ieee80211_if_remove vvar_fault __dquot_transfer __se_compat_sys_sched_setaffinity acpi_scan_is_offline __ia32_sys_sched_setaffinity device_node_string ttm_bo_vm_fault_reserved __ia32_sys_mlockall __delay __ia32_sys_execve __x64_sys_mlockall security_inode_removexattr io_worker_exit genl_rcv __ia32_sys_mount_setattr folio_mark_dirty regulatory_propagate_dfs_state free_pages __ia32_sys_fsmount vm_brk_flags vm_brk __ia32_sys_brk lookup_one clear_IO_APIC_pin audit_uid_comparator path_openat put_callchain_buffers ieee80211_sta_tear_down_BA_sessions kern_path cpumask_weight.5905 filename_lookup insn_get_immediate io_wq_submit_work io_submit_sqe io_poll_task_func __ia32_sys_link netlink_proto_init set_orig_insn __x64_sys_link memremap set_intr_gate __x64_sys_linkat packet_sendmsg mempolicy_in_oom_domain pti_clone_pgtable do_renameat2 kern_path_create do_name do_mkdirat queue_delayed_work_on __ia32_sys_mkdir register_for_each_vma __ia32_sys_mkdirat __uprobe_unregister memunmap __x64_sys_mkdir __x64_sys_mkdirat do_mknodat kernel_text_address cfg80211_ready_on_channel __x64_sys_mknod do_rmdir maybe_link init_rmdir futex_wait_restart __ia32_sys_unlinkat __x64_sys_unlinkat io_wqe_worker tsc_verify_tsc_adjust get_signal create_worker_cont ieee80211_dfs_cac_cancel irqentry_exit_to_user_mode should_failslab exit_to_user_mode_prepare arch_do_signal_or_restart exc_coproc_segment_overrun exc_spurious_interrupt_bug exc_device_not_available common_interrupt sysvec_x86_platform_ipi sysvec_kvm_posted_intr_ipi __ia32_sys_futex_time32 pm_qos_read_value sysvec_kvm_posted_intr_wakeup_ipi sysvec_kvm_posted_intr_nested_ipi snd_dma_noncontig_mmap sysvec_deferred_error strcspn sysvec_reschedule_ipi sysvec_call_function iommu_go_to_state sysvec_irq_move_cleanup strchr exc_page_fault __do_fast_syscall_32 exc_int3 __sta_info_destroy_part2 noist_exc_debug do_syscall_64 ieee80211_iface_work __ia32_sys_setsockopt do_int80_syscall_32 syscall_exit_to_user_mode_work init_unlink futex_wait_setup __flush_work __ia32_sys_unlink __x64_sys_unlink do_mount swapcache_prepare ieee80211_sta_ps_deliver_uapsd netif_rx sysfs_do_create_link_sd selinux_sb_kern_mount __ia32_sys_mount ext4_should_retry_alloc __ia32_sys_fsopen tick_suspend_broadcast tsk_fork_get_node __x64_sys_fsopen __filemap_set_wb_err fixup_pi_owner schedule __x64_sys_fsconfig __x64_sys_move_pages nfs4_setlease cfg80211_nan_match cfg80211_tdls_oper_request __do_sys_io_uring_register nfs4_proc_setlease trace_print_context simple_set_acl nl80211_set_interface selinux_inode_mkdir cfg80211_change_iface nl80211_stop_ap __cfg80211_leave cfg80211_unregister_wdev __x64_sys_futex_waitv _cfg80211_unregister_wdev __cfg80211_ibss_joined cfg80211_leave free_kthread_struct __x64_sys_fspick native_write_cr0 nl80211_new_interface nl80211_send_mlme_event selinux_inode_rmdir key_alloc cfg80211_destroy_ifaces __mod_zone_page_state __node_distance sta_rx_agg_reorder_timer_expired cfg80211_destroy_iface_wk save_microcode_patch ieee80211_stop_ap ieee80211_do_stop flush_workqueue ieee80211_if_change_type ieee80211_stop cfg80211_propagate_cac_done_wk ___ieee80211_stop_rx_ba_session cfg80211_propagate_radar_detect_wk ieee80211_process_addba_request selinux_perf_event_write ___ieee80211_start_rx_ba_session down_write_trylock find_inode_fast futex_cleanup cfg80211_michael_mic_failure workqueue_sysfs_register nl80211_michael_mic_failure selinux_complete_init iov_iter_get_pages_alloc ieee80211_tasklet_handler ieee80211_rx_list inode_add_lru cfg80211_assoc_timeout nl80211_send_assoc_timeout ieee80211_sta_work sel_write_load rtmsg_ifinfo_send __cfg80211_scan_done skb_pull ___cfg80211_scan_done auditd_test_task nl80211_send_scan_msg cfg80211_shutdown_all_interfaces cfg80211_rfkill_set_block nl80211_wiphy_netns __mkroute_output wiphy_register cfg80211_dev_rename cpuhp_invoke_callback ieeee80211_obss_color_collision_notify __ieee80211_channel_switch __request_percpu_irq ieee80211_color_change_finalize ieee80211_color_change __ia32_sys_mknodat queue_work_node cfg80211_ch_switch_notify ieee80211_csa_finalize xstate_calculate_size ieee80211_sta_process_chanswitch ieee80211_tx_control_port current_time audit_log_d_path cfg80211_conn_failed ieee80211_cqm_beacon_loss_notify radix_tree_iter_tag_clear ieee80211_beacon_connection_loss_work rpm_suspend ieee80211_report_low_ack cfg80211_cqm_pktloss_notify ieee80211_ocb_work ieee80211_ocb_leave update_cpu_capacity get_user_pages ieee80211_set_disassoc irq_chip_pm_get ieee80211_remove_key __ia32_sys_sched_setattr ieee80211_assoc ieee80211_mgd_assoc unmap_single_vma ieee80211_mgd_auth __ieee80211_disconnect idr_get_free ieee80211_csa_connection_drop_work.74758 ieee80211_reconfig ieee80211_mgd_deauth ieee80211_mgd_quiesce ieee80211_sta_connection_lost smp_call_function_many ieee80211_del_station ieee80211_leave_ibss ieee80211_ibss_disconnect inode_to_bdi __x64_sys_mknodat ieee80211_csa_connection_drop_work sta_info_destroy_addr_bss __x64_sys_mbind sta_info_destroy_addr __sta_info_destroy ieee80211_probe_mesh_link cfg80211_control_port_tx_status selinux_task_setioprio ptrace_request ieee80211_subif_start_xmit __x64_sys_timerfd_settime32 ptrace_writedata ieee80211_sta_ps_deliver_response exit_task_namespaces acpi_ex_read_gpio ieee80211_add_pending_skbs ieee80211_free_txskb ieee80211_sta_uapsd_trigger add_swap_count_continuation ieee80211_sta_ps_deliver_poll_response sta_deliver_ps_frames ieee80211_sta_ps_deliver_wakeup blk_mq_sched_insert_request ieee80211_sta_ps_transition radix_tree_maybe_preload ieee80211_tx_pending ieee80211_clear_tx_pending memblock_remove_range ieee80211_queue_skb memblock_phys_free ieee80211_tx ieee80211_mgd_probe_ap_send __ieee80211_tx_skb_tid_band memblock_free ieee80211_xmit __se_sys_ptrace __x64_sys_lremovexattr ieee80211_send_4addr_nullfunc register_leaf_sysctl_tables ieee80211_dynamic_ps_enable_work ieee80211_recalc_ps ieee80211_reset_ap_probe ieee80211_do_open ieee80211_open iov_iter_get_pages smp_call_function_many_cond apply_microcode_early ieee80211_change_station ieee80211_hw_roc_done ieee80211_roc_purge __ieee80211_roc_work sysvec_apic_timer_interrupt ieee80211_roc_work __rdgsbase_inactive ieee80211_cancel_remain_on_channel ftrace_dump ieee80211_start_next_roc ieee80211_abort_scan async_schedule_node_domain ieee80211_scan_work ieee80211_request_ibss_scan ieee80211_scan get_ucounts ieee80211_offchannel_return ieee80211_send_action_csa ieee80211_auth.74744 ieee80211_hw_roc_start ieee80211_handle_roc_started selinux_msg_queue_msgctl sock_diag_broadcast_destroy ieee80211_start_roc_work selinux_shm_associate e100_io_resume exec_mmap ieee80211_send_delba __set_task_comm blk_print_req_error ieee80211_process_delba acpi_match_platform_list ieee80211_key_replace ieee80211_uninit ieee80211_key_link fault_in_iov_iter_writeable __sta_info_destroy_part1 ieee80211_send_smps_action ieee80211_tx_ba_session_handle_start ieee80211_s1g_status_twt_action ieee80211_s1g_tx_twt_setup_fail ieee80211_process_measurement_req del_timer_sync ieee80211_monitor_start_xmit ieee80211_send_null_response cgroup_migrate_add_src ieee80211_send_eosp_nullfunc __sbitmap_queue_get_batch ieee80211_probe_client ieee80211_txq_remove_vlan __ftrace_set_clr_event_nolock ieee80211_get_buffered_bc rtnl_setlink ieee80211_tx_dequeue acpi_ev_delete_gpe_xrupt invoke_tx_handlers_early sta_info_init sta_info_cleanup memblock_isolate_range __ieee80211_tx ieee80211_nan_func_match cfg80211_new_sta cgroup_attach_permissions ieee80211_report_wowlan_wakeup mock_drm_getfile __ia32_sys_pipe2 cfg80211_process_disassoc cfg80211_tx_mlme_mgmt percpu_up_write cfg80211_process_deauth exc_general_protection cfg80211_rx_unprot_mlme_mgmt sta_apply_parameters __ieee80211_vht_handle_opmode cfg80211_remain_on_channel_expired cfg80211_tx_mgmt_expired sort memtype_check_insert nl80211_notify_iface dma_mmap_noncontiguous cfg80211_register_wdev selinux_socket_getsockname cfg80211_sched_scan_stopped selinux_sb_statfs ieee80211_sched_scan_end cfg80211_sched_scan_results_wk xfrm_send_acquire xfrm_send_mapping xfrm_send_policy_notify ieee80211_mark_rx_ba_filtered_frames xfrm_send_report xfrm_set_default netlbl_calipso_genl_init netlbl_cipsov4_genl_init sysfs_warn_dup netlbl_unlabel_genl_init selinux_policy_commit inet6_init ioam6_init dpm_sysfs_remove seg6_init bitmap_onto genl_init truncate_cleanup_page ioam6_exit console_unlock seg6_exit insert_resource wiphy_regulatory_register nl80211_send_beacon_hint_event nl80211_set_reg drm_master_put update_all_wiphy_regulatory reg_regdb_apply __copy_skb_header regulatory_hint_disconnect restore_regulatory_settings drm_new_set_master e1000_diag_test tty_ldisc_hangup nl80211_reload_regdb reg_reload_regdb regdb_fw_cb reg_process_self_managed_hints regulatory_set_wiphy_regd_sync kauditd_send_multicast_skb quota_send_warning sel_commit_bools_write alloc_thread_stack_node selnl_notify_policyload aio_prep_rw notify_user_space __ia32_sys_setfsgid insn_get_prefixes hub_event context_close uprobe_unregister ivb_parity_work drm_mode_revoke_lease_ioctl drm_lease_destroy __skb_tstamp_tx drm_mode_get_lease_ioctl rtnl_set_sk_err drm_lease_filter_crtcs drm_lease_held drm_mode_getplane_res drm_mode_cursor2_ioctl drm_mode_cursor_ioctl drm_mode_page_flip_ioctl drm_mode_getresources __do_sys_vfork drm_property_change_valid_get pcpu_chunk_refresh_hint __drm_mode_object_find _drm_lease_held drm_mode_getblob_ioctl ip_rcv mm_release __ia32_sys_fsconfig drm_property_lookup_blob init_currently_empty_zone drm_client_framebuffer_create shm_mmap drm_mode_getfb2_ioctl drm_mode_dirtyfb_ioctl intel_sprite_set_colorkey_ioctl pcpu_block_update drm_mode_object_find intel_get_pipe_from_crtc_id_ioctl drm_crtc_queue_sequence_ioctl mempool_free drm_mode_gamma_get_ioctl generic_ptrace_pokedata drm_mode_gamma_set_ioctl drm_mode_getproperty_ioctl drm_dev_unregister drm_client_release drm_file_free copy_from_kernel_nofault drm_master_release kobject_init drm_put_dev drm_open neigh_changeaddr drm_release drm_release_noglobal drm_dropmaster_ioctl uevent_net_rcv drm_sysfs_connector_status_event selinux_file_send_sigiotask file_path drm_sysfs_hotplug_event __mutex_lock_killable_slowpath undock_store assoc_array_walk rtnetlink_event acpi_hotplug_work_fn acpi_device_hotplug tty_kref_put brightness_store page_move_anon_rmap selinux_msg_queue_associate backlight_device_set_brightness eeepc_acpi_notify __x64_sys_setresgid16 do_sched_setscheduler acpi_video_switch_brightness audit_filter_syscall acpi_video_device_notify netif_rx_internal sysfs_remove_dir bus_uevent_store uevent_store acpi_bus_generate_netlink_event acpi_thermal_zone_device_hot acpi_thermal_zone_device_critical acpi_thermal_notify acpi_soft_cpu_online __acpi_processor_start recalc_bh_state acpi_processor_notify selinux_sem_alloc_security drop_buffers acpi_processor_start acpi_ac_notify proc_exit_connector proc_coredump_connector proc_comm_connector proc_ptrace_connector proc_sid_connector proc_id_connector acpi_evaluate_dsm proc_exec_connector ieee80211_tx_status_ext __dev_pm_qos_resume_latency cn_proc_mcast_ctl rtnl_getlink rtnl_fill_ifinfo cleanup_net handle_reg_beacon neigh_flush_dev reg_todo __x64_sys_oldumount neigh_table_clear neigh_init skb_zerocopy_iter_stream neigh_add __x64_sys_shmctl neigh_update compat_blkdev_ioctl rtnl_fdb_add interval_tree_iter_next rtnl_fdb_notify rtnl_fdb_del adl_hw_config security_inode_permission acpi_ex_write_with_update_rule io_submit_one aio_read rb_allocate_cpu_buffer event_sched_out __se_sys_io_submit event_sched_in __x64_sys_io_submit dput io_prep_rw acpi_os_read_port snapshot_compat_ioctl acpi_os_allocate_zeroed i915_gem_context_setparam_ioctl __filemap_get_folio __x64_sys_setgroups16 native_init_IRQ create_setparam __x64_sys_swapoff __do_sys_prctl wait_for_completion __x64_sys_prctl __ia32_sys_seccomp posix_cputimers_group_init __ia32_sys_mbind autofs_dev_ioctl_compat schedule_preempt_disabled rtc_dev_compat_ioctl __ia32_sys_init_module blkdev_ioctl do_pipe_flags __var_waitqueue selinux_capget __do_pipe_flags create_pipe_files __ia32_sys_pipe do_pipe2 __x64_sys_pipe __x64_sys_pipe2 fifo_open unix_compat_ioctl __ia32_sys_setuid inet6_bind __alloc_pages_bulk xfrm_netlink_rcv __ia32_sys_ioperm __x64_sys_ioperm ext4_compat_ioctl ext4_ioctl perf_ioctl __se_sys_perf_event_open irq_chip_pm_put ieee80211_key_free __x64_sys_perf_event_open __ia32_sys_delete_module __x64_sys_delete_module vm_mmap_pgoff tc_action_init sel_write_user switch_mm_irqs_off __ia32_sys_reboot swake_up_one selinux_capable kthread_is_per_cpu __ia32_sys_fspick ip_setsockopt timerslack_ns_open __lru_add_drain_all register_console autofs_root_ioctl __ia32_sys_acct ieee80211_sta_join_ibss static_key_enable selinux_socket_sock_rcv_skb get_user_pages_unlocked compat_ksys_shmctl perf_event_alloc selinux_netlbl_sock_rcv_skb sel_write_bool _find_first_bit sel_write_context llist_reverse_order sel_write_access sel_read_policy e100_loopback_test sel_open_policy selinux_binder_transaction tracing_set_tracer selinux_binder_transfer_file wait_for_completion_io selinux_umount putback_movable_pages kstrdup_quotable_cmdline selinux_set_mnt_opts selinux_inode_unlink selinux_inode_symlink selinux_inode_mknod selinux_inode_rename selinux_inode_readlink selinux_inode_follow_link selinux_inode_listxattr selinux_path_notify tg3_self_test selinux_mmap_file selinux_mmap_addr file_map_prot_check selinux_task_alloc nv_open selinux_kernel_act_as dev_pm_set_dedicated_wake_irq selinux_kernel_create_files_as selinux_kernel_load_data selinux_kernel_read_file anon_vma_clone selinux_task_setpgid unlink_anon_vmas selinux_task_getpgid selinux_task_setnice selinux_task_getioprio selinux_task_prlimit selinux_task_setrlimit selinux_task_getscheduler link_path_walk selinux_socket_unix_stream_connect selinux_sctp_bind_connect selinux_socket_bind __se_sys_io_uring_enter selinux_socket_recvmsg selinux_socket_shutdown security_d_instantiate pin_user_pages_unlocked selinux_tun_dev_create selinux_tun_dev_attach_queue selinux_tun_dev_open io_workqueue_create selinux_perf_event_open selinux_uring_override_creds audit_init selinux_uring_sqpoll rcu_irq_enter __ia32_sys_migrate_pages __x64_sys_migrate_pages kstrdup __do_sys_mremap kstrdup_const __x64_sys_mremap __ia32_compat_sys_old_msgctl setup_arg_pages do_user_addr_fault create_elf_tables.18509 create_elf_tables free_init_pages __rq_qos_done_bio faultin_vma_page_range __pmd_alloc __ia32_sys_madvise ring_buffer_set_clock __ia32_sys_process_madvise __x64_sys_process_madvise acpi_ut_short_divide exec_mm_release do_futex futex_wake_op fault_in_user_writeable set_next_entity __rq_qos_cleanup fixup_user_fault exit_mm_release kthread_data __ia32_sys_futex __se_sys_futex __x64_sys_futex __se_sys_futex_time32 __x64_sys_futex_time32 futex_requeue futex_lock_pi fixup_pi_state_owner futex_wait_requeue_pi __ia32_sys_getxattr fault_in_safe_writeable ieee80211_s1g_rx_twt_action __x64_sys_get_mempolicy pin_user_pages_locked __ia32_sys_io_uring_register get_seg_base_limit io_sqe_buffer_register nl80211_send_remain_on_chan_event __x64_sys_io_uring_register __gup_longterm_unlocked futex_wait __ia32_sys_futex_waitv __se_sys_futex_waitv acpi_ns_delete_children i915_gem_object_userptr_validate update_sd_lb_stats pin_user_pages_fast audit_watch_compare put_and_wait_on_page_locked load_script load_misc_binary cgroup_update_frozen copy_string_kernel call_usermodehelper_exec_async __ia32_sys_execveat cgroup_propagate_frozen copy_strings access_remote_vm ieee80211_alloc_hw_nm compat_ptrace_request ptrace_access_vm generic_ptrace_peekdata ptrace_resume user_enable_block_step syscall_exit_work shrink_dcache_parent audit_free mmap_region nla_put __update_stats_wait_start uprobe_apply uprobe_notify_resume unapply_uprobe find_active_uprobe neigh_hash_alloc __ia32_sys_process_vm_readv errseq_set process_vm_rw_single_vec __x64_sys_process_vm_readv vmcoreinfo_append_str __x64_sys_chroot cmos_pnp_probe dmar_device_hotplug __ia32_sys_setregid16 __folio_lock __x64_sys_setregid16 __ia32_sys_setregid __x64_sys_setregid __ia32_sys_prlimit64 __se_sys_prlimit64 __x64_sys_prlimit64 __ia32_sys_setresgid zone_set_pageset_high_and_batch __ia32_sys_move_mount reg_process_hint __neigh_ifdown __x64_sys_move_mount get_acl __ia32_sys_iopl irqentry_exit __x64_sys_iopl __x64_sys_open_tree shmem_lock __ia32_sys_shmctl drm_mode_getfb shm_destroy __ia32_sys_setgroups16 posix_clock_realtime_adj ip_cmsg_send early_memremap_pgprot_adjust __ia32_sys_adjtimex_time32 __se_sys_adjtimex_time32 __x64_sys_adjtimex hpet_late_init __ia32_sys_adjtimex __x64_sys_kexec_load workingset_activation __ia32_sys_epoll_ctl sched_setattr read_persistent_clock64 sched_setscheduler sched_setscheduler_nocheck cpu_stop_create sched_set_stop_task __ksize intel_modeset_init_noirq get_cpu_cap drm_vblank_worker_init request_nmi azx_resume nfnetlink_broadcast cmos_init skb_tstamp_tx cmos_do_probe xhci_pci_resume __xas_next xhci_resume __xa_clear_mark xhci_run yenta_probe_cb_irq rtl_open sky2_set_ringparam selinux_task_getsid untrack_pfn anon_vma_fork sky2_probe e1000_request_irq sysfs_remove_file_ns e1000e_pm_suspend e1000e_pm_resume e1000e_pm_thaw e1000_diag_test.53966 free_vmap_area_noflush tg3_test_interrupt tg3_request_irq phy_request_interrupt =o= --- DONE! --- ------------STATISTICS--------------- 50192 : Functions greeted 1494 : External functions 0 : Discovered Path 0 : Matched Path 165897 : Good Path 3756 : Bad Path 138004 : Ignored Path 0 : Path Unable to Resolve 0 : Resolved CallSite Using Function Pointer 1694 : Critical Functions 293 : Critical Variables 0 : # of times max depth for forward analysis hit 0 : # of times max depth for backward analysis hit 87924 : Critical Function Pointer Unable to Resolve, Collect Pass 341 : Critical Function Pointer Resolved, Collect Pass 10413 : Critical Functions used by non CallInst 71989 : Critical Functions used by static assignment 858 : # of times indirect call site matched with critical functions 57644 : # of times indirect call site failed to match with critical functions 0 : found capability check inside call using function ptr 288 : number of critical function skipped(uniq)